Due diligence risk factors are the areas of an organization or a project that need to be evaluated to determine if there are risks to the goals and objectives. They include the legal and financial aspects along with the IT and operational aspects of a company.
A common example of due diligence is customer due diligence (CDD). This involves verifying a person’s identity and assessing their level of risk to ensure that they are in compliance with anti-money laundering regulations and preventing financing of terrorism laws. CDD is usually conducted prior to an individual is hired and then periodically throughout their relationship with the company. It is crucial to know how often each risk type should be reviewed.
It is unreasonable and untrue to expect an organisation to conduct CDD on all countries, projects or business partners it has across the globe even if a few of them have an extremely low risk of corruption. A company should utilize its GIACC program to categorise and identify countries, projects, and business partners based on the likelihood that they’ll be a source of corruption. Due diligence should then be conducted on those that are considered to have a higher risk.
Another example of due diligence is IT due diligence, which involves an examination of the target company’s infrastructure for information technology, cybersecurity, and data management practices. This can identify potential risks or costs that are associated with the purchase of a target, like replacing equipment or software. This can also reveal any IT system flaws that could expose sensitive information.