Due diligence – weaknesses
- This topic has 6 replies, 7 voices, and was last updated 5 months, 2 weeks ago by
.
-
Posts
-
Due diligence allows the buyer to access to a wide range of information about the target company. Which topics do you think can not be properly addressed and which risks not fully evaluated or identified during due diligence process?
The biggest weakness to due diligence is not having a complete requirements list for each functional area who are participating in the diligence. This allows you and the seller to be working off of on document and the seller knows that the asks are and you have a tracking tool for what has been received and what is still outstanding. This can also help you track the percentage of completion and any follow-up questions your teams might have.
Assuming we’re talking about pre-acquisition due diligence, there are definitely limitations when it comes to evaluating the target company’s IT environment.
For starters, there’s often a natural reluctance from the target’s IT team to provide detailed infrastructure or security information. That hesitation isn’t misplaced. Disclosing too much can pose legitimate security risks, especially if the deal doesn’t go through. So what you typically get is a high-level view, maybe some architecture diagrams, licensing summaries, and general system overviews—but rarely enough detail to assess operational maturity or technical debt with confidence.
Another common blind spot is fragmentation within the target’s IT function. If the organization is decentralized or operating under a business unit model, not all IT personnel will be looped into the due diligence process. This leads to gaps in responses, and sometimes critical environments or legacy systems aren’t even identified until post-close.
Risks I’ve seen that are often under- or un-evaluated during IT due diligence include
– Unsupported or end-of-life infrastructure (especially at remote or acquired sites)
– Hidden custom applications or integrations that aren’t centrally tracked
– Shadow IT—SaaS tools or third-party services used outside formal IT control
– Overstated licensing positions (e.g., compliance issues masked by manual tracking)
– Incomplete or nonexistent DR/backup processes
– Security vulnerabilities or poor identity governance that aren’t disclosed unless there’s a formal auditTo mitigate this, I’ve found value in creating a post-close discovery phase as part of the integration plan. In this we revisit IT assessments in a structured way with full access. It’s essentially due diligence 2.0, but with fewer restrictions and better visibility.
One of the risks that is difficult to be evaluated is how certain Key Staff members might react on the acquisition.
Certainly in smaller companies, the company might be very depended on a few Key Staff members (Sales Managers).
If they leave they could also take with them a certain customer base and go to another competitor.Hello,
I agree with your perspective of Due Diligence, I feel like sometimes is lack of experience of the companies hired to the job and the internal team themselves, but I also agree that there is always a risk on the evaluations and how sudden world changes is impacting all these operations.Absolutely agreeو having a comprehensive, well-structured requirements list is foundational to effective due diligence. Without it, teams risk misalignment, missed information, and duplicated efforts. A centralized tracking document not only streamlines communication between buyer and seller but also ensures accountability and transparency across all functional areas.
I think frequently some firms do not conduct due diligence for some functions such as IT, HR, tax, operations and others and they focus only on financial findings or market shares objectives. This can certainly occur at hostile takeovers where the acquirer by default cannot have access to due diligence but it is a large mistake if it also happens in a friendly takeover. The risks associated with the lack of due diligence in side functions are that there may lie a major drawback for the integration and the success of a merger, e.g. a high dependence of an IT provider or a supplier that may be discontinued after the merger which may cause a major business damage. Another example is a large hidden tax liability etc.
- You must be logged in to reply to this topic.