The following is an excerpt from our ebook, “Deliver Secure Collaboration During M&A—and Beyond.” You can download it right here!
Mergers, acquisitions, and divestitures inherently involve many moving parts. After all, no matter the transaction, it is essential that a buyer researches and reviews the “product” before coming to an informed decision. These moving parts, along with the confidentiality of the information being shared, mean that extra precautions must be taken to protect both organizations throughout the entire deal, from due diligence through integration.
These precautions don’t come without their own problems. The pain points of today’s transactions are no different than those of the past. However, the challenges lie in the nuances, and many organizations are still utilizing outdated or general-purpose solutions to treat them.
Let’s review the top three pain points of today’s M&A dealmaking process.
Security is—and has always been—a cornerstone of the M&A process. If the information being shared as part of the transaction (such as your organization’s financial or operational details) were to leak, it could compromise the transaction, as well as both entities’ financial and reputational stability.
Before the internet, sellers would make these documents physically available to view in-person, usually onsite at the seller’s place of business. Because each potential buyer had to be physically present to review the documents, the due diligence process was costly and inefficient.
However, it was secure. Access could be limited to approved guests at approved times and the integrity of the documents could be ensured since it was impossible to download or alter physical documents.
Today, security is still paramount to the process, so many organizations turned to the same content management tools already securing their digital collaboration, like Microsoft SharePoint, Google Drive, Box, or Dropbox.
Read more: SharePoint or Share Elsewhere?
This isn’t a bad idea. Gathering information critical to buyers means coordinating across several internal departments. With multiple business leaders each working to produce their own piece of the puzzle, the process of pulling data together can be daunting. SharePoint and other enterprise content management tools are a natural common ground where teams across your organization are comfortable uploading and confident working on materials relevant to them.
However, it’s important to remember that not all data is the same—your board reports are far more valuable than your draft e-book. While it might feel reassuring to keep your important data close to home, there are risks. When you compile, store, and share confidential information in the same tenant that your users work in every day, it becomes more difficult to lock down your M&A information from the rest of the organization.
While data protection is important to our day-to-day workflows, the stakes are much higher when working on a complex project like a merger, acquisition, or divestiture. It’s important to determine whether the security measures offered by your favorite file sharing or collaboration platform are enough to protect your most sensitive information.
Transactions of yesteryear had their own access issues: logistics. Today, we don’t have to hop on a flight, reserve a hotel room, or spend hours in cabs to get a deal off the ground. However, organizations do need to share their sensitive documentation with a litany of different contributors and reviewers, each with different levels of access.
First, before you can even enter due diligence, several internal parties must collaborate to pull together the necessary documents that interested parties will review. There will be people who are part of this process who don’t need access to the rest of the documents being compiled. For example, your sales lead might need to provide a master customer list but won’t need (and shouldn’t have) access to the payroll information provided by your HR lead. You’ll need to set up permissions for these users so that they only have access to the bare minimum necessary to complete their piece of the puzzle.
Once your organization’s documents have been compiled, the hard part has just begun. Now, you need to grant external users access to these documents. Even if you are working with just one organization on a deal, there could be several different groups of reviewers who each require different levels of access. As the transaction progresses, access needs often require updates, which makes controlling permissions all the more challenging.
Watch the webinar: Key Data & Technology Considersations that Ensure M&A Success
During the initial stages of due diligence, you’ll most likely work with several interested parties. These parties will need access to basic (but still sensitive) data about your organization, like revenue, assets, and liabilities, to determine if they are interested in moving forward.
Of course, some of these potential buyers will decide this isn’t the deal for them. Upon that decision, you must shut down their access so they can no longer view the current or future information in your workspace before moving the remaining potential buyers to the next step of the process.
During due diligence, additional, even more sensitive information must be provided and more reviewers from each buyer will need to be added. You see where this is going, right? As deal talks move along, permission management gets more and more manual, and suddenly, it’s someone’s full-time job to ensure the right people have access to the information they need, and others have their access limited or revoked.
What may seem simple at the start can grow into a complex web of granular permissions levels and deeply nested folder structures that your IT team is tasked with wrangling, even though they don’t have any real insight into the project or the folder contents.
Depending on the industry, you could face additional access issues. For example, regulated industries like banking or law often have stringent firewalls which lock down external access to Office 365. In these cases, external security audits are necessary to even grant access to external users.
Now imagine having to manage this process over multiple projects, or even simultaneously in the case of overlapping transactions. Unfortunately, you can’t just skip this process—it’s critical to mitigating the risk of dangerous oversharing.
More than likely, you’ll soon realize that the time, effort, and manpower involved in managing your homegrown or SharePoint system outweigh the benefits of using a familiar tool.
Ready to discover more pain points of modern M&A and how to address them? Download the full eBook to learn more.