SAP announced this week that it earned the 2012 PR News CSR award for its 2010 Sustainability Report. The interactive report covers SAP's efforts in designing software for energy management and sustainable operations. The 2010 report includes the following statement from SAP in a pop-up message within the online report:

Just as the business community learned of SAP’s announcement of its plans to acquire SuccessFactors, a provider of cloud-based human capital management software, SuccessFactors released news of its own plan to acquire Jobs2Web, a company that specializes in providing an applicant-tracking tool to connect hiring managers with job candidates. In addition to mirroring life along Australia’s Great Barrier Reef where small plankton-eating fish are a food source for larger fish, which in turn are devoured by sharks, these acquisitions pose a sea of questions that SAP’s and SuccessFactors’ compliance teams and financial analysts need to answer. For example, what processes do the compliance teams at SAP and SuccessFactors need to complete? What risks related to the acquisitions need to be addressed?  

In their GRC Expert article titled “Due Diligence in M&A Transaction: How SAP Helps Mitigate Risks,” Vivek Sadhale and Vikas Agarwal state that “A merger and acquisition (M&A) process is intense and complex spanning various stages: exploratory, due diligence, agreement finalization, and closing.” The most important of these stages is due diligence.

Regarding due diligence, the authors cite the following points to consider:

• Focus. When entering into due diligence, you must be clear about the objective. The objective must be clearly communicated and articulated to the due diligence team.

• Materiality. Determining the appropriate level of the materiality threshold to be applied in conducting the due diligence ensures that the process is focused on the objectives and the identification of critical issues. You must determine what is reasonably likely to affect the value of what is being sold or acquired. Common sense, not just predetermined figures, should prevail.

• Confidentiality. Before the acquirer gains access to any material information, the target company usually requires some sort of confidentiality agreement from the people involved in the due diligence, especially those who have access to confidential information. This nondisclosure confidentiality agreement should permit full discussion and advice of confidential information between an acquirer and the entire due diligence team, including outside consultants.

• Logistics. It is common in a large due diligence process for an acquirer to have its own employees, together with advisors and other specialists, conducting a review. It is important that systems are in place to ensure that the entire process is coordinated and remains focused on the acquirer’s objectives. Nowadays, a virtual data room is commonly used for due diligence. A virtual data room is an online repository or library used for the storing and distribution of documents to facilitate the due diligence process during M&A transactions. A virtual data room saves time and money in the entire due diligence process.

With regard to risk the authors provide the following advice:

Any business transaction has its share of inherent risk. Due diligence from an acquirer’s perspective is about understanding, managing, and mitigating such risks. Any M&A transaction involves some of the following risks:

• External: Political risk associated with the countries in which the acquisition is targeted
• Legal: Is the company following the applicable rules and regulations? Is it legally compliant? Are there any existing liabilities that may cause future disruption to the operations or financial performance of the target company?
• Financial: Are the historic financial accounts of the target company accurate? Do these accounts contain any material misstatements? Do the accounts reflect a true and fair view? Does the target company have a good title to its assets? Are the assets worth what the target company says they are?
• Relational: Do the stakeholders — key staff, suppliers, and customers — plan to continue their relationships with the company?

The target company typically has knowledge and information about these risks and legal issues, whereas an acquirer does not. Therefore, an acquirer needs to investigate thoroughly to make up for this imbalance in knowledge between the target company and the acquirer. Once those risks and legal issues are identified via due diligence, the burden of where the risks fall (i.e., on the acquirer or the target company) can be negotiated, and the acquirer can decide whether to proceed with the M&A transaction.

As SAP moves through the various stages before finalizing its acquisition of SuccessFactors, it will be armed with several of its own tools (e.g., SAP BusinessObjects Watchlist Security; SAP BusinessObjects Governance, Risk, and Compliance solutions; and SAP BusinessObjects Risk Management) to help automate due diligence processes. In their article Sadhale and Agarwal describe the benefits of using these tools and others during a merger or acquisition transaction.