<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=4229425&amp;fmt=gif">

ProArch POV: Navigating an IT Integration During Mergers & Acquisitions

May 15, 2023
By ProArch

Merger and acquisition (M&A) transactions are a high-risk undertaking for any enterprise, requiring careful consideration from IT to ensure they address the high stakes, complexity, and fast pace required of them. However, IT is often left out of the process until it’s too late. According to McKinsey and Company, “50 to 60 percent of the initiatives intended to capture synergies are strongly related to IT, but most IT issues are not fully addressed during due diligence or the early stages of postmerger planning.” As a result, many of these initiatives fail to achieve the value expected of them.

How can business leaders ensure they have everything they need for a successful IT integration strategy that prepares their merger or acquisition for success? In this post, four ProArch experts share their points of view (POV) on the things all organizations should know about IT’s role in the merger and acquisition process, including their best practices both before and after a deal is done. Let’s dive into what they had to say.



Create an IT Integration Roadmap

Jeanne Morelli, Chief Operations Officer


Copy of ProArch POV LinkedIn (1200 × 600 px) (2)

The IT portion of a merger or acquisition starts as any successful IT project should: It is all about the discovery, assessment, and planning process. Which needs to begin far before the legal transaction is complete.

Imagine buying a new home without first having a home inspection, then finding out that it has been built on a sinkhole. The same could be true of investing in a new business entity that has not invested in its infrastructure or data security. The costs could be enormous, and the risk extraordinary.

Technology teams have a critical responsibility throughout the process. While managing their current roles, they are also responsible for essential processes like integrating platforms and systems and incorporating security and compliance practices. On top of this, they must ensure the business experiences no interruption while addressing issues and questions that arise during the process.

Start with an assessment to create a well-defined plan that is aligned with organizational priorities. When you take the time to make a plan, the integration will be a faster, smoother process and provide the stakeholders with the intended results.

Mergers and acquisitions affect everyone. Communicate changes early and often. Be sure that you provide the information that is relevant to the audience. You won’t have all the answers, but you can provide guidance and expectations that can minimize the stress of change.

With any merger or acquisition, there will be differing points of view. Involve people from both entities who represent all areas of the organization. They will not only provide you the technical and business process insight but also become change agents during the transition. Engagement is key.



Security and Compliance Considerations

Michael Montagliano, Chief Information Security Officer


ProArch POV IT M&A Michael M

Mergers and acquisitions (M&A) are crucial to business growth. However, these transactions also pose significant risks—especially concerning cybersecurity.

First, we must perform our due diligence by conducting an extensive investigation of the acquired assets. You want to identify and remediate risks early on that may impact the deal. Here are six critical considerations for ensuring a successful and secure IT integration strategy:

  1. Perform a thorough security assessment: Before initiating the integration process, conduct a comprehensive security assessment of both companies’ IT infrastructure, policies, and practices. Identifying potential vulnerabilities and areas for improvement is crucial.
  2. Align security policies and standards: Integrating two IT systems often means merging different security policies and standards. It is vital to harmonize these to establish a consistent and robust security framework across the merged organization.
  3. Prioritize data protection: M&A transactions involve exchanging sensitive data, including intellectual property, customer data, and financial information. Implement robust data protection measures, such as encryption and access controls, to safeguard this valuable information.
  4. Address compliance requirements: The integration process may bring new compliance requirements, such as GDPR or industry-specific regulations. Ensure that your organization is aware of and prepared to meet these obligations.
  5. Develop an incident response plan: Cyber threats are an ever-present risk in M&A transactions. Develop a robust incident response plan to mitigate potential security breaches and minimize the impact on business operations.
  6. Foster a culture of security: Encourage a security-first mindset among employees from both sides. Provide ongoing training and resources to build a strong security culture that can withstand the challenges of M&A transactions and ensure ongoing vigilance.

By prioritizing cybersecurity solutions in IT integration during M&A transactions, organizations can safeguard their valuable assets and ensure a smooth, successful integration process.



Microsoft Tenant-to-Tenant Migrations

Jacob Reinhardt, Automation Engineer


ProArch POV IT M&A Jacob R

In an M&A situation stakeholders will be eager to bring the organizations together from a collaboration, email, and data perspective. For IT that means planning and executing a Microsoft 365 tenant to tenant migration to merge the two existing environments.

The bread and butter of any tenant-to-tenant migration is migrating email (Exchange) and file (SharePoint and OneDrive) data. Tools are available to migrate these primary workloads, so take advantage of them. When migrating email, make sure to take measures to avoid undeliverable messages from being generated to external parties while the domain is migrated to the new Microsoft 365 tenant (e.g., a dead-end MX record that will not respond to SMTP ports). When migrating files, keep in mind that links will typically need to be manually resent because the URL changes.

Migrating these primary workloads is good so far as it goes. What is often forgotten in tenant-to-tenant migration is the lesser-known Microsoft cloud services. These may include items such as third-party integrations with Azure AD identities, Azure AD Business-to-business guest accounts, Groups, SharePoint Lists, Planner, Forms, and even Microsoft Teams.

Microsoft does not always provide good methods to migrate data for all its services. Often, there is no substitute for engaging with the right organizational leaders who know what services are being used. Post-migration checks by employees are very helpful in ensuring that nothing essential is missed. Tenant-to-tenant migrations often require some level of user activity as well (e.g., setting up multifactor for the new environment, canceling recurring Teams meetings, and manual resync of OneNote notebooks that are migrated).

Tenant-to-tenant migrations are challenging, but the results include technical skills gained for technical teams, unified collaboration for the entire organization, and in some scenarios, cost savings.



Due Diligence and Adaptability is Key

Andrew Rochfort-Hyde, Head of Delivery; App Dev, Data & AI,


ProArch POV IT M&A Andrew R

M&A doesn’t always produce the outcomes investors expect. In fact, Harvard Business Review puts M&A failure rates at between 70 and 90 percent. Examples range from blockbuster mergers like AOL-Time Warner to much smaller deals. Divestments are no different.

Aside from over-optimistic forecasts, one of the most common causes is the failure to integrate systems effectively. So, what can we learn from this? There are five best practices to keep in mind.

  1. Plan how you intend to run the target: This is critical. What is your business model? Investment acquisitions require quite different approaches compared to full absorption. Have a clear plan and manage it. Planning, sequencing, and coordination need to take place at all levels—including strategic and system levels.
  2. Do your due diligence early: You must understand the compatibility of systems architecture, data architecture, investment programs, compliance and governance, cloud compared to on-premise solutions, legacy and obsolete systems, interoperability, and costs. If systems are incompatible, that doesn’t mean you need to put a halt to the deal; however, keep in mind that the cost and impact may be higher.
  3. Understand the complexity and seek elegant simplicity: Data is a complex field, requiring flexibility and creativity. Look carefully at the options, including using a data platform in a “hub and spoke” solution rather than bespoke point-to-point connections.
  4. Focus on the quality of execution: Results do not have to be over-the-top amazing, but they do need to be effective and sustainable while delivering customer and stakeholder satisfaction.
  5. Continuously learn lessons: Companies undertaking M&A generally do it more than once. Gaining experience, learning lessons, and applying them to the acquisitions that follow are immensely valuable. A company that learns lessons and applies them to future deals inevitably wins out.


Every organization and deal it unique. Addressing issues and defining goals early will help ensure a smooth transaction. ProArch has experience bringing networks together and applying best practices across the environment, so your organization is  ready for the next merger or acquisition.

The ProArch POV series is your resource for actionable advice, tips, and experiences from the people who understand the ins and outs of this industry the most.

Read another ProArch POV >>

Subscribe to the blog for the latest update