Risk Identification & Assessment - Merger/Acquisition


The risk identification and assessment process is a critical part of effectively managing risks at a project level. Risks are identified, and then classified by risk category (financial, operational, strategic, compliance). Each risk is then assessed based on its impact and likelihood, and prioritized in order to direct management focus toward the most important (Deloitte & Touche LLP, 2012).

Our Risk Identification and Assessment - Merger/Acquisition model follows the steps below:

  1. Identify potential risks that could impact your merger/acquisition and classify each risk into categories.
  2. Combine to eliminate duplicates and move forward with only unique risks.
  3. Rate each risk based on impact and likelihood.
  4. Prioritize to ensure the right risks are managed going forward.
  5. Develop a specific action plan to address the high-priority risks.


This model is intended for Directors of Strategy and Heads of Mergers & Acquisition departments.


Historically, half of all M&A activities have failed to create lasting shareholder value (Perry & Herd, 2004). Despite the low success rates, mergers and acquisitions are one of the key growth strategies for organizations across industries. In order to realize the expected synergies and create shareholder value, organizations must prepare themselves for the myriad of risks involved in an M&A deal - from financial risks to people risks to integration risks.

“Analysts react more favorably to an announcement of an acquisition if it is followed up with a cogent discussion about the acquirer's high priority integration initiatives, key risk factors and risk mitigation plans including the timing of each.“ (Perry & Herd, 2004)


1)  NOODLE & TAG: Identify and categorize the key risks that could impact your project.

2)  COMBINE to eliminate duplicates and move forward with only unique risks

3)  MULTI-CRITERIA RATE each risk based on Impact and Likelihood. In the comments section, provide rationale for why each risk was rated the way it was.

4) PRIORITIZE: Identify high priority risks for management attention. 

5) ACTION PLAN: Develop an action plan to address high priority risks.


  • Prioritized list of risks to receive management attention
  • Critical thinking skills developed that enable a risk culture
  • Valuable insight into why risks were rated the way they were
  • Shared understanding and alignment on risks in the merger/acquisition


This exercise will enable:

Quality - Gain critical insight into your organization and proactively manage the risks that impact achievement of strategic goals – no surprises. Increased perspectives will reduce risk.

Efficiency - Engage busy stakeholders when it’s convenient for them to contribute – 24/7, reducing meetings and bringing the right people to the table.

Engagement - Conversation analytics allow individual stakeholders to know how they rated risks versus how others did, igniting rich discussion and deeper alignment. Provide a safe space for stakeholders to evaluate and provide candid thoughts and rationale. 

Agility - Develop a shared understanding about the organizations or departments key risks. Evaluate and focus management attention and resources on the most important risks. 


Deloitte & Touche LLP. (2012). Risk assessment in practice. Deloittehttps://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/dttl-grc-riskassessmentinpractice.pdf

Perry, J., & Herd, T. (2004). Mergers and acquisitions: Reducing M&A risk through improved due diligence.  IMAA Institute. https://imaa-institute.org/docs/m&a/atkearney_02_Mergers_and_acquisitions-Reducing_M&A_risk_through_improved_due_diligence.pdf