In the dynamic realm of private equity, evaluating potential investments’ operational and technological infrastructure is paramount for driving value creation. While typical due diligence might focus on identifying gaps in business systems, infrastructure (servers, telephony, etc.), and cybersecurity, there is a pressing need for investors and portfolio companies to delve deeper into the core business processes that interact directly with these systems. Notably, manual processes often persist around a company’s ERP systems due to legacy practices or because the benefits of automation offered by modern ERP solutions are overlooked. Understanding these core business processes is essential for private equity operating executives and deal teams, enabling accurate valuation and risk assessment, targeted improvements, and effective integration.

By identifying inefficiencies and potential risks, investors can make informed decisions on resource allocation to optimize cost efficiency and profitability. This profound insight also aids in planning seamless integrations, assessing scalability, and implementing continuous improvement strategies. Thus, it enables strategic investment decisions, including technology upgrades and synergy identification during mergers and acquisitions, ultimately driving significant value creation and positioning the company for long-term growth and competitive advantage.

Strategic Insights for Enhanced IT Due Diligence

Business process flows are essential in documenting the intricate relationships between systems and manual processes. These mappings provide comprehensive insights that are invaluable to effective Day 1/100 planning. They allow private equity investors to assess the efficiency and effectiveness of a target’s technological and operational frameworks and prioritize initiatives to bridge any identified gaps. This phase often presents an excellent opportunity to reevaluate and optimize the use of the target’s ERP system, enhancing its functionality and reducing reliance on outdated manual processes.

Operational Efficiency and Strategic Planning

A clear depiction of existing processes enables investors to anticipate potential integration challenges and operational bottlenecks. This foresight is crucial for planning effective integrations that minimize disruption and ensure seamless transitions. Additionally, a deep understanding of these processes aids in strategically allocating resources post-acquisition, ensuring that technological investments are made where they can have the most significant impact. Not all integrations carry equal weight; sometimes, the effort and resources required may outweigh the benefits (“the juice is not worth the squeeze”).

Driving Digital Transformation and IT Strategy

During IT due diligence, the visualization provided by business process flows is crucial for evaluating the target’s application landscape. This analysis helps identify outdated systems, redundancies, and gaps that may require modernization or replacement. With this information, private equity firms can tailor their IT strategy to introduce cutting-edge solutions such as automation technologies, advanced analytics, and artificial intelligence, thereby boosting productivity and enhancing operational agility.

Accelerating Day 1/100 Planning and Post-Close Transformation

Effective business process mapping significantly accelerates Day 1/100 planning by equipping investors with a blueprint of critical operational areas that require immediate attention post-acquisition. These insights ensure that essential business functions continue without interruption, providing a robust foundation for subsequent transformation initiatives and long-term value creation.

Conclusion

The strategic deployment of business process flows transforms IT due diligence for private equity. These tools help safeguard investments and position portfolio companies for competitive superiority and robust growth. Compello Partners advocates for our clients to prioritize a comprehensive understanding and implementation of business process flows to capitalize on their investments fully.

Want to learn more?
Click here to schedule a call with a Compello Partners representative.

The choice between proactive and reactive managed IT services (MSPs) can significantly impact the operational efficiency and cost optimization of private equity firms and their portfolio companies.

A Managed IT Services Provider (MSP) is a third-party company that remotely manages a client’s IT infrastructure,  end-user systems, and provides IT help desk, and security operations under a subscription model.

Proactive MSPs act like strategic partners, using advanced tools and automation to anticipate and mitigate IT issues before they disrupt business operations. This forward-thinking approach aligns seamlessly with the strategic goals of private equity firms, ensuring their investments are protected and efficiently managed. On the other hand, reactive MSPs resemble emergency responders, stepping in only when IT problems arise. This method can lead to unplanned expenses and operational setbacks, challenging the growth and stability of PE-backed firms. This article will explore how each approach affects strategic involvement, flexibility, scalability, training, security management, innovation, and, ultimately, the financial health of private equity-driven enterprises.

Proactive vs. Reactive:

• • Proactive Providers: These MSPs anticipate issues before they occur, often using monitoring tools and automation to identify potential problems early. They provide regular updates and suggestions for optimizing IT infrastructure and aligning their services with your business strategy.
  • Reactive Providers: These MSPs typically step in when problems arise. They may not consistently manage IT infrastructure daily, focusing on break/fix responses.

Strategic Involvement:

• • Strategic Partner: A strategic MSP integrates with your internal IT team, contributing to long-term planning and aligning IT strategy with business goals. They assist in budgeting, offer technology roadmaps, and provide regular performance reports.
  • Ad-Hoc Support: Reactive MSPs focus more on immediate problem-solving than strategic alignment. They may lack comprehensive knowledge of your business goals, resulting in solutions that might not fully align with your broader IT strategy.

Flexibility and Scalability:

• • Proactive Providers: These MSPs adapt to changing business needs and scale their services accordingly. They actively look for opportunities to optimize costs and improve performance.
  • Reactive Providers: They may offer limited flexibility, mainly focusing on fixing issues as they arise rather than adjusting their services based on evolving business needs.

Training and Education:

• • Proactive Providers: Offer continuous training and skill development opportunities to their staff and clients to ensure everyone is proficient in using current technologies and knows best practices.
  • Reactive Providers: Provide training reactively, often as a response to a problem or new technology implementation, without a systematic program to elevate overall IT competency.

Security Management:

• • Proactive Providers: Implement a comprehensive security strategy that includes regular assessments, proactive threat monitoring, and incident prevention plans.
  • Reactive Providers: Typically focus on security after incidents occur, implementing solutions to address specific vulnerabilities once they have been exploited.

Innovation and Technology Adoption:

• • Proactive Providers: Regularly explore and integrate new technologies to enhance business operations, actively seeking innovative solutions that offer competitive advantages.
  • Reactive Providers are often slower to adopt new technologies, usually upgrading systems and software only when they become outdated or support ends.

Cost Implications:

• • Proactive Providers:
    • • Predictable Costs: Often charge a fixed monthly fee, giving clients predictable budgeting.
      • Preventative Savings: Their proactive approach reduces unexpected downtime and costly repairs, leading to long-term savings.
      • Resource Optimization: By identifying redundant systems and inefficient resource use, they can help clients optimize costs and improve ROI on IT investments.
      • Compliance Penalties Avoided: Preventing security breaches and compliance issues helps businesses avoid fines or legal costs.
  • Reactive Providers:
    • • Unpredictable Costs: Charges are typically based on time and materials, resulting in unpredictable expenses due to variable labor and equipment costs.
      • Downtime Costs: Delayed issue resolution can lead to extended downtime, resulting in productivity losses and potential revenue impacts.
      • Higher Repair Bills: Issues addressed after failure often require more costly repairs or replacements than preventative maintenance.
      • Missed Optimization Opportunities: Reactive providers may not actively identify opportunities to consolidate resources or reduce IT expenditures, resulting in missed potential cost savings.

Want to learn more?
Click here to schedule a call with a Compello Partners representative.

Mastering ERP Transformation: Key Insights from 25 Years in the Trenches

With over a quarter-century dedicated to the ERP domain, I have guided numerous sectors through the adoption of systems such as NetSuite, Oracle, JD Edwards, SAP, Epicor, and Salesforce. My path has been a blend of triumphs and trials, witnessing the entire range from outstanding achievements to significant challenges. In a lighthearted reference to the iconic Clint Eastwood film, my experiences could be categorized as “The Good, the Bad, and the Ugly.”

My role has extended beyond mere implementation; I’ve spearheaded various initiatives, contributed to Executive Steering Committees, and informally acted as a counselor for private equity (PE) firm partners and their portfolio company CEOs. These stakeholders pour millions into these projects, hoping to realize their vision of a transformative, state-of-the-art ERP system. For several lower to mid-market portfolio companies, this endeavor represents their most significant and influential IT project. From the financial sponsor’s perspective, the aim is for a swift rollout as a critical component of their value-creation strategy. Consequently, the stakes are high for everyone involved.

Drawing from these experiences, while sparing the horror stories, I aim to share 10 crucial insights:

The Dilemma: PE firms often ponder whether to overhaul the existing ERP system of a newly acquired company or postpone the issue for future owners to resolve.

Selection Fatigue: The exhaustive process of selecting ERP software and an ERP integrator, characterized by lengthy RFPs, is both draining and time-consuming. Unless you enjoy a 20-page, 200-question RFP process — maybe I’m exaggerating a little, but you get the point!

Misplaced Expectations: Believing a new ERP system will fix every issue is a common yet unfounded hope. Most often, there are latent business problems (e.g. processes) that surface mid-implementation and can be addressed immediately or in additional phases post-implementation.

Sales Savvy: ERP vendors and integrators are skilled sales professionals who excel in highlighting strengths while downplaying weaknesses.

Separate Merits: A preferred ERP system does not guarantee the competence of its integrator.

Root Causes: Identifying fundamental process issues might lead to the need for additional ERP modules or third-party systems, but caution is advised before making any hasty decisions.

Data Migration Challenges: Transferring data to a new ERP system is often more complicated than anticipated.

Broad Impact: The introduction of a new ERP system affects more than just a handful of users or departments; resistance to change is common among employees.

Vendor Focus: ERP vendors and integrators concentrate on deploying their software efficiently, often using generic project management plans geared towards quick implementation and payment collection rather than tailored company needs. 20% of ERP deployments have a company “advocate” such as a program manager and process owners to work with the ERP integrators. These advocates, prioritizing the company’s best interests, play a crucial role in maintaining transparency and accountability among system integrators and vendors.

Post-Implementation Support: While ERP vendors and integrators may excel in system deployment, their post-implementation support often falls short.

These insights aim to provide a clearer understanding of the complexities involved in ERP selection and implementation, guiding PE firms and portfolio companies through the intricate journey of digital transformation. Part 2 of our article will focus on best practices for mitigating the above risks and providing a cogent strategy for a successful ERP implementation.

Tired of IT diligence reports that offer little beyond basic confirmatory checklists? For insights that deliver immediate value consider these 7 essential enhancements.

Are you growing weary of the same old IT diligence reports filled with standard confirmations and checklists, which seem to offer little beyond surface-level insights? If you’re looking for value-add approaches that deliver immediate pre-close value and seamlessly integrate into your Day 1/100 plans and long-term strategic post-close planning, consider these enhancements:

Detailed Process Flows: Gain a comprehensive understanding of the data and processes directly impacted by IT systems—or those that are not but should be. This insight is crucial for identifying potential efficiencies or areas of risk.

An Incremental Spend Summary: Expect a breakdown of one-time and recurring costs with precise details on how these figures were calculated, rather than vague estimates. This specificity is expected from a report authored by an IT expert, providing clarity on the financial implications of IT investments.

Accessible Narratives: The report should include narratives that make the findings clear to non-IT stakeholders, such as members of the deal team or C-level executives. This approach ensures that the impact of the findings on the organization is understood without the need for interpreting complex diagrams or navigating through bullet points that lack depth.

Beyond Basic Findings: It’s vital that the report provides additional context beyond just describing what was found. Understanding the ‘why’ behind the findings and the implications or ‘so what’ for the organization adds significant value, transforming raw data into actionable insights.

Interview the Actual Analyst: Often, the insights provided in a due diligence report are as valuable as the expertise of the person who compiles them. It’s worth inquiring about the background of the individual conducting the due diligence and writing the report, rather than just the reputation of the firm or its partners. Are they seasoned in the industry? Do they have experience as a technology executive who has practically applied the recommendations they’re making, rather than merely theorizing about them?

Security, Privacy, and Compliance Focus: While cybersecurity may often be mentioned in diligence reports primarily to satisfy Rep and Warranty (R&W) auditors, its importance extends far beyond. Ensure your diligence providers are not just advisors but actual cybersecurity operators who document and implement security, privacy, and compliance controls. Working closely with these experts to understand the security risks is crucial. Integrating their findings into your pre-Day 1 planning and post-close efforts is essential for enhancing the security posture of the portfolio company.

Roadmap: An actionable IT roadmap should be provided, aiding deal and value creation teams and the CEO in weaving these insights into post-close strategies.

Incorporating these elements can transform IT diligence from a routine procedural step into a strategic asset that informs decision-making and supports the successful integration and growth of your portfolio companies.

Security & Compliance in Private Equity Portfolios: The Overlooked Priority

Drawing on my extensive experience of conducting over 300 IT and Security diligences across a spectrum from low mid-market to billion-dollar companies, a striking observation stands out. Upon completion of the diligence and readout, and despite the private equity firms’ best efforts to fortify their portfolio companies, a startling reality emerges: approximately only 20% of these companies place a premium on security and compliance post-close and remediate the opportunities for improvement. The remaining 80% do not address any diligence findings, with a view that “if we have not been hacked, we should be secure”.

For the minority that does acknowledge its significance, the approach often taken is one of minimal compliance—the “path of least resistance”—doing the bare minimum required. Why does this happen? Several factors contribute to this oversight.

1. Security, privacy, and compliance initiatives are often not seen as directly contributing to company growth, leading to their undervaluation. Qualifying for cyber liability insurance is viewed as a barometer for the success of the information security program, which it is not a legally defensible approach.

2. Many executives underestimate their importance relative to other company projects. Cyber is often viewed as a “nice to have”, which is more of a requirement for high risk/highly regulated entities such as banks and health care providers.

3. There’s a pervasive mindset of complacency—”if the house isn’t on fire, everything must be fine”—which ignores the latent risks until they erupt into urgent crises.

4. Both PE firms and their portfolio companies frequently base their decisions in these areas on the advice of inexperienced in-house teams or Managed IT Services providers lacking deep, hands-on security expertise. Outsourcing security decisions to IT Managed Services Providers requires a high degree of oversight, which in turn requires skilled in-house IT personnel. Thus often times, PE firms and their portfolios do not realize the value of having a MSP, and worse, do not have adequate insight into cyber threats their companies are facing.

5. The inhouse resources do not keep up with or are knowledgeable on the latest security software, thus the Company has outgrown the level of sophistication. If the Company is supported by a 3rd party Managed IT Service Provider, the vendor has a one-size-fits-all approach and thus the Company is not fully protected.

This combination of factors results in a landscape where the critical areas of security and compliance are sidelined, posing significant risks not just to the companies themselves but also to their stakeholders and investors.