The ultimate due diligence questionnaire checklist and guide

Written by
Wendy Gittleson
Wendy Gittleson
Updated on
  9 min read

If your organization is considering a new investment, monitoring an ongoing partnership, planning a merger or choosing a new vendor, you’ve likely crossed paths with due diligence. Due diligence is a vital activity — and, for many organizations, it’s a cumbersome one. But a due diligence checklist can help.

Still mailing and receiving hard copy physical binders? Exchanging Excel spreadsheets time and time again? Constantly pinging colleagues and partners to do their part? With so much work on the horizon, there’s lots to navigate. And if due diligence questionnaires aren’t done with precision, your organization could be facing big financial risks.

It’s such an important process that it deserves an excellent solution. And, let’s be honest: you and your team deserve fewer DDQ-driven headaches. In this article, you’ll learn due diligence best practices and get a downloadable due diligence checklist so you can implement a smooth process.

What is due diligence?

Due diligence is the process of evaluating the risks involved in a partnership with a potential vendor. It helps organizations avoid or mitigate threats.

Here’s how Investopedia defines due diligence:“an investigation or audit of a potential investment or product to confirm all facts, such as reviewing all financial records, plus anything else deemed material. It refers to the care a reasonable person should take before entering into an agreement or a financial transaction with another party.”

Vendor due diligence is also referred to as buy-side diligence, while seller-side due diligence engages vendors in the risk evaluation of a potential client.

Due diligence can take place in many stages of the process. From pre-partnership investigation, to ongoing and periodic continuous due diligence and even post-mortem due diligence after a worst-case scenario, like a breach.

Due diligence process

No matter when you’re issuing your due diligence questionnaire, there are some strategies you can employ to ensure your organization puts its best foot forward. Explore the best practices you should keep in mind.

As the renowned leadership expert Stephen Covey recommends in his best-seller The 7 Habits of Highly Effective People, begin with the end in mind. Vendor due diligence calls for a similar perspective.

But when due diligence is left to chance, your organization is facing a multitude of risks. Security breaches, fraud, mismanagement and more are all on the table. Due diligence left undone can tarnish your organization forever.

So a good due diligence process begins by knowing what you’re up against. Determine the risks your company could potentially face if a worst-case scenario were to take place with a third-party vendor.

Once you’ve clearly defined the risks, you can have confidence in the pillars of your due diligence questionnaire. Every aspect of your questionnaire should be designed to address one of your defined risks.

A good due diligence questionnaire is thorough but intentional. In theory, your organization’s due diligence approach can be limitless. Between compliance, security, user risks and more, it’s easy to get stuck in the “what-if” trap and slide quickly into DDQ scope creep. Before you know it, you’ve built an unruly DDQ that can take on a life of its own.

To streamline the process, your scope must be clearly articulated. Company leadership should agree on core DDQ objectives to frame the risk evaluation activities.

For example, if your third-party vendor provides a financial wellness solution and will have access to stakeholders’ bank account and loan data, then encryption and storage protocols should be at the heart of your scope. But if you’re assessing for a diversity and inclusion partner, your scope should be aimed at preventing the loss of sensitive personal data, including demographics or workplace accommodations.

To be effective, DDQs must be comprehensive for the responses to give your organization the information to make vendor decisions. Your organization may have due diligence as part of its protocols for any of the following:

  • Limited partners DDQ
  • Hedge fund investors DDQ
  • Business relationship DDQ
  • Correspondent banking DDQ
  • Investor and consultant DDQ
  • Environmental, societal and governance (ESG) DDQ
  • Infrastructure investment

With so much possibility in the due diligence arena, your team can slip into one of two camps. Some organizations take a bespoke approach, building new DDQs for each and every possible relationship. Others go toward the opposite end of the spectrum, with a master one-size-fits-all DDQ.

Creating new DDQs for every flavor of partnership is cumbersome and inefficient. But issuing one DDQ for all partnerships ignores the nuances and necessities of the challenge you’re trying to address.

Instead of these extreme approaches, aim for a consistent and systematic approach. Between bespoke and boilerplate is a happy medium! With RFP360’s DDQ solution, each DDQ sent out can be as uniform or unique as your company would like.

Unless you’re a startup, your organization likely has at least an elementary framework for due diligence. So if your DDQ process simply maintains the status quo, you are not alone. Innovation has its challenges: what if the new way doesn’t work?

Remove the old adage “if it ain’t broke, don’t fix it” from your corporate vocabulary. Refusing to innovate is perhaps more risky. Repetitive, manual due diligence efforts can be inefficient and cumbersome, setting the stage for dangerous errors and oversights.

Your financial due diligence checklist

So now you know the best practices for due diligence. What can you do to make sure your due diligence questionnaire covers all the bases? To touch on all the right areas, consider the following five areas.

This one is all about the people: who is steering the ship that your organization is about to board?

You’ll want to start with an organization chart, to understand the key players. Ask about both historic and projected headcounts, both by function and location. For senior leadership, you’ll want to get their professional biographies — think employment history, age, tenure, prior roles, promotions and more.

Ask for the full picture on compensation and benefits, including copies of key employment agreements and benefit plans. Inquire about incentive stock plan overviews too. And then, finally, touch on any significant employee relations problems (past or present), as well as personnel turnover data.

Now it’s time to dig into the financial details. Are smart financial practices happening at this organization?

Start with annual and quarterly financial information: 

  • Income statements, balance sheets, cash flows and footnotes
  • Financial Reports
  • Planned versus actual results
  • Accounts receivable
  • Breakdown of sales and gross profits by Product Type, Channel and Geography
  • Current customer backlog if applicable

From a capital structure standpoint, you’ll want to gather:

  • Current shares outstanding
  • List of all stockholders with shareholdings, options, warrants or notes
  • Schedule of all options, warrants, rights, and any other potentially dilutive securities with exercise prices and vesting provisions
  • Summary of all debt instruments/bank lines with key terms and conditions
  • Off balance sheet liabilities

Then, review financial projections. Get the details you’ll need for the following:

  • Quarterly financial projections for the next three fiscal years
  • Revenue by product type, customers, and channel
  • Full income statements, including balance sheets and cash
  • Major growth drivers and prospects
  • Predictability of business
  • Risks attendant to foreign operations, like exchange rate fluctuation and government instability
  • Industry and company pricing policies
  • Economic assumptions underlying projections — including different scenarios based on price and market fluctuations
  • Explanation of projected capital expenditures, depreciation and working capital arrangements
  • External financing arrangement assumption

And the last of your financial due diligence — it’s time for your organization to get the details about general accounting and tax summary information:

  • Summary of current federal, state and foreign tax positions, including net operating loss carryforwards
  • Discuss general accounting policies (revenue recognition, etc.)
  • Schedule of financing history for equity, warrants and debt (including date, investors, dollar investment, percentage ownership, implied valuation and current basis for each round)

Especially when you’re conducting due diligence for a financial or investment partner, fund information is mission-critical.

You’ll want to ask first about fund strategy and goals, then dive into the description of each product and fund. Inquire about historical and projected growth rates, market share, timing of new products and funds, cost structure and profitability.

This is where you’ll dive into adherence and compliance. In this portion of your DDQ, you can ask about the organization’s policies and code of ethics. Get the scoop on fund exposure, service provider risk and SEC communications too.

As you complete your DDQ, dive into the legal side of things. Ask about the following:

  • Pending lawsuits against the Company and initiated by the Company
  • Environmental and employee liabilities and safety
  • Safety precautions
  • New regulations and their consequences
  • Intellectual Property, including material patents, copyrights, licenses and trademarks
  • Insurance coverage details
  • Summary of material contacts
  • History of regulatory agency issues the due diligence checklist

Due diligence done right

RFP360’s easy-to-use RFP management solution allows you to securely and efficiently send DDQs and receive responses. Our software helps reduce the amount of workload and stress for your IT stakeholders and subject matter experts.

As you select the DDQ solution that’s right for your organization — from mailed binders to attached spreadsheets to digital solutions and everything in between — here’s the criteria you should keep in mind.

Choose a DDQ platform that amplifies what your team can do. Look for a solution that makes your team feel empowered — not bogged down with overwhelming details, but elevated with a streamlined process.

With RFP360’s DDQ solution, your team is empowered to approve the results: they’ll have what they need to move onto the next step in reaching your goals. Your compliance team will also be able to place reviews and governance steps in record time.

Your DDQ process should keep the responses at the heart of it all. While format and structure are important, don’t forget what matters most: the results!

The RFP360 DDQ software can take those organized results and store the answers to redundant questions and boilerplate content to even further expedite future DDQs. The information can be stored in your Knowledge Base that is easily accessible. In other words, your vendors very well might love partnering with you even more.

The right DDQ solution should offer visibility — what’s happening? How are things progressing? What puzzle pieces are ready, and what do we still need to capture? A smart DDQ platform allows your team to keep its fingers on the pulse of how due diligence is progressing.

RFP360’s user-friendly DDQ interface sets the stage for fewer user errors. Administrators can quickly create custom, spreadsheet-free questionnaires and track their vendor progress. The software also allows for specific questions to be assigned to specific vendors as well. This means that mitigating third-party risks with minimal leg-work can be a business reality.

Another feature of RFP360’s DDQ software is visibility: easily see who wrote what and when they wrote it. This transparency aspect allows administrators to take a hands-on approach, keep up to date on changes and compliance, and ensure the proper risk management is in place.

Many organizations still conduct DDQs with hard copies. And while that is an option, it’s not the most efficient. Go with a DDQ solution that happens in real time — no printing, collating, organizing or mailing required.

RFP360’s DDQ efficient software puts an end to mailing out physical binders — a time-consuming and insecure procedure. With an automated process, your response time is streamlined. We pride ourselves on being able to deliver a cost-effective security solution.

When DDQs are sent out via email, Excel spreadsheets, Word documents or even PDF files, the data that is sent back takes quite some time to sort through before it can be evaluated. In return, this slows down vendor progress, and ultimately leaves your security open for attack. With our automation technique your score and response rates will increase and your results will be generated in record time.

Are you using a web portal or various email attachments to gather your DDQ responses? If so, your data could be inaccurate due to simple formatting issues! Go with a solution that minimizes the risk of human error and formatting mishaps.

RFP360’s optimized platform eliminates the clunky web portal process of DDQs being downloaded, filled out, then sent back. When this process is optimized the probability of the questionnaire being reformatted, making the re-upload process inaccurate, is eliminated. Your organization will regain all of that time potentially wasted on a valid response unable to be recorded.

Wendy Gittleson

Wendy has more than 10 years experience as a B2B and B2C copywriter. She developed a passion for writing about tech from living in the San Francisco Bay Area and working for a technology school. From there, she transitioned to writing about everything from SaaS to hardware and cloud migration. She is excited to be part of the wonderful team at Responsive and looks forward to playing her part in building the future. Connect with Wendy on LinkedIn.