Revenue Depends on Systems Nobody Diligenced

The official stack may be sound while pricing, fulfilment, billing and renewal depend on spreadsheets, inboxes and one operator. Trace the revenue path.

The answer

Technical diligence usually reviews the systems management presents. Revenue often depends on the systems operators actually use. A pricing workbook applies exceptions. A shared inbox controls renewals.

Technical diligence usually reviews the systems management presents. Revenue often depends on the systems operators actually use. A pricing workbook applies exceptions. A shared inbox controls renewals. A founder maintains the customer map. A script produces invoices. A partner portal requires a personal administrator. None appears in the architecture deck because each is considered temporary or operational. The revenue forecast assumes they continue working.

Trace one unit of revenue

Select representative revenue and follow it end to end:

  • Lead or demand enters.
  • Price and terms are determined.
  • Authority approves exceptions.
  • Product or service is delivered.
  • Usage or completion is recorded.
  • Invoice is generated and sent.
  • Cash is collected and reconciled.
  • Renewal, refund or dispute is handled.

At each step, identify the real data, tool, person and workaround.

Value object — The Revenue Dependency Trace

For each material revenue stream, record:

  • Step and accountable operator.
  • System of record and shadow tool.
  • Manual judgment or exception rule.
  • Identity and access required.
  • Failure consequence and time before revenue is affected.
  • Evidence that the step completed correctly.
  • Replacement or integration requirement.

Connect the trace to the model assumption it supports: growth, margin, retention, cash timing or scalability.

Look for silent calculation

Spreadsheets and scripts often perform business logic that no formal system contains: discounts, eligibility, allocations, tax treatment or performance calculations. Review formulas, change control, ownership and reconciliation. Determine whether the output can be reproduced and whether management understands the assumptions.

Find the human database

A high-performing employee may remember customer commitments, renewal pressure and exceptions. Their knowledge masks missing records. Interview the person about decisions, not job duties. Ask what would be wrong tomorrow if they disappeared tonight. Convert material knowledge into governed records and workflows.

Test volume and change

A manual system can support current revenue and fail under the growth thesis. Model expected volume, product variation, jurisdiction and integration. The question is not whether the workaround is embarrassing. It is whether it can support the future economics without creating uncontrolled error or headcount.

Diligence the failure record

Review revenue adjustments, credits, late invoices, disputes and manual reconciliations. They reveal where the operating system already breaks. A clean technology incident log may coexist with recurring commercial leakage that nobody labels technical.

Underwrite the real stack

If revenue depends on an inbox, workbook or individual, include that dependency in valuation, retention, integration and the first hundred days. The official stack describes the company. The revenue path tells you what you are buying.

Sources

  1. NIST: Cybersecurity Framework 2.0NIST: Cybersecurity Framework 2.0

    Primary authority

  2. FINMA: Revised circular on operational risks and resilienceFINMA: Revised circular on operational risks and resilience

    Primary authority

  3. NIST SP 1305: Cybersecurity Supply Chain Risk ManagementNIST SP 1305: Cybersecurity Supply Chain Risk Management

    Primary authority

Adam J. De CollibusFounding Partner, Svperior / Systems Engineering

Jonathan P. De Collibus

Jonathan co-founded Svperior in 2014 and leads its cyber practice. His work sits where adversarial pressure, technical architecture, and consequential decisions meet, with experience across clinical, financial, public-sector, and private-client systems where confidentiality, continuity, and technical correctness carry material consequences.

Cyber strategy / Adversarial assessment / Security architecture / Private systems

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry