• Increase font size
  • Default font size
  • Decrease font size
Home News Archive Risk Management in M&A Activities

Risk Management in M&A Activities

E-mail Print PDF

Apogee Consulting, Inc. has done some M&A stuff before. We’ve participated in due diligence activities, we’ve briefed lawyers and investment firms on results, and we’ve participated in post-merger integration activities (including contract novations, business system integration, and post-award indirect rate structuring). All of which is to say: while we don’t claim to be M&A experts, we’ve done enough to have some insight into what can go wrong.

Rule #1: Due diligence findings are rarely enough, by themselves, to affect the deal. If enough people want the deal to happen then it’s going to happen regardless of the due diligence efforts. (This situation tends to happen when one or more corporate officers have “do a successful deal” in their annual performance plans, and their incentive comp is riding on the deal getting done.) Conversely, if enough people don’t want the deal to happen then it’s not going to happen regardless of the due diligence efforts. (We’re thinking here of Lockheed Martin’s proposed merger with Titan Corp., which cratered because Titan couldn’t clear itself fast enough from its FCPA problems. Lockheed Martin walked and eventually L-3 acquired the company but there’s a reason you don’t hear much about the former Titan Corp. anymore.1)

Rule #2: There is never enough time or money to perform the due diligence you would like to perform. Instead, you perform the due diligence that’s budgeted and your results are in line with what is being paid for. You can never identify all the risks. You can never verify all the contract ETCs and you can never look at all the purchasing files and you can never examine all the accounting transactions. You simply have to do the best job you can, while hoping the attorneys have structured an escrow or some similar protection into the deal.

So if Rule #1 and Rule #2 are correct, then why bother? That’s a good question. The best answer we’ve been able to come up with is that due diligence efforts often uncover risks that need to be mitigated post-merger. In addition—and this may be the more important reason—the time to start post-merger integration planning is on Day 1 of the due diligence effort. Key questions, such as “Will the acquired entity be left as a stand-alone or will it be fully integrated?” can be addressed during due diligence. The merging of business systems can be addressed. Potential issues with security clearances and government property and any backlog of contracts (and subcontracts) awaiting closure can be addressed. The meting-out of billed and unbilled receivables can be addressed. Reserves for litigation can be addressed. In sum, there’s a whole host of issues – most of which really don’t impact whether the deal happens or craters – that can be discussed during the due diligence process.

Even so, certain risks are going to escape scrutiny. Either they are too hidden to surface, or they do surface but are minimized or ignored during the rush to consummate the deal. Example: somebody looks at the target’s timekeeping system and writes a report saying it’s weak and there could be mischarging going on. That report doesn’t identify any specific mischarging (because there’s no time and/or budget for such an investigation), but it does identify a specific risk. That report is buried in the avalanche of due diligence data and forgotten. Until two years later (well after the merger) when members of the Defense Criminal Investigative Service and the Army Criminal Investigation Division show up at one site and allegations of multiple millions’ worth of time mischarging are dropped on the heads of the integrated entity, seemingly out of nowhere.2

Today we are going to address two somewhat hidden risks.

The first risk is what happens to proposals in the pipeline as of the date of the merger/acquisition/ divestiture. Do those proposals continue under the name of the entity that started them, or do they get submitted under the name of the post-merger entity? And how will the government view the post-merger entity?

In a very recent bid protest decision, the GAO found that the US Army Corps of Engineers had reasonably excluded a proposal submitted by Lockheed Martin Integrated Systems (LMIS) because it was about to merge with Leidos (the spin-off that used to be a part of SAIC). It was appropriate for the awarding agency to conclude “that it could not determine the realism of the protester’s costs and identified other risks associated with the anticipated transaction.” The Source Selection Advisory Council concluded that—

It is unknown, and unknowable, what impacts the new LM-Leidos corporate structure will have on future performance, whether past performance is still a predictor of future performance of offerors, and how small business will be utilized. Therefore, there are potential risks associated with the delivery of the technical capabilities proposed. Based on the above, LMIS’s proposal should therefore not be considered for award.

Similarly, the merger between Engility Corp. and TASC created uncertainty in the mind of the contracting officer and Engility was found to be non-responsible because its facility security clearances were in the name of TASC. (See this protest.) In this case, Engilty’s bid protest was upheld, because there was evidence that Engility had submitted the required paperwork, and updated its CAGE Codes. Thus, the nonresponsibility determination was unreasonable. Note, however, that Engility had to file a bid protest to overcome its exclusion from the shortlist.

To sum up, the impact of the proposed merger/acquisition/divestiture on proposals in the pipeline must be addressed during the due diligence phase. This activity includes running indirect rate simulations, figuring out novations, updating CAGE Codes, and making sure facility and personnel clearances are handled well in advance of the actual effective date of the activity. Also the CAS implications must be considered if one entity is less than fully CAS-covered. (Note: If you don’t know whether you are going to run the post-merger entity as one integrated entity or two stand-alone entities, this is going to be a challenge.)

Now on to the second risk. It’s a bit more subtle and, frankly, we don’t see any practical mitigation strategies at the practitioner level. But let’s talk about it anyway.

It’s about insider trading.

When two publicly traded entities are in discussions regarding a potential merger, acquisition, or divestiture, it’s obvious that there is some money to be made. The company about to be acquired is going to be acquired at a premium from the current share price; that’s a given. If you knew about the transaction in advance you could buy up shares of the entity to be acquired, and then sell them at a handsome profit a short time later when the deal took place.

Now, we’re sure your people would never stoop so low. They are obviously of the highest integrity to start with, plus they signed a special NDA in connection with the due diligence activities, plus they know there’s a downside to being caught. But suppose, just suppose, that they thought they were smarter than you. Suppose they thought they had figured out a fool-proof way to pass on insider information and to hide the proceeds from the use of that insider information. If that’s the case, then maybe they are like this former Global Vice President for SAP, who was just indicted (along with two others) in a “scheme to commit insider trading and money laundering that allegedly resulted in hundreds of thousands of dollars in profits.”

According to the (obligatory) DoJ press release—

The indictment charges all defendants with one count of conspiracy to commit wire fraud and securities fraud, one count of conspiracy to commit money laundering and one count of conspiracy to structure currency transactions involving a financial institution for the purpose of evading the reporting requirements. In addition, Salis is charged with four counts of wire fraud and five counts of securities fraud; Douglas Miller is charged with six counts of wire fraud, five counts of securities fraud and one count of making false statements; and Edward Miller is charged with one count of wire fraud, one count of securities fraud, one count of witness harassment and one count of obstruction of justice.

According to allegations in the indictment, while Salis was employed as a SAP global vice president, he obtained material, non-public information about SAP’s acquisition of Concur, which he disclosed to Douglas Miller in violation of a duty of confidentiality. Douglas Miller, Edward Miller and others then allegedly purchased securities in Concur based on this information for the purposes of profiting from these transactions and returning a portion of the profits to Salis. Following the acquisition, the indictment alleges that Douglas Miller and Edward Miller sold the securities and Douglas Miller made approximately $119,000 and Edward Miller made approximately $149,000. Other traders who allegedly used the information profited a total of approximately $237,000. In order to conceal the nature of the proceeds, the Millers allegedly used cash, money orders and checks to transfer some of their trading profits to Salis. In total, Salis allegedly received nearly $90,000 from his co-conspirators.

Note that nobody has pleaded guilty to those allegations and that people are presumed to be innocent until convicted. Nonetheless, the indictment reminds us all that people will bend their ethics for money, and that confidential information related to a potential merger, acquisition, or divestiture can be perceived to be a path to some easy ill-gotten loot. You probably need to remind your people involved in such confidential deals that, if they decide to sell-out for some cash, they will be caught and prosecuted to the full extent of the law.

We have lots to write about M&A activities but let's start with this one. We trust you enjoyed it!


1 Not to pile on Titan Corp. – but a former employee, a Group Controller who was employed by Titan for six years, recently pleaded guilty to embezzling $825,000 from a subsequent employer.

2 True story, bro. We were there for both the initial timekeeping report as well as the oh-so-expensive investigations and even-more-expensive legal settlements (plural) that followed. We should write a book about that FUBAR, except we’d probably be sued.



In March 2009, Nick Sanders’ article “Surviving Government Audits: Have the Rules of Engagement Changed?” was published in Government Contract Costs, Pricing & Accounting Reports (4 No. 2 GCCPAR P. 11). Apogee Consulting, Inc. is proud to announce that Mr. Sanders’ article was selected for reprint and publication in Thomson West’s The New Landscape of Government Contracting.  Mr. Sanders, Apogee Consulting’s Principal Consultant, joins such distinguished contributors as Professors Steven Schooner and Christopher Yukins, Luis Victorino and John Chierachella, Joseph West and Karen Manos, Joseph Barsalona and Philip Koos and Richard Meene, and several others.  The text covers a lot of ground, ranging from the American Recovery and Reinvestment Act (ARRA) to Business Ethics and Corporate Compliance, and includes several articles on the False Claim Act and the Foreign Corrupt Practices Act.  In addition, the text includes the full text of many statutory and regulatory matters affecting Government contract compliance.


The book may be found here.