The Do’s and Don’ts of M&A

The world is getting smaller, especially with wave after wave of merger and acquisition activity.

According to Forrester Research, the banking and financing industry was ranked No.1 in mergers and acquisitions in 2004, with 403 deals worth $139 billion. Computer software, supplies, and services were not far behind, ranked No.4 in mergers and acquisitions in 2004, with 1,505 deals worth $35 billion.

Since 1999 alone, my own company, Symantec, has acquired and/or merged with upwards of 25 individual companies.

Clearly, business consolidation is an ongoing trend. At the same time, the CIO “perfect storm” continues to brew as compliance issues, day-to-day operations, security threats, new products and services, and changing technologies all converge with merger and acquisition demands to challenge IT organizations.

But where does the CIO begin as his or her company begins to acquire or merge with another company?

People First

The most important piece of data needed is an overall profile of company personnel. This is because before individuals can appropriately continue to contribute to the new, combined company they must first understand what their role will be in the new company, in what group they will work, and for which manager.

At the same time, project management teams must be integrated to develop a single integrated product plan and a single integrated product team. This team must be plugged quickly into existing services and systems.

Then, as soon as an acquisition is announced, direct communications must be established between the two companies via e-mail to facilitate the timely exchange of critical business information. Networks must be connected and systems evaluated and integrated, where necessary, into the acquiring company’s existing infrastructure.

For many smaller acquisitions, this process can be completed in just 90 days. By then, users will be using the combined company’s shared e-mail system, technical support staff will have ready access to business systems, and HR documents and expense reports will flow through a shared set of systems and applications.

To facilitate this, the acquiring organization must have well-documented processes, systems, and procedures. This documentation can, in turn, be used as a training exercise as IT staff from both companies continue to collaborate and work together on shared issues.

By the end of the 90-day integration cycle, all employees will be on a single HR system, purchasing, expenses, and revenue reporting will be on a single ERP system; customer account profiles will be integrated; a consistent approach for handling customer support will be deployed; an integrated Web presence with new branding with be made available; and new security credentials for employees of the acquired company will be delivered.

Processes and Technology

The 90-day integration goal also requires the organization to set up executive governance for rapid decision-making. Compliance concerns must be addressed early.

These might include merging development and project methodologies, production change management processes, and integrating financial systems and processes. Due diligence and integration planning should be completed concurrently for fastest results.

From a technology perspective, architecture and scalability must be the primary focus.

Due diligence on vendor contracts must be done prior to Day 1, with an auto-renewal clause and timing in place by that time. Particularly with mergers of equals, technology decisions need to be grounded with overall business priorities and made very quickly. Finally, decisions must be made to retire systems that are no longer relevant in the new environment.

The perfect storm is here to stay. Regulations, security threats, changes to products, and new technologies all converge with merger and acquisition activities to present the CIO and his or her staff a challenging set of integration issues to resolve.

However, by using a holistic approach to a merged governance program—one that includes people, processes, and technology—and by focusing on governance and planning, combined companies can integrate quickly and effectively and, in turn, leverage new business opportunities while maximizing existing investments and resources.

Mark Egan is Symantec’s CIO and vice president of Information Technology. He is responsible for the management of Symantec’s internal business systems, computing infrastructure, and information security program. CIOs who are interested in participating in CISE’s activities and want more information, can visit the CISE Web site at