Our Flagship Service

AI & Technical Due Diligence

Independent, standards-aligned technology assessment for investors, acquirers, and businesses. We help you understand what is actually built versus what is promised, and whether the technology can deliver on its claims.

Schedule a Scoping Call View Service Tiers
$500M+
Deal value assessed
7
Assessment dimensions
9+
Standards referenced
The Core Questions

What this service is designed to answer.

Whether you are investing in a company, acquiring a technology business, or selecting a technology vendor, you face questions that require independent technical perspective.

  • Are the company's technical and AI claims credible and proportionate to the evidence?

  • What are the material technology, engineering, data, and security risks?

  • Is the team capable of executing the roadmap being presented?

  • What should you be most concerned about before committing capital or resources?

  • Where does deeper technical review make sense, and where does it not?

  • What specific conditions or actions should be in place before you proceed?

Assessment Framework

Seven structured dimensions. Consistent rigour across every engagement.

Every Cogmerce baseline assessment evaluates the target across seven dimensions, drawing on document review, technical interviews, hands-on system inspection, and independent claims verification.

Dimension 1

Technology Stack & Architecture

Programming languages, frameworks, cloud infrastructure, database choices, system design, API quality, and technical debt. We assess whether the choices are sound and capable of supporting stated growth plans.

Dimension 2

Team & Technical Capability

Engineering team structure, key personnel depth, key-person dependencies (bus factor), hiring pipeline, engineering culture, and the team's ability to execute the roadmap.

Dimension 3

Product & Market Viability

Product-market fit indicators, traction verification (stated vs. actual metrics), technical differentiation, roadmap feasibility, and competitive positioning.

Dimension 4

Data Management & Governance

Data architecture, pipeline reliability, data quality practices, governance framework, privacy compliance, and data handling maturity.

Dimension 5

Security Posture

Infrastructure security, application security, access controls, vulnerability management, incident response readiness, and security staffing.

Dimension 6

Scalability & Resilience

Current capacity and headroom, scaling capability, disaster recovery, monitoring maturity, and incident management processes.

Dimension 7

Commercial & Strategic Alignment

Technology-business alignment, unit economics of infrastructure, build vs. buy decisions, vendor lock-in risk, and technology-driven competitive moats.

Our Methodology

Four-phase process. Clear deliverables at every stage.

01

Scoping

We discuss your objectives, the target company or system, and agree on the right tier of assessment and any add-on modules. We confirm scope, timeline, and deliverables before work begins.

02

Information Gathering

We collect documentation, conduct technical interviews with the target's key personnel, and where access permits, inspect code, infrastructure, and production systems directly.

03

Assessment

We evaluate evidence against our assessment framework, score each dimension, classify risks, verify key claims, and form our overall view.

04

Synthesis & Delivery

We deliver a structured report with a clear verdict, risk matrix, maturity scores (where applicable), and prioritized recommendations. Every engagement includes a live debrief session.

Service Tiers & Pricing

Three tiers. Each builds on the one before it.

Choose the depth that matches your decision. Every tier follows the same standards-aligned methodology.

Tier 1

Rapid Assessment Screen

A fast, high-level pass for early screening and deal triage.

5-7 business days | 1 analyst

  • Review of investor materials and pitch deck
  • One 60-90 min interview with CTO/co-founder
  • High-level architecture and stack assessment
  • AI and product claims credibility check
  • Team composition and key-person scan
  • Top-line risk summary: go / pause / stop

Deliverable: 5-8 page screen report + 30-min debrief.

Get in Touch for Pricing
Recommended Tier 2

Baseline Due Diligence Report

Comprehensive assessment across all seven dimensions. Our recommended starting point for material decisions.

10-15 business days | 1-2 analysts

  • Document review + multiple technical interviews
  • Hands-on system inspection (where access permits)
  • Independent claims verification
  • Seven-dimension structured assessment
  • Consolidated risk matrix (Likelihood x Impact)
  • Prioritized recommendation plan (0-180 days)
  • Claims verification table

Deliverable: 25-45 page report + executive summary with verdict (Proceed / Conditional Proceed / Do Not Proceed) + 45-60 min debrief.

Get in Touch for Pricing
Tier 3

Baseline + Add-On Modules

Full baseline enhanced with targeted deep dives in areas of specific concern.

12-20 business days | 2-3 analysts

  • Everything in Tier 2, plus:
  • AI/ML Model Evaluation
  • Regulatory & Compliance
  • Integration & Interoperability
  • Cybersecurity & Data Privacy
  • IP & Code Quality Review
  • Scalability & Infra Analysis
  • IC/Management Session Support

Bundle savings available when combining multiple add-on modules.

Get in Touch for Pricing
Example Scenarios

What a typical engagement looks like.

ScenarioScopeTypical Timeline
Early ScreeningTier 1: Rapid Assessment Screen~6 days
Series A InvestmentTier 2: Baseline Report~12 days
AI-Native StartupTier 2 + AI/ML Evaluation~16 days
Regulated FintechTier 2 + Regulatory + Security~19 days
M&A AcquisitionTier 2 + Security + IP & Code + Integration~20 days
Evidence Standards

We do not take claims at face value.

A core principle of our methodology is that findings must be evidence-based. Our reports clearly distinguish between three levels of evidence strength so you always know the confidence level behind each conclusion.

Verified

We independently confirmed the finding. Metrics verified against production system logs, models re-evaluated on held-out test data, code inspected firsthand.

Corroborated

Multiple consistent sources support the finding but it was not independently verified. Consistent information from multiple interviewees, documentation that aligns with demonstrated behaviour.

Reported

Based on information provided by the target without independent verification. We note this explicitly so readers understand the confidence level.

Risk Classification

Every finding is rated using Likelihood x Impact.

Aligned with ISO 31000 risk management principles.

HIGH

Material risk to the investment thesis or decision. Requires immediate attention, pre-conditions, or direct impact on pricing and terms.

MEDIUM

Manageable risk with a defined remediation path. Should be addressed within 90 days and may warrant contractual provisions.

LOW

Within normal bounds for the company stage. Noted for awareness or included in a medium-term improvement roadmap.

Report Contents

What you receive in every baseline engagement.

Executive Summary

Overall verdict (Proceed / Conditional Proceed / Do Not Proceed), the 3-5 most important findings, and top-priority actions. Designed to be read in 3 minutes.

Assessment Findings

Detailed analysis across each dimension with evidence cited, risk-rated findings, and specific observations.

Claims Verification Table

Side-by-side comparison of key metrics as stated in investor materials vs. our independently verified figures.

Consolidated Risk Matrix

All identified risks in one table with likelihood, impact, overall rating, and recommended mitigation.

Recommendations

Prioritized into: pre-decision conditions, immediate actions (0-90 days), and medium-term priorities (90-180 days).

Live Debrief Session

A 45-60 minute walkthrough of findings with Q&A. Included with every Tier 2 and Tier 3 engagement.

Standards We Reference

Built on globally recognized frameworks.

StandardWhat It Informs
NIST AI Risk Management Framework (AI RMF)Core risk taxonomy for AI systems: trustworthiness, governance, measurement, and management
ISO/IEC 42001:2023AI governance and management system maturity assessment
EU AI ActAI risk classification tiers and compliance readiness assessment
OWASP Top 10 (incl. LLM Top 10)Security assessment for web applications and AI/LLM systems
ISO/IEC 25010:2023Software product quality model for architecture and code quality evaluation
OECD AI PrinciplesEthical AI evaluation: fairness, transparency, accountability, and human oversight
Other major standards as per engagement requirementsIncluding ISO 31000, COBIT 2019, SAMA/DFSA guidance, and sector-specific frameworks applied where relevant
Getting Started

Straightforward. No obligation to begin.

01

Schedule a scoping call

We discuss your decision context, the target, and your key concerns. No charge, no obligation.

02

We propose scope and pricing

We recommend the appropriate tier and any add-ons, confirm scope and pricing, and issue an engagement agreement.

03

We issue an information request

A structured request is sent to the target company, tailored to the agreed scope. Specific but practical.

04

Assessment and delivery

We conduct the assessment and deliver the report within the agreed timeline. Live debrief and follow-up questions included.

Ready to Talk?

Schedule a free scoping call.

We will help you determine the right tier and any relevant add-ons for your specific deal or procurement decision.

Schedule a Call ai@cogmerce.com