Leveraging Internal Audit Data Analytics in Unusual Places: AcquisitionsDuring the due diligence for an acquisition target, Internal Audit was invited to participate in the due diligence. We needed to perform a financial and operation audit as the target not publically traded and the executives felt we needed our own independent verification of the financial information being provided to us. Additionally, the board wanted an estimated budget for getting the acquisition target – a private company – Sarbanes-Oxley (SOX) compliant. As a CISA and member of the corporate audit team I was asked to provide some guidance for IT SOX controls. It was my first acquisition due diligence, so while I was a bit hesitant I was very excited to experience something new. Once onsite at the target company we reviewed the acquisition proposal from our corporate legal team for the acquisition contract specifics. The main attraction, spurring the desired acquisition, was a custom application they had developed for which performance was greatly exceeding expectations. Our board members were highly impressed at their financial performance which had led to a very high proposed acquisition price. The target company had a placed a restriction on what could be audited, or reviewed during due diligence. The big restriction being we were prohibited from seeing the source code for this impressive custom application. Our chief audit executive met with the CFO of the target company and was informed they were running the financials on QuickBooks. I subsequently found no controls for program change, which is typically not a good indicator for an application developed internally. There were no back-ups and no segregation of duties. As nothing in place was remotely close to SOX complaint and I knew we would have to update all their financial, human resources and reporting systems, I looked for other ways to help evaluate this target company. I started asking questions about the custom in-house application that had led to such a high acquisition target price. The more questions I asked the more they referred to the acquisition agreement that prohibited us from looking at the source code. It bothered me that were going to spend such a large sum of money yet we weren’t allowed to view any of the source code. I decided on a different approach and let the data geek in me take over. I decided to explore options with data. They agreed to let me have data extracts from their database because that was in line with the agreed upon due diligence process and required no access to no source code. Using their data I intended to reproduce the key financials and metrics they had provide us and which the acquisition target price was largely based on. I also re-performed these same metrics using the accounting principles that would need to be followed as a part of our publically traded organization. I used four years of data and compared the results between what they had originally provided us, and the re-performed financials following our accounting requirements. It was an eye opening exercise. The numbers just didn’t add up. To ensure my results were accurate I had to be sure I could reproduce the results they had produced and presented to us. I focused on 8 key metrics from their financials. Once I had an understanding of the logic used to support their numbers I recreated the results then moved onto applying our accounting principles. Once I applied our accounting rules to the data I came up with significantly different results for all of the metrics. As a private company, they could technically present their financial information how however they wanted. As a publically traded company, we had very strict rules to follow. Following our rules, their performance results were a lot less impressive. It was critical information for an acquisition. The data clearly explained why we should not do the deal at the proposed price. We ultimately went through with the acquisition but at a greatly reduced price and with built in performance requirements. The company saved tens of millions of dollars as a result of our successful use of data analytics – in a new and unexpected way. We asked for the money saved to be added to our audit budget but apparently they had other ideas.
EmpowerAudit is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: nasbaregistry.org