What Are the Due Diligence Requirements?

Due diligence is the process of investigation and analysis undertaken to verify information and assess potential risks before a significant business transaction. It is a comprehensive examination of a company or investment to confirm material facts and uncover hidden liabilities. The objective is to provide the acquiring or investing party with a clear understanding of the target, enabling an informed decision. This inquiry extends beyond financial statements to all aspects of a business, helping to validate information, identify potential red flags, and gain a stronger negotiating position while mitigating the risks of major financial commitments.

Key Areas of Investigation

Financial Due Diligence

Financial due diligence analyzes a company’s economic health and the sustainability of its earnings. A Quality of Earnings (QoE) analysis adjusts reported earnings for non-recurring items to clarify historical performance. The investigation also verifies revenue streams by examining customer contracts and sales data.

The balance sheet is reviewed for unrecorded debts or contingent liabilities, while assets are assessed for issues like obsolete inventory or uncollectible accounts receivable. A review of cash flow statements helps to understand the company’s liquidity and its ability to fund operations. Tax compliance is also checked to ensure all obligations have been met and to identify any potential for future penalties.

Legal Due Diligence

Legal due diligence investigates a company’s legal standing and potential liabilities. This process reviews the corporate structure, including articles of incorporation and bylaws, to confirm the company is in good standing. Material contracts with customers, suppliers, and partners are examined for restrictive covenants or change-of-control provisions.

An investigation of any ongoing, pending, or threatened litigation is conducted to assess its potential financial and operational impact. The ownership and validity of intellectual property, such as patents, trademarks, and copyrights, are verified. Compliance with all applicable laws, from environmental to industry-specific rules, is also scrutinized for past violations that could result in fines.

Operational and Commercial Due Diligence

Operational and commercial due diligence focuses on a business’s internal workings and its market position. This analysis assesses the competitive landscape, including market share, competitors, and industry trends. The customer base is examined for diversity and stability to identify any over-reliance on a few clients.

The company’s sales and marketing strategies are reviewed to understand how it generates revenue. The reliability of the supply chain is evaluated by reviewing supplier agreements and assessing disruption risks. Internal processes are also evaluated for efficiency and scalability to identify any bottlenecks that could hinder growth.

Human Resources and IT Due Diligence

Human resources due diligence concentrates on employee-related liabilities and the company’s workforce. This involves reviewing employment contracts, especially for executive change-of-control provisions. Compensation and benefits plans are analyzed for their financial impact and regulatory compliance. Workplace culture, employee turnover, and labor dispute history are also assessed to identify potential integration challenges.

IT due diligence assesses the company’s technology infrastructure and its ability to support current and future operations. This includes a review of software systems to ensure they are up-to-date and properly licensed. The hardware infrastructure is evaluated to determine if significant capital expenditures will be required post-transaction. Cybersecurity risks are also assessed by reviewing security policies, incident response plans, and any history of data breaches.

Information and Documentation to Request

Financial Documents

To conduct a financial review, the following documents are requested:

• Audited financial statements for the past three to five years
• Internal monthly or quarterly financial reports for the last two to three years
• A complete copy of the company’s general ledger
• Tax returns filed for the past three to five years, along with correspondence with tax authorities
• Detailed schedules of all assets and liabilities, including accounts receivable aging and inventory listings

Legal and Corporate Records

The legal due diligence process requires access to these records:

• The company’s articles of incorporation, bylaws, and minutes from board and shareholder meetings
• A complete list of all subsidiaries and affiliated entities
• Copies of all material contracts, including customer, supplier, loan, and lease agreements
• Documentation for all intellectual property, such as patent filings and trademark registrations
• A summary of all ongoing or threatened litigation

Operational and Commercial Information

Understanding the business’s operations requires specific information:

• A list of the top customers by revenue for the past three years
• A list of the top suppliers to assess supply chain dependencies
• Information on products or services, including pricing models and sales pipeline reports
• Organizational charts and descriptions of key operational processes
• Any available market research, competitive analyses, or strategic plans

Human Resources and IT Documentation

For HR and IT analysis, the following documentation is needed:

• A complete employee census with job titles, salaries, and start dates
• Copies of employment agreements, employee handbooks, and collective bargaining agreements
• Details on all employee benefit plans, including insurance, retirement, and executive compensation
• A comprehensive inventory of all IT assets, including hardware and software licenses
• Documentation of cybersecurity policies, disaster recovery plans, and past security audits

The Due Diligence Process

Initial Phase

The due diligence process begins after a letter of intent is signed. The target company establishes a virtual data room (VDR), which is a secure online repository for requested documents. The seller’s management team is responsible for gathering and uploading this information into the VDR for the buyer’s team to review.

Review and Analysis Phase

Once the VDR is populated, the buyer’s team of advisors begins its review. Accountants, lawyers, and industry experts work through the documents, cross-referencing information. As the review progresses, the buyer’s team compiles lists of follow-up questions and additional document requests. This iterative process of review and response is the core of the analysis phase.

Management Interviews and Site Visits

Direct interaction with the target company’s leadership is also important. The buyer’s team will schedule interviews with key members of the seller’s management to ask follow-up questions. Site visits to the company’s primary locations allow the buyer to observe physical assets and daily operations firsthand, providing context for the reviewed documents.

Reporting Phase

The final stage is the synthesis of all findings into a comprehensive report. The advisory teams prepare summaries of their findings, highlighting key risks, liabilities, and potential opportunities. These are consolidated into a single due diligence report that will outline any “red flags” and provide the foundation for the final negotiations of the purchase agreement.

Specific Regulatory Due Diligence Mandates

Tax Preparer Due Diligence

Certain professions are subject to legally mandated due diligence. Paid tax preparers must adhere to specific obligations enforced by the Internal Revenue Service (IRS) when handling certain tax benefits with a higher potential for error. These benefits include:

• The Earned Income Tax Credit (EITC)
• Child Tax Credit and Additional Child Tax Credit
• Credit for Other Dependents
• American Opportunity Tax Credit
• The head of household filing status

The IRS requires preparers to complete and submit Form 8867, Paid Preparer’s Due Diligence Checklist, with any return claiming these benefits. The preparer must not know that any information used is incorrect. Failure to meet these standards can result in a penalty of $635 per failure for returns filed in 2025, in addition to potential suspension from practice before the IRS.

Financial Institution Due Diligence

Financial institutions operate under mandates designed to combat money laundering, rooted in the Bank Secrecy Act. These are often called “Know Your Customer” (KYC) and Customer Due Diligence (CDD) rules. The principle is that banks must take steps to verify the identity of their customers and understand their banking activities.

The CDD rule requires institutions to establish risk-based procedures to know the true identity of each customer. This involves collecting and verifying identifying information like name, address, date of birth, and a taxpayer identification number. While these rules require institutions to understand their customers, federal requirements for reporting a company’s “beneficial owners” were narrowed in 2025, with reporting now focused on foreign entities registering to do business in the U.S. The purpose of these overarching rules is to prevent individuals from using the financial system for illicit purposes and to enable law enforcement to investigate and prosecute financial crimes.