Types of due diligence

Washington DC Governance, Risk, and Compliance

Release

washingtondc

ft:locale

en-US

ft:publication_title

Washington DC Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

Types of due diligence

Release version: Washingtondc

Updated January 30, 2025

1 minute to read

In the due diligence process, you typically conduct several types of due diligence to gather relevant information and assess various aspects of the third party. The particular types of due diligence that you conduct vary depending on the nature and criticality of the engagement and the risks involved.

Information Security due diligence: Information security due diligence is critical. It involves evaluating the third party's data protection practices, cybersecurity measures, and information handling processes. This includes assessing their data security policies, incident response capabilities, encryption practices, and employee training on data protection. The objective is to safeguard sensitive information and mitigate the risk of data breaches or unauthorized access.
Financial due diligence: Financial due diligence involves assessing the financial health and stability of the third party. It includes reviewing financial statements, analyzing profitability, liquidity, debt levels, cash flow, and other financial indicators. The goal is to understand the financial viability of the third party and help ensure that they have the capacity to fulfill their obligations.
Legal due diligence: Legal due diligence involves examining the legal and regulatory compliance of the third party. It includes reviewing contracts, agreements, licenses, permits, and legal documents. The purpose is to identify any legal risks, liabilities, ongoing litigation, or regulatory non-compliance that could impact your organization's interests.
Operational due diligence: Operational due diligence focuses on assessing the operational capabilities and processes of the third party. It involves evaluating their infrastructure, facilities, supply chain, production processes, quality controls, and capacity to meet your organization's requirements. The goal is to help ensure that the third party can effectively deliver the desired products or services.
Compliance due diligence: Compliance due diligence involves verifying the third party's adherence to applicable laws, regulations, and industry standards. It includes assessing their compliance programs, policies, and procedures related to areas such as anti-corruption, data privacy, information security, environmental practices, and labor standards. The objective is to identify any compliance gaps or risks that could result in legal or reputational issues for your organization.
Reputation due diligence: Reputation due diligence focuses on evaluating the third party's reputation, integrity, and past performance. It involves conducting background checks, reviewing references, searching for news or media coverage, and assessing any past controversies or ethical issues. The purpose is to help ensure that the third party has a positive reputation and aligns with your organization's values and expectations.