For most companies in a position to consider acquisition, deciding to move forward is the easy part. M&As are significant growth drivers, providing a powerful way to expand into new markets, enhance portfolios, and create new products and services. When the right target is identified and synergies align, growth-focused organizations that can afford it will often welcome the opportunity.

The challenge comes, of course, in the integration phase. Bringing together sometimes very different cultures, processes, and systems can seem rife with uncertainties for even the most experienced organizations. For acquisition to be successful, companies need to carefully consider everything from training, to change management, to properly informing customers, to compliance, and much more.

When it comes to technology integration, leaders should aim to consolidate IT through a strategic approach – one that fully assesses both companies’ infrastructures, maximizes customer satisfaction, plans for the future, streamlines processes, allows room for innovation, and supports the goals of the organization as a whole.

With that in mind, these are the core IT areas to focus on to make transition as smooth and profitable as possible before, during, and throughout an acquisition:

1. Ensure Information Security

Business leaders are already hyper-aware of the importance of safeguarding customer and company data. However, vetting security and addressing risks is an issue often neglected during boardroom acquisition discussions. The result can be a combined organization that is less secure than the two companies were when separate – and leadership may not even know it until much later.

Consider the data breach affecting over 500 million guests of Starwood Hotels, exposing credit card numbers, dates of birth, email addresses, physical addresses, and more. Starwood’s parent company, Marriott, had purchased Starwood in 2016, unaware that the breach had already been ongoing for two years. Even if Marriott itself has the tightest security available, they’re still responsible for the financial and reputational repercussions of Starwood’s vulnerabilities.

According to a 2017 report by West Monroe, 52% of global executives surveyed report discovering a cybersecurity issue with the acquired company after closing the deal. The report further notes that security concerns are the #3 reason purchasing companies regretted an acquisition, the #2 reason for abandoning deals, and the #1 reason acquisitions fail.

Getting ahead of this requires an assessment of the acquired company’s security status and infrastructure prior to the merger, including a gap analysis, software scanning, firewall evaluation, and a turn-by-turn roadmap of the needed procedural and technological changes. In short, the acquiring organization must have a clear process for vetting and addressing their target companies.

Another crucial piece of this puzzle is aligning information security policies. Leaders should assign one person or one team the task of creating and deciding on the policies, and ensuring that all employees understand and adhere to them. This is also a good opportunity to remind everyone of basic dangers such as phishing scams and the risk of executing email attachments.

Because acquisition can be a stressful time for employees, there may be some apprehension about the security policies, especially if they significantly change the way people are currently performing their tasks. In addition to applying standard change management strategies, it might help to roll out the new policies in phases, to allow for adoption time, review, and progress checks.

2. Streamline Workflows

Eliminating process redundancies and optimizing workflows isn’t restricted to the realm of management; it’s actually an ideal opportunity to leverage technology. This is particularly the case among fast-growing businesses: As a result of patching systems together on the fly in response to sudden requirements, they often have inefficient processes requiring multiple tools and steps. Employing technology solutions will save time and cut costs, while making the most of the existing systems.

In many cases, especially for acquisitions involving similar-sized companies, senior management will analyze both companies’ existing processes for tasks like purchasing, data entry, onboarding, payroll, customer management, and batch processing, as examples. Then they’ll either migrate everyone to the better of the two systems, or combine processes into a workflow that incorporates the best elements of each.

Rarely do leaders elect to create brand new systems. On one hand, this is understandable in a time already full of change. On the other hand, even if a ground-up rebuild isn’t in the cards, it’s a natural time to consider simple new tools to streamline and automate processes. Merged organizations are already consolidating infrastructures, adjusting policies, evaluating existing technology, and restructuring teams. Optimizing workflows through easy digital implementations is an excellent complement to these initiatives.

For example, do both companies have employees manning a live chat service? Instead of simply choosing one service platform over another, this may be the time to consider implementing a chat bot. This doesn’t necessarily mean that customer service reps no longer handle the chats at all – there’s certainly much to be said for that human touch. But chat bots can address the most common questions, improve response times, and capture customer information. All of this frees up more time for employees to focus on other, more impactful customer service responsibilities, such as phone calls and follow-up.

As with the security policy rollout, it can be helpful to introduce new workflows in stages, to solicit feedback, address concerns, and allow for the learning curve.

3. Maintain Compliance

When companies merge, they typically start out at different levels of compliance. This is especially true if the organizations are in different industries, if the acquired company is international, or if the merged company will serve international customers.

The key factor in compliance is understanding the specifics of the provisions the merged company must adhere to. This is often easier said than done. Even though almost all regulations cover the same general areas, each will have particular requirements. Compliance with one set of regulations, such as SOX, does not necessarily translate to compliance with another, such as GLBA.

Just as with your comprehensive security strategy, a dedicated team should be assigned to compliance. Because of the overlap with security strategy, many companies choose to have the same team handle both compliance and security.

Critical compliance areas include:

  • Protection and use of customer data
  • Access management
  • Electronic risk assessment
  • Disaster recovery and incident response plans
  • Monitoring, testing, and documentation

All too often, the acquiring company’s IT department is brought to the table in the middle or end stages of the merger, and are expected to instantly bring everyone into compliance. This is a tall order even for the most talented teams. To make the process smooth, comprehensive, and stress-free, bring the IT team in on discussions from the very beginning.

This will allow your IT team time to thoroughly evaluate and address the compliance requirements and security profile of the target company. This in turn reduces the risk of a surprise data breach that discloses customer information or company secrets.

During this due diligence phase, the IT and compliance teams should conduct a cyber audit of the target company that includes:

  • How they collect, disclose, transmit, store, use, and secure their customer information
  • Privacy policies, notices, and procedures
  • Website terms and conditions
  • Protections currently in place, including GDPR for companies with international customers
  • Scope of scrutiny controls and remediation effort protocol

As far as the regulatory agencies are concerned, the acquiring company is responsible for any vulnerabilities and non-compliance issues once the organization is merged. So, it’s crucial to not only fix issues discovered in assessment, but to ensure continual monitoring and improvement.

Conclusion

While there is a certain level of technological risk presented with any acquisition, it can be greatly reduced with careful planning. In fact, when done strategically, the process of consolidating IT can significantly contribute to cost savings, increased revenue and productivity, and employee and customer satisfaction. The key is to approach technology not as a post-merger task to be checked off the list, but as a pillar of your full acquisition plan.

 

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*