Staying Vigilant After the Deal Has Closed: Strong postacquisition due diligence can pick up problems previously missed and help integrate the newly acquired business.

Every organization involved with mergers and acquisitions should consider implementing an effective integration strategy to help ensure that its m&a objectives are achieved. One of the primary reasons many transactions do not succeed in generating additional shareholder value is because the acquiring company does not have an effective strategy for integrating the business activities and processes of a new subsidiary. Postacquisition due diligence may be an especially useful component of an effective integration strategy. If a subsidiary subsequently is sold, the divesting company also may benefit from sell-side due diligence. Postacquisition due diligence is especially important when there is uncertainty regarding the effectiveness of preacquisition due diligence. Preacquisition due diligence often may miss important issues, especially when it is conducted in a competitive bidding environment in which the acquiring company has only a few days to access financial records and key personnel. A representative of International Business Machines Corp. cited one example in which a middle-market company that had limited acquisition experience experienced a large fraud at a Japanese subsidiary purchased in a divestiture. The fraud was well hidden when the preacquisition due diligence was conducted but was eventually discovered once the acquired business was broken away from its prior parent. The acquirer could have significantly reduced its losses if it had conducted postacquisition due diligence. Given the short time period and lack of familiarity with the business when preacquisition due diligence is conducted, it is possible for a buyer to overlook key business risks, significant control weaknesses, and fraudulent financial reporting prior to signing an acquisition agreement. Postacqui-sition due diligence can help compensate for such risks by providing early identification of unmet initial business plan goals or “case objectives” (e.g., inadequate internal rates of return), which may allow the parent company to take corrective action before substantial losses are incurred. Postacquisition due diligence also is useful when there is a planned integration of a significant portion of the merging companies’ infrastructures. According to a representative of Weyerhaeuser Co., integrating a large percentage of a new subsidiary’s infrastructure is fairly common in mature-market businesses. In such cases, postacquisition due diligence can help in the early identification of problems to ensure the success of the infrastructure and corporate culture integration. Sell-side due diligence is another tool that may prove valuable. As technology and consumer preferences change, subsidiaries may be sold because they are no longer considered part of a company’s core business. According to an IBM spokesman, subsidiaries that the firm acquired prior to the mid-1990s may have received only minimal preacquisition due diligence and possibly no postacquisition due diligence. Thus, there may have been problems with the acquired businesses that IBM did not know about. Had these problems been discovered early, the buyer might have gained a lower selling price or avoided the risk that the problems might have harmed IBM’s reputation. Sell-side due diligence helps minimize the risk of such hidden problems. In this article, we describe a comprehensive m&a integration strategy developed by IBM to focus on postacquisition due diligence. We also describe sell-side due diligence programs initiated by IBM and Boeing Co. in connection with divestitures of business units that they must put up for sale. The information primarily originated from the Third Annual International Mergers and Acquisitions and Joint Ventures Auditing Conference, which discussed the risks involved in such projects and shared best practices for controlling them. The comprehensive, m&a integration strategy we describe is under development at IBM and consists of four phases: *Forming a business resources team and generating cooperation among m&a stakeholders; *Conducting preacquisition due diligence; *Developing the postacquisition integration strategy; and *Conducting postacquisition due diligence. Forming the Business Resources Team One of the first steps in IBM’s integration strategy is to form a “business resources team” for the transaction. The team has overall responsibility for developing the initial business case and for conducting both preacquisition and postacquisition due diligence. The initial business case defines the deal’s objectives, such as targeted internal rates of return for the new subsidiary and/or targeted savings from infrastructure integration or elimination. The team typically includes representatives from the firm’s finance, internal audit, information technology, and tax groups in addition to contracts or legal counsel and a consultant from an outside accounting firm. A critical element in the integration strategy includes obtaining the cooperation of several m&a stakeholders, including: *The business resources team; * Business development or marketing personnel with overall responsibility for preacquisition and postacqui-sition m&a activities; *A top-management champion or dealmaker who can assist with management “buy-in” for the integration strategy; * The business segment primarily affected by the acqui-sition; * The internal audit group; and * A transition manager who joins the new subsidiary for six to nine months to work closely with the acquired company’s CFO on integration issues. Conducting Preacquisition Due Diligence Some of the most important objectives of preacquisition due diligence are establishing the fair value of the proposed subsidiary and identifying key transition activities. Developing the Postacquisition Integration Strategy Prior to approving a deal, IBM develops a complete postacquisition integration strategy with specific milestones. The company also requires that all contracts in connection with the transaction include a right-to-audit clause covering both before and after the acquisition. One of the first steps is to assign a transition manager to oversee the integration process. IBM also appoints business process experts with responsibility for integrating the infrastructure processes. Transition Manager Each new subsidiary is assigned a transition manager who joins the subsidiary on a full-time basis for six to nine months. The transition manager is a financial expert who works closely with the subsidiary’s CFO to: * Map the business case; * Ensure the health and welfare of the new subsidiary; * Provide direct assistance with on-site integration, including implementing of the IBM culture; and * Act as a key liaison with IBM corporate management during the integration. The transition manager is not responsible for integrating infrastructure processes – a job that is delegated to the business process experts. The transition manager also is not involved in directly running the business. This helps maintain his or her objectivity with respect to the integration. Transition managers receive formal training, from the business development group, before assuming their duties. Surprisingly, many companies do not require formal training for their transition managers. IBM conducted a survey of Fortune 100 companies that had concluded at least five mergers, acquisitions, or joint ventures during the past five years and found that fewer than 50% of the respondents required formal training for their transition managers. Business Process Experts Business process experts have the primary responsibility for integrating the various infrastructure processes. IBM employees are designated as business process experts within the areas of accounting, billing, contract management, finance, information technology, and procurement. One or more business process experts are assigned to each new subsidiary depending on the specific infrastructures that need to be integrated. Conducting Postacquisition Due Diligence For the first year after the acquisition, the integration team typically employs a supportive, consultative approach toward the new subsidiary. For example, internal audit’s activities include: *Conducting a proactive review of business controls within 30 days after the acquisition; *Following up on issues identified in the preacquisition due diligence report for further review; and *Facilitating a semiannual control assessment. At the end of the 12-month period, the subsidiary is subjected to a rated audit. Within the first 30 days after an acquisition, the subsidiary undergoes a comprehensive, proactive review of business controls, called a control assessment review (CAR). Often it is found that a new subsidiary has not adequately identified its key business processes. In such instances, internal audit, with assistance from relevant process experts, helps the subsidiary identify its key processes and assess the adequacy of internal controls. During this stage, internal audit also might provide some recommendations for improvement, such as how to strengthen existing encryption and firewall packages. In some cases, the CAR results in a recommendation to sell a new subsidiary as quickly as possible if the unit is found not to be a good fit with IBM either culturally or financially. A sell recommendation may be given even if the business is losing money. After the first six months, a new subsidiary undergoes an initial semiannual control assessment, during which it is encouraged to critically self-assess the adequacy of its internal controls. At the end of the first year, the new subsidiary undergoes its first rated audit, aimed primarily at following up on the recommendations stemming from the semiannual control assessment. A rating of satisfactory or unsatisfactory is given, based on whether the recommendations have been implemented. An unsatisfactory rating represents the first, punitive action by the parent company, and it can result in the loss of jobs within the subsidiary’s top management. The timing of the initial rated audit is considered crucial. The integration team wants to allow the new subsidiary enough time to integrate its infrastructure. However, it does not want to allow so much time to elapse that the new subsidiary may deviate significantly from the initial business case. In early 1996, only 30% of all new subsidiaries received rated audits within 18 months of acquisition. By early 1998, however, 90% of all new subsidiaries received rated audits within 12 months of acquisition. The process continues after the first year. Each subsidiary continues to be subjected to semiannual control assessments and an annual rated audit. Approximately 92% of IBM’s subsidiaries receive a satisfactory rating, although the percentage of new subsidiaries that receive a satisfactory rating on the initial audit is much lower. All audit results are “rolled up” to generate a corporate-wide internal control report, which is reviewed and acted on by top management. Sell-Side Due Diligence Process When acquisitions do not work out, it may be due to a failure to achieve desired objectives or it may be because the subsidiary no longer fits the organization’s desired core competency. Whatever the reason, due diligence on a subsidiary prior to offering it for sale may prove useful. During the late 1990s, companies such as IBM and Boeing began conducting sell-side due diligence on subsidiaries they planned to sell. These organizations found this to be especially important for subsidiaries that had received minimal preacquisition or postacquisition due diligence or none at all. When the organization is not completely familiar with the subsidiary, “surprises” may still exist. Potential buyers who discover these surprises during their preacquisition due diligence may walk away from the deal or demand a price reduction. Once the marketplace becomes aware of these aborted deals it may be even more difficult to sell these subsidiaries at a respectable price. In extreme cases, a corporation’s reputation for impeccable business ethics may be tarnished. For example, IBM recently sold a subsidiary it had purchased from a French company five years ago. Embarrassing problems relating to the realizability of the subsidiary’s accounts receivable resulted in a substantial reduction in the final selling price. At IBM, sell-side due diligence, conducted by internal audit personnel, results in two primary “deliverables” to management: *A due diligence report that identifies issues and exposures that could significantly affect the sales process and final sales price and *Recommendations to help mitigate the exposures addressed in the above due diligence report. Sell-side due diligence is similar to preacquisition due diligence. In general, a buy-side due diligence mind-set is needed. Specifically, internal audit should ask itself, “What would the buyer want to know most about this subsidiary?” Internal audit interfaces with these people: *Business development or marketing professionals, who should now be viewed as the “customer;” *Country and/or line management, who also should be viewed as a “customer”; *The CEO and CFO of the subsidiary; and *The corporate assistant controller. At both IBM and Boeing, the most important due diligence objectives involve evaluating the current business case and assessing the extent to which electronic documentation is adequately safeguarded so that corporate intellectual property is protected. Ability to Support the Current Business Case At IBM and Boeing, a critical sell-side due diligence objective is to evaluate the supportability of the current business case, including the soundness of a unit’s operations, by analyzing the: *Reasonableness of the underlying assumptions that are the basis for forecasted financial statements; *Quality of assets; *Quality of current period earnings; *Potential for unrecorded or understated liabilities; and *Ability to achieve anticipated cash flows. With forecasted financial information, the objective is to assess the achievability of the projections. In addition to examining several prior years’ financial statements as a basis for predicting future earnings trends, key assumptions made in the forecast should be analyzed. For example, if a forecast is based on projected sales growth of 10% and the subsidiary is about to lose one of its largest customers, the forecast may be unrealistic. In assessing the quality of assets, one objective is to ascertain the accuracy of reported asset valuations. For example, the auditor should consider the adequacy of inventory valuation and control. This might include evaluating whether lower-of-cost or market adjustments are needed; whether all physical inventory to perpetual record variances have been addressed, and/or whether there are significant long-term purchase commitments with key suppliers that may result in significant business interruption costs if one supplier goes bankrupt. Other asset quality considerations might include such things as the realizability of accounts receivable, including the adequacy of collection procedures, and the possible impairment of obsolete or idle equipment. When evaluating the quality of earnings, specific consideration should be given to such things as how aggressively the subsidiary has applied generally accepted accounting principles (GAAP) revenue recognition rules, the potential negative effects of foreign currency translation adjustments, and the effects of related parties. It is also important to search for such accounting practices as the deferral of normal research and development expenses to overstate current earnings. A search for unrecorded liabilities may be especially important in dealing with foreign subsidiaries. For example, there may be hidden tax obligations or unrecorded environmental liabilities. On the tax front, due diligence should include examining historical tax compliance and any indemnification issues. In examining environmental liabilities, special care should be taken in the sale of a foreign subsidiary to a U.S. company. International environmental disclosure rules tend to be more lax than U.S. rules. When a U.S. company acquires a foreign subsidiary, that unit may become subject to U.S. reporting rules, thus forcing the recognition of previously unrecorded environmental liabilities. Depending on the terms of the purchase agreement, the selling organization may become responsible for those liabilities. Finally, cash flows should be examined carefully to ensure that they are not being deceptively manipulated. For example, the subsidiary may have acquired new debt for the sole purpose of meeting existing loan covenants that require the maintenance of positive cash flows. Operations alone may have been insufficient to produce the required cash. Such tactics can only be employed for a limited amount of time before the debt load becomes too much for the subsidiary to bear. In addition, sell-side due diligence should consider other non-financial statement issues that might impact the current business case. Specifically, due diligence might include reviewing current market data to determine whether appropriate demand exists for the subsidiary’s products and/or services or determining whether the subsidiary has the capacity to support projected growth. It might be found, for example, that the subsidiary recently sold equipment to finance current operations, thereby reducing the capacity it needs to meet current product demand. Safeguarding of Electronic Documentation Both IBM and Boeing assess whether the parent company’s electronically stored documentation, especially intellectual property, is safeguarded from unauthorized access. A key problem here is that the subsidiary’s systems often are fully integrated into the parent’s. If the sub has to be extricated, it is important to ensure that its systems cannot be used to gain unauthorized access to the parent company’s systems and data. Critical controls include adequate firewalls and encryption for all e-business transmissions, appropriate callback procedures to verify the authenticity of e-business transmissions, disaster backup and recovery systems, and limited access to approval codes. Electronic safeguards are especially important during the selling process if the subsidiary’s and parent’s systems are fully integrated. Suitors with access to the subsidiary’s systems during their preacquisition due diligence may inadvertently have access to the parent’s systems and data. For example, IBM recently permitted Lockheed Martin Corp. to conduct preacquisition due diligence on some IBM defense businesses that were slated for possible sale. In allowing outsiders that kind of access, IBM takes special precautions to protect its intellectual property, including patented processes and inventions. Organizations that are heavily involved in m&a should consider a comprehensive integration process that includes postacquisition due diligence. Corporations with limited m&a activity may find it difficult to justify the cost of an approach like the one used by IBM, although postacquisition due diligence still should be considered. Unfortunately, preacquisition due diligence is often rushed and may not uncover significant operational and integration problems that should be detected early to avoid significant losses. Sell-side due diligence is another proactive tool that may prove valuable to organizations that want to execute needed divestitures at value-creating prices and without post-deal problems. Sell-side due diligence helps detect problems early so that appropriate remedial or risk management actions can be taken prior to the sale. Many of the benefits of the postacquisition integration strategy discussed above may also apply to strategic alliances, such as joint ventures. If competitive bidding is involved, the pre-partnership JV due diligence process may be limited, and thus fail to identify significant business risks, control weaknesses, or fraudulent financial reporting prior to the signing of the JV agreement. In such instances, post-agreement due diligence may help with the early identification of unmet objectives of the partnership and help the organization take corrective action before substantial losses are incurred. Sell-side (or discontinuance) due diligence may uncover costly problems that may surface months or even years after a JV has been dissolved.