What Investment Committees Actually Need
An Investment Committee is making a capital allocation decision. It needs to understand: what are the material technology risks, how confident are we in those findings, what would it cost to remediate the material issues, and does the risk profile support the investment thesis at the proposed valuation?
None of those questions are answered by a 60-page report that describes what was reviewed. They are answered by a structured assessment that translates technical findings into financial terms, with documented evidence and explicit confidence levels.
The Investment Committee members who are not themselves technologists — which is most of them — cannot evaluate the quality of a technical finding from its description alone. They can evaluate it from three things: the evidence it's based on, the confidence level assigned to it, and the financial implication it carries. Reports that lack these elements aren't Investment Committee-ready; they're Investment Committee-opaque.
Why Most Reports Fall Short
The volume problem
The traditional IT due diligence report is long — 40 to 80 pages is common. The length reflects the work done, not the decisions to be made. An Investment Committee reviewing an IT report alongside legal, financial, commercial, and HR outputs does not have the attention to absorb 80 pages of technical narrative. The critical findings are buried. The recommendations are qualified to the point of indirection. The overall risk assessment is often a traffic-light rating without financial quantification.
The evidence problem
A finding that cannot be traced to a specific document, passage, or data point is not a finding — it's an opinion. Management-interview-based findings, common in IT diligence, are particularly problematic: they represent what management said, not what the documents show. An Investment Committee asked to make a material financial decision based on findings that are ultimately sourced from management's own characterization of the business is in a structurally weak position.
The confidence problem
Risk findings in technology diligence have varying levels of evidentiary support. A security vulnerability documented in a third-party penetration test report is a different quality of finding than a security concern inferred from the absence of expected documentation. Most diligence reports do not distinguish between these — all findings appear with the same implicit confidence, regardless of the quality of evidence underlying them.
The financial translation problem
Technical findings need financial translation to be actionable at the Investment Committee level. "Technical debt: high" is not a deal model input. "Estimated remediation cost for identified technical debt: $400,000–$700,000, with a 12–18 month timeline to acceptable threshold" is a deal model input. The gap between these two representations of the same finding is the gap between a report that informs the decision and one that gets noted and filed.
What Investment Committee–Ready Actually Requires
Based on the Investment Committee inputs that actually drive decision-making, a technology due diligence report is Investment Committee-ready when it satisfies four criteria:
1. Concise enough to be read
The core findings and recommendations must be digestible in 15–20 minutes by a non-technical reader. This means a structured executive summary with finding severity, financial implication, and confidence level — not a narrative introduction followed by 50 pages of category-by-category review.
2. Evidence-traceable
Every material finding is linked to the specific document and passage that generated it. The Investment Committee can, if it chooses, examine the primary source. Findings from management interviews are clearly distinguished from findings from document review, with confidence implications explicit.
3. Confidence-scored
Findings carry explicit confidence levels that reflect the quality and completeness of the underlying evidence. High-confidence findings (supported by third-party documentation, technical specifications, or audit records) are distinguished from lower-confidence findings (inferred from document gaps or management representation). The confidence level informs how conservatively the finding should be priced.
4. Financially quantified
Material findings carry a financial estimate: remediation cost range, expected ongoing operating cost change, or breach/incident cost at risk. Not every finding can be precisely quantified, but the inability to provide an estimate should itself be a flagged uncertainty, not a reason to omit the financial dimension entirely.
The Sub-20 Page Standard
Our view is that a technology due diligence report for a mid-market acquisition should not exceed 20 pages in its primary deliverable — the document that goes to the Investment Committee. Supporting documentation — the full finding set, evidence appendices, IRL responses — exists separately and is available for deeper review.
The 20-page constraint is not arbitrary. It reflects the actual attention budget of an Investment Committee reviewing multiple workstreams. It forces discipline in the writing: findings have to be prioritized, not enumerated; the investment thesis implications have to be explicit, not implied; the recommendations have to be actionable, not qualified.
The traditional 60–80 page consultant report evolved to demonstrate the value of the engagement — more pages, more categories, more apparent coverage. That's the wrong optimization target. The Investment Committee doesn't need to see how much work was done. It needs to understand what the work found, how confident the team is, and what the financial implications are. Those are different documents.