One of the first questions we routinely ask clients when initially ramping up a due diligence effort or pre-integration planning phase is “Where is IT?” Specifically, we are getting at key principles of success that dictate getting senior-level IT pros involved in an early and comprehensive IT due diligence effort. Surprisingly, many organizations have learned the importance of this lesson the hard way.
A recent McKinsey study puts this success factor in perspective. This research found that for mergers and acquisitions across multiple industry sectors, often more than half of the total cost synergies are primarily related to IT, either directly, or as a key enabler or dependency of integrating business processes or capturing other synergies.
To help us flesh out this important topic – assessing IT integration scope and risks during due diligence – I’m delighted to introduce you to two of our key IT due diligence and rationalization practice leaders at M&A Partners, John Sinkus and Doug Picirillo. Both John and Doug have expert-level credentials – technically and strategically -- and are some of the best consultants I’ve had the opportunity to work with. We recently had a chance to discuss the importance of an effective IT due diligence effort, and this week’s blog is a summary of that conversation.
MH: John, how would you characterize the key objectives of a comprehensive IT due diligence effort?
JS: We believe that IT due diligence cuts right to the heart of almost every deal’s value proposition in at least three essential ways. First, as a part of the go/no-go decision. This is clearly more prevalent in the mid-market or private equity sectors, but we have absolutely discovered situations where IT due diligence findings made a target look suspect relative to other potential targets.
Second, the IT due diligence findings can and should influence the underlying target company valuation, synergy estimates and integration budgets. For example, think of a scenario where the target has anticipated a sale for some time and has under-invested in its IT. If you are a prospective buyer viewing this target as a strategic platform expansion, your anticipated revenue growth synergies may require a substantially higher IT investment than projected.
Finally, and the much more common purpose, is to inform the integration plan as early as possible with respect to the total IT integration scope, risks, and requirements. In most M&A scenarios, you simply cannot afford to wait until post-closing to get this data into the planning work-stream.
"IT due diligence cuts right to the heart of almost every deal's value proposition in at least three essential ways..."
MH: Doug, you and John work with some very sophisticated acquirers and IT organizations. What are some of the key lessons learned from these experiences?
DP: Several things stand out. Many times, you have restricted access to target company executives and IT data until later in the process. When this happens, and even before accessing any available target company data provided in the data room, we always scrub public filings, LinkedIn, trade journals and conferences for hits about the company, its IT executives, platform, hiring, general investments, etc. This is a quick way to gain potential early insights and help us form additional areas of inquiry not necessarily on the formal check list.
Also, it is really important to adapt your diligence focus and approach to the specific “deal-type DNA,” or the primary underlying strategic objectives and transaction characteristics of each deal. For example, the IT diligence approach for a tuck-in or product line extension deal will look vastly different than the IT diligence approach for a stock merger with an equally sized competitor. An IT diligence effort for a tech and IP deal will be heavily dependent on software development capabilities, talent, unique tool sets required and scalability; while the IT diligence for a carve-out deal will ordinarily be heavily dependent on a transition services agreement (TSA) and data transfer.
But perhaps most importantly, you really have to use a strong and consistent methodology to assess both the buyer’s IT environment AND the target company’s IT environment in order to get at the key scope and risk issues that can potentially destroy value or disrupt the business.
MH: John, if having a strong IT due diligence methodology is so important, what are some of the essential areas to look at?
JS: There are several really good methodologies out there, so we’ve attached a copy of our recommended baseline model in this week’s downloadable resource, Assessing IT Integration Scope & Risks During Due Diligence. You’ll see several key areas you would expect to find, including a review of IT infrastructure, application architecture, data architecture and governance, etc. You’ll also see some areas you might not expect to find, including an assessment of the target’s management processes, procedures and controls; and its current project portfolio.
At this point, I have to emphasize three other key lesson s learned. First, each area has unique evaluation criteria to help us rate, rank or determine potential integration opportunities and risks. Second, is the reality that you’ve simply got to get beyond the “checklist” level of due diligence that is so common. When we conduct IT diligence we are ultimately trying to create a comprehensive current state architecture map of the target company with a specific representation of core business processes; systems (including applications, code and scripts, databases and objects), infrastructure (including hardware hosts, software services, network circuits); and finally, a view of the external IT world (including customers, suppliers, partners, contracts, etc.).
That leads to my third "lesson learned," which is simply this: you’ve got to use your best and most experienced IT professionals, and in many cases, outside advisors to help guide, direct and lead the really complex aspects. In our case, our complete end-to-end IT M&A methodology consists of about 150 different tools, templates, work samples, etc., to help an organization quickly get traction with best practices and insights gained from many IT diligence and integration efforts over the years.
MH: Can you give us an example or two of some major “look-out-fors” that could really add an enormous amount of risk or cost to IT integration?
DP: Let me refer again to slide two of this week’s download. At the macro-level, we find that it is important to advise senior executives of the major dissimilarities between buyer and target, and translate those findings into specific potential impacts and implications for integration. For example, if there are completely different enterprise systems such as Oracle E-Business vs. SAP, how does that translate to specific options and alternatives including: stand-alone, a longer-term ERP migration (think years in large deals vs. months), or strict prioritization of key functional areas or key modules while managing via work-arounds in lower risk areas. A Deloitte study identified four types of risks to effective post-merger Integration: synergy, people, structural and project risks. In IT Due Diligence we find that dissimilarities in the technologies and the sophistication of the acquiring IT organization can create synergy risks, people-oriented risks, or structural risks both to effective Integration and future operations.
IT is the area of greatest risk, cost and interdependency in every M&A deal. Join us for The Art of M&A Business and IT Alignment to master the critical alignment between Business and IT. Hosted by the M&A Leadership Council, this unique executive training brings together industry experts from world-class firms like BDO and M&A Partners. The Art of M&A Business and IT Alignment is only offered once a year, and space is limited. Register today!