Guest Article

Improving Controls

The success of a deal depends largely on a target's corporate governance habits

In a continually evolving and increasingly global business environment, the success of an M&A transaction requires companies to put corporate governance at the top of their due diligence process. If carried out assiduously, pre-acquisition due diligence into a target company's corporate governance processes could go a long way to rebuilding confidence in M&A transactions.

Addressing the nation from the Oval Office thirty-four years ago, President Jimmy Carter made famous the phrase "crisis of confidence." With numerous studies suggesting that as many as nine in every 10 M&A transactions fall short of expectations, it is not surprising that analysts often utter the former president's refrain when commenting on deal prospects.

The enthusiasm for M&A deals thus far in 2013 may sound promising. Two recent surveys conducted by BDO USA found chief financial officers in both the retail and technology sectors to be downright bullish on M&A. But past experience warns us to treat such expectations with skepticism; indeed, the likelihood that even a handful of this year's deals will succeed as hoped is quite low.

There are countless reasons for failed M&A transactions - haphazard integration, misaligned strategy, financial disputes, ineffective leadership and culture clashes, to name a few.

Another contributing factor to our present-day crisis of confidence is insufficient pre-acquisition scrutiny of a target company's corporate governance practices and susceptibility to fraud.

Matters like strict internal controls and risk-management processes, while once viewed merely through the lens of compliance with regulatory standards, are increasingly important indicators of an organization's fitness for investment or purchase.

Hewlett-Packard's $8.8 billion impairment charge is one such example. Late last year, HP disclosed that senior management at Autonomy, the British software firm it acquired for over $11 billion, used accounting improprieties, misrepresentations and disclosure failures to inflate the underlying financial metrics of the company.

As such, an organization's corporate governance must be rigorously analyzed in advance of M&A in order to protect both buyers and sellers.

A handful of considerations for pre-acquisition due diligence can help to prepare companies in their pursuit of lucrative, sustainable deals.

More than a decade ago, the Sarbanes-Oxley Act mandated that public companies establish and maintain an adequate internal control structure and procedures for financial reporting. While that mandate was reviled for the costs it imposed on large organizations, it has been widely viewed as a major step in the right direction. In fact, just last year a survey of corporate governance professionals found broad support for that provision, with 59 percent of respondents calling Section 404 - and its resulting improvement to internal controls - the most significant element of the law.

In deals involving public companies, a careful look at SEC filings - where CEOs and CFOs must attest to the adequacy of their company's internal controls regime - and auditors' tests of the effectiveness of an organization's internal controls, can all provide meaningful insight into an organization's overall risk profile. But responsible due diligence must go further.

Even at companies where a board of directors provides strict governance and oversight, management takes its ownership of internal controls seriously, internal auditors regularly evaluate and monitor for fraud and duties are largely segregated, the possibility of a failure in oversight is always an organizational risk. Internal controls are implemented by human beings, at every level of an organization, and are only expected to provide reasonable assurance - not absolute assurance - to an entity's management, board and investors. Controls can be easily circumvented by the collusion of just two people within an organization or can be overridden by management.

Furthermore, when considering a deal with a private entity or emerging growth company, the examination must be even more rigorous as those companies are not required to have the same corporate governance and internal controls as are required in public corporations. Due to the high costs and lack of short-term benefits of an internal controls regime, organizations all too often fail to implement these measures.

In addition to an audit of a target company's internal controls, it is also important to consider the existing risk management processes the entity has in place.