Due diligence refers to the thorough examination of a company before an investment, takeover or partnership takes place. The aim is to obtain a realistic picture of the economic, legal and organizational status of the company - and to identify potential risks or weaknesses at an early stage.
As part of this review, key areas of the company are systematically analyzed, such as finances, contracts, tax issues and ownership structures. The aim is to check whether the assumptions and promises behind an offer are actually correct - and whether there are hidden problems that could jeopardize the deal.
Due diligence therefore creates transparency. It helps to make informed decisions and avoid legal or economic surprises later on. Findings from the due diligence can have a direct impact on the purchase price, contract content or even the decision for or against the transaction. In practice, a simple review often takes four to eight weeks; however, it can take several months for more complex or international deals.
The initiative for due diligence usually comes from the potential buyer or investor. Anyone wishing to invest in a company or take it over completely wants to ensure that all relevant information is available - and that no unexpected risks are lurking in the shadows. Due diligence is a key instrument in securing this decision.
As such an audit covers many different specialist areas - from finance and tax to legal and technical aspects - it is almost never carried out alone. Instead, buyers commission specialized external consultants, such as auditors, tax consultants, lawyers or experts with experience in the sector. Depending on the complexity of the transaction, an interdisciplinary team is put together to jointly analyze and evaluate all relevant documents.
In certain cases - for example in the case of larger company sales - the seller can also carry out vendor due diligence in order to provide potential buyers with structured information in advance. But regardless of which side initiates it: Professional due diligence is now standard for almost all major transactions.
It is difficult to say in general terms how long due diligence takes - it can take anywhere from a few weeks to several months. Several factors are decisive here:
1. company size: The larger the company, the more extensive the documents to be checked - and the more complex the analysis.
2nd industry: In highly regulated or technically demanding industries - such as finance, medical technology or IT - special legal requirements apply. This makes a detailed examination necessary, for example with regard to licensing, data protection, product security or IT infrastructure.
3. transaction structure: Is it a complete takeover, an entry as a minority shareholder or a partnership? The scope of the audit (which areas are audited and how intensively) and the duration vary depending on the objective.
4. risk profile: The higher the perceived risk of an investment, the more precise and detailed the review.
5. data availability: If documents are provided quickly, completely and in a structured manner, this significantly shortens the entire process.
In practice, a simple audit often takes between four and eight weeks. More complex or international transactions, on the other hand, can take several months.
There are basically two types of due diligence: business-related due diligence for new or existing partners - and comprehensive company due diligence, which is used for transactions such as company acquisitions, investments or mergers.
This form of due diligence is particularly relevant for regulatory reasons - e.g. to comply with the German Money Laundering Act (GwG) or international regulations in order to prevent a company with a criminal background or illegal cash flows from being taken over. It is carried out before and during a business relationship and follows the so-called risk-based approach:
The aim of these audits is to identify and avoid potential money laundering or corruption risks - not least to prevent legal sanctions and reputational damage.
As part of M&A transactions (mergers & acquisitions), shareholdings or other investments, the content of a company is examined - often with the support of external experts. This due diligence is typically divided into several specialized areas:
Financial due diligence (FDD) examines the economic situation of a company in detail. It checks whether the figures stated in the company valuation are realistic and comprehensible - such as turnover, profits, liabilities or investments. The aim is to assess the financial stability and earning power of the company and to identify potential risks at an early stage.
Specifically, balance sheets, profit and loss statements, cash flow analyses and budgets are examined. The development of key performance indicators and the plausibility of the business plan are also critically scrutinized. The FDD forms the basis for assessing the value of the company and has a direct influence on price negotiations and contractual safeguards.
Without this check, there is a risk that financial mistakes or liquidity problems will be overlooked - which can later lead to unexpected charges or an inflated purchase price.
Technical due diligence (TDD) examines the structural and technical condition of a company - such as plant, machinery, production equipment or real estate. The aim is to determine the necessary investment expenditure, existing weaknesses and the need for modernization or maintenance.
This audit is particularly crucial for manufacturing companies or in the real estate sector in order to be able to estimate follow-up costs. A separate IT due diligence is often carried out as part of the TDD, which deals with the performance, security and future viability of the IT infrastructure. In times of increasing digitalization, this aspect is essential for many companies.
If this inspection is not carried out, expensive contaminated sites or hidden refurbishment needs can go unnoticed - which can lead to considerable financial and operational challenges after the purchase.
Legal due diligence (Legal DD) analyzes the existing legal framework of a company. The aim is to uncover potential liability risks, contractual problems or ongoing legal disputes. Among other things, employment contracts, tenancy agreements, supply contracts, company law regulations and any trademarks or copyrights are examined.
Compliance is also an important aspect: the audit should ensure that there is no connection to corruption, money laundering or other legal violations - either directly or via third parties in the supply chain. In this way, the LDD protects against legal and reputational risks.
Tax due diligence (Tax DD) examines the tax situation of the target company - both retrospectively and with a view to the planned transaction. The aim is to identify tax risks at an early stage and to avoid legal and economic disadvantages after the purchase, for example due to hidden tax liabilities, incorrect loss carryforwards or ongoing tax audits.
Among other things, tax returns, tax assessments, annual financial statements, balance sheets, current or past tax audits and provisions for tax obligations are examined. Particular attention is paid to discrepancies or potential additional payments - for example due to incorrectly treated VAT, inadmissible depreciation or missed documentation obligations.
If this area is not carefully examined, it can lead to considerable financial burdens - for example, due to subsequent tax claims or a lack of room for maneuver in terms of financing. In addition, omissions can make the subsequent integration of the company more difficult.
Before the actual analysis begins, some organizational framework conditions need to be clarified. As a rule, due diligence is only initiated after a letter of intent has been signed - in other words, a letter of intent in which the basic terms of the purchase between the buyer and seller are set out in advance. Only then are potential buyers given access to internal company information, usually via a digital data room.
The review often starts with a so-called red flag due diligence: selected documents are checked for serious risks that could justify an immediate failure of the deal. Only when there are no grounds for exclusion ("deal breakers") does the detailed analysis of the individual areas begin.
Due diligence is usually initiated by the buyer - often supported by a team of external experts. These include auditors, tax advisors, lawyers, technical experts and M&A consultants. They have the necessary specialist knowledge to provide a sound assessment of all relevant areas of the company. In some cases, the seller also carries out a so-called vendor due diligence in order to provide potential buyers with structured information in advance. In any case, the seller is obliged to provide the requested documents completely and correctly.
The most important milestones in the process include the signing of the LOI (letter of intent), the provision of data by the seller, the red flag check and the actual main check. Once the analysis has been completed, the results are compiled and prepared in a structured report, which forms the basis for further negotiations.
The actual review process is divided into several phases. Each phase builds on the previous one and aims to uncover risks, check assumptions and create a basis for decision-making.
In the first phase, it is determined which areas of the company are to be audited, what the audit objectives are and how in-depth the analysis should go in the respective sub-areas. This strategic preparatory work is often carried out in close consultation with external consultants. At the same time, the operational preparation begins: the buyer or his team of advisors requests all relevant documents from the seller. This includes financial reports, contracts, legal documents, personnel and ESG data (environmental, social, governance) as well as industry-specific evidence. The completeness, structure and quality of the data provided - usually in a digital data room - are crucial for the further process.
Based on the information provided, experts examine all relevant areas of the company - typically finance, taxes, legal structures, technology and organization. IT systems, sustainability practices and corporate culture can also be analyzed. The aim is to identify risks, reveal weaknesses and review key assumptions about the company - such as its business model, financial stability or market position. Findings from this phase are documented and summarized in so-called findings.
As part of enhanced due diligence (EDD), for example in the case of high-risk partners, the following steps are also carried out:
These additional audit measures are required by law if there are increased risks, e.g. due to politically exposed persons (PEPs) or complex ownership structures.
The results of the analysis are summarized in a structured due diligence report and presented to the decision-makers - often using a SWOT model. Based on this evaluation, specific recommendations are made: for example, to confirm the purchase, to adjust the purchase price or for contractual safeguards. In some cases, a recommendation is also made to refrain from the purchase. The conclusion of the due diligence is therefore also the transition to the negotiation phase or the conclusion of the contract.
Even small and medium-sized companies can be exposed to complex areas of risk. It's not just about conspicuous balance sheet items or a lack of profitability - the risks often relate to hidden areas: Have taxes been paid correctly? Are there uncertainties under employment law, old contracts with problematic clauses or impending legal disputes? Compliance issues, such as breaches of data protection or environmental regulations, can also have significant consequences later on.
Many of these risks would hardly be recognizable during ongoing operations - they often only come to light through a targeted examination as part of due diligence. At the same time, it is hardly possible in practice (and often does not make economic sense) to completely rule out every potential weakness. For this reason, it is usually carefully weighed up how much checking effort is appropriate - depending on the transaction value and the acceptable risk.
Discretion is particularly important in this phase. In many cases, employees are not yet aware of the potential sale at the time of the due diligence. For this reason, strict confidentiality agreements apply to all parties involved - a central standard in the due diligence process.
No two due diligence processes are identical - but there are certain topics that are almost always examined. A checklist can help to maintain an overview and ensure that key points are not overlooked in the due diligence process. It is important to note that the list is a guide, not a guarantee of completeness. Depending on the sector, company size and transaction objective, priorities must be set individually. The following is a list of a few documents that can be taken into consideration during due diligence.
Digital tools can support due diligence reviews in many ways - especially when it comes to structure, access and collaboration. Software such as ContractHero makes it possible to store contracts and documents centrally, organize them clearly and find them again quickly. Attachments and links can also be clearly displayed, making it easier to understand complex relationships.
Modern contract management software functions such as full-text search or automatic summaries help to check content in a targeted manner and maintain an overview, especially when dealing with large amounts of data. Flexible, controllable access rights and technical standards such as two-factor authentication and ISO 27001 certification ensure security.
This makes due diligence easier, faster and more efficient.
