[Erasa]

Hi Nat,

Thank you so much for everything you have done to this point; I am very excited about the prospects for your upcoming visit with AP. Anyone that doesn't think you will be able to accomplish anything is way off the mark in my mind.

I don't have anything to add to the specifics of the discovery and data gathering on the cheating that took place but I think by taking a look at how the company fundamentally is operated will go a long way towards knowing whether they have a future or not.

I used to manage a software development group for a Fortune 20 company that develops software for the financial side of healthcare. In that capacity I was involved in many technical due diligences of other companies that were potential acquistion "targets". You will be amazed at how quickly you can establish the level of competency by asking the right questions.
Just to get you started thinking in this direction (if you haven't already), here is a tiny sample of types of questions to ask;

- Ask for an org chart; do they have separate Product Management, Development, QA, Operations groups?
- How are product enhancements handled? A couple of developers drinking beers after work or is there a documented, formalized approach with multiple sign-offs?
- How do they handle defects? Do they use defect tracking software?
- Do they have separate development, test and production hardware?
- Do they have documented test cases; regression; system; integration testing?
- Do they use automated test tools? How do they do load testing?
- Do developers have access to test systems; do developers and QA have access to production systems? The more formalized and segrated they are here, the less likelyhood of shenanigans making it into the system?
- How does updates make it into the system? Do they have self contained scripts that can be executed without developments involvement or is it a developer opening Query Analyzer (hopefully not)?
- Grab a random CSR and ask for a hand history? Does he have an "automated" tool or is he firing up Enterprise Manager or Query Analyzer to find the answer (very bad obviously)? I am surprised that spreadsheet with all that info made it out - it should be a standard task with a standardized tool to retrieve that information without giving the CSR access to the all that info.
- Ask for the their DRP
- Look at the physical back ups; do they do incremental backups or complete data back ups?
- Ask to see if you can take a look at their documentation on the system.

There are literally hundreds and hundreds more questions in this vein that you typically ask for during a technical due diligence - while it doesn't answer the specifics of the cheating incident(s) the answer will/should tell you whether they can recover from this or not. If it is just a handful of programmers sitting around slinging code, you probably don't want to trust your dollars to their site - if they can show that they are a serious business operated in a professional fashion there are hope they can recover from this.
Also note that it really doesn't matter whether AP reads this or not in advance of your visit; creating a professional development organization with documentation (and revisions to that documentation) to back it up take years - if they don't have it today they will not have it when you get down there in a day/week/month.

Finally; I am tilting so hard to read that people have any reservations whatsoever about you getting paid for this - any idea what the Big 4 charges for a technical due diligence and data gathering trip like this one? We are getting a hell of bargain by having you do this for us and I for one am immensely grateful.

Good luck
Erasa