Sharpening the Board’s Focus on M&A Due Diligence

Whether an acquisition is a stand-alone, complementary entity or an integration, the due diligence process is undergoing a paradigm shift due to the higher cost of funding and the impact of failed transactions. Boards should expect a more aggressive focus on due diligence.

How has the due diligence process changed in recent years? For sure, the complexity of certain topics, such as environmental impacts, the supply chain, cybersecurity and data privacy, has increased. When COVID-19-triggered border closings and government lockdowns precluded in-person meetings, the data-gathering process underpinning dealmaking was driven by videoconferencing. That practice continues in the post-pandemic world to increase efficiency, consistent with the high-touch, high-tech hybrid approach so prevalent in business.

But the more important shift is due to cheap money becoming a relic of the past. It enabled buyers to raise funding to execute deals, putting sellers in an advantageous “sellers’ market” whereby they could emphasize speed and competition by limiting the time available for buyer due diligence. As the cost of capital rises, however, sellers’ influence over due diligence wanes and the mergers and acquisitions (M&A) space shifts toward a “buyers’ market,” which allows buyers to exert more control over the scope of the due diligence process. Thus, traditional due diligence has given way to a risk-based approach that considers the higher cost of capital and potential issues that could frustrate the combined entity’s achievement of the value expected from the acquisition. This shift in due diligence is toward a deeper dive into several areas through more focused questions.

In this issue of Board Perspectives, our intention is not to add yet another list of questions to the literature. Rather, our focus is to suggest the most important questions directors should ask during the due diligence process, starting with the fundamental question: what are we buying? With the context provided by answers to this question, we address six areas of interest during due diligence:

  • Supply chain resilience
  • Talent pipeline and retention
  • Environmental, social and governance (ESG)
  • Cybersecurity and data privacy
  • Compliance with laws and regulations
  • Integration effectiveness

In addressing the above areas, it is important to keep in mind the sustainability of the target’s governance plumbing. In this age of disruptive change, unexpected developments are the norm. Over the last two to three years, how has management reacted to unexpected speed bumps? How did they manage a crisis event? Penetrating questions addressing the resilience of the organization in responding to challenging issues and the unexpected can offer transparency regarding the target’s leaders and their values and behavior under fire.

While due diligence focuses on identifying risks, confirming relevant financial information and other facts, verifying or identifying critical deal points, reviewing existing contracts, and establishing a road map to address a transaction’s core issues via integration or separation planning, there are important questions and activities pertaining to the above areas that are germane after the deal is completed. These questions present opportunities for post-acquisition follow-up. We explore some of these questions in a supplement to this issue of Board Perspectives:

(Board Perspectives — Issue 175)

Listen to our Board's Perspectives podcasts, which provide practical insights and guidance for new and experienced board members alike.

We want to hear from you!

What topics would you like to read about in the coming months?

Let us know

Click here to access all series

Learn More


David Haufler
David leads Protiviti’s Transaction Services practice. As a Managing Director at Protiviti, David is accountable for the firm’s M&A thought leadership, methodology, tools, core alliances, strategic partnerships and our global market strategy. He has over 30 years of ...
Torin Larsen
Torin leads Protiviti’s Cybersecurity practice in the Pacific Northwest. He has over 18 years of consulting experience, and has extensive experience working with high tech, retail, telecommunications, and software companies.Major ProjectsActed as a Virtual CISO for a ...