As every company grows, so does its list of policies and procedures. This is something inherent to any business, all with the purpose of keeping operations running smoothly. However, these same policies may fall by the wayside, and never be updated or revised to reflect changes in technology or business operations. Perhaps they are known to only a select few, with actual implementation being scarce or spotty. Or perhaps even administrative bloat has spiraled out of control, or the business is on the verge of being sold, and the buyer has operational questions. Either way, periodic inflection into company operations is good for any business.
This is the entire purpose of an due diligence questionnaire, investigating every corner of your business to make sure that up-to-date policies and necessary procedures are being implemented to protect your employees, your business and yourself from possible repercussions. Commonly conducted in industrial businesses or investment firms, or often performed before a business changes hands, operational due diligence is an investigation into the wide range of areas that encompass a business’ operations. Completing a due diligence questionnaire is often part of creating a business continuity plan.
Focus on a business’ IT department or service partners is becoming more and more central to the due diligence process, as technology is impossible to escape these days and every business has a digital side. This also means that every business is often subject to the latest and greatest when it comes to cybersecurity threats. Client data, industry secrets, financials, and more are vulnerable to theft or corruption if the correct measures aren’t being taken to protect that data.
Have you visited the doctor lately? If so, chances are you’ve heard of HIPAA, the Health Insurance and Portability Accountability Act. HIPAA requires that anyone who handles protected patient information implement safeguards to maintain the security and privacy of that data. A large component of staying HIPAA compliant requires regular risk assessments, an investigation that looks into current policies and procedures, identifying weaker areas where improvement can be made. Areas looked at include anything from access and security at physical locations, to hardware encryption policies, and password standards for employee accounts.
Completing an operational due diligence questionnaire is a lot like a conducting a risk assessment. In fact, a lot of the same questions are asked, as well as the areas of operation that are looked at. Eze Castle Integration has a blog post that elaborates on the questions and questionnaire, as well as provides an elaborate list of technology-related due diligence questions.
Investment firms aren’t the only ones that should consider completing a due diligence questionnaire. Any business with a high level of risk should look into starting the process. Businesses that deal with the analysis of probable risk of customers, like insurance, assessors or inspectors, would also benefit from understanding the process as well, as a lot of knowledge could be taken away and applied to future interactions with clients.
Just like HIPAA, completion of a due diligence questionnaire is often mandated by government agencies or regulations. But even if it isn’t a requirement of your industry, completing one is often a good idea to protect yourself and your business from any possible liability. It is perhaps one of the most valuable investments you business can make.