editione1.0.0
Updated October 9, 2023If you have read Part III of this book, you will remember that there are two main types of due diligence your company is likely to encounter, customer due diligence and financial due diligence. While they share the same objective, they work slightly differently. We cover customer due diligence in Part III and we will take a look at financial due diligence now.
Definition Financial due diligence is the systematic process whereby an enquiring party who has (or is planning to hold) a financial interest in a legal entity will examine the behaviors and financial situation of the organization. This process hopes to assess the operating health of the organization, the potential for growth and return on investment, and any risk that the organization carries that may be inherited by the new owner or investor.
Financial due diligence is not specific to security and it is used widely throughout the financial services industry to ensure that risk is managed and assessed appropriately before significant transactions take place.
In recent years, cybersecurity has started to play a role in this financial due diligence process, with specific review sections included to assess the maturity of an entity’s security program, product, and operations.
During customer due diligence, the aim is for your potential customer to decide whether the risk they will inherit from using your product or service is acceptable in relation to their security expectations and risk appetite. If a customer decides this is not acceptable, they will not buy. If they purchase your product and later decide the risk has changed, they can revisit this decision and may choose not to renew their contract or ask for a change in the product or operations.
Misrepresentation in customer due diligence may lead to poor customer relations, lost customers, and lawsuits; however, these are limited to the terms agreed in your operating terms of service and often have a fixed maximum limit of liability.
In financial due diligence, things are quite different.