Business, Information Security, Risk Management, Security, Uncategorized

When Due Diligence Fails

Maintaining and following a due diligence policy with third parties is vital for secure company operations. However, in order to function properly, it must be treated with thorough and serious work ethic.  In this article, we will look at three examples of how due diligence can fail.

1. Insufficient Information

Due diligence will not be very helpful if there is not enough information collected on the subject to give true insight. For example, in order to ensure that the subject of the due diligence will comply with regulatory standards, there should be a discourse to clarify that they even know what those are – together with screening for any hits on sanctions lists or other watch lists. If this does not happen, there is no way to be certain that a third party is compliant. Often, these sorts of errors with due diligence occur when companies permit their own employees to complete the documentation without actually getting answers to specific questions from the subject, or by taking the provided information from the subject at face value.

2. Lack of Verification

Any information obtained regarding the subject of the due diligence should be checked for any other evidence that could corroborate it, regardless if the information is provided freely upon inquiry. Things such as the identities of senior management, physical address, shareholders, beneficial owners, subsidiaries and company affiliates should always be verified. It is possible for individuals to fail to disclose vital information, so it is necessary that your organization takes the required steps to be protected.  

A costly example of inadequate due diligence is BMW’s acquisition of Rover in 1994, which resulted in a loss of GBP 790-million after BMW failed to verify the inaccurate information provided by Rover on sales & accounts as well as other financial information.

3. Disregarding Red Flags

Beyond the two hangups listed above, the most important part of due diligence is actually following through on the information that it uncovers. Red flags hold no meaning if they are not addressed nor taken into consideration before acting. If a due diligence investigation reveals red flags, the proper step is to then give rank to the risk it poses and whether or not that risk is worth gambling the company over.

For example, in 2012, HP planned to purchase Autonomy and ended up losing approximately USD 5-billion after they were sued by shareholders on charges of negligence for missing red flags related to Autonomy’s inaccurate income statements, balance sheets, cash flows, etc. If they had conducted proper due diligence on Autonomy, it is possible that this ordeal may have had a different outcome.


This article was written by Kristina Weber, Content Supervisor of Centry. She holds a Bachelor’s Degree in History from the University of Calgary.

1 thought on “When Due Diligence Fails”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s