Our M&A Due Diligence Challenges blog series addresses the changing nature of IT, cybersecurity, and data privacy and how investors – both financial (e.g., private equity funds) and strategic (corporations) – can manage these risks and increase their chances of achieving a successful M&A transaction. We also discuss tales from the trenches and lessons learned from M&A due diligence we have performed for clients.
A post-merger integration is a significant endeavor for any organization. In most cases, the Buyer will be adding to its strategic capabilities and will want to assimilate the newly acquired company as quickly as possible to facilitate longer term growth. As exhilarating as this phase can be, it is a time that is often fraught with uncertainty for all parties involved, including employees, customers, partners, vendors, and owners.
The need for IT diligence has only increased as the technology landscape has expanded with cloud adoption, big data, analytics, artificial intelligence, and more. There is more to consider and evaluate in the first 100 days than the typical IT due diligence playbook has accounted for in the past; but if you approach the transition with a larger scope for IT and cybersecurity your odds of success are much greater.
Transition Planning for IT and Cybersecurity
While it’s rare for a single issue to derail an entire M&A transaction, inadequate transition planning, particularly around information technology and cybersecurity, is one of the key reasons why a transaction could lose value or fail to realize the value of the acquisition. In our experience, many of the challenges during transition planning, occur in these key areas:
- Inadequate planning for Day 1 and first 100 days: The phase leading up to a transaction is often busy with multiple priorities and numerous pre-close workstreams. Often, we see that the deal teams and executives are consumed with completing the deal but fail to adequately plan for and prioritize Day 1 activities. Key planning items for IT include:
- Transition of critical back office systems, such as email, ERP applications, HR/payroll, and other business platforms
- Design and migration planning for infrastructure
- Transfer of IT contracts
- End user migration activities
- Lack of in-house expertise with transition planning: It is not uncommon for management teams to lack the necessary integration or separation planning expertise required for M&A transactions. While large, serial acquirers often have established transition management offices already in place, smaller companies and private equity firms typically lack this type of expertise and must depend upon external consultants to assist with these initiatives. Given the complexity and urgency associated with transition planning, it is critical for management to adopt the following principles:
- Proactively manage risks and prioritize key activities – delay what can be put off, don’t expect to finish all work in the first week or month
- Decide and act – approach the integration with a penchant for action
- Keep the trains on the track – don’t disrupt the existing business
- Plan for continued growth – create a model that is scalable for growth
- Leverage external resources – supplement existing staff with consulting expertise to guide transition planning and execution around key functional areas, such as IT
- Poor communication (internal and external) and cultural mismatch: It’s important to communicate clearly and carefully during a transition. This is not a matter of saying less; rather, it’s about being far more conscientious in what you say, how you say it, and to whom. Focus less on developing a “common” culture and more on identifying shared values that can be effectively communicated and upheld across the entire organization.
- Prevalence of assumptions / expectations that are not aligned with broader vision: Deal teams often make simplistic and optimistic assumptions about how long it will take to complete a transaction and capture any synergies. In particular, the amount of effort and expertise required to integrate disparate IT systems as part of a transition is often underestimated, which can lead to companies overestimating the value of any partnership. As a result, important deal metrics, such as near-term earnings and cash flow accretion, can end up looking better than they deserve.
Mitigating Uncertainty During Acquisition Transition
Below are some best practices we recommend for mitigating the uncertainty caused by the above issues:
- Understand overall goals and objectives of integration: Given that no two acquisitions are alike, it’s important to begin the IT integration process by understanding the goals, vision, and timing of the transition. Having this information will enable the transition team to develop an accurate high-level integration plan that is closely aligned with the company’s business objectives.
- Establish proper governance through an Integration Management Office (IMO): Prior to close, the establishment of an IMO governance structure is a critical step to ensuring a smooth transition. Given the complexity of integration initiatives, most successful acquisitions adopt an operating environment to provide a comprehensive, yet streamlined execution, reporting and oversight structure. The IMO is largely responsible for structuring the overall transition program, including:
- Allocating integration resources
- Developing scope, objective, and work plans
- Leading integration plan creation, functional team coordination, and progress tracking/reporting
- Driving issue resolution and making key decisions
- Communicate and engage throughout the transition process to engage and motivate people: The importance of communication as part of the deal process cannot be overstated and plays a significant role during the transaction announcement, the 100 days that follow, and over the longer term as the combined organization accomplishes its integration objects. Companies that implement an effective cross-functional communication plan concurrent with the announcement of an M&A transaction can obtain faster buy-in from the target company’s management team, improve employee commitment and productivity, enhance customer focus, and accelerate the speed at which integration decisions are made.
- Build a detailed Day 1 and 100-day plan: Planning is key to the success of any transformational initiative. Integration planning is crucial for setting the pace for achieving expected commitments through a transaction. An M&A integration plan outlines exactly how and when major resources, assets, and process of the acquiring and acquired companies will be combined in order to achieve the goals of the deal. Given this, integration planning must take place at the beginning of the deal to identify any risk factors that may impact the integration process. Additional elements of integration planning include:
- Day 1 checklist preparation and execution
- 100-day plan, by functional area (IT, Marketing, Sales, HR etc.)
- Preparation of communication plan
- Press kit and other external release coordination
- Internal employee communication
- Integration kickoff (prior to Day 1)
- Formal tracking of synergies and costs
- External oversight and accountability
- Change management
- Modernize IT systems as part of transition: Outdated IT systems are a common issue for established companies that have been acquired. During the pre-acquisition diligence process, we often encounter companies that are trying to get as much as they can from their investments in legacy systems. They typically devise patches or workarounds to overcome the limitations of these systems. While useful in the short term, over time these remedies can create incompatibilities among discrete layers of the technology stack and among applications within a layer, which can increase operating costs and result in missed opportunities to modernize their IT environments. In contrast, newer online competitors, which are unburdened by legacy IT systems, benefit from agile product development cycles and delivery systems, modern digital operating models, and lower operating costs. These companies can accelerate their time to market with new products and improved customer experience.
As part of the transition process, we recommend that incumbent organizations address the issues of legacy IT environments by modernizing their technology architectures in the short term, while also ensuring the scalability and sustainability of IT systems for the long term. This transformation process can be accomplished in one of two ways, depending on a company’s appetite for risk, financial resources, and maturity of its IT systems.
The first option involves prioritizing the rapid development of new front-end, customer-facing applications while continuing to ensure the stability of older back-end systems that handle foundational transactions and record keeping. This option works well for companies that need to implement specific functionality quickly or do not want to incur significant operational risks in replacing all legacy IT systems.
The second option is a total replacement of core legacy IT systems. This often works best as part of a post-acquisition integration process when companies are consolidating on a standard set of systems and processes. Obviously, there are advantages and disadvantages associated with both options which are dependent on many factors, not all of which are unknown prior to a deal closing. As a result, we encourage our clients to seek out third-party guidance on these decisions as they navigate the challenging of integrating a newly acquired company and modernizing IT systems as part of the transition process.
ACA Aponix M&A Diligence Resources
The following ACA resources are available to help you navigate the complexities of M&A diligence and portfolio oversight:
- First post in this series: M&A Due Diligence Challenges: Pre-Deal IT Due Diligence
- Thought Leadership: M&A Due Diligence and Portfolio Oversight: Minimizing Cyber and Privacy Risks During the Deal Lifecycle
- On-Demand Webcast: M&A Diligence and Portfolio Oversight: Identifying Cyber and Data Privacy Risks
- Case Study: ACA's M&A Diligence and Advisory Services for a Large Cap PE Firm Interested in Acquiring a Healthcare SaaS Provider
- Case Study: ACA's M&A Diligence Services for a PE Firm Interested in Partnering with a Defense Services Contractor
- Thought Leadership: Cybersecurity Considerations for Private Equity Firms: Mitigating the Cyber Risks of Portfolio Companies
How ACA Aponix Can Help
ACA's mergers and acquisitions (M&A) due diligence service offers pre-deal IT, cybersecurity, and privacy regulatory diligence of prospective portfolio companies to help investors determine cybersecurity risks at the onset, negotiate better deals, and align risks with the investment thesis. Our team of experienced technology, compliance, and risk professionals uses a business-oriented methodology to determine how the portfolio company’s potential aligns with the investment thesis, and provide the strategic roadmap and cost savings estimates required to achieve the investor’s objective during the hold.
For more information, contact firstname.lastname@example.org or your ACA consultant.