The Hidden Liability of 'Citizen Development'
In the pitch deck, the target company claims they have democratized automation, empowering finance and HR teams to build their own efficiency tools. They call it a "Citizen Developer" success story. In due diligence, you should call it what it often is: unmanaged Shadow IT.
When non-engineers build software without governance, they create liabilities. In UiPath environments, this manifests as hundreds of unmonitored bots running on local desktops, bypassing standard exception handling, security protocols, and version control. These bots typically lack the Robotic Enterprise Framework (REFramework) structure, meaning they fail silently when data formats change or target applications update.
The financial risk is twofold. First, the security liability: Citizen developers frequently hardcode credentials (Usernames/Passwords) directly into workflow activities rather than using UiPath Orchestrator Assets or Azure Key Vault. Second, the operational liability: When the creator of a critical finance bot leaves the company, the automation becomes a "black box" that no one knows how to fix, often forcing a revert to manual processes or an expensive consultancy rebuild.
The 'Windows-Legacy' Migration Cliff
A specific, urgent technical debt indicator in 2026 is the presence of "Windows-Legacy" projects. UiPath has deprecated the legacy .NET Framework 4.6.1 runtime in favor of .NET 6+ (Windows) projects. This is not a simple "update" button press. Migrating complex legacy automations often requires significant refactoring, particularly if they rely on deprecated activity packages or custom code blocks.
During technical due diligence, request a specific report from the UiPath Orchestrator or a code export analysis:
- % of Processes on Windows-Legacy: If this number is high (>20%), you are acquiring a mandatory re-platforming project.
- % of Activity Packages Deprecated: Older automations often use "Classic" activities (e.g., specific Excel interactions) that are no longer supported in modern execution environments.
If the target company has 500 bots running on Legacy architecture, quantify the remediation cost. At a conservative estimate of 20 hours per bot for migration and testing, you are looking at 10,000 engineering hours—a $1.5M+ liability that belongs on the technical debt balance sheet, not in the synergy column.
License Utilization vs. 'Zombie' Bots
RPA vendors are notorious for selling "shelfware." A common pattern in distressed assets is a high number of purchased Unattended Robot licenses with low actual utilization. In your data room request, ask for the Robot Utilization Report for the trailing 12 months.
The 20% Utilization Trap
If you see average utilization rates below 20%, the company is over-provisioned. They are paying $8,000–$12,000 annually per unattended bot license for capacity they do not need. Often, this is because they have deployed "one bot per process" rather than orchestrating a shared queue of work items across a smaller, optimized fleet.
Conversely, look for the "Brittle Bot" High-Maintenance ratio. If the maintenance logs show that specific bots require weekly manual intervention (restarts, exception clearing), these are not assets; they are partially automated manual tasks. Industry benchmarks suggest that "brittle" UI-based automations cost $10,000–$50,000 annually to maintain—often exceeding the cost of the FTE labor they were supposed to replace.
