Company mergers: the strategic (and all too often underestimated) role of the IT manager

Published :

07/2025

| Updated on

-
Articles
>
IAM
In a merger, the IT department is often relegated to the end of the chain, ordered to execute decisions already taken elsewhere. Yet it is the IT department that guarantees the continuity, security and operational success of the merger. The ISR can no longer be content to simply provide support: he or she must impose IT as a strategic lever. Here's how.

Summary

When it comes to mergers and acquisitions, the main focus is on legal, financial and HR issues. IT, on the other hand, is often an afterthought, a secondary issue to be dealt with "once everything else has settled down".

And yet, it is through him that the operational reality of the merger materializes. This is where the hoped-for synergies materialize... or fall apart.

Access to tools, data security, service continuity, system harmonization, process adaptation: all these elements are part of an IT organization that is often under pressure. And all these dimensions rest on the shoulders of the IT Service Manager (ISM) or IT Director (CIO), often in the shadows. And yet it is they who will have to face up to the technical, human and political challenges of integration. And, in the event of failure, he or she will be the designated target.

What many managers forget is that the ISR doesn't just manage technical migrations. He or she is also responsible for security, traceability, resilience and, in his or her own way, the social climate within the teams. He or she must therefore be involved from the earliest strategic stages of the project.

This article offers a clear, actionable framework for repositioning the role of the IHR in a corporate merger. How can we anticipate the challenges? How to make your voice heard? What mistakes should be avoided? And above all: how to avoid IT becoming the blind spot in a strategic transformation.

Why is IT often the poor relation in mergers... and why is this a problem?

Despite their strategic potential, mergers are rarely a smooth ride. According to a study by Accenture, 40% of mergers are carried out without prior consideration of IT, and in over 60% of cases, the initial objectives (synergies, cost reduction, efficiency gains) are not achieved. However, when IT integration is properly orchestrated, the success rate of mergers rises to 70%.

In practice, however, IT departments are all too often left out of the initial strategic discussions. The RSI discovers the operation when everything has already been decided - budgets, deadlines, target architecture - and all that remains is to "connect the pipes". This gap creates a major blind spot in change management.

Impact of IT integration on merger success

Invisible but very real chaos

When IT isn't on board from the outset, problems don't show up immediately. They emerge after signing, in the operational phase:

  • Redundant or incompatible tools ;
  • Unaligned or duplicated user accounts;
  • Accesses left open in both IS, without control or traceability;
  • Critical workflows that fall by the wayside (onboarding, payroll, support);
  • A technical debt that is accumulating, because the priority has been placed elsewhere.

In the end, this application chaos has an impact on all business areas. Users juggle multiple environments, support teams are swamped with tickets, and managers lose confidence. And in the event of an audit or security incident, it's the IT Department that's in the dock.

IS as a magnifying mirror for malfunctions

In times of merger, organizational tensions are common. Everyone tries to impose their own tools, standards and culture. In this context, the information system quickly becomes the focus of disagreements and frustrations. As former CIO Pierre Hichem Mrabet points out:

"Any dysfunction in the merger operation will find its crystallization on the IS."

In the eyes of users, it is the slow connection times, errors in rights and duplicate accounts that symbolize the failure of the merger. And it's the RSI that bears the responsibility - even if it didn't have a hand in the key decisions.

Failure to integrate IT from the outset means running the risk of seeing the merger fail in the technical details, far removed from the COMEX PowerPoint slides.

The RSI: technical link or strategic player?

In a merger, the RSI is often perceived as a mere connection operator. A technical figure, in charge of carrying out what others have decided. And yet, this submissive posture is precisely what weakens him. For if IT is kept out of the initial decisions, it is almost always IT that finds itself exposed when problems arise.

The reality is that the ROI is much more than an executor. He's the only one with a cross-functional view of systems, processes, data flows and interdependencies. He is also the guarantor of business continuity, cybersecurity and access consistency. His role is therefore fundamental in securing and structuring convergence.

RSI must make IT a strategic issue

As Pierre Hichem Mrabet reminds us, the RSI can no longer simply provide support:

"Don't be supportive, be proactive. Invite yourself to business meetings, listen, propose solutions."

Clearly, we need to change our attitude. It's up to the RSI to ask the right questions:

  • Which information systems are critical to each entity?
  • What application dependencies need to be preserved?
  • What are the risks of access or leakage?
  • data
  • How can you guarantee proper identity management in a transitional IS?

And it's up to him or her to raise any red flags: hidden costs, unrealistic deadlines, overlapping tools or governance abuses. This legitimacy cannot be improvised. It's built on the ability to talk business, anticipate scenarios and propose realistic alternatives.

Dual legitimacy: technical and political

This strategic positioning of the IHR also presupposes political legitimacy. All too often, the future organization chart is communicated late, leaving IT teams in the dark. Without visibility, there is no buy-in. Without an identified IHR, there can be no coherent management.

Giving the RSI a seat on steering committees sends out a strong signal: IT is a value driver, not an adjustment variable. It's also a way of securing technological decisions before they are taken on purely political or HR grounds.

Finally, in contexts where security, RGPD compliance or operational resilience are under close scrutiny, the ISR becomes a pivot of global governance. It's up to him or her to seize this position. Or suffer it.

Mapping IT convergence scenarios: 4 possible paths

Once the merger has been finalized, the question for IT managers is: how can two information systems coexist without compromising security, continuity or performance?

There is no universal answer. Each context imposes its own constraints: IS history, architecture, IT culture, budget, timetable, expected level of integration... But whatever these parameters, the ISR must be able to map out the possible scenarios and inform the decision.

Pierre Hichem Mrabet identifies four main convergence models. None is ideal, and each presents specific risks. The important thing is to anticipate them - not suffer them.

1. Absorption: keep a single IS (the most robust or structured)

This is often the preferred choice when one of the two companies has a clearly superior IS. This option enables rapid integration, rationalization of tools, and clarity of roles.

But this involves absorbing all the other entity's processes within an existing framework - which can generate strong resistance to change, especially if the IS retained is not that of the "acquirer".

It also requires very clean provisioning of accesses to avoid side effects (residual rights, membership errors, double identity).

2. The "best of breed" merger: creating a hybrid solution from the best elements of the two information systems

Attractive on paper, this approach seeks to combine the best of both worlds. It can work if you have a clear vision of the target processes, the ability to recentralize data, and the right tools to orchestrate access and roles.

In practice, however, the result is often a gas factory: disparate, poorly integrated systems, exponentially complex management and compatibility problems.

As Mrabet says: "The best is the enemy of the good."

3. Cohabitation: maintaining the two IS in parallel and interfacing them

It's the pragmatic choice. It allows for a smooth transition, while the long-term target is decided. It avoids forcing teams to abandon their tools too quickly.

But this scenario is costly to maintain, complex to secure (multi-tenant access, shadow IT, duplication of roles), and fragile in the medium term. It can create a climate of ambiguity that slows down ownership of the merger.

4. Total reconstruction: starting from scratch

Theoretically, the ideal is to start with a new, modern IS, aligned with the needs of the merged entity. This option is only viable if both IS are obsolete or unmanageable.

But it requires a lot of time, money, consensus... and flawless governance. In general, it is reserved for contexts where 'IT is becoming a major lever for transformation (business refocusing, native cloud, etc.).

IT convergence scenarios during a merger

👉 Whichever option you choose...

The RSI must focus on two key points:

  1. A precise inventory of identities, accounts and accesses: to avoid duplicates, holes in the system or invisible elephants.
  2. The ability to trace and document each step: to respond to audits, prove risk control, and secure internal buy-in.

And for this, it's best to have a lightweight, interoperable IAM brick that allows you to take back control of rights management without waiting for the entire architecture to be fixed.

Don't forget the essentials: IT, HR and communications teams

In a merger, the technical side of things is heavy. The choice of tools, architecture or processes monopolizes attention. But it would be a mistake to neglect the most fragile element - and often the one with the greatest impact: people.

The RSI doesn't just manage data flows and access migrations. They manage a team under pressure, in a context of maximum uncertainty. And he interacts with users who are also seeking their bearings in an evolving system.

Ignoring this dimension is tantamount to creating a climate of mistrust, attrition and even passive sabotage. These are precisely the moments when IT can lose its talents... or reinforce its credibility.

IT: a lever for stability... or rejection

As Mrabet points out, the human factor largely determines the success of a merger. And it starts internally, with the IT team itself:

"You have to be there, listen, and communicate constantly. Otherwise, the IHR is likely to have to deal with demotivation, accusations, conflicts... and the loss of key employees."

Internal rumors, prolonged silences and unclear governance changes create a breeding ground for withdrawal. Some critical profiles jump ship at the worst possible moment. Others put the brakes on.

But the IT team is on the front line: it steers convergence projects, resolves bugs, absorbs user tickets, secures new accesses... with no margin for error.

Involve HR from the outset

All too often, HR is only involved in redundancy plans or contractual adjustments. But they have a major role to play in merging IT teams:

  • clarify roles and reporting lines,
  • supporting fragile or critical profiles,
  • define integration processes (onboarding of ex-teams from the other entity),
  • manage any duplication or overlapping of jobs.

The IHR must therefore be in constant dialogue with HR to anticipate movements, plan needs and avoid technicalities masking structural malaise.

bringing the IT team on board during a merger

Communicating, explaining, embarking

Finally, there are the users. They are the ones who will experience the day-to-day effects of the IT merger: new tools, new procedures, new access rules.

If they don't understand what's going on - and why - they'll reject change, blame the system... and point the finger at IT.

This is why communication cannot be an adjustment variable. We must :

  • explain the stages of the IT project (with an appropriate level of popularization),
  • provide clear perspectives ("what changes, what doesn't, when"),
  • provide extra support for the first few weeks after the merger,
  • document new procedures (access, requests, incidents).

In short: the RSI must play the role of orchestra conductor, at the crossroads of the technical, the human and the political. And without alignment on these three fronts, the finest technical architecture runs the risk of collapsing at the first hitch.

5 concrete ways to make the RSI's voice heard in a merger

It's not enough to be technically right to be listened to in a merger. The RSI must not only demonstrate his or her competence, but also defend a vision and establish himself or herself as a structuring player in the process, right from the outset.

Here are five concrete ways in which you can become one of the architects of the merger, rather than the victim.

1. Map risks before they blow up in your face

The first strength of the RSI is its ability to see what others do not. Shadow IT, application dependencies, access rights loopholes, duplicate accounts... These are all silent threats that can derail an integration project, or delay hoped-for synergies.

By mapping IT risks at an early stage, you move from a defensive posture to one of anticipation. And you give credibility to your role in strategic decision-making.

2. KPIs that speak to decision-makers

General management doesn't talk about LDAP, provisioning or SSO. They talk about cost, time, performance and security. It's up to you to translate your technical challenges into understandable indicators:

  • How many accounts will need to be migrated?
  • What is the risk of having residual or inconsistent rights?
  • How many man-days can be saved with automated provisioning?
  • What impact does this have on onboarding time for new employees?

Metrics are your best weapon of persuasion. Especially if they show that IT can accelerate fusion, rather than slow it down.

3. Talking business, not just infrastructure

In the event of a merger, business units are on the alert. They want guarantees: that they will be able to continue working without interruption, that they will have their tools back, and that there will be no loss of performance. It's by responding to their needs that you'll gain allies.

So we need to move away from a technical approach and adopt a more usage-oriented one: which critical applications? Which sensitive workflows? Which profiles need to be processed first? Which roles need to be revised or harmonized?

It's also an opportunity to show that you can structure access by function, not by IS, using a role-based approach - even in a fragmented environment.

4. Identify (and activate) the right internal sponsors

The RSI alone cannot impose its voice. It needs relays. And these relays are often :

  • on the HR side (for everything to do withidentity, roles and integration processes),
  • Security / CISO (who will be sensitive to access or leakage risks),
  • on the Finance side (which may see IT rationalization as a way of generating savings).

By relying on these sponsors, you increase your legitimacy. And you move away from the image of the "guardian of the system" to become a transformation project leader.

5. Identify technical and organizational quick wins

Finally, in the flow of strategic decisions, nothing beats a quick, visible and measurable win. This can be :

  • setting up a single portal to manage access requests during the transitional phase,
  • automated provisioning of critical applications,
  • deactivation of all ex-employee accounts via a consolidated rule,
  • documentation of rights for sensitive areas (e.g. HR, Finance).

These visible actions lend credibility to IT, reassure stakeholders, and show that RSI is in action, not in stalemate.

credibility loop

Conclusion: in a merger, IT doesn't have to follow - it has to light the way

A company merger is not just a legal or financial exercise. It is a profound organizational shock, in which IT plays a key but all too often invisible role. Yet it is through IT that synergies materialize... or tensions crystallize.

The RSI can no longer be confined to the technical side of things. He is the guarantor of the continuity, security, traceability and operational credibility of the operation. If he doesn't take his place from the outset, he'll suffer. And he alone will bear the brunt of any malfunctions.

Things to remember :

  • IT is not a "brick to be connected", it's a structure to be managed.
  • People, governance and access are just as crucial as tools.
  • The RSI must move away from its role of executor and become a strategic player in the merger.

And it starts now: by asking the right questions, documenting the risks, identifying the quick levers... and showing that IT can be a gas pedal of convergence, not a brake.

👉 If you're in this situation and looking for concrete ways to structure access and rights management during a merger, you can book an exchange with our team or find out how Youzer can help you regain control without unnecessary complexity:

Request a demo of Youzer

Would you just like a quick 15-minute chat with an expert to find out if Youzer is right for your needs?

Book a meeting with an IAM expert

Need to estimate the cost of an IAM project?

Download this white paper on the cost of inaction in IAM :

We have been unable to confirm your request.
Your request for a white paper has been taken into account.

Recommended Articles

10 points for successful entitlement management
Identity governance and administration: the key to effective management
Identity Lifecycle Management: the key to security and productivity