Out of curiosity, who has seen or applied a thorough risks analysis and used a risk register for an M&A project DD or integration? Also has anyone worked hand-in-hand with the internal audit team during the DD or integration phase?
I’ve been involved in two corporate transactions where the risk assessment is an integral part of the due diligence. The transaction team maintains and updates the risk register while the M&A transaction develops during the different phases. The high risks should be reported to the management, and the mitigation implementation shall be closely monitored, especially during the integration phase.
Thank you Abdullah for your feedback. In a previous company we (Internal Audit and Risk teams) did also try to work with the corporate M&A team and it was a bit difficult to push forward a risk culture even when highlighting the fact that it was not to stop a project or blame someone afterwards. The idea presented was to work really ahead and from inception with a standardized risk analysis method that will be shared with the PMO team to provide them with a picture as clear as possible to be able to react quickly if an issue arose (and as we know there will always be some). Thus, through iteration over many projects we were also hoping to highlight best practices and to reinforce a learning process (feedback loop of what was + or -) which could be shared across teams and over time.
I use a RAID (Risks, Assumptions, Issues, Dependencies) log for all of my projects, the project manager/PMO team keeps this updated at any time and by the end of negotiations the goal is to have a “clean sheet”, i.e. to have tackled all risks (via indemnities or guarantees), verified all assumptions, solved all issues and aligned all dependencies between different workstreams.