Ten Steps for Mitigating Data Risk During a Merger

From backups to software licenses, here's a checklist for IT leaders at consolidation or acquisition time. Whether you're gaining an internal group or an external company, be prepared and be realistic.
ComputerWorld / Craig S. Mullins
26/02/2009
Merger and acquisition activity stands to increase as global markets struggle to stay afloat during the worst economic slowdown in decades. What will you do when you find out you're about to acquire or consolidate with another firm or division? Are you aware of the risks you may be inheriting? What data is going to demand the highest availability? What IT regulations will you have to address and how do you know if existing controls already address them?
Below are 10 "data health" checks a CIO can conduct to answer these questions before giving a green light to a merger, acquisition or consolidation.
Step One: Assess your dataFrom a data perspective, the first step needs to be an assessment of the independent data assets of each organization participating in the merger. If you do not know what data exists before the acquisition, gaining this understanding after combining the data, if it can be combined at all, will be extremely difficult. The task at hand will be simpler if both organizations practiced strong data governance. This is rarely the case though.
Step Two: Plug the governance gapsAfter completing an honest assessment of where each organization stands in terms of data governance, the next step needs to be plugging the gaps. Work toward creating a definition of data that is not well understood or undocumented. Do not turn this into a long process; define what data you have and where it is stored. Consider using tools like data dictionaries and repositories and consult the subject matter experts (business users, programmers, data architects, etc.) at each organization for this information.
Step Three: Leverage the M&A for governance improvementsUse the acquisition as a springboard for instituting new or stronger data governance policies and procedures. Lack of insight into important business data can be a strong motivational tool for implementing improved data management practices.
Step Four: Plan for increased workload and capacityThe basic premise behind mergers is that the combined companies can conduct the same, or more, business more efficiently than two separate companies. Will you need more powerful hardware? Will the new combined business require more uptime, which translates to higher data availability?
Existing hardware, transactions, applications, databases, and data maintenance processes may need to be overhauled to meet the new requirements. For mainframe shops, perhaps you can better utilize cheaper specialty engines like zIIP, zAAP, and IFL processors. And look into more efficient software and utilities for performance management, change control, and backup and recovery.
Step Five: Evaluate backup and recovery plansA simple question, such as "Is everything backed up?" can be a crucial starting point. In the clamor of an acquisition, evaluating recoverability is often forgotten or ignored. The on-going health of those backups must be checked periodically. A systematic method of reviewing recovery health, include examination of backups, evaluation of IT hardware and software specification, and matching objectives to reality is helpful.