Integrating the IT estate of an acquired company with that of the parent is a 'delicate act' for CIOs, says an industry expert.

Tony Qui, lead partner for IT in Ernst & Young's Operational Transaction Services team, told CIO UK the challenge was ubiquitous in a digitally aware climate. "As the mergers and acquisitions (M&A) market stages a recovery after the 2007-09 recession, CIOs of corporates will have to go through a steep learning curve," he said.

Qui said that the biggest question they will face following an acquisition by their company is – 'do I standardise and merge the acquired company's IT estate, or keep it independent?'

"There is no fixed answer; it all depends on the size and nature of the parent company, as well as its ambition for the acquired entity. Costs, which often dictate what eventually transpires, are also contingent upon whether CIOs only want to merge the back office function or front office roles as well. Initially, most CIOs go for a merger of back office processes, which is the logical way forward."

The EY partner added that as the industry has matured, it is commonplace to see CIOs put transitional service agreements (TSA) in place with a span of 6-12 months.

"This is especially true for companies, who for instance want to divest and then become outsourcers, and win support contracts that span multiple years.

"It's a delicate act. I often find myself agreeing with client CIOs that if you don't come off the TSA within a reasonable timeframe, it actually inhibits the ability to gel the operating model of the parent and acquired businesses."

Instances of breaches, such as credit card hacks, theft of online data and the Edward Snowden affair, seem particularly spooky for an IT chief working overtime with his troops to merge a new asset, Qui opines.

"It's human nature – for every breach which bags lurid headlines with the CIO in question being publicly slated, there are countless others where things 'worked as they should' but will never be heard, written about or praised.

"If you are buying a standalone company and merging it, then the CIO of the parent company has to ensure there is no IP theft. Additionally, one or the other of the two companies would be stronger and mature relative to the other in terms of its policy on data protection. What I recommend on day one is to shore-up and align policy and procedure to maintain the perceptively higher level."

The scenario gets more complicated when the parent company's target has to be carved out of a third party's estate.

"Here, the CIO has to ensure network segregation with safeguards in place on the ability of the third party to access his company's information, and once that merger has taken place – protecting the value and security of his data," Qui explains.

The EY partner added that CIOs need a stronger voice and more support.

"IT is still probably one of the least understood disciplines across the business functions when compared, for instance, with finance, HR, tax, supply chain or manufacturing. What I mean by least understood is that CEOs and COOs still don't fully appreciate how to better leverage technology and what is its impact. Only when it goes wrong, do they fully appreciate the crucial role it plays in supporting the business."

Within the blue-chip FTSE 100 index, on average only around 20-30 CIOs have a seat on the board in any given year. Most CIOs end up reporting to the CFO who takes their proposals forward to the board.

There are no rights or wrongs here, according to Qui, with the reasons for it ranging from legacy issues to confidentiality.

"And it's not something that only happens in the UK. Ultimately it's about the vision and nature of the business. At most technology companies, regardless of the country of their origin, you are likely to find CIOs on the company's board," he adds.

If anything, Qui finds CIOs within the UK to be more international in their outlook. "CIOs here embrace change a lot easily than some of their global peers. I don't intend to generalise in any way, but have often found that CIOs in the Americas tend to 'in-source' a lot, especially around infrastructure maintenance.

"In Asia Pacific outsourcing is conservative and much more risk averse. In the UK, you'll see a mixed operating model of outsourcing and in-sourcing, which is a good, adaptive way of taking things forward."