M&A and integration activities: Signals of change and the risk agenda

New streamlined processes for acquisitions can mean less transparency for investors.

Deon Minnaar

Deon Minnaar

Board Advisory Leader, KPMG US

+1 212-872-5634

Dave Augustyn

Dave Augustyn

Partner, Accounting Advisory Services, KPMG US

+1 312-316-6157

Chief Audit Executives (CAEs) continuously assess how to deliver on their objectives and maintain the trust of shareholders and stakeholders. This includes considering signals of change with risks faced by their organizations and, in turn, changing the focus of the Internal Audit plan. Our complementary series, On the CAE’s agenda, provides a full view on top risks.

Signals of change

COVID-19 brought mergers and acquisitions (M&A) activities to a screeching halt in the first half of 2020, making it the slowest year for deals since 2013.1 Organizational leadership focused more attention and resources on business continuity and remote working plans, and they delayed acquisition activities. However, drivers for M&A did not disappear.

Organizations often use mergers to further the overall business strategy by expanding into burgeoning markets, strengthening weaknesses, or even quieting a competitor.2 In the second half of 2020, a larger driver emerged—using acquisitions to keep businesses afloat.1 Additionally, low interest rates on borrowing made deals more affordable which, in turn, made these acquisitions more attainable for organizations struggling due to COVID-19.

Demand for acquisitions increased in the second half of 2020 and into 2021, creating the perfect timing for certain smaller organizations due to easing of audit and financial reporting requirements by the SEC, effective as of January 1st, 2021. If a target meets certain criteria around size, the buyer only must provide two years of audited financials for the target instead of three. This allows for a streamlined acquisition process, but also means less transparency for investors.3

Risk considerations

  • Although the SEC is relaxing financial reporting requirements related to mergers and acquisitions, risks remain around diligence and execution. Internal Audit should still play a role in their own due diligence activities, such as identifying new risks to the parent organization as a result of the acquisition and identifying opportunities for synergies between the parent and target organizations, to enhance the deal’s return on investment.
  • Organizations may not have recent practice with deal transactions or the execution experience to set themselves up for success.
  • A common issue amongst mergers and acquisitions is communication to enable successful integration and return on investment. If the various parties involved work in silos, and are not in constant communication, lack of knowledge sharing can be a barrier to success.
  • Internal controls around the end-to-end deal process may not be in place as needed.

Actions to take/Questions to ask

  • Advocate for Internal Audit’s early involvement in mergers and acquisitions, for real-time support of action plans and due diligence around the target organization’s corporate structure, information systems, and control environment,2 while maintaining objectivity.
  • Internal Audit should review the Day 1 integration plan prior to the merger to validate that the plan manages disruption to business activities and provides adequate control.
  • Internal Audit can liaise between business functions; its unique position working across a variety of groups presents the opportunity to open lines of communication and identify synergies.
  • Is the organization’s control environment adequate for post-merger? Has Internal Audit been involved in the risk assessment and evaluation?


1.   M&A Deals Come Roaring Back as Executives Plot Post-Covid Future | Bloomberg

2.   Corporate Mergers: Internal Audit’s Role in “Happily Ever After” | The IIA

3.   SEC changes M&A rules for first time in 30 years | Compliance Week