Hello there, folks. Thanks to all the subscribers for tuning in once again!
Last issue, we looked at the risk that nobody priced and what happens when technical diligence is ignored.
In This Edition…
- We’re going to dig into how much it really costs to get this work done
- What a 100 day play should look like
- PE Firms and the Portfolio Backlog



Last issue I promised real numbers on what technical due diligence costs, because apparently nobody wants to publish them. Ask a consultancy and you get “it depends”, which is a phrase doing a remarkable amount of heavy lifting in this industry. It usually means “we bill hourly and we would rather not anchor you.”
So here is ours. A Technical Read is ten business days, $15,000 to $25,000, fixed. Senior engineers reading the actual code, not the deck. It ends in a board-ready memo with a dollar figure and a sequence: what needs fixing, what it costs, what order. And if the read turns into remediation work we do, the fee is credited in full against the build. If it leads to work, the diligencew as free.
Some context on what that buys. On a deal with a $50 million equity cheque, $25K is five basis points. The commercial side of that same deal will spend several multiples of that on QoE and a market study without blinking (hello to you Gartner!). The technology, which the value-creation plan quietly assumes will keep up, is the line item that gets negotiated down or skipped.
Now the other side of the ledger, which is the number people actually care about. When technical debt surfaces after close, on the fund’s clock, here is roughly what fixing it costs, based on the engagements we run:
One to three serious gaps: one or two focused engagements per gap, $40K to $120K each, inside a quarter. Four to seven gaps: a phased programme, $120K to $300K over one to two quarters. Eight or more: you are into modernisation-scale work, $250K to $500K and up, phased across the hold. And remember the pattern from last issue: whatever management represented, the real figure lands at roughly twice that.
In fairness, the cheapest outcome on this whole page is the one nobody markets: paying $15K to be told “the platform is fine, spend your worry elsewhere.” That reads as expensive right up until you price the alternative.
Why does nobody publish these numbers? Because hourly billing rewards vagueness and ambiguity. A diligence engagement with no fixed price and no fixed end is not diligence, it is a land-and-expand with a memo attached. My opinion, for what it’s worth: if the person reading the code cannot tell you the price before they start, they are not confident they know what they are looking for.
Try this
We publish the checklist our own engineers work from. The pre-acquisition tech diligence checklist is a free PDF, no account, no sales call. Work through it against a target in about an hour and you will know where a buyer’s engineers will press.

Here's a thing that keeps happening. A deal closes, the value-creation plan quietly assumes the technology will keep up, and somebody asks to see the 100-day technology plan. What arrives is the IT backlog exported to slides. Same tickets, same owners, new cover page. The tell takes about a minute to spot: nothing in it references the investment thesis, and nothing in it references the red flags diligence just spent good money pricing. It's a plan in the sense that a shopping list is a menu.
The deals that go well look different in one specific way. The diligence report, the kind that ends in a dollar figure and a sequence rather than a caveat, gets handed to whoever owns day one and simply becomes the first draft of the plan. Which gives you a test, and frankly the whole issue in one line: a real 100-day plan couldn't have been written before the deal. It's derived from two documents that didn't exist until the deal did, the diligence report and the thesis. If the plan reads the same as whatever the CTO had in March, it isn't a plan. It's the backlog in a new binder.
So what should be in it? Three workstreams. Only three.
Fix the red flags. Diligence priced them; now someone has to own them, and the sequencing matters more than people think. My advice: sequence by expiry date, not severity. Severity ranking is a diligence artefact. Expiry ranking is an operating artefact. The vendor contract auto-renews on a date whether you're ready or not, and the brilliant, exhausted engineer the whole platform depends on decides whether to stay in the first month, not the sixth. Some risks have deadlines. Build the plan around those.
Set up board-currency reporting. The first ask here isn't dashboards, it's instrumentation, because you cannot manage what management cannot report. Five numbers are enough (uptime against SLA, spend as a percentage of revenue, milestones landed against planned, security posture, headcount against plan), and the target is unglamorous: numbers flowing by day 60, so the first post-close board meeting runs on data instead of anecdotes.
Align the roadmap to the thesis. The roadmap you inherit was built to a different owner's incentives, and it shows. Every item on it either maps to a value-creation lever or gets a kill decision, and the kill list is the deliverable. What a portco stops doing is the clearest early signal that the thesis is actually steering.
The plan, week by week
Here's the whole thing, dated. Complete enough that you could run it without us, which is rather the point.
Day 10: the stop list. Anything that must halt immediately. Unbacked-up production systems, runaway spend, contracts about to auto-renew.
Day 30: the key-person conversation, done. Retention or knowledge-transfer plan signed, not drafted.
Day 45: the vendor renewal calendar, built. Every renewal in the next twelve months dated, with renegotiate-or-replace calls made on the near ones.
Day 60: board reporting live. First cut of the five numbers, flowing automatically.
Day 75: the roadmap kill list, agreed with the sponsor.
Day 90: the re-baselined roadmap, presented to the board.
Day 100: the plan graduates into a quarterly operating cadence.
And underneath, what the weeks look like:
Weeks 1–2: access, inventory, verify the backups actually restore, list the single points of failure. No changes yet. You're finding where the bodies are.
Weeks 3–4: red-flag triage, sequenced by expiry date.
Weeks 5–6: key-person plan; start the reporting instrumentation.
Weeks 7–8: cloud cost baseline; vendor calendar.
Weeks 9–10: roadmap-versus-thesis mapping; kill list drafted.
Weeks 11–12: build-versus-buy calls; board pack drafted.
Weeks 13–14: board presentation; handover to the quarterly cadence.
One opinion about the whole exercise: the plan's job is to make itself unnecessary. If you're still running a 100-day plan on day 130, it failed.
What not to put in it
The rewrite. Somewhere around week two, someone will propose rebuilding the platform from scratch, and it will sound like ambition. It's the most expensive way to feel busy that I know of, and why ground-up rewrites destroy value during a hold period is its own issue, coming later this year. The tool-buying spree and the reorg-before-you-know-the-team belong on the same shelf.
In fairness, the honest version cuts the other way too. Sometimes the backlog really is most of the plan. When diligence comes back clean, workstream one is short, and that's a good outcome, not a boring one. The difference is that someone checked it against the thesis rather than assuming.
Where we come in
If you've got a deal closing this quarter and the plan in front of you wouldn't pass the couldn't-have-been-written-before-the-deal test, that's exactly the conversation we're for. We turn diligence findings into a dated, owned, board-ready 100 days, and then we run it.

Every software buyout rests on one quiet assumption: that the technology will keep up. The value creation plan takes it for granted, the model prices it lightly, and the whole return depends on it holding. Medallia is what happens when the market stops believing it.
Private equity firms are sitting on roughly 13,500 unsold U.S. companies, about nine years' worth of exits at the current pace, according to PitchBook data reported by The Wall Street Journal. What turned a backlog into a reckoning for software in particular is a loss of faith: investors increasingly doubt the products these firms bought at 2021 prices are safe from AI, and software platform buyouts have fallen to a decade low. It is, near enough, the risk this newsletter said nobody prices. Medallia is the invoice.
In 2021, Thoma Bravo took the customer feedback software maker private for $6.4 billion, or $34 a share. Part of the debt is held by FS KKR Capital Corp, a publicly traded lender that must mark its loans every quarter. Through 2024 it valued its Medallia loan near full price, about 98 cents on the dollar. Then it slid: 91 cents by September 2025, 79 by year end, about 54 by March 31, 2026. Over the same stretch the balance grew, from roughly $208 million to $234 million, as interest was paid in kind, piled onto the loan instead of paid in cash. The debt compounded while the business couldn't keep pace with it.

In June, Medallia said it had agreed to hand the company to creditors led by Blackstone, Apollo and FS KKR, who would inject $150 million and cut its debt. The deal is expected to close by year end.
The cost lands well past the fund. Among the investors in the Thoma Bravo fund that bought Medallia is the California Public Employees' Retirement System, which its own records show committed $600 million, paid in $649 million, and has taken $223 million back in cash (about 34 cents on the dollar) at a 6.4 percent annual return, four years in. CalPERS says its private equity program has since turned around and now ranks first among large public pensions; the fund holding Medallia is a 2021 vintage it has moved past. Its board materials note the average holding period at exit has stretched to about seven years.

None of this is a finance story wearing a technology costume. The value fell because the technology thesis, the assumption that the software would keep up, stopped being believed, and in a leveraged deal the equity is the first thing to go when it does. The number to remember is 54 cents. The older lesson is the one underneath it: in a software buyout, the technology was never the safe part.
Disclosure: The Modernization Memo’s founders advise on technical due diligence in the software industry. Neither the authors nor the Memo has any financial, client, or advisory relationship with Thoma Bravo, Blackstone, Apollo, FS KKR, Medallia, or CalPERS.
Next issue: a translation guide for the phrase "cloud native platform". What the deck says, what the codebase usually says, and the one question that exposes the gap. Bring it to a management presentation and watch faces.
