.png)
.png)
.png)
.png)
.webp)
Login
The regulatory climate in the European Union and beyond means that due diligence has never been more important. Whether you are onboarding customers, making investments or taking part in mergers and acquisitions (M&A), it is essential that you carry out a thorough investigation into the good standing of the other parties in the transaction.
Poor due diligence can lead to:
- Wasted time and money on a deal that turns out not to be suitable. The CFA Institute says that 70% to 90% of M&As fail because of flawed due diligence that should have highlighted issues earlier
- Compliance issues, such as GDPR breaches if you fail to spot data handling issues or the use of your company to process criminal proceeds, in contravention of anti-money laundering regulations.
To reduce risk to your company during any such interaction, you should carry out a thorough and effective due diligence process that is appropriate to the level of that risk inherent in the transaction.
This article explains what due diligence is in greater detail, guides you through the process and provides examples and best practices to help you inform your due diligence strategy.
- Due diligence is essential in today’s regulatory environment to reduce risk, avoid compliance failures and improve the success of deals.
- Poor due diligence is a major cause of failed transactions, with up to 90% of M&A deals falling short due to missed issues.
- An effective due diligence process follows a structured approach, from defining scope and collecting data to analysing findings and reporting outcomes.
- Different types of due diligence, including financial, legal, operational, ESG and cybersecurity, provide a full picture of risks and opportunities.
- Combining hard and soft due diligence helps companies assess both measurable risks and cultural fit for long-term success.
- Secure virtual data rooms play a key role in organising documents, enabling collaboration and protecting sensitive information throughout the process.
What is due diligence?
Due diligence involves the systematic analysis of an individual, organisation or a particular asset, with the intention of entering into a transaction, deal or investment. You use due diligence to avoid regulatory or operational issues and to ensure that the other party is a good corporate fit before formalising the relationship.
In the process, you verify the information available about the other party, highlighting any potential problems as early as possible.
Here’s how due diligence works from both a buyer’s and seller’s perspective in a merger or acquisition:
| Buyer’s perspectiveDue diligence allows the buyer to fully understand the target company’s financial health, legal risks, operations and strategic and cultural fit before committing to the deal. It helps uncover hidden issues, confirm that the deal represented good value and shape the final price and contract terms. | Seller’s perspectiveDue diligence is a chance for the seller to present the business clearly and accurately to ensure the buyer feels confident in continuing with the deal. The seller can speed up the process by supplying well-prepared information to the buyer, reducing disputes further down the line and helping to drive a stronger valuation. |
|---|
| Get the due diligence checklistsTo assess the risks and opportunities of a transaction, you need a comprehensive road map to guide you through the process. Our due diligence checklists cover all the relevant documents and information you need to gather for a thorough due diligence review. Legal due diligence checklistFinancial due diligence checklist |
|---|
The due diligence process step by step
Step 1: Define scope and priorities
There are a range of different types of due diligence and each will require a focus on different areas by their individual nature. This is the point at which you set the scope and those priorities to ensure you thoroughly investigate the entity or investment you are targeting.
Consider the value and risk level of the transaction to inform the level of due diligence required:
- A merger with a partner business with whom you already share a working relationship might require less intensive due diligence than the acquisition of a private business in a sensitive sector, such as the gambling industry, and where there is no public information about the ultimate beneficial owner.
- A domestic transaction involving two companies operating in the same jurisdiction may allow for a more standardised due diligence process, with familiar legal, tax and regulatory frameworks. A cross-border transaction, on the other hand, often requires additional scrutiny. Differences in corporate law, tax regimes, employment regulations and data protection rules can significantly expand the scope of due diligence.
When developing your process, consider the key risk areas for your business as well as the value drivers that you require as part of the transaction.
Then set your desired goals for carrying out the due diligence process, ensuring you give yourself enough time to dive into the data adequately, but that you do not take so long that it impedes and impacts the deal being closed. Assign roles and responsibilities to your team and to any external advisors and experts you entrust with your investigation. You should also identify key contacts with the other party so you know where to direct questions.
Step 2: Collect data and review documents
Request the information and documents you need to carry out thorough due diligence from the other party.
It is essential that you hold this data in a structured manner to make it easier to work your way through it and in a secure environment.
A virtual data room (VDR) is used for many types of business due diligence, including M&A, company audits, investor fundraising and a range of other activities. A VDR is an online repository for storing and distributing confidential documents. Within the VDR, you should be able to collaborate with your team and external participants, as well as with representatives of the other entity, to ensure you gain a full, thorough understanding of the party in which you are taking an interest.
You can also review the financial statements, legal papers, operational and commercial materials and highlight any gaps, inconsistencies and missing data to help carry out due diligence effectively.
| Gain more control over M&A with less effortAdmincontrol’s virtual data room is a user-friendly and secure platform that helps you organise your documents easily using recommended folder structures that you can tailor to your specific needs. Learn more |
|---|
Step 3: Conduct management interviews and site visits
As well as reviewing the documents in the VDR, you should conduct more in-depth interviews with management figures on the selling side. This will give you a three-dimensional understanding of how the business works and highlight any issues that are not necessarily obvious in the official written documentation.
Conduct site visits to see the business in action, assessing its operations, systems and culture first hand. Through this process, you can identify the company's dependencies on certain people, processes or assets, alerting you to risks and helping you plan for what happens post-transaction.
Step 4: Analyse findings and validate insights
After you have investigated the documents and reported your findings from interviews and site visits, collate the results and analyse them to understand how they compare with industry benchmarks. Some types of business are inherently more risky than others, so the level of acceptable risk needs context within the norms in your sector.
In addition, consider the level of risk compared with your expectations or the expectations of your board of directors. If it fits within the risk appetite of your organisation, you can continue. If it does not, you might need to create a case to present to the board and executive team to help them understand whether the potential value is worth the additional risk.
Work with advisors and other stakeholders to validate the findings and ensure all parties agree they represent an accurate picture of the status of the other company.
Step 5: Summarise outcome
Summarise the findings in a report for the board of directors, giving a breakdown of the value the deal would bring to your company and any red flags you have identified during due diligence.
Provide guidance on how to use the report to inform the company’s next steps and your recommendations. Senior leaders will use this to inform their discussions about the risk vs value of the potential deal.
Different methods of running due diligence
This table compares the different potential methods of running a due diligence process:
| Method | How it works | Strengths | Limitations | Overall suitability |
|---|---|---|---|---|
| Virtual data room (VDR) | A secure, purpose-built online platform where all documents, communication and activity tracking are centralised. | Strong security, granular permissions, audit trails, structured folders, integrated Q&A and efficient collaboration with multiple parties. | Requires setup and licensing costs. | Best option for complex or high-value transactions due to security, control and efficiency. |
| Shared cloud drives | Files stored in general file-sharing platforms and accessed through links or shared folders. | Easy to use, low cost and widely available. | Limited access control, weak audit tracking, version confusion and higher risk of data leakage. | Suitable only for simple or low-risk information sharing. |
| Email exchanges | Documents sent directly between parties as attachments. | Familiar and quick for small amounts of information. | Poor version control, security risks, scattered records and difficult to manage large volumes. | Not suitable for structured or secure due diligence. |
| Physical data rooms | Documents stored in a secure physical location for in-person review. | High control over access and document handling. | Time-consuming, expensive, limited accessibility and difficult collaboration. | Outdated for most modern transactions. |
| Project management tools with file storage | Documents stored alongside task tracking and workflows in collaboration platforms. | Useful for coordination and progress tracking. | Not designed for confidential deal management or regulatory-grade security. | Helpful for process management but not ideal as the main diligence platform. |
| Experience a professional virtual data roomAdmincontrol’s VDR provides full visibility into your process, with detailed logs and activity reports to help you monitor interest throughout due diligence as well as demonstrate compliance. Learn more |
|---|
Types of due diligence
- Financial due diligence: This reviews the company’s financial performance, cash flow, assets and liabilities to confirm its value and identify any financial risks.
- Legal due diligence: It examines contracts, corporate structure, disputes, compliance matters and licences to uncover any legal exposures.
- Regulatory due diligence: This focuses on jurisdiction and industry-specific rules and approvals required to operate or complete the transaction.
- Commercial due diligence: This assesses the company’s market position, customer base, competitors and growth prospects to test the strategic case for the deal.
- Operational due diligence: It reviews day-to-day operations, supply chains and processes to understand the prospects for growth and potential weaknesses.
- Tax due diligence: It checks past tax filings, liabilities and structures to identify risks and ensure compliance with local tax laws.
- Technical and IT due diligence: This evaluates systems, infrastructure, cybersecurity and digital capabilities to assess reliability and integration readiness.
- Human resources due diligence: This reviews workforce structure, culture, contracts, compensation and key talent risks to understand people-related impacts.
- ESG due diligence: This assesses environmental, social and governance practices to identify compliance issues, reputational risks and sustainability impacts.
- Intellectual property due diligence: It reviews patents, trademarks and ownership rights to confirm the protection of the entity’s key innovations and assets.
- Cybersecurity due diligence: This examines data protection measures, past breaches and security controls to reduce digital risk going forwards.
Hard vs soft due diligence
When carrying out due diligence, there are two main approaches to uncovering important details about the other party in the deal:
- Hard due diligence, which is more of a quantitative investigation, looking at hard figures
- Soft due diligence, taking a more qualitative perspective of the other party, exploring the cultural side of the organisation.
Here’s how hard and soft due diligence compare:
| Aspect | Hard due diligence | Soft due diligence |
|---|---|---|
| Main focus | Financial, legal and operational facts and risks | People, culture, leadership and strategic fit |
| Typical areas | Financials, tax, contracts, compliance, assets, IT systems | Culture, management style, employee engagement, values |
| Type of data | Numbers, documents, records and formal reports | Interviews, observations, surveys and behavioural insights |
| Purpose | Confirm value and identify measurable risks or liabilities | Assess integration challenges and long-term success factors |
| Who leads it | Finance teams, lawyers, auditors and technical specialists | HR teams, leadership and organisational consultants |
| Key outcomes | Adjusted valuation, contract protections and deal structure | Integration planning, retention strategies and culture alignment |
| Risk if ignored | Financial losses, legal penalties and failed transactions | Talent loss, poor morale and post-merger failure |
| Timing in the process | Mainly before signing and closing | Starts during due diligence and continues after closing |
It makes sense to carry out a mixture of both approaches to gain a holistic view of the suitability of the other in the deal. A well-performing company with cultural failures might not be able to sustain that performance, for example. Analysing both the quantitative and qualitative data to find a happy balance can set you up for a successful and value-driven future relationship.
Examples of due diligence
Here are some different situations in which you might need to conduct due diligence and what you might hope to achieve from the process:
- Acquiring a competitor to expand market share
A corporation would carry out due diligence when planning to buy a competitor with the intention of increasing market growth. The team reviews the financial statements of the competitor, its ongoing customer contracts, the legal risks and the status of its operations. This will help the corporation understand whether the initial price discussed is value for money and if the other business fits its strategy. They should also look into the technology infrastructure and staff culture to gain insight on how integration might work. Additionally, they should look into whether a deal would contravene any antitrust laws, creating a monopoly.
Outcome: The corporation understands whether the deal is good value and whether there are factors that could inhibit growth or cause regulatory headaches.
- Raising capital from investors
An advisory firm might run due diligence when a company seeks funding from institutional investors. As part of the process, the firm would check the company’s financial records, legal compliance procedures, history and controls, governance structure and commercial performance to understand whether it is in a position to offer investors the potential for an acceptable return. This also involves investigating debt, legal disputes and ongoing regulatory issues.
Outcome: Investors can have confidence in their decision to invest in the business, with the full knowledge of the risks and opportunities that it entails.
- Entering a strategic partnership or joint venture
When entering into a business relationship with another company, organisations often perform due diligence to assess the partner’s financial stability, legal position, reputation and operational capacity. This reduces the risk of joint ventures and long-term partnerships, allowing them to make decisions based on full disclosure. It is also a helpful process to gain an understanding of how compatible the two cultures are and whether their goals align.
Outcome: Companies can build partnerships on trust, without the risk of unexpected liabilities and in the knowledge that their cultures align for better integration.
Best practices for effective due diligence evaluation
| Apply a risk-based approachFocus time and resources on the areas that pose the biggest financial, legal or operational risks to the deal. | Ensure cross-functional collaborationBring together finance, legal, compliance, HR, IT and operational teams to gain a complete picture of the target business. | Balance depth with speedCarry out thorough reviews of the target entity while keeping momentum so the deal does not stall or lose value. |
|---|---|---|
| Document findings clearlyRecord risks, assumptions and conclusions in a structured way to support your leaders’ discussions, eventual decisions and the negotiations that take place. | Use a secure platformA robust VDR with the functionality to collaborate and communicate, both internally and externally with the other party, is essential to protect sensitive business information. | Validate information Cross-check the data you receive from the other party to ensure it is accurate and complete. This includes financials, contracts, compliance records and more. |
| Ask targeted questionsYou need to glean as much information as you can in a relatively short period of time, so use clear request lists to gather relevant information efficiently and avoid unnecessary delays. | Track progressAssign tasks to your team and provide them with responsibilities to add accountability into the process. Monitor their progress to keep the due diligence on schedule. | Involve expertsIn sensitive, complex cases, you will need to bring in external advisors to interpret legal, tax and regulatory issues, for example. They can help uncover hidden risks. |
How to choose a due diligence solution
When planning a due diligence process, you need a digital solution. Your virtual data room should provide these features:
- Strong security and compliance: Look for enterprise-grade encryption, strict user access controls and relevant certifications such as ISO 27001 and SOC 2, to protect sensitive documents throughout the deal.
- Granular permission management: The ability to assign detailed access rights by user or group ensures that only the right people can view, edit or download specific files.
- Pre-built folder templates and organisation: Ready-made due diligence templates and structured folder wizards speed up the set-up process in a stressful and fast-moving situation, keeping documents organised.
- Bulk upload and intuitive document handling: Drag-and-drop bulk uploads and automatic indexing make importing large volumes of documents more efficient.
- Task and workflow tracking: Built-in task management lets you assign responsibilities and track progress on diligence items within the platform.
- Q&A and secure communication: Integrated Q&A modules and encrypted messaging support confidential interactions between buyers and sellers without relying on insecure email channels.
- Audit trails and reporting: Detailed logs of who accessed what and when improve accountability and support your compliance efforts.
- Search and findability: Advanced search functionality helps users locate documents quickly, even for large data sets.
- User onboarding and support: Training for key users and dedicated client support help teams get started quickly and reduce friction.
- Flexible storage and user limits: Options for sufficient storage capacity and unlimited users ensure the platform can scale with the size of the deal and number of participants.
| Secure communication during due diligenceAdmincontrol’s VDR allows you to communicate with internal teams, advisors and representatives of the other party, asking and answering questions about business-sensitive matters in a secure environment. Keep up to date and ensure the right information reaches the right person at the right time. Learn more |
|---|
Frequently Asked Questions
Due diligence evaluates risks, value and opportunities for a business transaction, while an audit focuses on verifying financial accuracy and compliance with accounting standards. You may well audit some information during the wider due diligence process.
Due diligence is a broad review of a business for deal decisions, while compliance checks focus specifically on meeting legal and regulatory requirements. These often form part of due diligence to help the buying company understand the potential risks of a partnership with the target company.
Responsibility usually sits with senior management, supported by finance, legal, HR, IT teams and external advisors.
It typically takes a few weeks to several months, depending on the size and complexity of the deal.
A data room is a secure online platform for sharing sensitive documents that helps keep due diligence organised, confidential and efficient.
Before undertaking due diligence, it is important to understand what you need to achieve from the process. This depends on the deal or transaction taking place, whether it is for onboarding, M&A, investments, intellectual property matters or any other kind of function. Mixing hard and soft due diligence will provide a balance of factual and cultural information that will give you a good insight into the target entity. It is also important to maintain confidentiality and data security during the process.
Request a demoReferences and Further Reading
Related Articles
See all posts