No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Ethics

Auditing the Due Diligence Process

by Dr. George Aldhizer & Michael Bechara
May 16, 2018
in Ethics, Internal Audit
Markit Launches CRS Due Diligence Solution

This post was originally published in 2011 and was updated in 2018.

This article presents a framework for auditing merger and acquisition (M&A) pre-acquisition, post-acquisition and sell-side due diligence. Given its tendency to be overshadowed by the more exciting aspects of the M&A process – such as who will head the acquired operation and which offices and facilities will be expanded and which will be closed – internal auditors can contribute significant value by ensuring that a vibrant due diligence process is in place and operating as intended. A rigorous audit of the M&A due diligence process can help companies take advantage of legitimate new business opportunities, while at the same time help minimize the risks.

Making the case for auditing the due diligence process can be awkward for an internal audit function that has not previously done so. Strong relationships with the audit committee and management are a key factor, as well as the reputation of the internal audit department itself. If these two items are lacking, it will be difficult to obtain buy in for auditing the due diligence process or any other new area for that matter. Moving forward we will assume that both of these factors are in place.

Pre-Acquisition Due Diligence

The audit of the due diligence process should begin with the assurance that a senior management champion has been explicitly identified. This individual should assist with management buy-in for the due diligence process and facilitate communication of key issues across all functional areas potentially affected by a new acquisition such as business process owners, legal counsel, the board and its committees, and outside consultants.

Internal audit also should ensure that robust accounting and internal control due diligence checklists exist and have been tailored to address unique risks associated with a prospective subsidiary.

For instance, an accounting due diligence checklist should efficiently and effectively address the following key issues: earnings quality, asset quality, potential for unrecorded or understated liabilities, financial statement projection evaluations, cash flow concerns and fraud due diligence.

An efficient and effective internal control due diligence checklist (based on the COSO Enterprise Risk Management (ERM) Cube, 2004) should assess: a prospective subsidiary’s control and risk mitigation posture relative to acquiring company expectations; whether unmitigated key business risks such as the absence of a repeatable financial institution Allowance for Loan Loss methodology may adversely influence the acquisition decision; the estimated effort required to implement missing controls as a factor in establishing the acquisition price; the compatibility of legacy and outsourced systems with acquiring company systems; and the impact of the subsidiary’s control posture on post-acquisition due diligence.

Post-Acquisition Due Diligence

Pre-acquisition due diligence may miss important issues, especially when it is conducted in a competitive environment in which the acquiring company has only a few days to access financial records and key personnel.

Thus, it is possible for the buyer to overlook fraudulent financial reporting and material weaknesses in internal control. An audit of the post-acquisition due diligence process can help compensate for such risks by providing early identification of unmet initial business plan goals which may allow the acquiring company to take corrective action before substantial losses are incurred.

Critical components of an effective post-acquisition due diligence process should include: a transition manager; business process and control experts; an initial comprehensive business process; and control review and an annual rated audit.

Each new subsidiary should be assigned a transition manager who joins the subsidiary on a full-time basis for several months. The transition manager should be a financial expert who works closely with the subsidiary’s CFO to provide direct assistance with on-site integration including implementing the acquiring company’s culture and act as a liaison with senior management during the integration. Transition managers should not be directly involved in running the business to maintain their objectivity with respect to the integration. They also should receive formal training.

Business process and control experts should have the primary responsibility for integrating the various infrastructure processes such as accounting, finance, IT, procurement and contract management. One or more business process and control experts should be assigned to each new subsidiary depending on the specific infrastructures that need to be integrated.

Within the first 30 to 60 days after an acquisition, the subsidiary should undergo a comprehensive business process and control review. This initial review should be considered an “assist visit” from internal audit. The intent of this visit is to give management of the new subsidiary a “roadmap” of the controls and process changes that need to be implemented to bring the company into alignment with the parent company’s controls, culture and reporting requirements.

Throughout the first few months after acquisition, the business process and control experts and transition manager should employ a supportive, consultative approach toward the new subsidiary with a focus towards implementing the items detailed in the roadmap.

Prior to the end of the fiscal year, the new subsidiary should undergo its first rated audit. A rating of satisfactory or unsatisfactory should be given, based on whether the roadmap’s recommendations have been implemented.

An unsatisfactory rating should be examined closely. If serious process and control deficiencies were identified from the prior review(s) that need an extended time period to fully remediate (i.e. a new accounting system), then this should be taken into account. If control deficiencies have been left to languish, then this could result in the loss of jobs within the subsidiary’s senior management.

Sell-Side Due Diligence

When acquisitions do not work out, due diligence on a subsidiary prior to offering it for sale should be considered. This is especially important if the subsidiary received minimal pre-acquisition or post-acquisition due diligence.

When a company is not completely familiar with a subsidiary, “surprises” may still exist. Potential buyers who discover these surprises during their pre-acquisition due diligence may walk away from the deal or demand a substantial price reduction.

Once the marketplace becomes aware of these aborted deals, it may be more difficult to sell the subsidiary at a reasonable price. In extreme cases, a company’s reputation for impeccable business ethics may be tarnished.

Sell-side due diligence is similar to pre-acquisition due diligence. In general, a buy-side due diligence mindset is needed.

Sell-side due diligence should result in two primary deliverables to management: a due diligence report that identifies issues and exposures that could substantially affect the sales process and final sales price; and recommendations to help mitigate the above exposures.

Conclusion

Internal auditors can assist their companies in ensuring a strong due diligence process is maintained in all its forms: pre-acquisition, post-acquisition and sell side. A strong due diligence process is critical to ensure the acquirer is fully aware of all aspects of the deal and provides access to vital intelligence that is used to negotiate the final price and integrate the new subsidiary more effectively.


Tags: Due DiligenceInternal ControlsMergers and Acquisitions
Previous Post

Account Takeover is on the Rise: Is your Company Ready?

Next Post

Incorporating New Technologies into Your Archiving to Meet MiFID II, GDPR Requirements

Dr. George Aldhizer & Michael Bechara

Dr. George Aldhizer & Michael Bechara

dr. george aldhizer of wake forestAbout the Authors Dr. George Aldhizer, PricewaterhouseCoopers Professor, joined the Wake Forest University business faculty in July 2001. He currently serves on the Institute of Internal Auditor’s (IIA) International Board of Research and Education Advisors (BREA/CREA) and is a member of the Allegacy Federal Credit Union’s Audit Committee. For his complete bio, follow the link to Dr. Aldhizer’s author page.
Michael Bechara Managing Director of Granite Consulting Group Inc.Michael Bechara is managing director of Granite Consulting Group Inc. and the principal author of The Weekly Reconciliation blog (www.weeklyrecon.com). Michael advises clients on profitability, risk assessment, accounting, and post merger integration issues. Recent client success stories have come in the form of greater profitability, process improvement and transfer of technical knowledge to the client. Advising executives and board members on corporate governance, risk and financial management concerns also occupies much of his time. For his complete bio, follow the link to Michael’s author page.

Related Posts

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

joining forces

Why ESG Programs Should Make Internal Audit an Ally

by Kapish Vanvaria
November 30, 2022

Recent research shows internal audit functions are rarely involved in setting strategy for ESG or even in reviewing how goals...

The 1-Day CFO: A Lesson in the Danger of Shoddy Due Diligence at the Executive Level

The 1-Day CFO: A Lesson in the Danger of Shoddy Due Diligence at the Executive Level

by Candice Tal
August 24, 2022

As Moderna’s CFO-for-a-day gaffe illustrates, effective due diligence is equivalent to regular preventive care, something you’d think a pharma giant...

Next Post
Communication Tools

Incorporating New Technologies into Your Archiving to Meet MiFID II, GDPR Requirements

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT