In today’s digital age, when technology drives innovation and serves as a foundational piece of any organization, the IT department is a critical consideration when conducting a merger or an acquisition.
Integrating the technology used by each organization is an incredibly important and time-consuming task that requires diligence and deliberate decision-making to ensure that the combined organization doesn’t miss a beat when the acquisition is all said and done.
For an IT leader, merging IT departments and technologies is equally as important as the integration of any other company assets. This process requires transparency, careful planning and thorough evaluations before any decisions are made. But, if it’s done correctly, it should result in more efficient business and streamlined IT operations.
Due diligence first
Before any terms are hammered out between organization executives and finance teams, IT leaders should become intimately familiar with the systems and processes deployed by the other organization. Oftentimes, the makeup of the company, its maturity and its business model will influence how respective IT leaders conduct the integration of technology assets.
The first question leaders must ask themselves is why they want to conduct the merger or acquisition, says Taren Rodabaugh, the CIO of tire company Bridgestone Americas.
From an IT leader’s perspective, the focus is very different if the two companies are similar and have a lot of organizational synergies versus if the other company markets to a new customer base with a new business model, Rodabaugh says.
This process includes a thorough evaluation of the organization’s IT assets, possible overlap, security risks, technical debt and how well the companies can combine, depending on the overall business objective.
Those findings will shape how IT assets are merged, including if the smaller organization simply conforms to the tools and processes of the larger, more mature organization.
According to Rodabaugh, the larger company overtaking the smaller company isn’t always the case.
“It very much goes back to depending on the ‘why,’” Rodabaugh says. “From an IT perspective, the value comes from consolidating the systems, eliminating duplication and creating efficiency as much as possible with everybody so that it’s much more seamless.”
For example, Bridgestone — primarily a manufacturer of tires and other rubber products — recently acquired Azuga, a provider of fleet-management software. This is a similar purchase to the one Bridgestone made of Webfleet in 2019. Both are smaller companies that are unburdened by the cumbersomeness that often comes with larger organizations.
“A lot of our systems will remain independent, and what we focus on aligning on is where you have your identity and access management and cybersecurity controls,” Rodabaugh says. “For startups, you want to make sure that they gain the benefit from your scale, but you don’t want to encumber them with what may be older, legacy systems.”
Cybersecurity considerations
While the smaller organization standardizing on the larger organization’s tools isn’t always part of the playbook, the larger organization does typically benefit from having a more sophisticated cybersecurity posture with on-staff security experts.
Many larger organizations now have CIOs, CISOs and other high-level technology executives. By contrast, much of that work is outsourced in smaller organizations.
“If they’re smaller, they just don’t have the staff that we have or the budget that we have to do that type of stuff,” says Bill Charles, CIO of trade show company EmeraldX, the parent company of TechDecisions.
When considering the other company from the perspective of cybersecurity, it’s important to get a full inventory of its solutions and services as a means of identifying where security holes may exist.
From a cybersecurity perspective, uniformity across the entire company is important. That includes migrating new systems into the combined company’s security operations center and installing corporate security tools on all endpoints.
One often-overlooked consideration is the acquired organization’s website and its security. Those platforms should generally be brought over to the new parent company’s environment quickly, Charles says.
Bringing the new company into compliance with your cybersecurity standards is not just important from a security perspective but also important from a compliance perspective — especially for larger organizations that are subject to a more stringent auditing process, Charles says.
Regardless of the size of each company, the last thing anyone wants to happen is a cyberattack upon the combined entity — least of all because of a vulnerability that existed in one organization’s IT environment.
“Having a high level of understanding of how strong they are in cybersecurity and their control environment will give you an idea of where you might have potential risks for you to dive deeper or understand the actions you need to take,” Rodabaugh says.
The good news is that many smaller, younger companies are cloud-native and leveraging the security of the SaaS model. And these smaller companies are generally not as attractive a target for cyberattacks as their larger counterparts are.
In addition to outside threats that might infiltrate a newly combined company, organizations also must consider the risk associated with cultural cohesion.
“When you’re doing an acquisition, you have to understand and really start to evaluate what potential risk you might have from the inside,” Rodabaugh says. “And that is a different risk level or a change in your risk level than what you might have normally.”
It is often the case that not every employee will be part of the combined organization’s plans, or they may choose to leave on their own after the merger.
“How do you protect those crown jewels that you just bought from leaving? You have to understand how well the culture is going to fit,” Rodabaugh says.
IT workers and end users
Depending on the size of each organization, there may be IT professionals on each side that can help integrate the IT assets to create a combined environment. However, many small organizations don’t have high-level IT expertise on staff.
“That can really make or break an acquisition,” says Charles, of EmeraldX.
For a larger company, putting yourself in the shoes of that smaller organization is key to a seamless transaction. That means relying on any on-staff tech help available.
For many smaller companies that are dwarfed by their new parent company, job security can be a concern. Keeping those team members comfortable during the transition is important, because you’ll rely on the institutional IT knowledge that they bring.
“You’re going to need them,” Charles says. “They have the knowledge you need in order to successfully integrate.”
During that process, constant communication and continuous feedback are critical. Routine updates on the progress of the IT integrations, as well as on employee onboarding to the combined or parent company’s infrastructure, will help everyone feel comfortable about the transition and stay on top of this complicated process.
For end users, that onboarding process should include training and learning the processes of the newly formed organization as quickly as possible, especially when they transition to new infrastructure and systems.
For example, a company moving from Google Workspace to the Office 365 tenant of the combined firm will have a learning curve that will necessitate some end-user training.
“There is a lot of onboarding and hand-holding that we do there,” Charles says.
One of the most important things that an IT staff can help support is integrating HR systems and making sure that new employees are paid on day one of the acquisition.
“That is probably the most important thing to do,” Charles says.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply