I would like to request a quote for
Risk & Innovation
With digital so central to how businesses operate and drive revenue, buyers need to be able to evaluate the digital assets and capabilities of the companies they have in their sights for acquisition. “We look closely at how a company runs its IT and other processes,” says Simon Dingemans, a Managing Director in Carlyle’s European buyout advisory group. “We ask, for example, how much is manual and how much is automated. How can we improve on that? Can we help increase the efficiency?”
Similarly, those looking to exit a business must be able to present as full a picture as possible of their digital assets and capabilities to maximise their returns from the deal. That involves assessing the quality of the company’s data and its source code, the scalability and resiliency of its technology platforms, and the value of its IP.
“The primacy of digital is changing how due diligence is conducted and deals are executed,” says Ian McCaw, Head of Digital M&A at Aon.
Assessing digital performance
Buyers and sellers should be able to quantify a target’s digital performance and assets to ensure their scalability (to support growth) and resiliency. That calls for a forensic examination of the company’s technology stack to gauge the flexibility and resilience of its platforms.
Digital performance assessment should, at a minimum, take in a company’s digital KPIs, such as the number of active users, platform performance and scalability to achieve business forecasts across existing and future digital channels. The existence of fraudulent traffic should be monitored, and the quality of the company’s source code should be evaluated for both IP infringement and maintainability. Investors should pay particular attention to whether key source code contributors still exist in the target business with the know-how to adapt core digital platforms for scale and future integrations.
“We buy businesses to help them grow, and that requires the ability to ramp them up organically,” says Dingemans. “So, their systems must be capable, first, of handling more activity and, second, of absorbing or integrating possible acquisitions. Scalability is a vital question for us.”
Scalability can be assessed by scrutinising, for example, the company’s existing servers, its cloud footprint, and its use of open-source technologies. According to Andreas Thors, Senior Lead Operator at Partners Group, a company’s use of open source could be a good indicator of the scalability of its platform. It is important, at the same time, to ensure that reliance on open source, with the ongoing involvement of communities of developers, does not limit the company’s ability to innovate.
Valuing the IP
Detailed assessments of digital performance are often part of the process of valuing a company’s intellectual property (IP). Like plant and property, a company’s IP (including its data, source code, algorithms and other assets) can be assigned a monetary value. “Sellers preparing a business for exit have every reason to surface the hidden intangible value of those IP assets and get that information into the deal room documentation and buyer financial model,” says McCaw. “IP valuation can increase the value the seller secures from the deal or indeed upside for the buyer.”
IP valuations can also be used to secure loans or other financial benefits, and is possible if the IP collateral is insured. Termed IP financing, this is increasingly being seen as a viable option for companies to raise capital without diluting their equity stakes. Although not an entirely new form of financing, its use has grown in recent years, particularly in the US2. Insuring the collateral helps to give lenders confidence that the IP has been given a reasonable valuation. The first step to securing IP financing, says McCaw, is to undertake thorough diligence of a company’s IP to determine what can be used as collateral.
Understanding digital risk
Uncovering and addressing cyber vulnerabilities is the other critical component of digital assessment. Cyber risks must be identified and managed ahead of transactions, as insuring against such risks is becoming increasingly challenging.
The cyber-risk radar may be constantly moving, but buyers’ means of assessing a target’s vulnerabilities are also expanding. “Non-intrusive, outside-in cyber-risk assessments are more common now and are conducted early in the M&A process,” says Andreas Thors. “You can access data, for example, to find out if connection ports are open or vulnerable. With a dark-web scan, you can understand if sensitive company information – documents, email addresses, passwords – has been leaked (and potentially whether it is available for sale).
Uncovering technology weaknesses or vulnerabilities during due diligence could lead a potential buyer to walk away. More often, however, the parties would factor such issues into the purchase agreement and work to fix the problems.
“If a company has suffered a large data breach or has lots of liabilities under the privacy laws, that might put a buyer off,” says Dingemans. “But our response is more likely to be around what we can do about it, what investments we’ll need to make and how quickly we’ll need to put them in place.”
Nevertheless, confronting a target company’s management about discovery of a vulnerability can be instructive, says Thors. “It can be a good test to see how they react. Do they become defensive, or do they acknowledge the issues and take action to address them?”