Connect with us

Finance

WHY IT PAYS TO MAKE CYBER SECURITY PART OF THE M&A DUE DILIGENCE PROCESS

Anurag Kahol, CTO at Bitglass

 

Mergers and acquisitions (M&As) enable business leaders to adapt fast to new opportunities. Whether that is re-configuring operating models to accelerate growth, or rebalancing asset portfolios to leapfrog the competition in new market environments.

In recent years, low interest rates around the globe have helped to fuel an impressive uptick in M&A activity. According to Deloitte, the start of the year saw dealmakers predicting that this boom was set to continue, with 63% saying that transaction activity would increase in 2020.

While the recent global pandemic has had an unprecedented economic impact, the signs are that many companies are already focused on strategic and portfolio reviews in a bid to speedily access new markets and grasp newly identified opportunities. A process that looks set to trigger a hike in divestiture and acquisition activities.

Undertaking appropriate M&A due diligence is recognised as an essential process for evaluating the true value of an acquisition deal. As cyber risks for organisations intensify, cybersecurity is becoming an increasingly important part of this procedure for businesses that want to avoid becoming liable for data breaches. A lesson that Marriott Hotels learned to its cost, when it was landed by a £99 million penalty fine following its acquisition of Starwood Hotels & Resorts, whose guest reservations system had been compromised back in 2014.

 

Anurag Kahol

Identifying risk and data vulnerabilities

Whenever a firm buys another company, it takes full responsibility for any pre-existing cyber security failings that could potentially compromise data security. For this reason alone, undertaking a comprehensive cybersecurity due diligence evaluation is absolutely essential for both safeguarding the value of the acquired business, and assuring the long-term compliance profile and security posture of the combined entity going forward.

The rapid digitalisation of the enterprise means that data has come to represent IP that is the lifeblood of today’s organisations. Yet as corporate IT systems and connectivity platforms evolve and grow, this expanding attack surface potentially presents new vulnerabilities that could be exploited. According to a recent Accenture report, 40% of security breaches are now indirect, as threat actors target weak links in the supply chain or business ecosystem – and remediating any security vulnerabilities could prove costly in terms of business continuity, as well as reputational and financial impact. According to Accenture, 64% of firms now take on average 16 to 30 days or more to address a security breach. During this time, revenues can be lost, and business systems interrupted. Meanwhile, the loss of IP can have long term ramifications.

 

Defining a rigorous cyber due diligence process

With organisations of every size increasingly dependent on cloud-based tools and connectivity services, undertaking a detailed cyber security audit and evaluation is crucial for identifying any critical weaknesses that present a potential risk.

Requesting full disclosure of any past breaches is an essential first step for any acquiring entity seeking to understand the specific vulnerabilities associated with each breach event, and whether these have been appropriately addressed. Exploring the dark web to search for signs that the target firm’s IP or customer data has already been compromised will help shed light on whether historical breaches have not been disclosed or identified. It took years before Hilton discovered that Starwood’s systems had been unknowingly breached.

When defining the due diligence process, the priority is to create a framework that enables the systematic evaluation of all governance, procedures, and controls that the target organisation is using to keep its information assets safe. This should include evaluating compliance with any industry-specific data regulations, such as GDPR and PCI DSS, that may apply.

 

Next steps

Having established what information assets are in place, where these are located, and who has access to these, along with the data protection and access management measures that are in place, a comprehensive evaluation of all potential internal and external IT systems and processes will help to shed light on any potential weaknesses that will need to be addressed. As part of this process, it may well also be appropriate to undertake penetration testing of the target firm’s cyber defences as well as those of its suppliers and delivery partners.

Finally, the cyber diligence process should also incorporate a review of all breach management, disaster recovery and business continuity plans, with an eye to identifying if these need to be evolved in line with those of the acquiring entity.

By the close of the processes, a comprehensive risk analysis should be undertaken that will inform any plans to align both IT organisations’ data management and protection strategies going forward.

 

Safeguarding operational integrity

Maintaining security for the duration of the takeover process is paramount, so organisations that participate in M&A activities will need full visibility into their own systems as well as those of the company that is being acquired.

Conducting a review of all security-related policies within both organisations, including a detailed scrutiny of all target systems and data, will help ensure that vulnerabilities are not introduced once the IT systems of both organisations are brought together.

Ultimately, maintaining information security within the extended environment will depend on the successful integration of people, systems, and processes in such a way that preserves value for the business as a whole – while maintaining the morale of individuals within the cybersecurity teams of both organisations. This should include putting in place processes that ensure there is no exposure resulting from the malicious behaviour of potentially disgruntled employees on either side of the fence.

While conducting a detailed cybersecurity due diligence procedure may appear to add time and expense to the M&A process, failure to conduct this vital element in a detailed and structured manner can cost organisations dear in the longer term. Ultimately, cyber security is far more than just a technical issue – it also represents a potentially major business risk.

Finance

OPTIMISING YOUR FINANCE THROUGH TECHNOLOGY

Covid-19 restrictions and ongoing uncertainty have prompted a fundamental switch in mindset across a multitude of different sectors. Many organisations have begun to recognise that outsourcing their finance can make them more agile and give them the competitive edge they need to compete and scale effectively in today’s market.

Mark Pullen, CEO at Xledger  explains to what extent outsourcing can boost resilience for a lockdown recovery.

 

Solving the pain points

Inefficient processes are prone to causing delays and errors which can have a huge impact on the bottom line when viewed at scale. They can also negatively impact the client experience, causing frustration with missed deadlines and mounting uncompleted tasks.

New finance technology is automating many of the daily, monotonous back office functions such as bank reconciliation and invoice entry, meaning that the nature of the work that a finance professional provides will change. This presents a huge opportunity as it gives these employees the opportunity to be involved in higher-level work. Technology can also provide a resource that gives real time insight, allowing for better strategic decision making, which is so key in the current climate.

 

Optimising your finance function

Outsourcing high-value services within the finance function can improve workflow by implementing a defined and transparent process which streamlines operations. For a finance department, this can speed up areas that require internal controls such as expense reporting and cash release, but it can also speed up the full lifecycle of a project; from time tracking and resource to accounting and billing.

There is also a cost efficiency benefit when outsourcing, as management bandwidth is effectively increased by eliminating the need to be involved in many of the day to day processes. Instead this time can be focused on other business priorities and planning for future growth.

Outsourcing accounting functions to bespoke and standardised technologies means using data led processes that can be measured, optimised and benchmarked against in-house requirements. These processes can also be undertaken remotely, boosting the resilience of your business in these uncertain times.

 

Case study box-out: RPC Tyche

RPC Tyche is a global insurance software supplier with offices in London, Paris, and the USA. Initially a division of award-winning law firm RPC, but now a stand-alone entity, RPC Tyche’s main software offerings support capital modelling, and pricing commercial insurance and reinsurance.

 

The challenge

As part of a restructuring process following the de-coupling with the law firm RPC, RPC Tyche had to separate its back-office processes. They remained under the umbrella of the law firm while the changes were taking place, so initially had some flexibility with the shared finance system, but time was running out to separate the two entities cleanly. As a stand-alone company, RPC Tyche now needed its own financial system; one that could align with its new business processes and that could be implemented quickly to deliver the organisation’s business objectives. Furthermore, they needed a new finance solution that could help them grow exponentially, facilitate a globally diverse group structure, and still maintain efficiency when operating as a small team.

Gavin Dilley, Chief Finance Officer for RPC Tyche commented, “Following an initial discussion with a third-party advisor regarding Xero and Quickbooks, we were recommended Xledger because we required a swift and scalable solution. After contacting Xledger, their tried and tested implementation methodology ultimately assured us that we would achieve the fast-paced implementation needed for our go-live objective. We also really liked that Xledger was a multi-tenanted, true cloud solution with its scalability setting it apart from the competitors.”

 

Implementation and training

Following conversations with Xledger, RPC Tyche created a project management team to keep everything on track on their side, an arrangement that Gavin emphasised “worked really well.” He said that “as a small project team, the flexibility to undergo substantial configuration during the training sessions with the Xledger consultants brought focus and enabled us to dedicate sufficient time to the system without distractions.”

Although the implementation was expected to take three months, RPC Tyche experienced hold-ups owing to the separating of back-office processes, so they were pleased when it was mutually agreed to facilitate a one-month delay.

 

Post-implementation results

“The implementation process was highly effective, and we’re very happy with the results,” said Gavin. “Since implementing the Xledger solution, we’ve been so pleased we haven’t had to dip back into the old system as the transfer of historic data has been particularly successful.” RPC Tyche had a large volume of historic data and transactions, including timesheets and work in progress reports that were all successfully migrated to Xledger during implementation. “We’re particularly happy with how easy it has been to onboard our new Finance Controller, due to flexible training and the system being so intuitive.”

Gavin added, “Since implementing Xledger, we have far greater reporting flexibility, better distribution of skills within the finance team and are naturally more self-sufficient because we can make amendments to the system without relying on the software provider.

The system is easy to use, and the purchase order functionalities, integrated workflows and automation of processes have enabled us to be highly efficient, even as a small finance team. Not to mention that the Xledger support team are incredibly responsive, so we can continually maintain productivity.”

 

Continue Reading

Finance

THE FUTURE OF FINANCE LIES IN THE CLOUD

Author: Chris Tredwell, Enterprise Business Development Manager,Aqilla

 

At the beginning of 2020, 87% of public sector organisations surveyed by UKCloud expressed a desire to move traditional IT environments into the cloud. But, as a result of the Covid-19 pandemic, the rate of cloud adoption in the UK has grown significantly, as many companies not already in the cloud were compelled to make the switch due to enforced remote work.

This is certainly indicative of many other industries, finance included. Pre-lockdown, the majority of finance and accounting teams still relied on on-premises software, but the move to remote-working meant many organisations had to quickly reconsider their technology needs and move some or all of their IT requirements to cloud-based platforms.

But, in a recent survey by GrowCFO – an independent portal for finance leaders to network, learn and collaborate – it was found that there is confusion around what actually equates to a true cloud finance platform. This was apparent given some respondents replied with ‘cloud’ to known on-premises solutions, suggesting the difference between cloud-based and ‘on-premises with remote access’ is not fully understood.

This is an important point because it has the potential to influence the technology choices made by organisations across the sector. In short, traditional on-premises financial software resides on IT systems owned by the user organisation, typically on hardware hosted within their building. After purchasing and installing the software, they maintain, secure, and manage it themselves (or with the help of a specialist third party IT support business). Many of these systems also offer the option of connecting remotely, with users accessing software and data via a connection to their office-based network.

Conversely, cloud software is almost entirely outsourced and delivered via a web browser or app as a service to each user, hence the description ‘Software-as-a-Service’ (SaaS). The software resides with the service provider who is also responsible for reliability, performance, the availability of enhancements and updates, as well as the security of their service or application. The location of the user is largely irrelevant – as long as they have a good, secure internet connection, a suitable laptop or tablet and a browser, they can access the service in exactly the same way as if they were in the office.

Chris Tredwell

One of the most immediate changes organisations notice when moving from on-premises technology to the cloud is it removes the need for in-house IT personnel or external specialists to manage and maintain the technology. For many smaller organisations, it liberates the individual who has been given the task of ‘looking after’ the on-premises tech, even though it usually isn’t their specialism or even in their job description.

But that’s just the start. The massive success of the cloud-based, ‘-as-a-Service’ technology industry is predicated on a range of key developments over traditional on-premises, or ‘legacy’ software.

 

A Formula for Finance

Often of particular interest to finance and accounting professionals are pricing and payment terms that accompany today’s cloud SaaS options. Cloud-based software typically offers the convenience of a monthly pay-as-you-go model, instead of investing significant up front sums in one-off software purchases. This also saves money on the server hardware that has previously sat in the office, which may no longer be needed at all. Also included in cloud pricing arrangements should be details which clearly set out the type of service and support included in the cost. Done well, cloud-based customer support and service can deliver an exceptional experience where the provider effectively works as an extension of their in-house team.

The best cloud software providers place huge emphasis on security, focusing on data protection, backup services and their ability to deal with common security issues, such as ransomware. This also extends to compliance, and in the finance context, specialised compliance capabilities offered by many cloud software providers can be of particular benefit. Even for the most niche requirements, there is often a software provider out there whose technology has been written to meet compliance rules, often saving users considerable time and effort.

And then there’s the key issue of functionality and performance. Today’s cloud-based finance software market offers a wide range of options from simple entry-level tools to powerful applications designed to meet the needs of even the biggest and most complex finance departments. For organisations considering cloud, it’s important to assess the options available and choose a provider that most closely matches their individual needs.

For many finance and accounting organisations and their teams, the requirements of lockdown and transition to home working were made possible by cloud-based software solutions. In doing so, they have gained valuable insight into the range of services available, their potential benefits and how technology can become much more than just a labour-saving tool, but also a means to enhance their all round business capabilities.

 

Continue Reading

Magazine

Trending

Wealth Management1 day ago

WHY TRADING FIRMS MAY STILL NEED A LONG-TERM REMOTE WORKING STRATEGY AMID COVID-19 VACCINE NEWS

By Terry Ewin, Vice President EMEA, IPC   ‘Never let a good crisis go to waste’ is a phrase that...

News1 day ago

AURIGA TO MANAGE BELGIUM’S NEW NATIONWIDE ATM NETWORK: BATOPIN.

Batopin signs ATM as a Service agreement with Auriga to run the new network for Belgium’s four biggest banks  ...

Business1 day ago

ALLIANZ BENELUX IS USING GRAPH TECHNOLOGY TO BEAT FRAUD AND BOOST CUSTOMER-CENTRICITY

Amy Hodler, Director, Analytics and AI Program Manager at Neo4j.   Data expert Amy Hodler examines how graph technology is...

Business1 day ago

5 SIMPLE WAYS TO PREVENT A DATA BREACH FROM PUTTING YOUR ACCOUNTANCY PRACTICE OUT OF BUSINESS

By Bruce Penson, Managing Director at Pro Drive IT   As an accountancy firm, you hold a huge amount of confidential...

Technology1 day ago

PRIVATE EQUITY – ARE YOUR NDAS INTACT AGAINST A CYBER SECURITY BREACH?

Owen Morris, Operations Director at Doherty Associates   Even prior to the pandemic, research revealed how over a quarter of private equity professionals...

Banking1 day ago

THE ART OF BIOMETRIC PAYMENT CARDS: WHY BANKS NEED TO GET DESIGN-SAVVY

Lina Andolf-Orup, Senior Director at Fingerprints   Biometric payment cards have ticked several important boxes in the last year. The...

Finance2 days ago

OPTIMISING YOUR FINANCE THROUGH TECHNOLOGY

Covid-19 restrictions and ongoing uncertainty have prompted a fundamental switch in mindset across a multitude of different sectors. Many organisations...

Technology2 days ago

PROTECTING YOUR IDENTITY WITH A DIGITAL DOPPELGANGER

By Joe Bloemendaal, Identity Futurist at Mitek   Doppelgängers tend to make us think of evil twins and a token...

Finance2 days ago

THE FUTURE OF FINANCE LIES IN THE CLOUD

Author: Chris Tredwell, Enterprise Business Development Manager,Aqilla   At the beginning of 2020, 87% of public sector organisations surveyed by...

Finance2 days ago

PAYMENTS PREDICTIONS IN A POST-COVID-19 ERA FROM RADAR PAYMENTS

Jane Loginova, co-CEO & co-founder at Radar Payments   Retailers went digital, but next, they must diversify their payment offering “Retailers...

Wealth Management2 days ago

SECURING INFORMATION THROUGHOUT THE SUPPLY CHAIN – PREVENTING SUPPLIER VULNERABILITIES

by Adam Strange, Data Classification Specialist, HelpSystems    The financial services sector is experiencing extreme disruption coupled with rapid innovation as established...

Banking2 days ago

ORGANISATIONAL ALIGNMENT KEY TO MAXIMISING POTENTIAL OF OPEN BANKING

Lack of internal alignment risks holding financial institutions back from realising open banking potential 70% of C-level executives recognise the...

Business3 days ago

HOW FINANCE FIRMS CAN IMPROVE THEIR CUSTOMER COMMUNICATION IN 2021

Amy Robinson, Senior Brand Development Manager, Esendex 2020 has certainly thrown a curve ball to all businesses across the world,...

Technology3 days ago

HOW FINANCIAL INSTITUTIONS CAN PROTECT THEIR ONLINE ACTIVITY FROM HACKERS

As working from home becomes the new normal, senior leaders of financial institutions need confidence that their company information will...

Finance3 days ago

2021 TRENDS: TECHNOLOGY CONTINUES TO TRANSFORM FINANCIAL SERVICES

By Angus Panton, Head of Banking and Financial Services at Expleo   Angus is responsible for leading strategic client relationships and...

Top 103 days ago

2020: THE PARADOXICAL YEAR THAT HAS RESHAPED THE FUTURE OF MOTOR INSURANCE AND RELATED SECTORS

By Alan Inskip, Tempcover CEO & Founder   There’s no doubt that 2020 will be remembered as the year that...

News3 days ago

EIS INTRODUCES USAGE-BASED INSURANCE SOLUTION THAT UNIFIES PERSONAL AND COMMERCIAL CAR USE FOR CONTINUOUS COVERAGE

Includes Ridesharing Solution Enabling Insurers to Cover Drivers Based on How Far, How Well, When and – Now – Why They Drive   EIS, a core and...

News3 days ago

ONGUARD WELCOMES ADRIAAN KOM AS CHIEF COMMERCIAL OFFICER

Onguard, the fintech company dedicated to the order-to-cash process, has today announced it is welcoming Adriaan Kom as its new Chief Commercial Officer. Responsible for overseeing...

News3 days ago

NETTING IS A PRIVILEGE NOT A RIGHT

It is nearly a year since the European Central Bank (ECB) introduced its new process for the recognition of netting...

Finance3 days ago

IN THE AGE OF ‘NEAR ME’ SEARCHES, FINANCIAL SERVICES MUST LEVERAGE TECHNOLOGY TO WIN NEW CUSTOMERS

by Paul O’Donoghue, VP solution engineering, Uberall   The coronavirus pandemic has seen a dramatic increase in digitalisation across all aspects...

Trending