The HP Acquisition of Autonomy – Lessons Learned for Doing Compliance ‘By the Book’

by Thomas Fox

Doing something ‘by the book’ means more than following a process. It means following that process during high stress times. One of the things that I think gets missed when discussing compliance programs is the need for rigor in the process. By this not only do I mean that your process needs to be robust but that you need to follow that process even in very extraordinary circumstances. Further, if you deviate from your compliance process you should document the reason for doing so. During a compliance emergency is not the time to depart from your well-thought out process that you use at all other times. One of the things that appear to have gotten Wal-Mart into trouble over its Mexican subsidiary’s actions is that when allegations of bribery and corruption bubbled up to its corporate office, the standard investigation protocol was over-ridden and a completely new and different investigation protocol was put into place. A protocol which had the persons accused of bribery and corruption investigating themselves. Can you guess what the result was?

Similarly, the ongoing news about the Hewlett-Packard Co’s (HP) acquisition of Autonomy Corp., (Autonomy) and its attendant fall-out can provide similar lessons for the compliance professional. As reported by Ben Worthen and Justin Scheck in the Wall Street Journal (WSJ) article entitled “Inside H-P’s Missed Chance To Avoid a Disastrous Deal”, HP did not follow its own internal protocol for acquisitions during the time that led up to its purchase of the British company Autonomy. Additionally, HP’s actions and decisions before and after the acquisition probably steered the deal in to, at a minimum, a very difficult path to success.

New Leadership

In 2010, HP made the decision to bring in someone, who was little known in Silicon Valley, to run the company, that person being Leo Apotheker, who had headed the German company, SAP. However, little noted at the time was the change in the Board of Directors, where “H-P simultaneously got a new board chairman, also a software specialist: Ray Lane, a venture capitalist and former president of Oracle Corp. Soon after, four H-P board members didn’t stand for re-election, and five new members arrived.” In other words, a majority of the top leadership positions in the company changed in a very short time.

Apotheker immediately made clear his desire to purchase one or more software companies. However, the Board of Director’s “finance committee scotched one, and negotiations to buy the other fell apart over price. A frustrated Mr. Apotheker told Mr. Lane, “I’m running out of software companies,” said a person familiar with the conversation.” This led HP to take a look at Autonomy.

Board Protocol

Another change for HP in the pre-acquisition process regarding the Autonomy deal related to Board of Director oversight. It came about because Apotheker had two major initiatives early in his tenure. One was to divest the company of its PC-manufacturing business. The second was to purchase Autonomy. These initiatives were considered so large and complex that the Board of Directors split itself into two separate groups to evaluate each proposal. So only half the Board was looking into the details of the Autonomy deal. Further, “H-P’s normal procedures require the board’s finance committee to review and approve deal proposals before they reach the full board. That didn’t happen with the proposal to acquire Autonomy, said people familiar with how the board proceeded.” While the split of the Board of Directors provided some ease of coordinating some logistical issues such as scheduling meetings, it provided Apotheker, with “more opportunities to lobby for a deal, said people familiar with the board’s activities.”

Red Flag Raised (or not)

One of the things that HP’s Board of Directors were surprised about during the due diligence process was “how little detail about the target firm’s finances became available. Autonomy allowed a review of financial statements and about 25 sales contracts. H-P also wanted the “working papers,” or original financial material, underlying Autonomy’s audits. Autonomy declined to provide them, citing U.K. corporate-takeover rules that require companies to disclose the same documents to all potential suitors.” While understanding that it is never the case that an acquiring company gets to review everything that it wants to during due diligence, reviewing only 25 sales contracts for a company that you are about to spend over $8 bn on does seem a bit of an under-representation of financial data to review. Moreover, some of the members of the HP due-diligence team “said they were reassured, to some extent, by Autonomy’s being a public company that had been audited for years.” Autonomy’s UK audit firm was Deloitte.

But even Deloitte raised red flags with HP, however weakly. At one point, people from HP and KPMG, HPs audit team in the acquisition of Autonomy, spoke by telephone with the Deloitte team. Someone at Deloitte “mentioned that about a year earlier, an Autonomy finance executive had alleged improper accounting at Autonomy, according to people familiar with the call. Three of these people  said Deloitte mentioned the issue briefly and added that a review had found the allegation to be baseless. The H-P team didn’t investigate further, one of the people said, and didn’t share the information with either Mr. Apotheker or H-P’s board.” The article claims that “Neither Mr. Apotheker nor the directors ever heard such an allegation during negotiations, according to several people either close to the CEO or knowledgeable about the board. Said one: “There were zero red flags raised about this company during the whole process.””

Loss of Steam

The WSJ article referred to the lack of enthusiasm that some members of senior management at HP had over the Autonomy transaction. For instance, “Chief Financial Officer Cathie Lesjak said an acquisition would batter H-P’s balance sheet, using up its cash and incurring debt, said people familiar with the conversations.” Pretty profound when you think about it now. But beyond simply the Autonomy debacle, the Board of Directors was becoming equally uneasy with Apotheker’s desire to cut the heart out of the company by getting rid of the PC-manufacturing business. So just after the Autonomy purchase, the Chairman of the Board Mr. Lane “spoke to senior H-P executives and found a near-universal view that their CEO wasn’t right for the job. In late September, 35 days after the agreement to buy Autonomy and 11 months into Mr. Apotheker’s tenure, the board dismissed him.”

This meant that the person who had shepherded the deal through the company was gone. Apotheker had not only pushed for the deal but said he had plans on how to integrate Autonomy into HP and make it work. He was quoted in the WSJ article as saying, “”We had concrete and ambitious plans on how to integrate and leverage the Autonomy acquisition,” Mr. Apotheker said. “But I was gone by the time the deal closed.”” This led to claims by the head of Autonomy, Mike Lynch to claim that the intention for HP to integrate and sell Autonomy software after the transaction never came to pass. “Within weeks, Mr. Lynch told the new H-P CEO, Ms. Whitman, in an email that when he discussed with H-P’s server unit the idea of selling Autonomy software along with H-P hardware, he received a “very negative response.””

The End

Whitman and other HP executives went to the UK to try and figure out what went wrong with the transaction, the integration or both, and two weeks later Lynch was fired by HP. Within weeks of the Lynch firing, HP said that “the company heard an allegation from an Autonomy executive that Autonomy manipulated its numbers. That set in train the process that led to H-P’s November write-down and allegation of improper accounting by the software firm.” Now the US Department of Justice (DOJ), the Securities and Exchange Commission (SEC) and the UK Serious Fraud Office (SFO) are all investigating the allegations that Autonomy manipulated its books and records.

Lessons Learned

I understand that you never have enough time to perform all the pre-acquisition due diligence that you might like to, whether it is financial or compliance. However, several clear lessons standout for the compliance practitioner from this matter. The first, and foremost, is to establish your pre-acquisition protocol, not during the time you are acquiring a company but before so. If you normally require approval from the full Board of Directors keep that requirement in place and do not cut your approval to one-half because you have two large matters to digest. Second, if a red flag is raised, you should clear it, not the person or entity that brings you the information. The third is to have a post-acquisition plan in place and, to the extent you can do so under the circumstances presented, follow it.

All three of the above suggestions would seem to be the perfect description of ‘by the book’. My father was in the US Navy during World War II and Korea. He is also an engineer. Those two backgrounds would seem to make him as strong a candidate for as ‘by the book’ as possible. But he was also a believer in information, analysis and documentation. The reason, he believed that if you did not study it, you could not document it; if you did not document it, you could not analyze it; and if you did not analyze it, you could not improve it. So document, document and then document everything you do from the compliance perspective and use that information to create a better book, but only if the information and your analysis thereof warrants it.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.