This is one of seven private equity value creation strategies we have compiled into our new guidebook. Download the entire guidebook here.
During the busy due diligence phase of a private equity transaction, the majority of activity tends to concentrate on the financials, with less emphasis on evaluating the information technology (IT) environment. However, for many organizations, IT has transitioned from a simple support role to a competitive advantage, which makes evaluating the acquired company’s IT environment an important piece of the diligence process for private equity firms.
Assessing the IT systems
The primary questions when assessing a target’s IT system are:
- Value Creation – How can IT deliver more value to the organization?
- Threat – Are there any operational and financial risks that might threaten effective delivery of IT services?
Answering the first question requires a thorough review of the existing environment by a team of experts. By using industry benchmarks and best practices, the team can quickly identify operational and financial risks that may exist in the target’s IT environment. The answer to the second question will depend on the overall business strategy for the new company. For example: If you plan to integrate the acquired company with all or part of your existing platform, the approach to IT will be quite different from a situation in which you intend to manage it as a standalone business. In the first instance, you’ll probably want to look at solutions like shared services centers, while in the case of a standalone business, making upgrades to the existing IT or even a diverse platform may be more appropriate. The extent of this investment will also depend on the time horizon for an exit. It all comes back to the importance of aligning the IT strategy with the overall business strategy to create value.
Establishing the IT strategy
IT is an enormous line item for many companies, and there’s often a significant opportunity to achieve operational efficiencies. Once the IT strategy has been established, you can begin to make tactical decisions about necessary improvements. Look for ways to eliminate redundancies in IT functions and replace manual processes, such as data entry, with automated ones. You may also find it beneficial to use external resources for noncore IT functions. Replacing home-grown solutions with cloud-hosted, third-party software is another option — but, there‘s no one-size-fits-all solution, and the appropriate platform often depends on the industry.
At times, the best way to achieve efficiencies is by leveraging any existing IT resources — including people, systems, tools, and technologies — from other portfolio companies. Instead of thinking of each acquisition in a vacuum, re-evaluate your overall portfolio and identify opportunities to redeploy assets in a way that increases value across the entire group. For example, you may be able to achieve economies by standardizing certain processes or resources such as role descriptions or policy manuals. You can also identify shared resources for certain functions — particularly those that are not well developed in many acquired companies, such as a project management office. Another way private equity firms can gain leverage is by pooling purchasing across their portfolio of companies. The combined buying power of multiple entities can improve your price-negotiation position and help you win volume discounts for hardware, software, and even third-party resources.
Key IT considerations to ensure value creation
- What IT functions are candidates for shared services across other portfolio companies?
- What manual processes can be made more efficient through appropriate use of technology?
- Can cloud-based software-as-a-service be used to manage any portions of IT currently hosted in-house?
- Should any IT functions be outsourced to a third party?
- Does the organization have the right metrics in place to measure IT performance?
Keeping cybersecurity on the radarWith increases in cybersecurity threats, private equity firms should also take into consideration a high-level review of cybersecurity, regulatory, and compliance needs. Following the deal close, especially in industries that have stringent regulatory and compliance oversight, it’s critical to dive deeper into the acquired company’s cybersecurity:
- Dispense with unnecessary personal data: Inventory all personally identifiable information such as credit card numbers or social security numbers and protected health information of customers, and expunge all unnecessary data.
- Protect high-priority intellectual property and other data: Determine what information is most valuable or requires greater protection. Identify security risks in the new company’s systems, and establish whether the company has ever suffered a breach.
- Make sure you’re covered: Review the seller’s cybersecurity insurance. Policies may need to be updated or modified — for example, the terms of the policy might change with the change in ownership.
- Stay ahead of the curve: Monitor the threat landscape and evaluate any weaknesses or gaps in the company’s cybersecurity posture on an ongoing basis. Tap into professionals who stay abreast of the latest software and best practices — they can advise you on the optimal cybersecurity technology for your acquisition.