Mid-market companies look to private equity for a number of reasons. In some cases, the founders want to exit and achieve a liquidity event. Other times, it’s to infuse capital into the company to enable continued growth when they know they are unable to raise funds or have hit a plateau of where they can take the business on their own. PE firms have sophisticated management teams who can not only bring in capital but also have a network of individuals who have experience working with larger businesses and the expertise to bring the company to the next phase of growth.
Finding the right PE firm to invest means finding one that is either specialized in the company’s industry, knows how to improve operations, or understands how to transform the sales force and functions of the company. It may also mean bringing in a more polished and seasoned CEO that can work with the founders to get the company to the next level.
This represents one of the appealing aspects of having a PE firm invest, namely, to professionalize the company. Professionalizing can make the company more attractive, but it is also vital for the business overall. Our focus is helping companies professionalize IT operations, and like all processes, some implications follow along with it.
There are many dimensions we look at and typical actions that you can take on the IT front to remain in lockstep with where investors might want to take the business.
When an investor comes in to upgrade the business to really put a lever on it for growth, there is a playbook that needs to happen on the IT front. The categories that we look at when analyzing investments include:
- IT Management Practices
- Business Applications
- Infrastructure & Security
Let’s examine each category closer.
The typical profile we see when we perform diligence on a founder-led company that requires professionalizing is the spending profile. Often, the company is very frugal in terms of all spending, especially for technology needs. IT is often under-invested or there is deferred maintenance or technical debt.
Oftentimes, we will discover that the company is out of support / maintenance for core systems (i.e., ERP) or critical hardware. Additionally, we find that these companies are unwilling to pay market rates for IT talent, whether utilizing internal or external resources.
In terms of IT management, you might see someone in a director-level position focused only on the technical infrastructure. Or someone who has the responsibility of the IT function as a collateral responsibility (e.g., an operations manager or a finance manager who also supports business IT needs). Sometimes there is no one internally dedicated to IT and it’s left to a third party. Often, there is no one with the proper experience to take the enterprise to the next level. In many cases, the recommendation is to source new talent to upgrade the required role, and there are a few ways you can think about doing that.
IT Management Practices
One of the most glaring things we see is the lack of rigor or awareness of what IT management practices are. It’s critical to be able to identify weaknesses in a given domain and then translate that into actionable projects tied to an overall business strategy.
There’s often an inability for IT to sit at the same table as other leaders in the organization and understand where they want to take the business. They need to be able to speak to the ramifications for IT in business decisions, as well as properly scope out the projects that they need to undertake or participate in to support those decisions.
Another thing we see is a lack of documentation and methodology on how to approach projects. For example, every project should have some semblance of a scoping document, a project plan and a budget. Then there’s all the proper hygiene associated with project management such as identifying issues and risks, having the appropriate feedback loop in place to communicate problems, and proactively avoid issues or mitigate risks related to being on time and on budget.
These challenges are further exacerbated when there are multiple projects in the mix to manage. It’s rare that we see any form of a technology strategy or a technology roadmap when analyzing a company for investors.
Another key point is that some of these companies have conducted acquisitions over time, some larger, some small tuck-ins. We rarely see processes or templates for how these targets were evaluated or how to integrate them into the business best. As a result, there are often legacy systems or legacy infrastructure that are usually standalone, when, from a risk-based perspective alone, they should be shut down.
Applications are often another challenge in these types of companies. Applications are usually bare bones, not up to date on maintenance or require a lot of heavy lifting from operations. The areas for improvement are numerous.
One example of professionalizing is upgrading an enterprise system, like an ERP or financial management system. This project requires a lot of involvement from the business to make sure you have the proper approach in place to define, document, and prioritize system requirements. Then you need to select and implement the right system.
Infrastructure and security
Given the often frugal nature of founder-led businesses, you’ll most likely see bare-bones infrastructure. Things may be old or outdated and unsupported. There is no appreciation for what this means in terms of risks related to ransomware or data breaches.
One of the first things we do is ask a company what it has documented regarding processes and procedures for managing infrastructure and security (i.e., disaster recovery / business continuity plans, security incident response procedures, etc.)? If they have nothing, it speaks to a lack of preparation. If something were to happen, like the company did get hacked, it’s going to take much longer to resolve the issues than it should.
Managing the network, managing capacity for the system, having the proper backups in place – these are all important to ensure a secure and functioning infrastructure. A lack of preparation will manifest itself precisely when it’s needed (i.e., not being able to restore data or systems from backup, not being able to respond to a ransomware attack, etc.).
In terms of professionalizing IT, systems infrastructure and security pieces are more straightforward. It’s about making sure you have the proper hygiene in place. For example:
- There is a backup and recovery process documented and it’s routinely tested.
- There’s an appreciation for managing sensitive data (i.e., credit card info, PHI, etc.) and having the proper encryption for such data.
During diligence or acquisition, these things need to be formalized.
Professionalizing the IT foundation
There are many things to think about when you are professionalizing a company from an IT perspective. In a founder-led company, you tend not to see these things because founders are very careful about their investments. If there’s no obvious return, like driving new sales or a cost takeout, they typically don’t see the point in investing in it.
Risk avoidance does not typically meet the threshold for investment. Things get exacerbated when there is no professional staff member that can articulate the risk exposure when then the company doesn’t have these things in place.
But professionalizing IT is critical for the company. If you want to advance your technology platform, you need to have a well-documented foundation as your cornerstone.
There are private equity firms that don’t necessarily mind that changes are required. They still want to identify the issues, but they see these investments as opportunities to make things right and improve the value of the business, capitalizing when they try to sell it to the next buyer.
Our job is to support PE firms during diligence, helping them understand what they are buying from an IT perspective in terms of the risks, concerns, current landscape and, most importantly, what they need to do to further professionalize IT.
Reach out if you need help with your next investment. We’re here to talk.