Worldwide, companies spend trillions of dollars each year on mergers and acquisitions. They spent $3.4 trillion in 2022. But data from the Harvard Business Review says that 70%–90% of those acquisitions will probably fail to deliver the promised value.
If companies invest so heavily in acquisitions, why do most fall short?
Part of the answer lies in poor due diligence practices. If PE firms do not adequately scope IT and operational issues and needs, they run the risk of acquiring companies with unforeseen problems and sky-high remediation costs. These gaps can negatively impact valuation and cause acquisitions or planned integrations to fall short of expectations.
PE firms typically focus on financial due diligence, and many short-change organizational, operational, and IT due diligence. However, it’s in these latter areas where the rubber hits the road; where value can be realized or lost. It’s therefore critical that an acquiring entity undertake proper IT and operational due diligence.
Key Goals of IT and Operational Due Diligence
On a recent project, our PE firm client had established its offer price and placed its irrevocable bid before we had been retained to do IT and operational due diligence. Our untimely analysis uncovered significant operational issues, incompatibilities with the acquiror’s business (it was an add-on acquisition), and risks to value realization. Fortunately for our client, the selling firm chose a different dance partner.
As another example, a different PE firm hired us to assess the operations and systems of a rapidly growing target. Our analysis showed immaturity in the target’s business processes and enterprise software systems. We modelled the changes to the target’s org structure, business processes, data, and systems that would be necessary to support the target’s growth projections. We also costed those changes and assessed the risk. Our client relied on our analysis to refine its valuation and make a more appropriate offer.
The bottom line is that pre-acquisition IT and operational due diligence are critical. Done properly, they allow PE firms to (a) assess a target’s technology infrastructure, data, systems, and security, (b) assess a target’s business process maturity, operational efficiency opportunities, and future synergy opportunities, and (c) prepare high-level project plans and cost budgets to implement key value-driving changes.
For effective and comprehensive information technology due diligence, consider the following factors.
IT Due Diligence
Evaluate the Technology Stack
Before acquiring any target, you’ll want to closely examine four major areas across business applications, platforms, and infrastructure:
- Scalability
- Reliability
- Compatibility
- Security
An effective assessment of these areas surfaces strengths as well as risks and issues of the existing technical environment. It should also project the costs and work effort to modernize the stack to support future-state requirements.
Cyber-Security and Data Privacy
Unfortunately, data and security breaches are becoming more prevalent – with the average data breach costing US-based companies $9.5 million.
Your IT diligence should include a base-level cyber-security assessment of organizational and system controls and practices, including the target’s disaster recovery and business continuity plans.
Also, as data privacy laws and regulations proliferate, it’s critical that the diligence assess overarching governance, the categories of collected data, applicable compliance regimes (contractual and legal/regulatory), existing policies and procedures, and any actual and potential claims.
Operational Due Diligence
Given the intertwined nature of business processes and technologies, it usually makes sense to conduct operational due diligence alongside IT diligence. The objective is to assess the target’s operational maturity, the potential for business process efficiencies and scalability, and (if applicable) opportunities for synergies.
Here are three components to a strong operational due diligence report.
An Assessment of the Target’s Organizational Structure
A well-conceived organizational structure facilitates efficient work across business functions and down from executives to front-line workers. In contrast, a poor organizational structure can lead to miscommunication, work duplication, inconsistent processes, confusion, and scalability challenges.
An operational due diligence assessment should evaluate the target’s organizational structure, including:
- The clarity of the structure, positions, and general job descriptions
- The definition of reporting lines
- Notable gaps
An Assessment of the Target’s Business Processes
Value is created through the processing of information and the delivery of goods and services. Pre-acquisition, it is important to perform a high-level assessment of the effectiveness and efficiency of business processes and internal controls. Do transactions flow seamlessly through the organization or is there a lot of friction caused by, for example, manual processing and data duplication across systems? Are business processes consistently applied or do different people handle the same process in different ways?
When assessing business processes, it’s helpful to organize them by value stream. Those common to product and service-oriented companies include:
- Quote-to-cash
- Plan-to-manufacture
- Plan-to-produce
- Service-to-deliver
- Service-to-repair
- Procure-to-pay
- Record-to-report
- Recruit-to-retire
An Assessment of Data and Information Architecture
Data is the foundation for what is bought, sold, served, made, and accounted for. It provides the inputs to the business’ financial reports, operational performance, and future projections. For the PE firm, data forms the foundation of the target’s confidential information memorandum (CIM) and the reliability of the due diligence.
As such, it is critical that the data quality be assessed in relation to:
- Accuracy
- Completeness
- Consistency
- Timeliness
- Integrity
A PE firm can take confidence from strong data governance. In contrast, if data quality and controls are questionable, a PE firm might discount its valuation.
Success Factors for Both IT and Operational Due Diligence: Action Plans and a Budget
A potential acquiror will only want to invest if it can create meaningful value. It might forego a bid if it can’t implement many of the value-driving changes within its investment horizon or at a reasonable cost and risk profile. For this reason, it’s critical that the IT and operational due diligence contain order-of-magnitude assessments of cost, schedule, and risks associated with implementation.
In the midst of a post-acquisition? In a companion article, we delve into Critical Success Factors for Post-Merger Integration.
Why Pemeco?
PE firms are experts in investments and value creation. And Pemeco is a leader in due IT and operational due diligence assessments and post-acquisition integration and implementation. Don’t just take it from us. Hear it from one of our long-term clients:
“I could drop the Pemeco team into any of my 80 business units. Each one makes a different product, their processes are different, they serve entirely different customer bases and markets, but I don’t have to think twice. They can handle it. That’s the comfort level I have with Pemeco”, Vagesh Rajashekar, Global Chief Information Officer, Curtiss Wright Corporation.
Together, we can help you assess and deliver shareholder value. Power your project with Pemeco – the only team in the industry with an impeccable ERP implementation track record.
