Integrating the IT estate of an acquired company with that of the parent is a 'delicate act' for CIOs, says an industry expert.
Tony Qui, lead partner for IT in Ernst & Young's Operational Transaction Services team, told CIO UK the challenge was ubiquitous in a digitally aware climate. "As the mergers and acquisitions (M&A) market stages a recovery after the 2007-09 recession, CIOs of corporates will have to go through a steep learning curve," he said.
Qui said that the biggest question they will face following an acquisition by their company is - 'do I standardise and merge the acquired company's IT estate, or keep it independent?'
"There is no fixed answer; it all depends on the size and nature of the parent company, as well as its ambition for the acquired entity. Costs, which often dictate what eventually transpires, are also contingent upon whether CIOs only want to merge the back office function or front office roles as well. Initially, most CIOs go for a merger of back office processes, which is the logical way forward."
The EY partner added that as the industry has matured, it is commonplace to see CIOs put transitional service agreements (TSA) in place with a span of 6-12 months.
"This is especially true for companies, who for instance want to divest and then become outsourcers, and win support contracts that span multiple years.
"It's a delicate act. I often find myself agreeing with client CIOs that if you don't come off the TSA within a reasonable timeframe, it actually inhibits the ability to gel the operating model of the parent and acquired businesses."
Instances of breaches, such as credit card hacks, theft of online data and the Edward Snowden affair, seem particularly spooky for an IT chief working overtime with his troops to merge a new asset, Qui opines.
"It's human nature - for every breach which bags lurid headlines with the CIO in question being publicly slated, there are countless others where things 'worked as they should' but will never be heard, written about or praised.
"If you are buying a standalone company and merging it, then the CIO of the parent company has to ensure there is no IP theft. Additionally, one or the other of the two companies would be stronger and mature relative to the other in terms of its policy on data protection. What I recommend on day one is to shore-up and align policy and procedure to maintain the perceptively higher level."
The scenario gets more complicated when the parent company's target has to be carved out of a third party's estate.
"Here, the CIO has to ensure network segregation with safeguards in place on the ability of the third party to access his company's information, and once that merger has taken place - protecting the value and security of his data," Qui explains.
Sign up for CIO Asia eNewsletters.