Merging Internal Audit Departments

Merging Internal Audit Departments
Author: Kevin Alvero, CFE, Randy Pierson, CISA, and Wade Cassels, CISA, CIA, CFE, CRMA
Date Published: 17 May 2018

As organizations try to keep up with rapid changes in technology, they are using acquisitions as a way to quickly develop entirely new lines of business or to simply close gaps in technological capability. According to Deloitte’s most recent mergers and acquisitions (M&A) trends report, “acquiring technology assets has surged in importance as a top strategic driver of M&A.”1

This trend has significant implications for internal audit groups as they strive for high-level risk management, while simultaneously integrating new auditors and quality/compliance personnel from newly acquired organizations. Large-scale M&As, especially when they result in the internal audit function integrating many new staff at once, can be particularly daunting for the chief audit executive (CAE) and the leadership team.

Merging internal audit staffs poses considerable risk. For example, if cultures are not successfully understood and aligned, there is a possibility that employees will become entrenched in defending old norms such as roles and processes.2 At the same time, the internal audit department must ensure that all areas of the new, merged company that require audit coverage are addressed. For example, when The Nielsen Company (Nielsen) acquired Arbitron in 2014, Nielsen’s internal audit department not only experienced an influx of new staff, it also acquired the responsibility for ensuring audit coverage of Arbitron’s portfolio of products and services, including its technology and processes.

Also challenging is the fact that in an M&A environment, senior leadership is likely to focus on the financial and operational aspects of the process,3 whereas the role and integration of internal audit may not be considered a high priority.

Successfully integrating internal audit departments begins with a firm understanding of the strategic goals of the company and the internal audit function, as well as an understanding of the cultural differences between the two groups that are coming together. Keeping a big-picture goal in mind makes managing the tactical aspects of integrating new staff much easier.

Strategy

Before making decisions about personnel or how to organize a department, it is necessary to have a clear understanding of the internal audit function’s strategy. This ensures that all decisions support that strategy and are aligned with it. That sounds intuitive, but it is not always clear how that concept translates to action. While processes such as updating organizational charts, updating the audit charter and reviewing past audits of the newly acquired business are important tasks, understanding the role and objectives of the new, merged internal audit group is not something that can be done by taking a passive approach. It requires talking to the senior leaders who are defining success criteria for the merger itself and understanding what types of risk could have an impact on success.

During a merger, a great deal of thought is given to the company’s long-term strategy. Internal audit leadership must not be timid or subtle about asking questions such as:

  • Where is the company going?
  • Where does senior leadership see internal audit fitting into the big picture?
  • How does leadership define success for the internal audit function after the merger?

Down the road, the departmental leader will have to make some difficult decisions, and these strategic conversations with senior leaders will be the basis for having confidence in those decisions.

Culture

In addition to understanding the department strategically, it is also important to “define the target culture.”4 A department must consider, for example:

  • Does it prefer a more horizontal or vertical leadership structure?
  • Does it tend to specialize or work across disciplines/specialties?
  • How does it track progress, communicate issues and interact with stakeholders?
  • How does it establish its independence?
  • Does it focus on compliance only, or does it serve in an advisory role as well?
  • To what standards does it audit?
  • Is it global or domestic? Small, medium or large?

If this line of questioning points to significant differences in structures and styles between the merging groups, the differences cannot be expected to resolve themselves. Instead, this analysis should form the basis for creating understanding and agreement about how things will be done going forward. Otherwise, these contrasts are certain to cause difficulties. Indeed, according to a survey of executives who have managed through mergers, failure to successfully reconcile cultural differences was the number-one reason for a deal’s failure to achieve the promised value.5

To avoid experiencing such failure at the internal audit department level, department leadership must ensure that team-building (e.g., volunteering, recreation, creative collaboration) and knowledge-sharing activities are built explicitly into the integration plan as opposed to being things that happen incidentally.6

In businesses with multiple locations, it is also important for departmental leaders to travel and be visible to newly acquired staff throughout the course of integration. In addition to active participation, team building can also be achieved through passive communication. For example, M&As, which, historically, carries a high rate of failure, create a unique opportunity for the internal audit function to demonstrate its value to senior leadership from a risk management standpoint.7 At the same time, internal audit staff want to believe that the work they do is important to the success of the organization. Thus, one way internal audit leadership can help foster this belief, while at the same time building teamwork and camaraderie, is to share wins that demonstrate the department’s impact on the success of the business. The key is to communicate the wins both within the department and to senior leadership. For example, one way Nielsen’s internal audit department accomplishes this is through a bimonthly electronic newsletter that is distributed to department members and Nielsen senior leadership.

Personnel

To take full advantage of the opportunities presented by the integration of new staff, it is vital to inventory all personnel—new and existing. This helps leverage everyone’s skills and strengths.

In terms of assessing the team’s collective skill set, there are two primary ways of taking inventory:

  1. Audit expertise
  2. Subject matter expertise

This involves looking at the types of engagements the team needs to perform and the related business areas that require internal audit coverage. The next step is to match personnel accordingly, while taking note of coverage gaps, overlap and imbalances in the distribution of responsibilities. The simplest way to accomplish this is with a matrix that identifies where departmental needs and staff expertise intersect. In some cases, the acquisition may be an entirely new business, while in others, it could be limited to a technology solution applied to the acquirer’s existing business, so the complexity of this skills inventory may vary.

If the inventory reveals any gaps in audit coverage or expertise, it is necessary to have a plan for compensating for those gaps. This can include training existing staff, hiring new staff or (for the short term, perhaps) using an outside resource such as a contractor. This analysis should also form a basis for defining needs for a long-term talent pipeline and for building a professional development plan that equips the team with the skills to meet the business’s evolving needs.

Meanwhile, if the analysis reveals overlap, it may indicate the opportunity to economize staff. It is unlikely in any merger or acquisition that 100 percent of staff will be retained. Efficiency is one of the benefits of the process, though it may result in making difficult personnel decisions. Having a process like the one described herein is critical to making those staff reduction decisions less difficult.

While identifying redundancies in skill sets can indicate the opportunity to streamline staff and, thereby, save costs, this is not the only outcome department leaders should consider. Redundancies can also signal where there is an opportunity to leverage existing staff (i.e., retrain them) to address future needs. To realize this opportunity, it is important not only to evaluate staff based on past experience, but on potential as well.

Other Considerations

When it comes to budgeting and cost management, it can be easy for internal audit leadership to focus too much on payroll and work hours without giving enough attention to other cost factors. For example, if the merger or integration results in new areas of business that require audit coverage, these audits may require technology upgrades such as the integration of computer-assisted audit techniques (CAATs). At the same time, if new responsibilities necessitate training/professional development, these things can come at a significant cost to the department as well. Meanwhile, new geographies that require audit coverage will impact the department’s travel and expense budget. As such, it is important to look at cost in a holistic way as opposed to segregating payroll, travel/expenses, benefits, training, technology, etc. Anticipating impacts on these subtle areas will help reduce the risk of surprises once the new, blended team gets to work.

Organization

Effective internal audit organizations do not work in silos, but on paper, there are typically one or two aspects around which teams within the internal audit department are organized. For example, for a global internal audit group, that aspect may be geography, whereby teams are organized according to the different markets in which the business operates. Another possible focus is business area, in which case the internal audit function may be organized according to each critical business area, such as production, customer service and business continuity. An internal audit group may even be organized according to audit process (e.g., performing IT audits, business process audits or fraud investigations). When looking at the new merged group from an organizational perspective, that aspect or attribute should be defined based on what is most intuitive for the new, merged department. Most likely, it will end up being a hybrid of these aspects. Ultimately, when it comes to determining how the team will be organized, the only thing that truly matters is whether the chosen aspect(s) supports internal audit in achieving its objectives and communicating its value to senior leadership, and department leadership should remain open to the possibility of changing organizational structures based on the changing needs of the company.

With a framework for organizational structure defined, organizing the internal audit staff becomes a process of determining who will be on what teams/subgroups and who will lead those teams. Naturally, past leadership experience should be considered, but it is also important to assess the leadership needs of the new structure and determine which team members best fit those profiles. Integrating people from each side of the merger is also important to promote team building and ensure that the acquired subject matter expertise does not stay locked within a few people.

Conclusion

If organizations continue to leverage M&As to address technology needs, it will be increasingly incumbent upon internal audit leadership to execute good integration management. Leading an internal audit department through a merger/acquisition is a delicate balancing act. To be successful, internal audit leadership must understand the success criteria for internal audit in the new, merged company based on the company’s strategy and the department’s objectives. Only then can tactical decisions regarding personnel and organization be addressed.

In terms of measuring success, a good place to start is assessing whether the audit plan has been executed effectively. But success must be based on more factors than that, such as employee satisfaction; open, effective communication within the department and to external stakeholders; and follow-through with individual and collective professional development goals. Integration has unique objectives, processes and challenges, but, done right, it can result in a better internal audit function.

Endnotes

1 Deloitte, M&A Trends Year-End Report 2016, USA, 2016, http://www2.deloitte.com/content/dam/Deloitte/us/Documents/mergers-acqisitions/us-ma-mergers-and-acquisitions-trends-2016-year-end-report.pdf
2 Riklan, M.; “The Importance of Team Building Events After Mergers and Acquisitions,” Forbes, 17 October 2016, http://www.forbes.com/sites/forbescoachescouncil/2016/10/17/the-importance-of-team-building-events-after-mergers-and-acquisitions/#5a49b5ca1f5f
3 Stafford, D.; L. Miles; “Integrating Cultures After a Merger,” Bain Insights, 11 December 2013, www.bain.com/publications/articles/integrating-cultures-after-a-merger.aspx
4 Op cit Riklan
5 Op cit Stafford and Miles
6 Op cit Riklan
7 Dounis, N.; “The Auditor’s Role in Mergers and Acquisitions: Companies Often Underestimate the Importance of Risk Management During the M&A Process,” Internal Auditor, 1 June 2008, http://www.thefreelibrary.com/The+auditor%27s+role+in+mergers+and+acquisitions%3A+companies+often...-a0180363004

Kevin Alvero, CFE
Is senior vice president of internal audit at The Nielsen Company (Nielsen). He leads Nielsen’s global internal quality audit program and its industry standards compliance initiatives, spanning the company’s television, digital and consumer products and services.

Randy Pierson, CISA
Is a senior IT auditor at Nielsen and has worked in the media and entertainment industry since 2011. Before joining Nielsen, he worked as an auditor with Ernst & Young, where he served companies across the media industry including television, Internet and mobile audience research. Pierson also served as compliance officer for the digital media company Pixalate.

Wade Cassels, CISA, CIA, CFE, CRMA
Is a senior IT auditor at Nielsen. He supports Nielsen’s IT general controls external audit engagement and the audit reporting and communications functions for Nielsen Internal Audit.