Are you aware of the risks you are inheriting with your acquisition?
Following a sizable dip during the pandemic, Canadian M&A activity is back on the upswing. Private equity firms and growth-minded businesses will be eager to capitalize on the increased transaction volume. Still, they should also be mindful of the changing risk landscape during the due diligence process.
Major dealbreakers such as financial mismanagement or pending litigation must still be top of mind for potential buyers. However, we also know that instances of fraud and corruption spiked during the pandemic — much of which has yet to be uncovered or reported. Many organizations have also haphazardly introduced new digital platforms and tools over the past three years. Poor integrations could be costly to fix, while cyber vulnerabilities may open the door for a crippling attack if they’re not quickly weeded out and remediated.
While these risk areas may not be immediately apparent, the company’s approach to governance can be revealing. Other areas that require a deeper look include the business’s ESG exposures and the steps they’ve taken to quantify and improve exposures within the business and across their supply chain. This is especially relevant for private equity firms whose investors may be expecting progress in the areas of sustainability, diversity, and social welfare. Also, the internal climate within the business and how cultural issues have impacted its ability to attract and retain key employees is critical.
Companies that have an effective enterprise risk management and/or internal audit function will be easier to assess for potential fit and value across all risk areas. Those that don’t may still be a viable M&A target, but they will require increased scrutiny — and the costs of addressing key risk areas need to be factored into the final valuation and post-merger integration plan.
Related risks
- IT/OT Governance, controls, and specifically cyber risk
- Data and system integrity issues
- Cultures in conflict
- Inability to achieve required synergies
Key questions to ask
- Does your due diligence process include IT/OT controls and governance, the ability to meet investor ESG expectations, an awareness of any risk related to fraud and corruption, cultural issues, and proactive enterprise risk management activities?
- Are you clear at the outset which factors would be dealbreakers, and have you set parameters for a “no-go” decision?
- Have you ever disqualified a merger or acquisition due to an unacceptable level of risk? Based on this, what do you feel is the risk appetite of the board and executive?
Red Flags
- New cyber, ESG, fraud, or corruption issues related to acquisitions or mergers
- Errors found in data
- Excessive cost and time required to achieve integration targets
- Morale issues and excessive turnover