Data Leaders Should Own Early Warning and Preparation Regarding Vendor M&A

As business intelligence (BI) and data-driven decision making grows increasingly critical for businesses, more and different types of external events can impact data leaders and their initiatives. Although economic, geopolitical, and industry developments often are top of mind , a common source of disruption is vendor-related merger and acquisition (M&A) activity. When another firm acquires or merges with the provider of a key technology to an organization’s BI strategy, product longevity, support, and contractual risks emerge. These threats can include increased costs, forced product migrations, degraded or ceased support, and delays in promised functionality. Some of these risks can be highly disruptive—for example, a technical issue preventing use of mission-critical BI capabilities—with no recourse due to an unsupported product—can cause extensive damage to an organization. In the absense of formal risk management processes—few organizations have these for the software on which they rely—data leaders must step forward and take the initiative to implement controls to proactively monitor and mitigate these risks to their BI software, and by extension, the organization’s data and analytics strategy.

At the same time, given the level of investment in BI and analytics, and the introduction of new and innovative AI capabilities in related markets (such as AI-enabled analytics, guided learning, and generative AI), the amount of M&A activity likely will increase. Despite these trends, our data show most organizations are unprepared. Only a minority of data leaders and their organizations express concern about this activity and the possible impacts that M&A activity may have on existing deployments and future plans. Compounding the issue, the level of concern about the impact of M&A events has not substantially increased over time and is drifting further out of alignment with the increase in M&A events.

The lack of concern about impact from potential M&A events results in most organizations having few if any proactive plans and controls to mitigate the risk to their chosen vendors and products. Organizations that have controls in place tend to be passive or loose in their approach. They only watch for signs of potentially impactful market events but lack structured action plans to reduce or remove risk if such events occur. Their approach is reactive and one-off; in many cases, this leads to a greater level of risk and negative impact.

Data leaders and their teams need to take stock of the potential impact of M&A events that could involve the key vendors and products fueling the organization’s BI strategy. Raising their own awareness of potential impact—as well as that of the various business functions and business leaders with a stake in the BI strategy—creates the basis for designing and implementing proactive and effective controls and action plans to keep the organization’s BI strategy on track and delivering value in the face of market volatility. Data leaders need to answer these key questions:

  • Where in the organization would an M&A event in BI-related markets have significant impact?
  • Are any mitigation controls and steps in place to minimize the risk of potential M&A events?

Having identified potential risks and key areas of the business that could be impacted, data leaders can apply the Dresner Advisory Services Hyper-Decisive® Maturity Model® (HDMM) concepts to orient their risk-mitigation actions. This includes raising awareness with the relevant business leaders and their teams and applying best-practice vendor management techniques. In addition, they should review existing controls and contingency plans, and design and implement such controls and plans where they do not exist. A key activity that will assist in raising awareness is historical context—specifically, what market M&A events affected the organization in the past, what challenges these events created, and which leaders and teams were impacted.

Based on this perspective, data leaders and their teams can analyze the level of forward-looking risk in light of the level of concern in potential areas of impact. Identifying where the level of concern by business leaders and their teams is low but potential negative impact from an M&A events is high gives data leaders a clear idea of where to focus initially. Since our data show that executive management tends to care about M&A events at one of the lowest levels, relative to other functions, data leaders also should focus on raising general awareness among this key group.

After identifying the key areas of the business requiring attention from awareness and controls / mitigation perspectives, data leaders and their teams can develop plans for what controls and mitigation steps to implement, and in what order to do so. For each area of initial focus, analysis of the specific potential type of impact and degree of risk will drive the design of the most relevant controls and mitigation steps to help the organization reduce risk of M&A events. Data leaders can then compare the desired controls and steps with what is in place (or not) in those business areas.

A key consideration in designing M&A risk-mitigation controls is the size of the potential M&A impact. In some scenarios of limited or non-critical vendor / product use, extensive mitigation controls and steps would be overkill, and would adversely impact the organization (for example, increasing costs and reducing productivity). Data leaders should assess the magnitude of impact in multiple dimensions, including capital expenditures and ongoing operating costs—of technology / product, of people / skills, and of direct impact on the business value derived.

Timing represents a final consideration for implementation of M&A risk-mitigation controls. Data leaders and their teams should sequence implementation of controls by starting with high-priority areas of the business—where the risk of negative impact is high and likelihood of near-term M&A events is also high. Priorities will change over time as vendor business conditions evolve. The more passive approaches of closely monitoring vendor status and market activity will be critical in helping data leaders and their teams adjust and reprioritize implementation of controls over time.

Having done the analysis to identify potential risk areas, levels of awareness of key personnel, magnitude of negative impact, and degree of urgency, data leaders and their teams can then act in a well-informed manner to reduce the organization’s potential risk from industry M&A events. Starting with raising awareness of M&A risk with executive management, key business leaders, and their teams will identify specific data sets or applications in which enough substantial risk exists to justify and secure funding and resources to implement controls and mitigations steps. Data leaders should collaborate with the organization’s chief risk officer (if that role exists; if not, whichever executive owns organizational responsibility for risk management and compliance processes) to leverage the capabilities of that role in making the case and designing the right controls.

You do not have permission to access this document. Make sure you are logged in and/or please contact Danielle with further questions.

Rate this Research


Rated 0 out of 5
Very good0%