Staying in compliance during an M&A transaction

If you’re heading into a merger and acquisition (M&A) transaction, you already know that it can be a complex process to navigate. Legal, financial, and cultural issues often take center stage as deals are negotiated, but compliance is equally as important.

As you work through the stages of an M&A transaction, it’s critical to pay attention to both the people side and the process side.

Careless talk: helping teams understand the power of rumors

Rumors of a potential M&A transaction can spread quickly throughout both companies involved in the deal. If not checked, these rumors can have a significant impact on shareholder value. They can also have legal ramifications that could affect the deal itself.

Reduce your exposure by controlling access to confidential information. Use a solution that keeps important documents locked and creates an audit trail of who has viewed them.

Most importantly, don’t wait until you hear rumors to address the issue. Communicate clearly and often with executives and key stakeholders about what can be shared and what's off limits. Explain the implications of rumors on the eventual future of the combined organization.

Process management: staying on top of the changes

Merging internal controls and Sarbanes-Oxley (SOX) documentation is a key part of any M&A transaction. Initial reviews will determine whether the acquired company has a solid system of internal controls in place and whether its SOX environment is up to par.

Internal control over financial reporting falls under Section 404 of Sarbanes-Oxley, which means it should be top of mind as you proceed.

If the acquired company does not have sufficient controls and documentation in place, there will be a lot of design work required before you can move forward.

Depending on the type of company you have acquired or merged with, there might be significant work to consolidate controls. You'll need to determine whether to change the controls, comply with those of your company, or test the design and effectiveness of the controls as is.

A closer look at the problem areas

Trying to integrate internal controls and processes across departments, let alone companies, can be a daunting effort. Process bottlenecks arise from:

• Tracking controls in narratives, flowcharts, and matrices stored across multiple locations and applications
• Managing changes with a decentralized process of copying, pasting, and emailing information between teams
• Gathering more certifications and document sign-offs via email, voicemail, and sticky notes

While mergers and acquisitions are not specifically mentioned, Section 302 and Section 404 of Sarbanes-Oxley still apply. Section 302 and 906 of Sarbanes-Oxley legislation require senior management to certify the accuracy of the financial statement and holds senior management both criminally and civilly liable. Section 404 requires management and auditors to establish internal controls and reporting methods.

Give yourself time

Reaching compliance of internal controls and SOX Section 404 one year following an acquisition requires a lot of work. Start early, and give yourself adequate time to examine all internal controls, documents, and processes. With an impending deadline to update to the new COSO Framework by the end of your calendar year, you need to be on top of your game.

Make sure the right solution is in place

You need more than the right people to make a smooth SOX integration during a merger or acquisition—you also need the right documentation and certification solution. With a strong recommendation to migrate to the updated 2013 COSO Framework, choosing the right tools can give you increased visibility, improved collaboration, and process efficiency.

Keep your focus on the other side

Staying in compliance during an M&A transaction can be difficult, but it’s also very feasible. With the right resources, thoughtful planning, and open communication, you can keep rumors to a minimum and make it through to an integrated set of processes. It’s all about taking control and creating a reliable structure that will see you through.