You've received offers, you've selected your buyer, you've signed a Letter of Intent—the deal is just about done, right? Wrong! The next phase of the M&A process can be the most treacherous and the most heartbreaking. Due diligence is a buyer’s detailed investigation into the affairs of your company before they complete the acquisition, and these days it is tougher than ever. Inadequate due diligence can kill the deal, or cripple integration even if it goes through. Corum Group's global team of dealmakers shared the "12 Things to Do to Survive Due Diligence", including a special presentation from Black Duck Software on key aspects of technical due diligence. Plus, a look at key deals, trends and valuations in the Infrastructure, Consumer and IT Services tech sectors.

Read Presentation Transcript

Read more Show less


Bruce Milne

Good day, welcome to Tech M&A monthly, our last of the year. Our theme is surviving due diligence. I’m Bruce Milne, your moderator.

Our agenda includes a special report from London, we have a special guest, Black Duck software on the issue of open source and the problems you can find there. Our research report, annual report preview, and then twelve things to do to survive due diligence. First, let’s go to a video report from the WFS Growth and Exit Strategy conference in London. A special thanks to our guests, the many firms who were there, firms we’ve done business with. It was really interesting, Carlisle mentioned at the conference that they are now managing over $200 billion. There’s so much money in the system. This is a pre-eminent conference, bringing tech and finance together with the theme of educating tech leaders. The next conferences will be in the Bay Area and in Austin.

Special Guest: Phil Odence, Black Duck Software

Now let’s start off with our first presentation, by our friend Phil Odence at Black Duck.

Phil Odence

Hi, thanks to Corum for having us today, I’m happy to be speaking on behalf of Black Duck. I’m going to be talking about open source today, and particularly the things you need to know if you’re going to be looking for an investment or potentially marketing the company. Open source is well past the tipping point, being used by more companies in more of their applications every year. With over a million projects freely available on the internet today, developers can find building blocks to perform almost any function they want, increasing their productivity and their ability to innovate. It has gotten to the point where VCs are unlikely to invest in a company that doesn’t have open source as an important component of its development strategy. So today, developers collectively have become the new purchasing department, if you will, for free third party software. However, they generally lack the vetting process that would be easy for a purchasing department. They find something that performs, that does what they want, but they’re less concerned with issues like licensing, security, quality, and support. As a consequence, a typical code base today, which is over 30% open source, comes with security risks, legal risks, and operational risks. If you don’t have a lot of visibility into that, don’t worry, you’re not alone. It is really inherently difficult to know what’s in your code given the way software is developed today. It was a big wake-up call for the industry when Cisco, after paying half a billion dollars for Linksys was hit with a lawsuit. Somewhere in the software supply chain, a developer had introduced a piece of code that was licensed under the GPL license, one of the open-sourced licenses that is known as reciprocal. That compromised the company’s proprietary intellectual property. As a consequence, after a lot of bad press and legal fees, Cisco was compelled to release their software publicly. Since that time, open-source questions have really become the norm in the diligence process of technology transactions.

Acquirers have come to understand the risks of open source, and they want to unearth them before they buy. One way to avoid surprises is to get a code audit. Black Duck performs code audits in ten or fifteen tech transactions in any given week. Generally, we’re brought in by the acquirer, but we’re finding more and more savvy sellers today calling on us proactively to help them identify issues in the code prior to diligence. Black Duck is known as the gold standard in the industry, so if you’re seeking investment or marketing the company, a Black Duck report can be an effective sales tool. Make no mistake, we’re huge advocates of using open source in software development, it’s a competitive necessity, but inherently it’s difficult to control, and unmanaged, can be extremely risky along a number of dimensions, and managing it requires focus. Since most companies getting acquired don’t even have an open-source policy, it’s mandatory that open source be part of the diligence process. So, be prepared, as the boy scouts say, and if Black Duck can help, please give us a call. Thanks.

Bruce Milne

Thanks, Phil, I hope you’ll stay on as we’ll probably have questions for you.

Corum Research Report: Consumer Market Making Moves

Now let’s hear from Elon and the research team with this month’s research report.

Thanks, Bruce. Public Markets shrugged off geopolitical concerns to continue their recovery trend upwards last month, led by technology with broader indices tempered by 7-year lows in oil prices, as our aging bull seemed ready to run another leg in the race for the longest bull market. M&A charged forward too, with our Corum index showing a 10% year over year increase in the number of tech acquisitions along with a boom in megadeals, led by game titan Activision plus the Expedia and Ali Baba deals that we covered last month. These join a second half megadeal stack that the Vertical Market towers over, in deal count, with 10 transactions, including German banking and retail systems provider Wincor Nixdorf, nabbed for $1.8 billion dollars by ATM maker Diebold to try to keep up with rival NCR. Hospital software provider MedAssets of Atlanta, now running with Pamplona Capital for $1.9 billion and preparing to mesh products with healthcare software firm, Precyse, which Pamplona ‘caught’ in July. Another private equity firm, EQT, made a billion-dollar foray into the Horizontal market to obtain Swedish enterprise software maker IFS, which had previously picked up our Corum client in the UK, workforce management firm 360 Scheduling; and info giant Equifax, to which we sold Mexico’s Inffinix Software to enable their Latin American expansion. We kept on the global march by rolling up the Australian credit reporting website Veda Group for $1.8B. Infrastructure market megadeals lead this half in value and the year in number. Could you expand on that sector, Yasmin?  

Infrastructure Software Valuation Metrics  

Yasmin Khodamoradi  

Infrastructure sales multiples have stabilized from the drop in July while EBITDA multiples have reversed to Q2 numbers. We have seen a number of security deals in the last month, in addition to transactions across the collaboration, unified messaging, and cloud management fields. Back in October, IT management giant Solarwinds was sold to PE firms Silver Lake Partners and Thoma Bravo for $4.5B, joining a growing list of enterprise software providers taken private this year.

Next are 3 deals with extremely high multiples, starting with Acano, a British collaboration infrastructure provider, picked up by Cisco for $700M at 70x revenue in order to challenge Google and Microsoft in the workplace collaboration space. IBM filled a hole in its cloud strategy by picking up Austin-based cloud brokerage company Gravitant for a reported $95M at 48x revenue.

Cloud security Gateway innovator Elastica was rolled up for $280M and 56x revenue by Blue Coat Systems, founded by Corum client Joe Pruskowski.

Elsewhere in the security world, Microsoft announced its fifth acquisition out of Israel this year by picking up Secure Islands Technologies for an estimated $85M to enhance Azure with its data protection solutions.

Finally, Silicon Valley data protection firm Vormetric was acquired by Thales Group for $400M, which should reinforce Thales’ cybersecurity capabilities, fitting in with the emerging data-centric protection trend.

IT Services Software Valuation Metrics

Elon Gasper

Good action in the IT Services sector last month as multiples reached multi-year highs. Cross-border transactions stood out, including a couple deals Down Under as Melbourne’s UXC was bought for $308 million by US-based giant CSC. And Deloitte continued its push into the tech world acquiring Australian systems integrator Cloud Solutions Group. Another Big 4 auditor, Ernst & Young, scaled up in Europe by adding 2 IT firms: Swiss consultancy Avenzia and French Big Data specialist Bluestone. Minneapolis Dynamics CRM integrator PowerObjects sold for $46 million to Indian giant HCL, clearly expanding globally, having bought Volvo’s IT services arm for $138 million just a week before.

Finally, Boston-based Oz Development’s 13 years leveraging its OzLink order management platform attracted top SCM acquirer Descartes Systems and $30 million. Descartes was our guest at the recent SCM Market Spotlight webinar, which you can watch at

Consumer Software Valuation Metrics

Yasmin Khodamoradi

Valuations in the Consumer market are once again on the rise, with larger acquirers taking the stage in the gaming space. We’ll discuss the reasons why in our gaming market spotlight later this month, but for now we can refer to Candy Crush maker King Digital, swallowed by Activision Blizzard for almost $6 billion at 2.4x revenue, as the PC and console giant leaps into the fast-growing mobile gaming market.

Ubisoft is back in the game with another deal: Canadian mobile & console game developer Longtail Studios Halifax. Ubisoft plans on making more acquisitions in the coming year.

We also saw some consolidation in the German gaming industry as Hamburg-based gamigo bought two companies there, Looki Publishing and its remaining 50% stake in Infernum, which should expand their global audience, particularly in Latin America and the Middle East.

And just this week, RealDeck, the inventor of online poker that uses live human dealers and physical cards, was dealt to tournament operator World Poker Fund for $15M.

Elon Gasper

Finally, consumer fashion brand Fossil is our New Buyer this month, shelling out a quarter billion for Misfit, a 4-year-old fitness wearables and software maker also exploring apps to connect health care, insurers and pharma. Fossil joins non-tech acquirers Under Armour, Adidas, and Weight Watchers in using M&A to enter the Connected Health market, one of our new Top 10 Trends for Tech M&A in 2016. We’ll hold the rest back until next month’s Annual webinar. Okay, Bruce?

Bruce Milne

Great. Speaking of webinars, by the way, we just had a conference in Halifax and two in Tel Aviv. I saw a lot of activity there. There’s technology everywhere, and all those new buyers.   Speaking of the conference coming up, tell us about the other nine lined up.

2016 Annual Report Preview

Timothy Goddard

Absolutely. Forecast 2016 is coming up on January 14. This is the largest tech M&A event in the world and we look forward to seeing you there. We’ll have tech M&A predictions for the coming year as Elon alluded to, we have the new top ten disruptive tech trends, some very exciting things coming up there, valuation metrics for all six sectors and 29 subsectors, a luminary panel with Microsoft, Salesforce and others, and a lot more. It’s always a great event and we hope to see you guys there.

Bruce Milne

Thanks, Tim, that’s Timothy Goddard chairman of that conference, so you can look forward to some promotion on that.

12 Things to Do to Survive Due Diligence

Now let’s get to the heart of our conference today, a special report on the 12 things you can do to survive due diligence.  Let’s start here at the home office with Rob Schram.

Rob Schram

1. Due Diligence Checklist / Due Diligence Minefield

The first thing to do is understand the buyer's "due diligence checklist,” the document they use to comprehend all aspects of your business before final purchase. The checklist is often overly comprehensive and may contain irrelevant requests, varying depending on the nature of the transaction (whether stock or asset purchase). The buyer may ask for information that could be damaging if the deal doesn’t happen – so sensitive data may be confidentially evaluated by an independent 3rd party both sides agree on, to verify clients/lead/code, etc. It's critical in the preparation phase to know what will be in your due diligence checklist, or else your deal may well be killed in what we call the "due diligence minefield" Don't let that happen to you. If you’d like to receive a copy of a representative checklist, just let us know and we’ll be happy to send you one.

Bruce Milne

That’s good stuff because one of the things we’re seeing is these international buyers and non-tech buyers that frankly have different due diligence checklists from their own industries, things we just don’t have in tech. Now let’s move on to Dan Bernstein.

2. A Secure Data Room

Dan Bernstein

Get a secure data room set up in advance, it will help you get ready for what’s going to be requested down the road. In fact, best practices these days are to set up a data room from the start of your company—it’s quite literally never too early to start this process. Even something as simple as finding articles of incorporation can hold up a deal, but not if you get all of that kind of critical documentation securely stored where you can give potential buyers appropriate, managed access. Internally, we use SecureDocs, but it’s important that whatever vendor you select is truly a secure room with dual access authentication. Format the data room according to a typical due diligence checklist used by an acquirer, populate it with your documentation, and then refresh it on a quarterly basis.

Bruce Milne

Good stuff, Dan. It’s interesting, the buyers today are asking more and more to have clients be ready, which is why we spend so much time on preparation, because of the new Sarbanes Oxley laws on due diligence. Now let’s move to Bucharest and hear from Russ Riggins.

3. Ensure Proper Financial Accounting

Russ Riggins

Issues around financial reporting or accounting are bound to arise during due diligence. Most buyers try to ensure the financial information is presented based on US GAAP, and typically hire an independent accounting firm to review the books and records. Some traps to watch out for.

1. Buyers prefer accrual accounting and will make the necessary adjustments to convert books kept on a cash basis to accrual.  

2. Most software companies bill in advance for sales or will bill for an extended period of time. Revenue needs to be recognized over the period of time it is earned.  

3. Many jurisdictions provide tax credits for R&D costs. These credits should not be reflected as revenue or a reduction of the R&D costs but recorded as “other income” in the income statement.  

4. Capitalization of R&D costs. GAAP and other accounting standards allow for the capitalization of R&D costs, but buyers typically don’t like this accounting treatment and will ask for proforma statements without this accounting treatment, and sometimes adjust the purchase price for these capitalized costs.

Bruce Milne

You may be scratching your head and asking what Russ is doing in Bucharest. We just did conferences in Romania and in Bulgaria. There are some great companies in that part of the world, and you’ll start seeing some real activity in Central Europe.

Now let’s come back to HQ and hear from our own Chairman, Ward Carter.

4. Disclosing Sensitive Items

Ward Carter

Due diligence is a full disclosure process, so you never want to intentionally hide problems. But, you can control when you disclose certain sensitive items, and also the manner in which you choose to disclose.  For one, if you have any bad news to deliver, do so when you can also offer good news to soften the impact. And, for sensitive disclosures such as customer names, sales pipeline data, or a source code review, push disclosure to the very latter stages when you are most confident the deal is likely to close.

Gaining access to seller teams is a key part of the buyer’s diligence process. Your team is one of your most valuable assets, and one you don’t want to see compromised in the event the deal goes south. Our advice here is to limit access before the deal closes to only those few staff members deemed critical to the effort, and keep that number small, protecting yourself against adverse impact in the event the deal fails to close.

Bruce Milne

Good advice and Ward has probably done as many transactions as anyone in history. The timing of those disclosures is crucial. There will be some problems, but make sure that you think about when you want to talk about them and what the solutions and remedies might be with the buyer, work as a team with them.

Now let’s move to number five and we’ll hear from Jim Perkins.

5. Parallel Processes: Legal Contract & Due Diligence

Jim Perkins

After signing the letter of intent, you should begin two parallel processes—both going through due diligence, and at the same time having the lawyers put together the definitive agreement, the legal contract. This parallel process allows the issues uncovered during due diligence to feed into the drafting of the contract. This lets you avoid digging up the same information multiple times and also lets you deal with issues as you go, rather than suddenly having to deal with a large number of problems all at once towards the end of the process. For example, if the agreement initially has no provision for legal issues, but a legal issue is determined during due diligence, the contract can be altered to account for and deal with that issue. Having both these processes moving forward will also keep pressure on the buyer to follow through and get to signing and closing.

Bruce Milne

Thank you, Jim. Now let’s move to Mark Johnson who is traveling from Prague to his HQ in Stockholm.

6. Seller's Role: Managing Due Diligence

Mark Johnson

Due diligence can languish if the buyer isn't managed to get the deal done on schedule. Delays can be blamed on difficulties in coordinating schedules, competing priorities, methods to address identified problems, bringing in third parties, and obtaining governmental approvals. The seller needs to manage the DD process to ensure it is run as efficiently as possible. In managing the schedule, it is essential that the buyer puts forward its draft SPA within the first two weeks, assuming the buyer is drafting the agreement, which is usually the case.   Having this deadline keeps the buyer focused on carrying out both its DD review, and its internal assessments. If the buyer hesitates towards committing to a schedule for issuing the draft SPA, then this could be a warning that it isn't planning on closing on time, and is looking to extend the DD, and exclusivity period.

Bruce Milne

Good advice, Mark, thank you. Now to John Simpson who just recently closed a very exciting transaction.

7. Appoint An M&A Coordinator

John Simpson

Due diligence is such a critical part of the M&A process that it is tempting for you as the CEO to want to control it personally. If you consider all that has to be done, you should conclude that it is better to assign a focused member of staff. He or she has to work with several external teams for up to two months, all intent on digging deep into the company records, including legal, HR, accounting, and others. There are reams of documents to assemble, sometimes going back to the beginning of the company’s history. Many will have to be converted from paper to digital format. Some will require interpretation and analysis. There will be innumerable phone calls on and possibly offsite. Key employees may have to be interviewed. Meanwhile, you have to run the company! Please do appoint a trusted, responsible coordinator.

Bruce Milne

Sage advice from an experienced pro. Thank you, John.

Now back to Europe and Amsterdam, and we’ll hear from Jon Scott.

8. On A Need To Know Basis

Jon Scott

When should you inform key employees of a potential M&A event? The best rule of thumb is to only inform employees that have a need to know during the process, obviously this likely includes your CFO and CTO—in other words only involve those who will be part of the due-diligence process by needing to speak to the potential buyer or will be involved with the preparation of documents. Going beyond this guideline might feel like a fair and loyal thing to do but the fewer people that know the better. This is the case because an M&A process is distracting and you need employees focused on hitting the goals of the company and not taking their eyes off the ball. Finally, the process can slow down or even come to a stop, and the more people that know the more distraction you have to manage. If things do slow down those “in the know” can become nervous about their jobs. By not keeping disclosure limited the word can escape outside of the company and be used against you by competitors.

Bruce Milne

Good stuff. Keep it confidential inside and outside the company. Now we’ll go to the Southwest and hear from Jeff Brown.

9. Closely Monitor Working Capital

Jeff Brown

Most often the term sheet doesn’t specify how much working capital gets left in the business, but it will describe an approach for figuring that out and that gets sorted out in due diligence. Buyers don’t want your debt but they do want the cash that’s on your balance sheet and all your receivables. It helps them pay for the investment. It really comes down to how much liquidity is to be left in the business to run it during the short term. Issues like the quality of receivables, payables, collection rates, bad debt, prepaid expenses, unrecognized revenue, payroll, bonus, and vacation accruals all need to be sorted through and amounts for each agreed. There are often a lot of things that are not on the balance sheet of a young software company and they’re difficult to value or measure unless taken on a step by step approach. Working capital is a moving target so keep a close eye on the way the details get worked out in due diligence.

Bruce Milne

Good stuff. Jeff has dealt with this as a financial expert. Bottom line, reserve any excess cash, because the buyers will want it, but they may not want to pay you more on the value for it. We’re moving to our last three speakers now, and they’re our newest team members, starting with Dave Levine.

10. How To Deploy Your Accountant

Dave Levine

As Russ described before, the most important time to deploy your accountant is before the due diligence process begins, but there will always be important issues for them to tackle during the process. They can be useful in helping you populate the data room ahead of time. Make sure the lines of communication between your accountant and the buyer’s due diligence team are open and clear. You want your accountants to be able to respond to buyer requests quickly—you don’t want to be the side delaying the process. Consistent communication is necessary, especially when it involves accounting standards. There may be an audit required, or an opinion needed—so find out early from your buyer if these will be needed.

Bruce Milne

If you’re going to have some tax issues with your family, trusts, and that sort of thing, look at those early, not later. Now for number eleven, we’ll hear from Allan Wilson, one of our industry’s most experienced executives who sold his company to SAP. Allan?

11. Properly Deploying an Attorney

Allan Wilson

One of the most important things you can do to survive due diligence and achieve deal success is to properly deploy your lawyer. This starts with selecting the right attorney. Don’t just hire the guy you went to school with or your neighbor. You need to have someone who understands tech M&A and specifically the issues surrounding IP. Start talking to attorneys early, don’t wait until you are in the middle of a deal. Once you are in due diligence, be sure to manage your lawyer properly. You don’t want lawyers making business decisions, but to know how to frame risks and potential issues that may arise during due diligence, and to help structure a negotiation where they get the problem solved or a contract that handles any escrows or holdbacks to your benefit.

Bruce Milne

Great, thank you, Allan.

Lastly, John Norton, who has actually built and sold two companies, a real experienced pro. John?

12. Selecting the Right Intermediary

John Norton

Your intermediary’s role begins with preparation to ensure that you get through the due diligence phase. Further, they are invaluable during contact, structure, negotiation and valuation. They can help offload with proper preparation, buyer research, and document production, allowing you to focus on running your business. They will prepare you for the questions only you can answer. They should serve as a buffer between you and the buyer by taking the heat when negotiations get contentious. Finally, an intermediary who is deeply experienced in tech M&A will understand when the buyer is behaving in line with industry norms, and when things are threatening to go off the rails. As with your lawyer and your accountant, this starts with selecting the right intermediary—experienced in the industry, intimately familiar with the due diligence process, and with a deep knowledge of the buyers.

Bruce Milne

Great stuff. This is the most important transaction of your life, get the right experience on your side. Those are the twelve things to do to survive due diligence. Tim, I see we have a couple of minutes left, do we have any questions?


Q#1 Open Source Code Audit

Timothy Goddard

Yes, one question for Phil at Black Duck; “When it comes to these audits that you do, how often do you actually find open source in the code?”

Paul Odence

Well, the quick answer is every time. That’s not a problem in and of itself, most open source is fine to use. Most of the time, call it 95/100, we’re finding open-source that the code owner didn’t know about, and that begins to get problematic. Usually, I would say 75% of the time, we’re finding unknown open source and open source with unknown licenses, and then about half the time we’re finding code that is under the GPL license, which is the one that got Cisco in trouble. So we always find open source and we usually find something that’s at least of some concern to the buyer.

Q#2 M&A Lawyers

Bruce Milne

Thanks, Phil. I see another question here and, Tim, I’ll throw it to you. “You talk about experienced professionals, where do you get good lawyers?”

Timothy Goddard

I’m glad you asked. We actually work with most of the top M&A lawyers in the world on our events. We have a lot of events globally, educational events similar to this one, but in person, and we’ll have more on that in a moment. If you go to those events, chances are good that you’ll meet a high-quality lawyer. You can also go to our website, look at our co-sponsors page in the events section, and find some pointers there as well.

Bruce Milne

Corum works with all the top law firms in the world, they co-sponsor and work with us. We’ve reached the thirty-minute mark, so we’ll answer any remaining questions offline directly. We encourage you to join us at one of our conferences, the better educated you are, the better prepared you are for success. Thanks for joining us today.