PMI Day One Cutover
So…now we have taken to the steps to engage the technology staff, examine the technology environment (a.k.a. IT due diligence), and the technology designs have been envisioned and tested, we move into the Execute phase, or ‘Day One Cutover’.
A key requirement at this stage is to ensure everyone is bought into the planned system changes and willing to help deliver on them. The best way to do this is to run a ‘dress rehearsal’ to test and record how long the process will take using testing environments, where possible. Dress rehearsals may be a continuous, repetitive process until the solution is proven.
Key stages of the Execute phase are:
- Dress rehearsal testing
- Exit planning
- Security testing
At the core of the execution is the stability, resilience and security of the resulting technology environment. But at risk is the reputation of the post-merger integration team, the newly created technology team, and the company.
Day One Cutover – Common Challenges
The primary challenge in the Day One cutover of a post-merger integration project is effective planning. This challenge is the same for any technology implementation project. You will have reduced the risk of this becoming an issue if you have followed the steps outlined in ‘The Managed M&A’. At this point, you may encounter:
- Crisis-producing timelines
- Unclear change leadership – roles and decision-making
- Scope misdiagnosis
- Competing initiatives or workstreams
- Capacity or performance issues
- The need to manage negative messages
An underlying challenge is often exhaustion. Whether physical or mental exhaustion, many of your key staff needing to juggle many sub-workstreams, processes and people means it is likely they will have had to work very long hours to get to this stage. Worse still, it is likely that everyone has been too busy to identify and acknowledge this issue.
Depending on the project complexity and whether staff are moving to new locations, there may be a significant support requirement post-Day One. But support where the message has not been controlled can create ripples across the business.
Without adequate support preparation, the service desk employees might relay a negative message that can outlast the transition project. A common scenario is when a service desk technician has not been adequately versed in any new technology, where they may become nervous or reluctant to provide tech support. But this nervousness manifests as something else; perhaps negativity, lack of responsiveness, or simply becoming a ‘negative ambassador’ for change.
Whilst the technicalities of support may be in place, this is only half the job; the way in which the support function is represented by engaged staff is equally important.
Day One Cutover – Security
It is estimated that 40% of post-merger integration technology projects create security issues in the new environment.
This may sound like a click-bait headline, but it’s not hard to make this mistake as security measures often need to be lowered in order to bring systems together. Being aware of these security ‘allowances’ is the first hurdle; post-Day One, how can you ensure any security that was altered has been re-activated? How are the risks being managed, and who is responsible after the merger occurs?
It is unwise to make assumptions about security policies based on industry or the size of the businesses involved. For example, we have experienced situations where “start-up” (i.e. smaller) companies having much stricter security policies than a financial services corporation. Therefore, an independent review of security processes is required, so that you can understand the potential security impact caused by your project, to the security environments for two or more companies depending on how many are merging or divesting.
If there is a need to transmit data between the two companies via the Internet, dedicated network links, or by hand using hard disks, you are going to have to ensure the security teams on both sides are happy.
A security review should be able to answer the following questions:
- Who is responsible for security decisions?
- Who really authorises or impacts a change?
- What is the current security assessment process?
- What change is assessed, and what is not?
- What gets through the net?
- When is the technology security team involved within the change process?
- Where are the security team located?
- How are security changes implemented?
Regardless of the fine detail, you are going to have to utilise independent third parties to ensure that the resultant security policy in the new organisation meets regulation and corporate standards. You may have to engage with pen testers; these take time to engage, and you will have to work out what exactly needs testing.
Whilst every Day One cutover is unique, there is a standard approach that you can take to ensure no stone is left unturned, to allow you to reduce the overall risk of the project.
This is one part of a series of five blogs on how to deliver a successful post-merger integration, the other sections can be found here:
Or for more information on how we can help you with a merger or acquisition project visit our main site or contact us directly on 0800 622 6719