In my class at the University of Oxford, one of the key take-aways was that information governance is not about e-discovery; it is all about creating and managing information that is an authentic record of facts. It is just that simple. When companies retain information, the information is being retained because of its value as objective, authentic recordations of some event, a specific transaction, the occurrence (or non-occurrence) of a defined process, the existence and content of a communication, the account balance at a moment in time.
Each of these are merely illustrative snowflakes in the blizzard of information we are endeavoring to manage. But there is no value to business, government, education, or to any of us as users of the Net of business information that is fiction. Novels, short stories and similar works of true fiction excluded, the vast quantities of information being generated exist in order to document, record, preserve, or report facts. Perhaps the only time fiction is valued in those venues is as evidence of a falsehood in contradiction to facts (“The dog ate my homework”).
In the last few days, two articles have crossed my desk that examine the role of lawyers in conducting due diligence in the 21st century. One story focused on structuring due diligence as part of mergers and acquisitions and a second provided specific guidance on how to conduct due diligence when the target of the examination has international operations that may be suspect under the Foreign Corrupt Practices Act ( a US law prohibiting bribing of foreign public officials). But what distinguished the two stories was the complete, utter absence from the second story of any discussion of how to evaluate the information systems, electronic records, communications, credit card activity, account records, etc. as digital assets that describe facts. It almost seemed the authors believed that due diligence was somehow conducted through oral interviews and physical file reviews if they were able to suggest as “best practices” due diligence activities that never once mentioned computers. Really?!?
The due diligence article on mergers and acquisitions intelligently emphasizes that, in that type of deal, the valuation of the target company (the one being acquired) is inherently tied to the accuracy of the information on which that valuation is calculated. Stated differently, due diligence asks, “Can we trust the information as authentic fact?” Answering that question often becomes the driving issue, and often can break the deal apart. Lawyers have crafted complex mechanisms that are embedded in the agreements that serve as insurance mechanisms that work both before and after the closing. Due diligence before the closing is where the process of answering the question begins, but the information assets of a target can not be fully evaluated in the momentum of a deal. So, additional mechanisms exist to govern the outcomes of when post-closing audits and reviews disclose that information offered as facts (on which the valuation was calculated) prove to be fictions—indemnification clauses, arbitrations, price adjustments, etc. So, in many respects, the structure of a merger and acquisition is nothing more than a dynamic exercise in testing the trustworthiness of the information of the target as fact.
In the present volatile environment, the due diligence agenda is rapidly expanding to focus on how much to include. Regulatory compliance is rapidly embracing the quality controls, security functions, and integrity of information systems—there is little doubt that a target that can present the information that factually proves their compliance with those rules has greater value than a target unable to do so. So due diligence is expanding, requiring the teams on both sides to respond; teams must include IT expertise, systems auditors, security assessments, and digital forensic capabilities (among others).
Yet all of those activities and competencies are engaging in the same discrete process—determining whether to trust the information assets of the target as facts on which valuation can be based. And trust, especially digital trust, is not an emotional judgment, nor a risk-based evaluation, but a positive, affirmative calculation. Due diligence evaluates the evidence of facts presented, organizes and applies the rules of records management and information governance by which that evidence was to have been managed, and looks for the objective additional evaluative information that is a record of the compliance of the evidence with those rules.
When I practiced law, I participated in dozens of transaction teams, usually representing the buyer. My job was to find flaws in the IT systems governance, privacy compliance, security management, and other failures to meet applicable rules that would draw into question the reliability of information assets offered as facts. But something else was occurring—I was building an inventory of the added post-acquisition costs that would be incurred to upgrade, conform, or replace IT systems of the target in order that their information assets would be as functional and as reliable as those of the acquiring company I represented. The larger that inventory, the stronger our leverage in demanding a lower valuation of the target. The more doubt I could create in the integrity of the target’s information assets, the better the argument that the post-closing mechanisms for adjusting the price had to be altered. The particular target against which we were always successful was the amount of the “reserve”—that portion of the purchase price that would be set aside and held back until the integrity of information assets could be completely evaluated.
So, two key take-aways today,
First, any company is always a potential target to be acquired (or investigated or audited, whether by regulators or potential partners or customers). In every instance, today’s market now demands, and places higher premiums on, the ability to prove information assets are facts, well-governed throughout their lifecycle. The better the IG, the higher the valuation.
Second, in entering into any transaction, understanding that the real issue is one of trust changes the dialogues and enables both sides of the deal to focus better on what Adam Smith always envisioned, moving closer to ‘perfect information’ on which to calculate value. The challenge, however, is for both sides to agree upon the rules by which the trustworthiness of the information assets will be evaluated.
In my new book, the tools presented by the book can transform due diligence into a more agile, robust, and high-valued exercise. I am looking forward to sharing those in early 2015.