28 Jul 2020 | 08.23 am
Interview: Michael Brophy, Certification Europe
Why private equity player bought the firm
28 Jul 2020 | 08.23 am
Certification Europe has been assisting clients achieve ISO standards for two decades. The founders have done well after selling the business to a UK buyer, writes Darren O’Loughlin
March 2020 was a bittersweet month for Michael Brophy. As Ireland headed into Covid-19 lockdown, Brophy was welcoming new owners Amtivo Group into Certification Europe, the business he co-founded and headed up for the past 20 years. “The acquisition was one of those points of reflection for me as an individual and CEO,” says Brophy.
“Taking Certification Europe through its various phases was certainly enjoyable, but organic growth and our own financial resources could only take us so far. The deal with Amtivo was the next logical step in evolving the company.”
Amtivo’s cash was no doubt a lure too. The deal value wasn’t announced, with press speculation centring on consideration of c.€6m. Certification Europe (CE) had turnover of €6.5m in 2018, when the company booked a profit of €475,000 and net worth was €940,000.
CE’s latest annual return lists 38 shareholders. The principal shareholders are Michael Brophy (21%), John Ryan (22%), Thomas Cooke (21%) and Paul O’Grady (8%). They’re benefiting from a consolidation play in the certification sector by Amtivo Group’s owner, UK private equity firm August Equity.
In January 2019, August Equity acquired British Assessment Bureau, one of the leading UK players in ISO training and accreditation. Other buys in the same space last year were ACS Registrars and Avalon Certification, which were folded into BAB and Amtivo. Last year also saw ISO consultancy Equas Consultancy added to the Amtivo portfolio.
“We knew of Amtivo for some time and while we both operated in the UK market we were not direct competitors,” says Brophy. “In the UK, we deal with multinationals and government departments, while Amtivo focused on SMEs. Amtivo initiated the acquisition talks last summer. We were also considering other options before concluding that selling to Amtivo was the best move.”
The deal with Amtivo would appear to have an earnout element, as Brophy is staying with Certification Europe. He adds that CE will retain its identity in the new setup. “I’m on board for the long term and I’m relishing the opportunity to keep evolving and expanding Certification Europe,” he says. “The acquisition will enable us to expand at a faster pace because we now have far more significant financial backing.”
The fact that private equity has nosed into the certification space illustrates just how big a business standards has become. With offices in Ireland, the UK, Italy and Japan, Certification Europe helps businesses and organisations achieve ISO certification quality management, health and safety, energy management and information security. The business also provides training programmes and audits for clients to reach and maintain these international standards.
“The benefit of the business model is recurring revenue,” Brophy explains. “Every six months on average, clients go through a surveillance audit and a re-certification. So at the start to each year you can be confident about the revenue stream that’s coming in, and there’s a high degree of stickiness to the client base. A negative is that the market tends to be quite steady, so it’s hard to significantly improve income.”
Back in the 1990s, companies were less keen to run the gauntlet for international certification, particularly given the often opaque auditing practices forced upon them and the resulting high failure rate. Brophy had worked as a lecturer for a time before getting involved helping businesses attain ISO accreditation in environmental management systems.
“There was a lot of bad practices out there and very little choice for companies,” Brophy recalls. He decided to establish Certification Europe in Dublin in 1999 with some former colleagues, providing certification in the areas of environmental quality and health and safety.
Brophy was also quick to work with new international standards as they were created, such as information security. The early challenges for the business included developing skilled staff to oversee standards guidance and training.
“With certification and standards inspection, having credibility and a good reputation is essential, because clients are investing a lot in your company,” says Brophy. “We raised early finance through BES investors, which was pivotal in allowing us to get that professional skillset on board.”
Allotment filings show that Certification Europe raised c.€1m from investors in Ireland and the US during its first few years of operation. An important early backer was Padraic White, former boss of IDA Ireland, who invested €74,000 and brought credibility to the young business.
“Padraic came onto our board very early and that was crucial in giving us the sort of gravitas needed for big companies to engage with us early on. His presence on the board was also a comfort factor for the BES investors.”
Certification Europe is itself audited and accredited to national and international levels by other bodies. In Ireland, the business’s chief competitor is the National Standards Authority of Ireland, although Brophy says that they mostly operate in different areas.
“NSAI is a semi-state body while we are the largest commercial entity providing certification services. We specialise in the high-end technical standards, such as information security and business continuity, while the NSAI focuses on standards for more traditional areas such as quality, the environment and health and safety.”
Certification Europe employs 75 people and its busiest areas are information security, business continuity and data protection. “We have clients spread across 47 countries and we work with a multinationals such as Facebook and PayPal, as well as most of the leading pharma companies,” says Brophy.
“Ireland is our biggest geographical market but most of our clients here are multinational. The UK is our second biggest market, followed by Italy and Japan. We have local staff in subsidiary offices delivering our services in our overseas markets.”
With the UK certification market pretty much sewn up, August Equity/Amtivo’s acquisition of Certification Europe gives it a significant inroad to the EU market and further afield.
In the meantime, Certification Europe will have to contend with the ramifications of Covid-19. Brophy predicts that movement restrictions will force the change the delivery model to remote audits. “I think that this change to remote working is very positive. I’d be surprised if the certification sector goes back to the old way of doing things, which were frankly quite outdated.
“The last recession didn’t impact our business too much of an impact because it’s times like these that companies actually need more certification and standard-keeping, as they fight to retain business. Certification can be difference between winning and losing a contract.”
What The Certification Process Involves
Certification to an ISO international standard such as Information Security, Quality or Environmental starts with outlining business requirements and desired timescales to achieve certification. Certification Europe then provides a proposal detailing the investment required to obtain the ISO certification.
The business reviews the requirements of the ISO standard documentation. Training starts at this stage for the company to develop policies, procedures and controls.
The certifying body then conducts a pre-assessment of the progress to date. Identified shortcomings have to be addressed before the stage one assessment commences. This determines if the mandatory requirements of the standard are being met.
The stage two assessment determines the effectiveness of the firm’s management system controls. All going well, the organisation is recommend for certification.
Companies certified to a standard are required to submit the management system to ongoing assessment. Certs only last for three years, after which a re-certification assessment must take place. This includes a review of past implementation and continuing maintenance of the system over the period of certification.