In charge of mergers and acquisitions at Apave, Agnes Kihm carried out two IT due diligence missions in 2023 with the help of Lucernys. The aim: to measure the real – and sometimes overestimated – value of IT assets.
An international specialist in risk management, Apave has chosen to expand in France and abroad through the acquisition of medium-sized structures, generally lacking in structured IT.
For the past three years, Agnès Kihm has been managing these initiatives on behalf of general management, usually from contact sourcing through to integration. “To succeed in these missions, it’s essential to have the right contacts and experts in place beforehand, particularly for IT issues”, explains Agnès Kihm. Even if IT is not always a strategic issue, IT audits have become almost systematic at Apave. “When we consider acquisitions of test companies or laboratories, we’re usually faced with tracking software, data management software, and customer or supplier data protection is often a sensitive issue, says Agnès Kihm, for whom the compliance rules are rarely respected in the field, which often presents a very significant potential risk.
Apave called on Lucernys for two of these acquisition audits – due diligence or IT carve-in . The first involved a Middle Eastern company made up of two laboratories that had developed their own in-house ERP systems. ” We felt that the interweaving of business and data aspects required a global IT audit”, explains Agnès Kihm, an audit carried out in parallel with a “business” due diligence. The same applies to the acquisition of a Polish company specializing in mobile and Internet network measurement on behalf of leading European telecom operators. The in-house tool designed to store the data was an important asset of the acquisition.
The need for these IT audits also arose from the evolution of the Apave Group. With an IT Department comprising over 300 employees and a significant number of tools historically developed by subsidiaries acquired over the years, it had become urgent to work upstream on tool synergies. “It was this observation that led the IT Department to call in external experts to provide an outside perspective,” explains Agnès Kihm. In her opinion, the use of these small, agile external structures with targeted expertise enables us to better measure risks and prepare for integration with the CIO after due diligence missions. The idea is to go further than just reporting, by recommending solutions tailored to the target: “These partners can sometimes propose post-acquisition corrections,” explains Agnès Kihm. And we need people who don’t just audit, but who can also provide operational support, give us the benefit of their customer experience, and be more responsive to the organization than an IT department would be”.
As regards the two IT due diligence missions, Lucernys ‘ intervention confirmed Apave’s intuitions and demonstrated the strengths and weaknesses of each in-house ERP system in a highly documented manner. On one of the two targets“We realized that an asset identified as strategic would ultimately represent a very heavy investment for upgrading or replicability,” explains Bernard Schmitt, President of Lucernys. “The audit enabled us to document this point for the IT Department, which in turn was able to produce a detailed report for General Management in line with the Group’s requirements,” confirms Agnès Kihm. Lucernys also provided suggestions for corrections and adjustments, which were much appreciated.” On the target scond, the IT due diligence confirmed the compliance of the in-house tools touted by the vendors.
IT due diligence assignments at Lucernys
A 360-degree assessment of IT assets
The missions carried out by Lucernys on behalf of Apave were aimed at assessing the IT systems of two companies they were targeting for external growth. The aim: to measure the value of IS in financial, operational and security terms, and to support the Group in its strategic IT choices. The approach adopted for this type of mission is to consider all aspects of the information system: networks, applications, contracts, organization…”.For example, in the case of carve-ins or even carve-outs, contracts are attached to a legal entity and are often non-transferable.“explains Bernard SchmittPresident of Lucernys. The same applies to security and organization: the audit must identify assets that are toxic from a security point of view, highlight shortcomings in documented processes, or identify weaknesses in the organization. During these audits, Lucernys reviews all the technological towers: PCs, datacenters, networks…
Strategic applications obviously receive special attention: maintainability, technological obsolescence, architecture, modularity… each aspect is evaluated on a scale of 1 to 5, with associated recommendations, budgets and schedules. In the case of certain assignments, a cybersecurity audit can even be carried out in conjunction with a code analysis. Finally, strategic applications can also be the subject of development scenarios, with budget simulations. In short, these are 360-degree audits, covering not just the technical aspects, but the whole IT prism, to tuck in every aspect of its transferability. ” These audits are also an opportunity for us to support our customers in implementing solutions, “ concludes Bernard Schmitt.