While the deals market is still far less active than it was before the financial crisis, organisations are always on the lookout for suitable targets to acquire or merge with to increase their market share. But mergers and acquisitions (M&As) have been notoriously difficult to get right once the money has changed hands. Studies and anecdotal evidence suggest that most M&A transactions fail to deliver their stated goals or achieve value.
Such deals would therefore seem to be ripe for internal audit’s input, but an international survey conducted in 2002 for IIA Global found a low level of involvement from internal auditors at the various stages of M&As – despite their willingness to help from the start of the process. The research found that internal audit’s contribution was limited to the due-diligence phase and the post-acquisition audit.
Ten years later, it appears that little has changed: internal audit would like to be more involved in the M&A process from start to finish, but rarely is. Why is this the case? A typical barrier is that internal audit lacks hands-on M&A experience and so it’s involved only at certain times and in specific roles.
“Internal audit has a strong case to argue for its involvement from the very outset of an M&A,” says David Coombs, an internal audit and risk management consultant. “But management is unlikely to include internal audit unless it has a proven record of adding value through the audit process or of being actively engaged in M&A work. In reality, how many organisations are there where internal audit can put its hand up and say it has that kind of reputation?”
Some internal auditors have successfully forged that reputation. Rainer Lenz CMIIA is vice-president of internal audit at pharmaceuticals company Actavis – an organisation, he says, that has grown by acquisition since it was founded. “M&A is a core business process as far as we are concerned,” he says.
Lenz says that he gets involved in providing risk assessments when Actavis identifies companies to acquire, adding that he has a strong background in M&As because he used to work in finance. He agrees with Coombs that, while internal audit definitely has valuable expertise to contribute to the M&A process, the function will not be asked to participate unless it has a proven record of earlier involvement.
“Management wants advice from people who have been involved at all stages of the M&A process,” Lenz says. “More often than not, internal audit does not have that experience, so it lacks credibility. The only way that internal auditors can really convince management that they should be part of the project from an early stage is to show that they understand what’s involved and what the inherent risks are – and that they realise that most mergers fail.”
Other heads of internal audit say that their teams can take positive steps to increase their involvement in their organisations’ M&A strategies, while also demonstrating the value they can add throughout the process. David Finch CMIIA, director of group business risk and assurance at building supplies retailer Travis Perkins and a member of the IIA’s Heads of Internal Audit Service, explains that internal audit has a valuable role to play at several points along the M&A path.
“Before any M&A activity starts, internal audit can review the process that an acquisitive company might go through when undertaking a theoretical takeover,” he says. “This would include a consideration of funding potential – for example, does the organisation have the means to execute a M&A should the opportunity arise? It’s useless wanting to buy a business but not having the cash deposit available or the support of shareholders for the issuing of shares before you even start,” he says.
Finch also thinks that a review of the valuation modelling techniques used by the business to set its acquisition price is another important area for internal audit involvement. “Asset values, earnings multiples, discounted future cash flows and so on will all provide a different answer about the business’s value,” he warns. “This might affect whether the company decides to go ahead with the acquisition, because it may deem the target organisation too expensive or decide that the business does not hold the commercial value first thought.”
Finch says internal audit may also have a role in the validation of assets and liabilities. “Stock may physically exist, but does it hold a value? For example, surplus promotional stocks relating to a campaign run six months ago, obsolete packaging, time-expired stock and so on all hold a material value, but not quite the degree of value first thought,” he says.
Seal the deal
There are also competition issues that internal audit could investigate or highlight to management, Finch says, particularly if a merger of two dominant players in a market could adversely affect consumer choice. “Where an organisation is a leading part of its sector, the Office of Fair Trading will no doubt get involved. An appreciation of whether the regulator will refer the acquisition to the Competition Commission or require a compulsory divestment can influence the M&A strategy. This should be considered by the organisation before making a bid,” he says.
Neale Andrews, head of the corporate and commercial practice at law firm Mundays, which undertakes M&A work, also believes that internal audit can add real value by getting involved in the process before the acquisition. For example, internal auditors can help to identify how long the process might last. “Effective timetabling is an invaluable asset and can be a deal-breaker if management wants to capitalise on the merger quickly,” he says.
There are other areas where internal audit’s skills can be used to great effect. Andrews says that internal audit can identify potential hidden costs, such as legal liabilities, and help to arrange indemnities to ring-fence the acquirer from having to pay for them or to reduce the purchase price of the target.
The profession can also show its value during the implementation. “At particular stages in the acquisition, management should be stepping back and taking stock of what it planned to achieve by certain dates and whether those plans have crystallised,” Finch says. “Days one, 30, 60, 90 180 and 365 are the normal points. As with any project, there’s a danger that the benefits will be overstated and the costs understated. So internal audit can work with the M&A project manager to give some validity to statements that are made. Detailed planning for these milestone dates will give credibility to the M&A, so assessing the extent by which each activity has progressed can add real value,” he says.
Internal audit is also well placed to assess the M&A’s success when it’s completed. “Once the dust has settled, internal audit can clearly conduct a post-investment review,” Finch says. “This might be in the remit of internal audit, or line management could do it, with internal audit reviewing the effectiveness of the M&A itself. The purpose should be to see what could be done better in the future, rather than identifying victims of the activity.”
Yet, despite the skills that internal audit has to offer, some believe the status quo will remain: the catch being that, without experience, internal audit lacks credibility and so cannot gain the experience it needs in order to prove itself. David Coombs believes that whether internal audit actually gets more deeply involved in the M&A process or not depends on management’s viewpoint and the structure of the organisation.
“Management may call on internal audit for assurance and advice on specific aspects when it feels that the function can add value, but not necessarily call on it to have an ongoing role throughout,” Coombs says.
“If you already have skills in-house that can help to ensure success, these should be used,” he adds. “But internal audit is also a function that’s accustomed to challenging the thinking behind business strategy and standing up to management – and it’s certainly useful to have an independent voice that can take a more detached view of how the deal is going, the risks involved and the controls needed – and of what should happen after implementation.”