Can ERM Play a Role in M&As?
Many believe that ERM should be about making better decisions and improving performance. While ERM is commonly applied around objectives and the related risk, few have applied it to the M&A process. Given that the biggest decision some companies make is the M&A or divestiture decision, it makes sense that ERM should be applied there and could probably add value.
Two Versions of M&A As a Strategic Risk
Many also believe that M&A is a response to strategic risk. There are generally two versions. A cynical version is that after the organization has messed up everything else, they have nothing left to do but buy another company. One can only hope this does not happen too frequently.
Another version is what I call the "hawk and hedgehog" view. The hedgehog concept of knowing one thing really well was first written about by Greek poets, later by Vogue, and made common in everyday business language after the best selling book Good to Great by Jim Collins. Not many would question that you've got to be good at something and focus to be successful—be a hedgehog. But in today's disruptive, rapidly-changing world, you've got to be a hawk too. COSO's ERM Exposure Draft emphasized this by listing ERM principles about monitoring substantial change, considering the business context, and evaluating alternative strategies. Hawks have amazing eyesight, can fly at incredible speeds, and can also dive to take over prey at incredible speeds. Today, companies need to be able to see better and farther and move more quickly to be successful. Keeping your head down and focusing is good, but not enough.
When a company is a hawk, its leadership surveys (flies high and sees far) the landscape, future business models, future "blue ocean" dimensions, and uses that knowledge to compare the competitive position they should take with the position they are currently taking. They see the gaps and assess if internal capabilities exist to narrow the gaps. When that is not possible, leadership looks for a company that can help them narrow the gap (or perhaps narrow the gap more quickly than internal capabilities). In short, once they see it they rapidly swoop in and take their position.
If the ERM team is not involved in the strategic view of M&A noted above, there are still ways to get involved.
Adopt a Before-and-After Enterprise-Wide View
If ERM really is integrated, enterprise-wide, portfolio focused, and holistic, then companies and their ERM leaders should analyze how the current risk portfolio changes after the transactions. There is a natural way to do this if some of the major risks are financial. One executive pointed out after a major transaction that they just lost their natural hedge and hence; the transaction was mis-priced because no one factored that hedge into the deal. Similarly, another ERM leader identified the top drivers of one of their larger but ambiguous risks. Using the merger and acquisition plans (as stated in the CEO's strategy documents) they plotted out how many more acquisitions were likely to happen in the next two years. Each acquisition (and there were several for this company) raised some of the drivers of this particular risk, thereby raising the risk. In this case the risk went from somewhere around a Top 20 to a Top 5 and gathered a lot more Board and C-Suite attention as a result.
Double Check the Velocity of Any New Risks
Assuming you've identified the risks, look seriously at the velocity of any risks in M&As. These are risks that your company may not have managed before. In one case, an executive shared with me where an M&A risk grew rapidly and ending up hitting the financial statements that same year. Apparently, it looks like his audit firm decided he should get a material weakness for, among other things, not following COSO ICIF Principle 9 about changes in the environment. Management's remediation statements is as follows (emphasis added): “Management plans to revise existing risk assessment practices to facilitate timely, recurring evaluations of internal controls over financial reporting for known and/or expected changes in our business environment during each calendar year."
Review the M&A Process from a Risk Perspective
A third company used their ERM lead to review how the M&A process works. One of the bigger findings was that the metrics used were biased towards pulling the trigger on the deal versus whether the deal was a real success. A second major finding was that all risks weren't identified and sent to the board before the transaction was undertaken.