The M&A Due Diligence Workflow
M&A due diligence is an information-intensive process with a hard deadline. Over a period of weeks, a deal team must:
- Build a complete profile of the target company: legal structure, subsidiaries, operations, financials, customers, suppliers, management, employees, intellectual property, litigation, regulatory exposure.
- Review thousands of documents from the data room: contracts, financial statements, board minutes, employment agreements, IP registrations, regulatory filings, customer and supplier agreements.
- Identify risks and issues: change-of-control provisions in key contracts, related-party transactions, regulatory exposure, management departures, customer concentration, pending or threatened litigation.
- Connect findings to entities: which risks attach to which subsidiaries? Which contracts are held by which legal entity? Which management team members are critical to which business units?
- Produce a due diligence report that synthesizes findings into an actionable assessment for the investment committee.
Essential Software Features
1. Target Entity Profiling with Ownership Structure
The first thing the software must do is model the target's corporate structure: parent company, subsidiaries, joint ventures, minority investments — with ownership percentages, jurisdictions, and directors for each entity. This structure becomes the organizing framework for the entire due diligence process. Every document, finding, and risk is linked to the specific entity it concerns.
2. Document Management Linked to Findings
Data room documents must be organized by entity and by topic, not just by the folder structure the seller provided (which may be arbitrary or designed to obscure). Each document gets linked to the entities it concerns. Key findings from document review — a problematic contract clause, an undisclosed liability, a regulatory exposure — are recorded as structured findings linked to both the source document and the relevant entity.
3. Issue Tracking and Risk Assessment
Due diligence produces a list of issues. Each issue needs: a description, the entities affected, severity/materiality rating, supporting documents, recommended mitigation, and status (open, resolved, pending further information, accepted as deal risk). The software should produce a dynamic issues log that the deal team can review and prioritize.
4. Relationship Mapping
Related-party transactions, intercompany agreements, shared directors, customer-supplier relationships within the target group — these are all red flags that due diligence must surface. A relationship graph makes these connections visible. If the target's CFO also sits on the board of a major supplier, that relationship should be immediately visible, not buried in a document somewhere.
5. Timeline and Event Tracking
Material events in the target's history — acquisitions, divestitures, management changes, litigation filings, regulatory actions — placed on a timeline with linked documents. This chronological view often reveals patterns that individual documents obscure: a series of management departures from a particular subsidiary, a cluster of litigation filings in a particular jurisdiction, a pattern of acquisitions followed by subsequent divestitures.
Why Local Installation for M&A
Pre-announcement deal information is among the most sensitive data in business. A leak can kill a deal, move the target's stock price, or alert competitors. Data room documents are provided under strict non-disclosure agreements. The due diligence analysis itself contains the deal team's assessment of the target's weaknesses — information that would be devastating if it reached the target, competitors, or the press.
Running due diligence software locally — on a server in the deal team's office or on a dedicated machine — means the entire diligence dataset stays within the team's physical control. Remote team members access it over VPN. No third-party platform has access to deal data, document contents, or the team's findings and risk assessments.