Ten Steps to Minimize Data Risk During an Acquisition

Merger and acquisition activity continues to be a constant in today’s fast-paced, ever-changing world… and those of us who work in the field of IT and data management are likely to be involved in an acquisition, perhaps multiple times during your career.

What will you do when you find out you’re about to acquire or consolidate with another firm or division? Are you aware of the risks you may be inheriting? What data is going to demand the highest availability? What IT regulations will you have to address and how do you know if existing controls already address them?

Below are 10 “data health” checks you can conduct to answer these questions before giving a green light to an M&A or consolidation.

Step One: Assess your data – From a data perspective, the first step needs to be an assessment of the independent data assets of each organization participating in the merger. If you do not know what data exists before the acquisition, gaining this understanding after combining the data, if it can be combined at all, will be extremely difficult. The task at hand will be simpler if both organizations practiced strong data governance. This is rarely the case though.

Step Two: Plug the governance gaps – After completing an honest assessment of where each organization stands in terms of data governance, the next step needs to be plugging the gaps. Work toward creating a definition of data that is not well understood or undocumented. Do not turn this into a long process; define what data you have and where it is stored. Consider using tools like data dictionaries and repositories and consult the subject matter experts (business users, programmers, data architects, etc.) at each organization for this information.

Step Three: Leverage the M&A for governance improvements – Use the acquisition as a springboard for instituting new or stronger data governance policies and procedures. Lack of insight into important business data, such as can occur during an acquisition, can be a strong motivational tool for implementing improved data management practices.

Step Four: Plan for increased workload and capacity. – The basic premise behind mergers is that the combined companies can conduct the same, or more, business more efficiently than two separate companies. Will you need more powerful hardware? Will the new combined business require more uptime, which translates to higher data availability? Existing hardware, transactions, applications, databases, and data maintenance processes may need to be overhauled to meet the new requirements. For mainframe shops, perhaps you can better utilize cheaper specialty engines like zIIP, zAAP, and IFL processors. And look into more efficient software and utilities for performance management, change control, and backup and recovery.

Step Five: Evaluate backup and recovery plans –  A simple question, such as “Is everything backed up?”, can be a crucial starting point. In the clamor of an acquisition evaluating recoverability is often forgotten or ignored. The on-going health of those backups must be checked periodically.

A systematic method of reviewing recovery health, include examination of backups, evaluation of IT hardware and software specification, and matching objectives to reality is helpful. The process of assuring recoverability is exacerbated due to the hectic nature of a merger or acquisition, and recoverability will certainly be impacted if it is ignored.

Step Six: Determine your new exposure to IT regulations – If the acquisition brings new types of business, even if it is related to your existing business, be sure to allot time and resources to examining and ensuring compliance with required IT regulations, such as PCI DSS, HIPAA and Sarbanes Oxley. Tools are available to help reduce the cost and complexity of compliance programs and processes.

Step Seven: Implement a database auditing solution – Because of the hectic nature of mergers and acquisitions, many last minute requests and requirements can because  things can fall through the cracks. A database auditing solution will routinely monitor data activity and keep an audit trail of users and changes in content.

Additionally, database auditing can be used to keep an eye on your privileged users, such as DBAs and system administrators, who have unfettered access to critical data. Some can even track data access patterns to look for anomalous activity and raise alerts when it occurs.

Step Eight: Plan personnel to cover combined systems –  During most acquisitions, dual systems and applications need to be supported. Plan for the proper personnel and support to protect and manage all of the data while redundant systems are required. In other words, don’t pull the switch too soon – on systems or personnel.

Step Nine: Identify and eliminate the redundant – Inventory and eliminate redundant system software and utilities to reduce cost post-acquisition. For example, if the majority of your most functional applications use DB2 as the DBMS, but a few use a different DBMS, choosing a less functional application that uses DB2 instead may allow you to eliminate a costly DBMS license. However, such decisions need to be made in an informed, business manner and not simply with an eye toward reducing system software cost.

Step Ten: Intelligently automate your data management solutions –  The more you can automate maintenance tasks the fewer problems that will occur that can stall the integration of your systems. Using software to automate and conduct on-going health checks on your data and data management activities can improve the overall responsiveness of IT to business needs.

The Bottom Line

Getting a handle on all of the data in your post-acquisition organization requires time and effort. But it need not be fraught with risk. With proper planning, tools, and resources, along with realistic expectations and 10 steps, you can reduce the risk to your valuable business data.

 

Advertisements

About craig@craigsmullins.com

I'm a strategist, researcher, and consultant with nearly three decades of experience in all facets of database systems development.
This entry was posted in auditing, backup & recovery, compliance, data, data availability. Bookmark the permalink.

One Response to Ten Steps to Minimize Data Risk During an Acquisition

  1. Pingback: DB2 Hub | Ten Steps to Minimize Data Risk During an Acquisition

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s