Strategic acquisition: KPIs and leading practices for risk and controls

While undergoing a strategic acquisition, there’s a lot to get in order. And when it comes to external reporting, here are the goals we think are most important for your organization amidst this strategic change, meaningful KPIs to track progress, and leading practices to follow.

Goals for your reporting

1. Unifying control frameworks: Ensure risk mitigation strategies are consistent, efficient, and effective across the combined organization.
2. Streamlining control testing: Create a more efficient process for testing and validating controls.

Meaningful KPIs to track

• Control testing efficiency: The time taken to test and validate controls post-integration versus pre-integration benchmarks.
• Risk incident frequency: The number of risk incidents or breaches post-integration.
• Cost: Total costs (including software, labor, and overheads) associated with risk management processes post-integration.
• Automated risk assessment percentage: How many risk assessments are automated.
• Control failure rate: The percentage of controls that fail during testing.

Leading practices

1. Conduct an integrated risk assessment for the merged entity, considering the unique risks posed from both companies.
2. Standardize control procedures to ensure consistency and effectiveness in risk mitigation.

See the considerations, KPIs, and leading practices most critical for intercompany.