Management due diligence

Last updated

Management due diligence is the process of appraising a company's senior management—evaluating each individual's effectiveness in contributing to the organization's strategic objectives. [1]

Senior management, executive management, upper management, or a management team is generally a team of individuals at the highest level of management of an organization who have the day-to-day tasks of managing that organization — sometimes a company or a corporation.

In the field of management, strategic management involves the formulation and implementation of the major goals and initiatives taken by an organization's top management on behalf of owners, based on consideration of resources and an assessment of the internal and external environments in which the organization operates.


Assessing company management is crucial when closing business deals. It can mean the difference between long-term success or sudden failure. It also helps the organisation understand how the teams perform their roles in context with the company's future business plan. This helps clarify the structure of the organisation's work-force. [2] [3] The management due diligence process can be identified as an informative tool for external stakeholders, and can also be referred to as Management Assessment as it addresses the team’s dynamics and highlight the risks. [4]

Management assessment

Management assessment usually focuses on assessing the leadership skills and characteristics of the organisation's managers—such as the ability to adjust to a changing environment [5] and communicate effectively with other individuals. These characteristics are key points in successful leaders. [3]

A leader must consider all factors concerning a strategic decision, such as possible effects on employees and customers. Engaging employees and customers in the decision process helps build better relationships. [6]

Transactions that require management due diligence

Companies typically apply the due diligence process when they are about to engage in a major transaction with another company—such as selling or purchasing products or services, or buying (merging with or acquiring) the other company. [7] Some transactions require a due diligence report that includes managements. [8] Transactions that might require managerial assessments include:

Mergers, acquisitions and strategic alliances

Organizations considering a merger, acquisition or alliance should perform due diligence. This due diligence should investigate the other party's management team. Many mergers and acquisitions fail because of human resources and management-related issues, such as cultural clashes. These incidents occur because of different cultural values or different individual beliefs. [9] To avoid such incidents, and cut costs on the long run, management teams must be assessed thoroughly. [8]


Before organizations signs a partnership contract, they must investigate the other organization’s matters and affiliations, organizational structures, and behaviors. A management due diligence process achieves this.

Joint ventures and collaborations

When forming a relationship with another organizations, management due diligence helps an organization introduce management structure the behavior of individuals. [8]

Management due diligence's responsibility

Not only buyers carry out management due diligence, but also sellers of an organization. Usually, the process of selling an organization or adopting any external growth strategies requires the sharing of warranties. These warranties require private information from the organization—possibly including information and activities that they must shield from the view of third parties. In this case, the seller should carry out due diligence to ensure secure data. [8]


Management due diligence ensures sustainable profit and growth for organisations, as it identifies the human capital components. It ensures that highly skilled people are assigned the correct jobs and responsibilities. [2] It increases the chance of a good return on investment by reducing risk. [4]

Management due diligence identifies strengths and weaknesses of individuals in the management team and assesses their contributions to the organisation. [2] It assesses management team members' abilities to reach common goals. [10]

It identifies undiscovered dangers that eventually affect productivity. These might include unacknowledged motives or personal conflicts between individuals in management. [11] It helps organizations efficiently appraise candidates for a management team position. [10]

Management due diligence gives an organization a basis for expectations for team and individual performance. Accordingly, the organization can determine whether managers need training. [12]


Since management due diligence lies in the financial analysis of a due diligence report, [13] It shares the same process as creating a due diligence report with few variations.


Preparation is key to an effective management due diligence process. In this phase, organizations gain sufficient knowledge about other organizations. This helps them decide on communication methods between them and other entities, in addition to putting resources in place to promote a successful process. After settling those issues, the organization must:

Form a team for the analysis process from skilled people with enough experience. After forming the team, the organization assigns responsibilities and settles on a process timeline. The organization may fill gaps in expertise by hiring or contracting external people.

Involve managers as early as possible as they must get to know the other organization's management team. Early introductions help managers deal with later obstacles.

Create checklists tailored to particular risks associated with the other organization.

Prepare a list of data requests for the information an organization needs to complete the process. [14] Such data could include the business plan's management team section, [15] or management organizational structure. [16]

After negotiations, have both parties sign a confidentiality report to protect sensitive data from third parties. Agree on a method to store all confidential data—for example, an online data repository [14] that both parties can view. [17]


In this phase the organization begins analyzing gathered data. The team tries to confirm the target's representations and "soft" aspects of the target, such as its corporate culture. The team must make sure the other organization fits with its own after assessing their management quality. After gathering all the information, the team advises on whether their organization should continue to work with the other organization.


After the team finishes analyzing the management team, they submit a report to the final decision makers. If the team exposes irregularities or unexpected risks, the organization can bid on contract changes. If everything passes the assessment, team members switch to integration planning. [14]


By performing management due diligence to assess the individuals working in an organization, different aspects must be appraised. The diagram outlines the main aspects that must be evaluated. The four circles in the middle represent the basic qualities that are considered essential for an individual assessment. The bigger circle "Role" represents the duties of the individuals in a certain organization. These duties usually vary from one individual to another depending on the job description of that individual. The biggest circle representing the employing organization is located in a market, making it easy to get affected by various external factors. [2] These external factors are capable of hindering the organization from achieving its strategic goals and long-term objectives, making this a challenge that has to be dealt with. [18]

For the individual assessment to be precise and accurate, it must be done after the organization's requirements have been highlighted and responsibilities of each individual are clear. Having such knowledge helps the business organization overcome future challenges and move closer to strategic objectives. [2]

Key points

Management due diligence needs:

The management team is an asset to any organisation, [19]

Limitations and drawbacks

To assure reliable data, both investor and individuals under assessment must be involved in the feedback process. This can be costly and time-consuming to both parties. Since due diligence can be a detective game, organizations must find individuals who can detect small issues and opportunities. Organizations sometimes bring in outside experts. [14]

The expense of the due diligence process, and the time involved, can be softened by dividing it into two stages. [20] [21] Executives may be so interested in a deal that they ignore identified risks and move ahead—and later suffer from management issues. [14] Information gathering can involve interviewing the management team, but the team may see them as expensive and time-consuming. [7] [22] People doing the analysis might not be familiar with the organization's sector, which can lead to wrong conclusions. [19]

Related Research Articles

Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a multi-step risk management process that identifies assets, threat sources, vulnerabilities, potential impacts, and possible \controls, followed by assessment of the effectiveness of the risk management plan.

Broadly speaking, a risk assessment is the combined effort of 1. identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment ; and 2. making judgments "on the tolerability of the risk on the basis of a risk analysis" while considering influencing factors. Put in simpler terms, a risk assessment analyzes what can go wrong, how likely it is to happen, what the potential consequences are, and how tolerable the identified risk is. As part of this process, the resulting determination of risk may be expressed in a quantitative or qualitative fashion. The risk assessment is an inherent part of an overall risk management strategy, which attempts to, after a risk assessment, "introduce control measures to eliminate or reduce" any potential risk-related consequences.

Audit systematic and independent examination of books, accounts, documents and vouchers of an organization

An audit is a systematic and independent examination of books, accounts, statutory records, documents and vouchers of an organization to ascertain how far the financial statements as well as non-financial disclosures present a true and fair view of the concern. It also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditing has become such a ubiquitous phenomenon in the corporate and the public sector that academics started identifying an "Audit Society". The auditor perceives and recognises the propositions before them for examination, obtains evidence, evaluates the same and formulates an opinion on the basis of his judgement which is communicated through their audit report.

A performance appraisal, also referred to as a performance review, performance evaluation, (career) development discussion, or employee appraisal is a method by which the job performance of an employee is documented and evaluated. Performance appraisals are a part of career development and consist of regular reviews of employee performance within organizations.

SWOT analysis Business model analysis

SWOT analysis is a strategic planning technique used to help a person or organization identify strengths, weaknesses, opportunities, and threats related to business competition or project planning. It is intended to specify the objectives of the business venture or project and identify the internal and external factors that are favorable and unfavorable to achieving those objectives. Users of a SWOT analysis often ask and answer questions to generate meaningful information for each category to make the tool useful and identify their competitive advantage. SWOT has been described as the tried-and-true tool of strategic analysis.

Due diligence legal term

Due diligence is the investigation or exercise of care that a reasonable business or person is expected to take before entering into an agreement or contract with another party, or an act with a certain standard of care.

ISO/IEC 15504Information technology – Process assessment, also termed Software Process Improvement and Capability Determination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.

Feasibility Study is an assessment of the practicality of a proposed project or system.

In business and accounting, information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC include controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called "input-processing-output" controls. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organizations are often led by a Chief Information Officer (CIO), who is responsible for ensuring effective information technology controls are utilized.

Given organizations' increasing dependency on information technology to run their operations, Business continuity planning covers the entire organization, and Disaster recovery focuses on IT.

Committee of Sponsoring Organizations of the Treadway Commission Institute of Management Accountants (IMA)

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative to combat corporate fraud. It was established in the United States by five private sector organizations, dedicated to guide executive management and governance entities on relevant aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. COSO has established a common internal control model against which companies and organizations may assess their control systems. COSO is supported by five supporting organizations: the Institute of Management Accountants (IMA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), and Financial Executives International (FEI).

The term operational risk management (ORM) is defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events. Unlike other type of risks operational risk had rarely been considered strategically significant by senior management.

Governance, risk management and compliance (GRC) is the umbrella term covering an organization's approach across these three areas: Governance, risk management, and compliance. The first scholarly research on GRC was published in 2007 where GRC was formally defined as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity." The research referred to common "keep the company on track" activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

World-Check is a database of Politically Exposed Persons (PEPs) and heightened risk individuals and organisations, used around the world to help to identify and manage financial, regulatory and reputational risk. World Check formed part of the Thomson Reuters Risk Management Solutions suite before being transferred to Refinitiv after a merger deal with The Blackstone Group in October 2018.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

IT risk management

IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:

Human factors are the physical or cognitive properties of individuals, or social behavior which is specific to humans, and influence functioning of technological systems as well as human-environment equilibria. The safety of underwater diving operations can be improved by reducing the frequency of human error and the consequences when it does occur. Human error can be defined as an individual's deviation from acceptable or desirable practice which culminates in undesirable or unexpected results.

Dive safety is primarily a function of four factors: the environment, equipment, individual diver performance and dive team performance. The water is a harsh and alien environment which can impose severe physical and psychological stress on a diver. The remaining factors must be controlled and coordinated so the diver can overcome the stresses imposed by the underwater environment and work safely. Diving equipment is crucial because it provides life support to the diver, but the majority of dive accidents are caused by individual diver panic and an associated degradation of the individual diver's performance. - M.A. Blumenberg, 1996

ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then. It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

Strategic risk is the risk that failed business decisions, or lack thereof, may pose to a company. Strategic risk is often a major factor in determining a company's worth, particularly observable if the company experiences a sharp decline in a short period of time. Due to this and its influence on compliance risk, it is a leading factor in modern risk management.


  1. "Management Audit" . Retrieved 28 October 2014.
  2. 1 2 3 4 5 "Best practice guideline- Due Diligence" (PDF). Retrieved 27 October 2014.
  3. 1 2 "What makes a good manager" . Retrieved 29 October 2014.
  4. 1 2 "Assessment and development- Management Due Diligence" . Retrieved 29 October 2014.
  5. "Senior management" . Retrieved 29 October 2014.
  6. "The Five characteristics of great leaders" . Retrieved 28 October 2014.
  7. 1 2 "What is Due Diligence and how do you perform it?" . Retrieved 23 October 2014.
  8. 1 2 3 4 5 "Meaning of due diligence" (PDF). Retrieved 24 October 2014.
  9. "Merger Due Diligence- The devil in details" . Retrieved 29 October 2014.
  10. 1 2 "Management Due Diligence" . Retrieved 29 October 2014.
  11. "Due Diligence- The management team aspect: who's driving your company" . Retrieved 29 October 2014.
  12. "Performance appraisal for teams" (PDF). Retrieved 28 October 2014.
  13. "Due Diligence" . Retrieved 27 October 2014.
  14. 1 2 3 4 5 "Due Diligence: Main steps and success factors" (PDF). Retrieved 29 October 2014.
  15. "Due Diligence information request" (PDF). Retrieved 30 October 2014.
  16. "Sample Due Diligence request list" (PDF). Retrieved 30 October 2014.
  17. "Virtual Data Room" . Retrieved 29 October 2014.
  18. "External Factors" . Retrieved 29 October 2014.
  19. 1 2 "The most important assets are not on the balance sheet" . Retrieved 31 October 2014.
  20. "PRELIMINARY DUE DILIGENCE (This is the 9th article in the series on M&A)" . Retrieved 30 October 2014.
  21. "Due Diligence in mergers and acquisition" . Retrieved 29 October 2014.
  22. "Interviews" . Retrieved 31 October 2014.