Menu Close

Understanding due diligence and how it supports risk management


A risk assessment is a review conducted by an organisation to assess the hazards it may face in its activities, and to determine whether its policies, procedures and controls are adequate to reduce the potential impact of these risks to an acceptable level. Risk assessments are a component of the enterprise risk management framework.

Depending on the nature of the initiative or transaction being considered, the risk assessment may look at a variety of firm-wide risks. We cover some of the key areas below:

Risk assessment and due diligence are separate concepts, but they are interrelated and work together. Due diligence is a form of risk assessment. Before proceeding further with a complex acquisition or business venture, it makes sense to try and uncover or confirm any risks and benefits associated with the asset or new initiative. This examination serves to:

  1. Provide assurance on the value or viability of the project or purchase by analysing strengths and weaknesses and
  2. Weigh possible risks they may pose to the organisation.

The outcome and recommendations from the due diligence would be fed back into the relevant risk assessment.

In principle, it is possible to undertake a risk assessment without undertaking specific due diligence. This would normally be the case in relation to transactions, projects or business partners which are likely to present a low level of risk. Whilst it is possible for a risk assessment to stand alone without due diligence, the latter is usually employed in cases where the firm is assessing risk and requires further information to complete its assessment accurately and thoroughly.

Both risk assessment and due diligence can be undertaken at different levels.

  • An overview assessment, which looks in general terms, at the risks faced by the organisation in relation to its overall activities.
  • A focused assessment which examines in depth a specific country, transaction, project or business partner.

The following diagram depicts the typical steps involved in a due diligence process:

Have you read our responses behind other key questions?  You can view them by clicking on the links to the pages below:

Types of due diligence

Vendor Risk Assessment and Vendor Due Diligence

Consequences of not conducting adequate Third-Party Due Diligence

Applying the right level of Due Diligence

Top Tips and Points for Attention

Conclusion – Why and When to conduct Vendor Due Diligence?

Coming up….