by Eugene A. Razzetti
The decision to put together a major purchase, merger, acquisition, or investment should come only after a comprehensive and structured process of what is rightly called “due diligence” that’s custom tailored for the undertaking. Many mergers and acquisitions succeed, but a great many more fail for lack of suitable research or preparation. Perform a due diligence audit and you will have done your best—regardless of the outcome.
This article is adapted from my book Fixes That Last—The Executive’s Guide to Fix-it or Lose it Management (AuthorHouse, 2010). I hope that it will help both managers and auditors.
Due diligence can be defined as “investigation by or on behalf of an intended buyer of a business to check that it has the desired assets, turnover, profits, market share positions, technology, customer franchise, patents and brand rights, contracts, and other attributes required by the buyer or claimed by the seller.” It means, essentially, to make sure that all the facts regarding an organization are available and have been independently verified. In practice, designated due diligence personnel (e.g., a team of financial, technical, and/or legal experts) review and analyze all operative documents, interview key personnel, and report their findings prior to making the required decision(s).
Here are eight focus areas when planning due diligence audits. Build the audit around them, whether you are the auditor or the auditee.
Preparation on both sides
The organization receiving the due diligence audit should appoint a single due diligence coordinator. Coordinators interface with all outside due diligence teams, collect materials requested, and oversee the activities which make up the due diligence audit process. Coordinators give their team the big picture: Why is the company raising funds? Who are the investors? How will the future of the firm (and their personal futures) look if the investor comes in? Both employees and management must treat this as a top priority. They must be open, truthful, and forthright. They must know the due diligence coordinator and the company’s spokesman in the due diligence process.
The organization performing the due diligence audit has a task very similar to conducting any other type of audit. In fact, it may be less complicated just to think of the due diligence process simply as auditing.
Due diligence in the marketing plan
Marketing plans require due diligence from the creator and the auditor. They must be more than just accurate. They must be truthful and candidly reflect the state of the organization, its products, and services, and should include:
- A brief history of the business (to show its track performance and growth)
- Points regarding the political, legal (licenses), and competitive environment
- A vision of the business in the future
- All products and services and their uses
- Comparison of the organization’s products and services to those of its competitors
- Warranties, guarantees, and required after-sales service
- Development of new products or services
- A general overview of the market and market segmentation
- Whether the market is rising or falling
- Whether the products or services satisfy the needs for which they were developed
- Which markets segments do they concentrate on and why
- What factors are important in the customer’s decision to buy (or not to buy)
- A list of direct competitors and a short description of each
- The strengths and weaknesses of the competitors relative to the firm
- Missing information regarding the markets, the clients, and the competitors
- Planned market research yet to be performed
- Sales forecast by product groups
- The pricing strategy and justification
- Promotion of the sales of the products, including a description of the sales force, sales-related incentives, sales targets, training of the sales personnel, special offers, dealerships, telemarketing, and sales support
- Marketing and advertising campaigns (including cost estimates) broken by market and by media
- Distribution of the products
- Customer after-sales service (hotline, support, maintenance, complaints, upgrades, etc.)
- Customer loyalty
Legal due diligence
Legal due diligence auditing should include:
- The full name of the organization
- The ownership of the organization
- Applicable court registration documents
- Copies of all protocols of the board of directors and the general assembly of shareholders
- Signatory rights backed by the appropriate decisions
- The charter (statute) of the firm and other incorporation documents
- Copies of licenses granted to the firm
- A legal opinion regarding the above licenses
- A list of lawsuits that were filed against the organization and those that the firm filed against third parties, plus a list of disputes which are likely to reach the courts
- Legal opinions regarding the possible outcomes of all the lawsuits and disputes including their potential influence on the firm
Financial due diligence
Financial due diligence should include (as applicable):
- The last three years’ income statements
- Balance sheets
- Income statements
- Cash flow statements
- Financial audits
- Cash flow projections and the assumptions underlying them
Due diligence and internal controls
Credible organizations are the product of comprehensive and meaningful internal controls. An effective due diligence audit of these controls should assess not only the products of the controls (e.g., records and reports), but also their sufficiency and comprehensiveness and the level of importance and relevance attached to them by the organization. An organization that allows internal control processes to slide or does not take action on problems surfaced by the controls deservedly loses its credibility.
Internal organizational controls that should be assessed in due diligence audits include (as applicable):
- Accounting system(s)
- Methods to price products and services
- Payment terms, collections of debts, and aging of receivables
- Introduction of international accounting standards
- Monitoring of sales
- Monitoring of orders and shipments
- Keeping of records, filing, archives
- The cost accounting or activity based costing system
- Budgeting and budget monitoring and controls
- Internal audits and external audits (scope, frequency, and procedures)
- Bank or creditor reports
Engineering due diligence
You may require some specialized experience, expertise, or certification when assessing an organization’s engineering or technological posture. Engineering assessments are often critical and should include (as applicable):
- Technical and/or manufacturing processes (hardware, software, communications, other)
- Technology transfer and licensing requirements
- The status of the quality management system (e.g., ISO 9001)
- Competence, training, and awareness required by employees
- Quality of suppliers, subcontractors, or other outsourcing
- Adequacy of resources, facilities, and general infrastructure
- Internal and external communications
- Raw materials, sources, costs, and quality
- Import restrictions or licensing (where applicable)
- Sites and technical specification
- Environmental management vs. environmental compliance
- Compliance with applicable OSHA requirements
- Leases and special arrangements
- Integration of new operations into existing ones
- Capacity for growth or expansion
Due diligence and the business plan
A potential client once e-mailed me that she needed to submit a business plan to get a loan, and asked if I would write one for her. Suspecting that there was little already there by way of documentation, I suggested to her (as I am now doing to you) that a business plan is little more that selected pieces of the strategic plan and some other meaningful operating documents. My suspicions were confirmed. I was being asked to showcase a nonexistent strategy, which I could only do by creating something that had no basis in fact and in no way represented the actual intentions of the potential client or the planned operations of the organization. Instead, I prepared a checklist much like that presented here and left it with her, suggesting that if she did everything it specified, she would eventually have a credible business plan, a more robust organization, and no immediate need to hire a consultant. I did not tell her that she was attempting to violate my personal code of ethics, because I don’t think that she realized it.
Any organization intending to attract outside investment must present a comprehensive, credible, business plan. Here is part of the checklist I use when conducting due diligence audits of business plans.
- Has the organization a clear vision statement?
- Has the organization a clear mission statement?
- Has the organization developed clear and formal goals and objectives?
- Are the objectives quantified in terms of rate of return, growth, market share, product, or service?
- Have measurements been identified for these objectives?
- Are there clear and functioning objectives for each operation in the organization?
- Is the organization planning to expand?
- Has management identified critical success factors?
- Does the clear and formal business plan include:
- Description of the business
- Market definition
- Competitive analysis
- Management overview
- Key personnel plan
- Key financial data, including projections
- Cash flow analysis and break-even analysis
- Risk identification and assessment
- Are threats, vulnerabilities, and criticalities identified?
- Are corrective courses of action developed?
Financial planning and control
- Are annual budgets prepared and are they consistent with the objectives of the organization?
- Are individual functional managers responsible for preparing their own sections of the budget?
- Do the assumptions consider:
- Changes that may affect revenues or costs
- Staffing requirements
- Market trends
- Sales mix
- Contribution by product or service
- Does financial reporting provide:
- Comparisons of plans to actual
- Basic reports, including balance sheets, income statements, and sources or uses of funds
- Percentages of revenue for major items
- Statistics and ratios that focus attention on critical success factors
- Measures of profitability by product, product group, customer group, geographic area, or sales region
- Are reports produced on a regular basis and in a timely manner?
- Are variances documented and plans adjusted accordingly?
- Is cash flow monitored on a routine basis?
- Is there linkage between budgets and cash flow analysis?
- Does the organization have an adequate credit line?
- Has the organization made adequate use of leverage?
- Are financial monitoring systems in place to assist functional managers?
- Does the company have sufficient numbers of qualified personnel at all levels to function in:
- Marketing and sales
- Research and development
- Human resources
- Do managers have the appropriate background and skills to oversee these functions?
- Are the organizational structure and reporting lines defined?
- Are job descriptions and responsibilities identified?
- Does the organization use procedures manuals?
- Are managers given authority for decisions and accountability for the results?
- Are individuals aware of their duties and responsibilities?
- Is there a well-understood mechanism for employee-manager feedback and communication?
Due diligence, the auditor, and fraud
We cannot leave a discussion about due diligence without including something about fraud and the very real possibility that your auditors, although they may not expect to, may find it anyway. Let’s first consider two pertinent definitions:
- Fraud is an act designed to deceive or mislead another party. Frauds can be actual (i.e., deliberate) or constructive (i.e., not intentional).
- Management fraud is deliberate fraud committed by management that misleads and/or injures stakeholders (e.g., employees, investors, creditors) through materially misleading financial statements.
Auditors routinely find evidence of fraud in areas or processes such as:
- Inventory and warehousing
- Billing and purchasing
- Property or facilities management
- Retail sales
- Raw materials procurement
- Recycling and waste disposal
- Contracting and contract management
- Internet use
- Automatic data processing
You can undoubtedly add others based on your own experiences.
Due diligence auditing–Summary
I commanded two large shore activities while serving in the U.S. Navy. Due diligence auditing at the start of both assignments revealed the following (and saved my neck):
- Contracting officers working in collusion with suppliers and receiving kickbacks
- Use of government vehicles for personal transportation
- Unauthorized car rentals for weekend vacations by civil servants
- Sales revenues deposited in personal bank accounts
- Goods being sold that had never been entered into the store’s inventory
- Customers with their own pencils changing price tags on television sets
- Personnel living in government housing whose military enlistments had expired
- A bill processor creating false invoices and then mailing them to himself for payment
- Sales clerks dropping articles of jewelry into their handbags
- Charging labor or materials to the wrong accounts
Due diligence? Just “due” it!
About the author
Eugene A. Razzetti, CMC, retired from the U.S. Navy as a captain in 1992, a Vietnam veteran, and having had two at-sea and two major shore commands. Since then, he has been an independent management consultant, project manager, and ISO auditor. He became an adjunct military analyst with the Center for Naval Analyses after September 11, 2001. He has authored two management books and co-authored MVO 8000, a corporate responsibility management standard, and is an adjunct lecturer on strategic management and ethics at Argosy University. He is a certified management consultant with the Institute of Management Consultants and has served on boards and committees dealing with ethics and professionalism in the practice of management consulting. He is a senior member of the American Society for Quality and recently assisted the government of Guatemala with the ISO 28000 certification of its two principal commercial port facilities. He can be reached at www.corprespmgmt.com or email@example.com.