In 2001, America Online acquired Time Warner for $165 billion. Sprint and Nextel Communications merged in 2005, with Sprint having a majority stake with a $35 billion stock purchase. Bank of America acquired Countrywide in 2008 at a steal for $2 billion. The common denominator between these three and hundreds of thousands of other M&A transactions is that they all failed. The reasons for failure vary but with a sample size of thousands, it’s possible to identify clear trends — red flags.
What Red Flags to Look Out For
According to the Harvard Business Review, organizations spend more than $2 trillion on mergers and acquisitions every year. Unfortunately, the failure rate on these transactions is just as high, with estimates ranging between 70% and 90%. On the surface, all three of the transactions, I mentioned earlier seemed to be great business opportunities, even lauded as a “shrewd business investment”. But a few short years later, red flags that were previously overlooked during the due diligence phase became embarrassing and costly, eventually leading to critical failure. The America Online and Timer Werner transaction alone led to a write-down of $99 billion, only one year after the deal.
While there are many reasons mergers and acquisitions fail, a robust due diligence process that reveals critical red flags will help buyers avoid costly financial and reputational mistakes. With decades of experience, I’ve compiled a list of five of the biggest red flags that companies need to look out for.
1. Murky Division of the CPO and CTO roles
A common red flag often seen in product companies is overlapping responsibilities between the Chief Product Officer (CPO) and Chief Technology Officer (CTO). Both roles work closely together and are critical to a product’s success, albeit through different approaches. Since the ultimate goal for both is to help the organization achieve a Complete Product Experience (CPE), many organizations have the CPO and the CTO reporting to one another or a combination of the two roles.
The CPO focuses on the why and what of the product, while the CTO is concerned with the how. Without the CPO, the R&D team is likely to be isolated from the customers and the rest of the organization, as was the case of a company called General Magic.
Combining both roles into one will overwhelm the leader who has to focus on handling technical matters and product strategy. Depending on the strength of the person overseeing both departments, there will be an emphasis in a singular direction, leaving the other lagging. A similar thing also happens if either the CPO or CTO reports to the other, the team will be biased towards a particular direction.
The roles should work together for maximum benefit but without losing their autonomy or bottlenecking their own teams.
2. Recent Attrition of Critical Roles
Organizations typically lose some tribal knowledge when chief employees leave the company, especially in small organizations where departments center on one person. Recent attrition of critical roles in an organization can indicate a loss of important information required for the company’s success. This information can be related to technical details such as long-running queries, single points of failure, third-party access, etc as well as legal information and key institutional knowledge.
If the company does not have a central repository for organizational information, attrition of key talent can undermine performance, employee morale, and the success of the entire M&A transaction. Perhaps some other underlying issues related to the firm’s culture or organization may be driving attrition. Key talent should be valued, so why are they leaving?
Even if there has been no separation of key talent, the acquiring company needs to assess the staff, identify key talent, and develop retention plans as soon as possible, optimally before the acquisition begins. In-house staff often hold vital information which is needed to ensure the smooth operation of the entire organizational system.
Sometimes as a diligence, buying firms should compare Target’s product organizations salaries with benchmarks to determine whether across-the-board raises are required to retain key talent. This talent is even more critical post-close.
3. Missing Documentation
Missing documentation, particularly if it has the potential to cast the target company in a negative light, is a huge red flag. Despite duty of good faith during due diligence, companies may not share all relevant information (sometimes even unintentionally). Even delayed documentation, though provided in the end, should be cause for alarm.
Acquirers should take extra precaution when involved in a private company acquisition where the company has not been subject to the scrutiny of the public markets, and where there is little opportunity to get the information from other public sources.
Complete documentation ensures the acquirers know:
- Obligations it is assuming
- Nature and extent of the selling company’s contingent liabilities
- Legal matters (pending and outstanding)
- Contract issues
and so on.
Bank of America ended up inheriting bad debt with its acquisition of Countrywide in 2008. This was the result of not having a full picture of the obligations it was assuming. Ultimately, the Bank of America ended up paying $50 billion for the $2 billion purchase.
4. Weak IT Policies and Procedures
Organizations with weak IT policies and procedures, such as shadow or orphaned IT, are vulnerable to increasingly prevalent cyberattacks. Especially as bad actors may see a merger or acquisition as an opportunity to exploit vulnerabilities in IT security during the transition period.
Nearly every modern organization has shadow or orphaned IT to a certain level and thus are at risk in five key areas:
Lost control and visibility
Shadow IT implies that the organization is unaware of the existence of some of its own IT assets, thus opening itself up to security risk, data leaks, and an inability to perform disaster recovery measures involving data when required.
Lost data
Orphaned IT implies that the company has identified IT assets but is unable to pinpoint who (within the company) owns and manages it. This, again, causes an organization to be vulnerable to data breaches and exploitation of private confidential information.
System inefficiencies
An organization with shadow IT cannot adequately plan for capacity, security, and monitor the performance of apps being used in different departments and in the various capacities it is not aware of. Analysis and reporting become complicated and nearly impossible to rely on as various data versions exist outside the department’s purview.
Cost
Often there are additional costs that are incurred that the IT department did not factor into their budget. It is even possible for an organization to make multiple payments for a single software or app when usage is not being monitored,
Non-compliance
Orphaned IT creates additional audit points, where proof of compliance must be provided. This is especially true for the healthcare industry, where regulations require heavy monitoring and safeguarding of patient information. This exposes organizations to regulatory risk for non-compliance, resulting in financial sanctions.
Shadow IT expands a company’s attack surface but the company is rarely aware of the expansion until it is too late. Naturally, the parent company will inherit the risks and costs associated with this but the transaction cost would not account for it, that is, the acquirer will overpay.
5. Organizational Structure
The organizational structure of many young eCommerce companies causes bottlenecks and dependency on single employees, where key functions are centered on an individual. This sometimes leads to these employees being highly influential within the company which may cause problems during the transition for new owners/employees
Another red flag common in young startups is where companies are still managed by their founders. In these cases, you are likely to find friends or family members occupying key positions within the company, who are not only overpaid but also may not be the best fit for the job.
Wrapping up…
It’s unlikely that any strategy could guarantee a 100% success rate for the thousands of mergers and acquisitions that happen every year — there are simply too many variables. There will almost always be skeletons in the closet and more often than not, target companies won’t have full access to the closet until the deal is finalized.
That said, there are signs, red flags, that can indicate the presence of said skeletons — from an incomplete attack surface and lax IT systems to a lack of clear HR policies. The writing may not always be on the wall but if we learn to identify these signs and patterns, backing away from potentially disastrous transactions becomes a lot easier.
Pro tip: Oftentimes news of an acquisition increases scrutiny of a Target firm by cyber criminals. Make damn sure Target company’s safeguards are in place once an announcement is made.
