It’s funny how these things happen. Back in about 1996 I started to play with the idea of risk based due diligence. This sprung from the oft-quoted statistic (as I recall it now) that some disproportionate number of acquisitions failed, way over 50% and by some accounts up to 75% – either because they were just simply value destroying, or because they did not achieve their stated objectives. In essence this meant (to me anyway) that maybe we were looking at the wrong things in due diligence, even though this had been one of my major lines for a number of years.
So what to do? Quite simple really: I argued that what should really matter to acquirers, corporate or private equity (not that we necessarily used that term then) was firstly the risk profile of the company being acquired, and of course how those risks were being managed, and secondly what I might describe as the project risks in the course of the acquisition. While we managed to produce an interesting booklet and some collateral, there was a distinct lack of interest. After all we were making (and I assume the large accounting firms are still making) enormous sums of money at higher than normal rates for producing the traditional due diligence report. You know the sort of thing: a couple of hundred pages including a section on why debtor days had moved by five minutes over the last five years. So that was an idea that was left to fester in the corner although I occasionally used to dust the covers off and wave it around, but I could not even persuade some of the more enlightened partners or private equity houses to have a look.
So blow me down when, as I was researching the Standard and Poor’s material on ERM recently (of which more in a later e-mail – I can’t use it all up in one...) I came across a section entitled “Using Enterprise Risk Management To Evaluate Mergers & Acquisitions Of Financial Services Firms”. Let me quote from their report:
"Two major issues relating to ERM are part of the process to resolve the placement on CreditWatch. The first, and most important, is the project risk management of the integration and implementation project. Second is the impact of the M&A on the risk profile of the acquiring firm, which includes assessing the ability of the firm's risk management system to control risk in the newly created firm. If the resolution of these issues is positive, the M&A is expected to create a fully controlled new entity. If one or both of these issues do not have a favorable resolution, a significant possibility exists that there could be either a poor return from the transaction or an increased possibility of an unexpected loss and a negative rating."
It looked familiar! This was what I had been saying over ten years ago, which all goes to show that a risk prophet is never recognised in his or her own time. But at least I can say “I told you so”, dust the covers down, update the material and say: “now risk based due diligence – that’s a good idea!”
Needless to say, I would be delighted to discuss this further, because I really DO believe that due diligence is more than overdue for a radical overhaul.
Your thoughts welcome!