Five Areas To Focus On During M&A Due Diligence — Besides Financials

We typically think of financial information when we hear the term “M&A due diligence” — “show me the money” seems to be the name of the game. There are purchase price considerations, historical reports, and much more. While it’s true that M&A due diligence is primarily about financials, M&A is more than dollar signs and accounting records. You should also ask other due diligence questions about intellectual property, cybersecurity, human resources (HR), and commercial considerations. You want to understand how well a new organization will fit in with the current one.

Here are the top five things to look for to supplement your M&A due diligence questions and requests besides financials.

Intellectual Property

First, you should look at the target organization’s intellectual property (IP) quality. 
IP due diligence will give you a better idea of whether the company’s IP can help you expand or enter new markets. It also lets you evaluate possible IP risks and address them before closing.
Follow these steps to learn more about your target company’s IP:

1. Make a list of all of the company’s intellectual properties. What patents, trademarks, trade secrets, and other copyrighted materials and products does it own or use? Does it have any foreign copyrighted materials and products?
2. Determine how the company protects its IP and whether consultants and employees have preserved any rights. Ask to see invention assignments and confidentiality agreements.
3. What software licenses does the company use? Does it have the correct licenses?
4. Does the company have any liens or encumbrances on its IP?
5. Has the company ever been sued for IP infringement? Has it sued third parties for infringing on its IP rights? What would be the impact of all current litigation or threatened litigation on the M&A deal?

Cybersecurity Posture

Every enterprise is dependent on network systems and digital data. As legal experts Lisa R. Lifshitz and Roland Hung report, “The ability of a business to effectively store and protect its data is often integral to its value.”
As such, it’s essential to identify and address cyber risks before threat actors exploit them. This will protect the joint company and its stakeholders in a security breach.
M&A cybersecurity due diligence can also help you manage third-party relationships by letting you effectively monitor their cybersecurity postures. 

Cybersecurity due diligence questions

Ask these due diligence questions to assess the target company’s cybersecurity measures:

• Are cybersecurity experts and cyber risk experts key members of the M&A team?
• Have cybercriminals targeted the company before? How severe were these attacks, and who was affected?
• If the target company has been targeted by threat actors before, does it clearly understand the severity of harm to IP assets, commercial data, and personal data?
• What are the compliance and regulatory requirements of the target company?
• What are the company’s cybersecurity tools, policies, and systems?
• Does the company have an in-house cybersecurity team? If so, does their internal team need third-party partners with specialized cybersecurity skills?
• What are the cybersecurity risks of acquisition? For example, will file and email sharing expose both companies to more risks? What can cybersecurity teams do to prevent and mitigate such risks?

Human Resources

Besides IP and cybersecurity posture, you must also do HR due diligence. According to the Deloitte M&A Institute, “By understanding and assessing the value of specific deal drivers, HR can help to identify and prioritize people-related strategies, risks, and opportunities, and express potential options to the leadership team in relation to deal terms and objectives.”

If a company doesn’t have good HR practices, the M&A deal will probably be unsuccessful. Specifically, you need to analyze the target company’s human capital, HR policies, and procedures. HR due diligence can also help you prevent and mitigate common M&A pitfalls, such as:

• Decrease in productivity
• Loss of talent during and before the deal
• Misalignment of processes, culture, and communication
• Conflict due to different priorities and decision-making styles

Here’s what you need to do for M&A HR due diligence questions:

1. Look at the current staff. Evaluate how the target company pays, educates, and manages its team by:
   1. Acquiring a list of all employees and their responsibilities, salaries, and amount of time spent working for the company. Are there any people who may have to be laid off after the merger? 
   2. Analyzing the finished and ongoing education and training provided by the target company
   3. Auditing the company’s human resource information system (HRIS) system
   4. Breaking down operational expenses for the HR department
2. Review the target company’s HR policies.Look at the company’s HR policies, employee handbooks, and code of ethics. How do they fit with your HR policies? How can you streamline the merger process?
3. Review HR compliance and legal issues. Analyze the target company’s employment contracts, contractor contracts, noncompete contracts, and nondisclosure agreements. Compare them to your own — what are the main differences and similarities? What is the cultural fit?
4. Review HR benefits. Finally, look at the target company’s documentation for monetary and non-monetary compensation, severance packages and plans, commissions, employee health insurance plans, and other benefits. 

Commercial Considerations

Commercial due diligence can help you learn more about a target company’s potential and viability. It can shed light on the company’s market demand, competitive dynamics, and commercial position.

Commercial due diligence questions

Ask the following due diligence questions to evaluate whether the target company fits your needs:

• What is the rationale for this deal? Why do you want to purchase this company in particular? What will you gain by buying this company?
• What customers, markets, and sales channels will be accessed or created by the M&A?
• Does the target provide services, products, and tech you don’t have?
• Will this transaction enhance your market position or brand?
• What is the relationship between the target and its customers?
• Are there any unusual levels of exchanges, returns, and refunds?

Regulatory Issues

Finally, you must thoroughly assess the target company’s regulatory compliance status and that of its agents, suppliers, and partners. 

Conduct regulatory due diligence with care — regulatory business risks can severely damage performance and reputation, especially in high-risk industries like pharmaceuticals and health care.

Remember to review the target company’s:

• Compliance programs and policies for fraud prevention
• Compliance training for employees, contractors, and temporary workers
• Agreements and contracts with partners and suppliers
• Compliance officers and teams
• Standards of conduct
• Pending and previous regulatory audits and investigations
• Audit processes
• Product compliance directives and regulations
• Employee compliance standards

Avoid Costly Errors in Your M&A Due Diligence

M&A due diligence isn’t just about financials. To avoid costly errors and maximize value, you must ensure you know what you’re buying and what obligations you assume. Focus on:

1. Intellectual property
2. Cybersecurity posture
3. HR
4. Commercial considerations
5. Regulatory issues

Reach out to Devensoft today to learn more about best practices in due diligence and how you can use our platform to maximize value.