M&A: managing the governance gap

Completing mergers and acquisitions successfully, while maintaining effective compliance, is one of the most difficult undertakings in modern corporate strategy. Technology underpins everything from key operational processes to day-to-day work. Technology governance now plays a defining role in M&A success, and getting it right remains one of the hardest parts of integration.

 

What is clear is that M&A activity and value are on the rise. It’s hard to go a day without seeing a new merger or acquisition announcement dominating the news. According to ONS data, in Q1, dealmaking involving UK companies, across all sectors, reached the highest level since late 2022. In Q3, there was a strong rise in deal value reflecting a shift toward higher-impact transactions.

 

This rise in activity is creating more complex environments for IT directors and managers, who now lead 80% of migration projects according to recent ShareGate data. AI adoption compounds this complexity because these tools depend on clear access models and well-structured data, both difficult to maintain during integration. Add the security risks of getting migrations wrong, and it is easy to see the level of pressure leaders are under.

 

With this in mind, how do technology leaders best manage migrations, integrate AI tools and continue to maintain the strong governance needed to maximise M&A success?

 

 

Speed isn’t everything

A significant point of concern for IT leaders is data security. M&A activity, by nature, presents inherent security risks, including the introduction of new systems, processes for employees, and new third-party vendor risks. Cybercriminals operating for profit are likely to see increased movement of data between two environments as an opportune moment to strike. It’s for this reason that nearly half (43%) of IT leaders surveyed by ShareGate stated that security and compliance were their biggest challenges when merging. 

 

A common pitfall when merging environments is the pressure to rush integration. There is real urgency to get systems up and running and to show joint business outcomes quickly. A more deliberate transition should not be seen as a weakness. Well-governed integrations are typically managed in two phases: migration first, followed by reorganisation. Migration is like air traffic control: you land the most critical workloads safely, keep the runway clear, and then reorganise the structure and governance of the new environment once immediate risks are reduced.

 

 

Adopting AI and mitigating its challenges 

The benefits of AI use for efficiency are well documented. Adoption of AI in the last few years, particularly to drive business performance, has been unprecedented. As of last year, 70% of Fortune 500 companies were using Microsoft 365 Copilot. ShareGate found that in the UK, this is now as high as 83%. Despite this, many IT leaders highlight gaps in AI governance expertise, particularly when two organisations use AI differently or have inconsistent access, data or security models.  Almost 55% of leaders expressed concerns about security and access management during migrations.  

 

A structured, IT-led approach to AI adoption helps ensure that access, data boundaries and governance decisions are made by teams who understand the technical and operational implications. Executives, however, bring essential insight into broader organisational goals and where AI can add the most value. When IT and business leaders do not have open and constructive dialogue, AI strategies risk becoming disconnected from real needs and unintentionally creating more pressure for shadow IT.

 

Implementing AI without a clear view of workflows and organisational priorities often leads employees to adopt unofficial tools after a complex, time-consuming rollout, which increases risk and reduces the return on that investment.

 

 

Creating governance by design

Potential downtime is a challenge with any technology migration. Migration of AI technologies is no different. Good integration plans can anticipate where blockers might occur and help prevent avoidable delays. A slower-than-expected rollout can limit efficiency during the M&A process. Alleviating these concerns requires strong conversations among all M&A parties, ensuring that integration plans are clear and well-defined.

 

Migrating core business tools presents an opportunity to embed governance directly into day-to-day operations. It helps align business culture with the new platforms. Rather than bolting governance on later, organisations can use automation and integration so that governance requirements are built in from the start.

 

M&A activity is expected to remain high. Successful deals increasingly depend on strong technology governance, especially as IT teams shoulder the majority of migration projects and AI tools become deeply embedded in critical business processes. This places significant pressure on technology leaders to integrate complex environments securely, while keeping compliance on track.

 

In this environment, rushing integration increases security exposure, invites cyber threats during data movement and can undermine the long-term effectiveness of the merger.

 

A more deliberate approach, separating migration from reorganisation, gives leaders the space to prioritise security, manage risk and keep systems stable. At the same time, IT should own AI adoption and manage it methodically, with active executive input, to avoid misaligned solutions, governance gaps and a rise in shadow IT that wastes investment. By treating migrations as an opportunity to design governance into core tools and workflows from the outset, organisations can strengthen M&A value rather than jeopardising it.

 

---

 

Richard Harbridge is Microsoft MVP and Technology & Ecosystem Strategist at ShareGate

 

Main image courtesy of iStockPhoto.com and CoreDesignKEY