Generic filters
Filter by Standorte
Filter by Funktionen
Generic filters
Filter by Standorte
Filter by Funktionen

Successfully master due diligence

Due diligence translates as required or appropriate care, whereby in the M&A context it is a risk assessment. It is usually carried out prior to a company takeover or merger. The aim here is to make the risks of the purchase quantifiable for the investor or the buyer in M&A transactions. After all, the investor wants to know exactly how profitable and sustainable the targeted object is and whether the purchase price in question is justified. Subsequently, the identified risks have to be managed in the post-merger integration.

1. What types of due diligence are there?

In the area of ​​due diligence, a distinction is made between the following forms:

  • Financial due diligence: It is the focus of the examination and relates on the most important financial figures.
  • Tax Due Diligence: This is about the tax implications of the purchase or transaction.
  • Commercial Due Diligence: Here experts look at competitive factors to determine the to examine the future viability of the company. These include unique selling propositions, market shares or the viability of the business model.
  • Legal due diligence focuses on the legal framework of the transaction.
  • Technical due diligence plays a major role in manufacturing companies.
  • Operational Due Diligence aims at processes and structures of day-to-day business.
  • HR Due Diligence looks at the effects on the existing staff.
  • IT Due Diligence analyzes the complete IT structure including software and hardware as well as all IT processes.
  • Environmental Due Diligence looks at risks, obligations and dependencies in relation to the environment.
  • Insurance Due Diligence evaluates the risks in relation to existing insurance for a transaction.
  • Intellectual Property Due Diligence: The focus here is on intangible assets such as patents.
  • Integrity Due Diligence (or Compliance Due Diligence) aims to identify of compliance risks.

2. due diligence – the status quo

In the past, due diligence focused primarily on the company’s value, potential and risk.

At the end of the audit, there is a comprehensive report that lists the strengths and weaknesses of the company, while also addressing the opportunities and risks. Here, the risks – depending on the industry – can be very different. For example, when acquiring a food company, past hygiene deficiencies may be a critical warning sign. In the case of a chemical company, it may be environmental risks.

The IT infrastructure as well as the analysis of the skill set of the employees are becoming increasingly important.

3. IT due diligence is becoming increasingly important

Modern business models can no longer do without IT. Therefore, IT due diligence is becoming increasingly important. This is not only relevant when it comes to a takeover. Every company should regularly and critically review its own IT as part of due diligence. This is the only way to know the status quo at all times. Only then does it become clear whether the IT strategy is consistent with the overall corporate strategy.

IT due diligence distinguishes between software due diligence and technology due diligence. It is about questions of systems, structures, processes, resources and security. Standard systems, such as the ERP system, are scrutinized as well as security systems or the architecture of the servers. In addition to the hardware and software, the intangible resources should also be checked.

During IT due diligence, the auditors also throwa look at the IT staffing and the competencies within the teams. Because only motivated employees with the right skills can successfully master projects. After all, the shortage of skilled workers is a critical factor, especially in the IT industry. Last but not least, the topic of data protection and compliance with it is examined in detail.

4. Who performs the due diligence?

The due diligence is carried out by independent experts. These can be – depending on the topic – auditors, technical experts, management consultants or lawyers. In the context of IT due diligence, IT experts, such as digatus, are involved to contribute their expertise.

5. Due diligence checklists

Inspectors usually work with checklists during due diligence so that no aspects are overlooked. Checklists help to successfully master due diligence. They are broken down into the following aspects, for example:

1. Basic data on the company, such as articles of association and articles of association or excerpts from the commercial register
2. Finances: Current financial figures, bank statements and financial and investment planning for the next three years
3. Marketing & Sales: Information on the marketing and sales strategy including current measures and the customer structure
4. Organisation: information on management, controlling and reporting
5. Operating facilities: List of all buildings, facilities and tangible and intangible assets
6. Human resources: Information on employees, contracts, planned hiring, terminations, agreements with the works council, etc.*

*This list is just a few examples. Due diligence checklists are of course much more extensive.

6. The most important steps to successful due diligence

For due diligence to succeed, it is important to proceed according to a structured plan. Of course, every process looks different in detail. But a structure helps to focus on the most important steps.

First step:

The commissioned auditors use freely available information to form a picture of the company. The Internet is also an important source of information in this process. All information is collected centrally in a data room.

Second step:

The available information is collected, structured and prepared for an initial assessment. All points that are identified as “red flags”, i.e. critical warning signs, are examined in more detail. This requires further research and internal company information.

Third step:

In a detailed due diligence analysis, experts put individual subsections through their “paces” and then submit detailed reports.

Fourth step:

In the final step, the auditors provide a comprehensive assessment on the risks of the transaction. In addition to the risks, the report also includes the opportunities that arise with the acquisition. In addition, the strengths and weaknesses of the company are listed.

7. Simplified and extended due diligence

With due diligence, a distinction is made between simplified and extended due diligence. For a young, exclusively national company with few employees, the simplified due diligence is probably sufficient. However, extended due diligence is always appropriate for a multinational corporation with many business areas. In addition, extended due diligence makes sense in the following cases:

  • Anomalies in the balance sheet,
  • In the case of close relationships with politically exposed persons,
  • if the registered office is in a tax haven, and/or
  • if money laundering is suspected.


Due diligence plays a fundamental role in the area of corporate acquisitions. No investor should enter into a transaction without having a clear picture of the risks involved. The larger the takeover target, the greater and more complex the risks usually are. But even with small companies, a careful examination is elementary before the purchase agreement can be signed. Only independent experts with the appropriate expertise can successfully conduct a due diligence review.
Christoph Pscherer

Christoph Pscherer
He has been working in the IT environment for almost 20 years, gaining experience in a wide variety of roles and areas. Through his years of experience as a service manager, he knows the challenges and needs on the customer side. He has been applying this deep understanding and knowledge at digatus for over two years. As a project manager, his main focus is on IT M&A, where he mainly manages carve-out projects.


Get in touch with our experts. Please call +49 89 2 62 07 56 12 or use the contact form:
By submitting this form, I consent to the processing of personal data in accordance with the Privacy Policy.*

Similar Posts

Ida Mußack
The IFA Group is an automotive supplier with seven development and production sites worldwide. Like many other suppliers and service providers who work with sensitive information, IFA has been asked by OEMs to demonstrate compliance with the TISAX label. TISAX is a testing and exchange mechanism to demonstrate compliance with information security requirements.
Dennis Heller

The idea for this blog post series arose from the situation at a customer, where we introduced CI/CD because the manual workload was no longer manageable. The following instructions are therefore fresh from practical experience. For simplicity, we have shortened the long road of trial and error and present here only the final results. The code snippets are exemplary but sufficient to present the functionality.

Ida Mußack
As part of an M&A carve-out, Tremonia Mobility GmbH, based in Dortmund, Germany, was acquired as Mercedes Benz Minibus GmbH from Aequita SE & Co. KGaA and spun off from Daimler AG (now: Mercedes Benz AG). On the way to a successful standalone, digatus has ensured future-oriented changes by applying a modern strategy.