9 Critical Areas for Effective Due Diligence

By Jim Grebey
Published: April 10, 2017 | Last updated: March 21, 2024
Key Takeaways

Part 2 of a two part article discusses what constitutes an effective operations due diligence and nine critical areas of focus.


In Part 1 of this article, I described the need for both investors and business owners to perform an operations due diligence and the role of these assessments. In Part 2 we will discuss what constitutes an effective operations due diligence.


When I was writing my book “Operations Due Diligence – An M&A Guide for Investors and Business“, I didn’t realize what a radical idea this would be for some people. Over the past year I have had very few people acknowledge that an effective due diligence includes the need to perform an enterprise risk/operations assessment… until the benefit was explicitly pointed out to them. This is the point when I see the twinkle of understanding come into the faces of my audiences and they have a moment of understanding — “of course, I knew that” — but it’s clear they had never actually made the connection of performing an enterprise wide assessment as part of their due diligence. And here is how I know they had not thought of it as an enterprise-wide assessment.


Generally, when their hands went up in response to my question about what should be assessed beyond legal and financial due diligence and the “Ooo, Ooo, Ooo” started, I found most people picked one particular operations area they felt needed to be assessed. Without the principals of law or accounting to guide them, the requirements of an effective operations due diligence have not previously been very well defined. Some investors look at the management team or the sales pipeline or, if it’s a software company for instance, they have an engineer look at the code. Unlike legal or financial due diligence, an operations due diligence needs to cover a lot of potential risk areas. Most investors perform their operations assessment in an ad hoc manner assessing random areas based on who they currently have on staff or looking just in places where they have had past problems. They send an engineer to look at the source code or a department manager to speak with the management team. This team has rarely been trained to perform a true enterprise risk assessment. Generally they are asked for their opinion of one particular business function or another. When they are asked, universally these investors believe they have performed an operations due diligence. Universally, they have failed and this failure to perform an effective operations due diligence that spans the entire operations infrastructure of the business (the enterprise) is one of the leading causes of M&A failures. An effective operations due diligence should be performed by a Business Analyst with enterprise risk assessment experience whose goal is to assess the operations infrastructure of the business.


To quote one bright young MBA graduate, “OMG, that’s a lot of stuff!” Yes it is, and I am often asked if it can be cut back. Yes it can, but you risk (there’s that pesky risk word again) the opportunity to discover a latent risk or opportunity that could impact the future sustainability of the business. If you are going to bet a large sum of money, maybe it’s worth the time to perform an effective assessment. In our practice we recommend assessing the following nine operations infrastructure areas:


CUSTOMER SATISFACTION: The customer satisfaction infrastructure has to be designed as an integral part of the business and not simply included like a facade over the front door. The customer satisfaction infrastructure defines the role of functions such as product support, requirements definition and quality assurance.

PRODUCTION/SERVICES: The production/services infrastructure defines the methods that will be used for the delivery of all products and services and ensures that this is being done in a safe, compliant and consistent manner capable of bringing all products and services fully to market.

INFORMATION MANAGEMENT: It would be a tremendous understatement to say that all businesses today are information intensive. The information management infrastructure defines the methods for protecting all business data, the electronic tools that form the backbone of the business, printed material and all media that is used to support the business. All personal privacy and security controls need to be assessed here.

SALES AND MARKETING: The sales and marketing infrastructure defines the methods used for everything from pricing and lead flow needed to support the sales pipeline to the methods used to develop new products and markets including the use of competitive and strategic analysis as assessment tools.

ORGANIZATIONAL: The definition of the organizational infrastructure includes the formal and informal structure of the business. It includes the organization chart that forms the command and control structure plus the informal structure that becomes the culture of the business.

PERSONNEL: The personnel infrastructure defines the working relationship between the business and its employees and between employees including the roles and authority of the management team. It defines the benefit strategy and compensation plan plus the procedures for hiring, firing and everything in between.

FINANCIAL OPERATIONS: The financial operations infrastructure forms the framework for all financial operations of the business. It defines all financial authority and controls including AP/AR, payroll, cost account and project management, plus the definition of methods to be used for budgeting and projections.

LEGAL OPERATIONS: The legal operations infrastructure forms the framework for all legal operations of the business. It defines all legal authority, professional licensing and controls needed to support the business on a continuing basis. It defines all activities used to protect the business from legal risk and liabilities and to ensure the compliant operation of the business.

INSTITUTIONALIZED PROCESSES: The institutionalized processes infrastructure includes the definition of all formalized policies, procedures and methods that guide the businesses operations. Methods such as ISO, CMMI, Six Sigma, Enterprise Risk Management (ERM), Lean or Quality Management Systems (QMS) and any areas where the business needs certification to qualify for a market driven process are defined.

Share This Article

  • Facebook
  • LinkedIn
  • Twitter

Written by Jim Grebey | President

Jim Grebey

Jim Grebey is president of Diligent Inc., which provides positioning services for small businesses preparing for a sale and operations due diligence services for investors. He is the author of Moving On — Getting the Most from the Sale of your Small Business, published by DeGruyter, and Operations Due Diligence — An M&A Guide for Investors and Businesses, published by McGraw Hill.

Related Articles

Go back to top