The closing has occurred, documents have been executed, and the consideration has been delivered. There are handshakes and congratulations all around, perhaps followed by a closing dinner and then, finally, a good night’s sleep.

The due diligence team has been successful in providing comfort that there are no major problems, or as to those identified, that they have been adequately addressed in the transaction documents. Good job. Well done. But wait — is the due diligence really over?

The lack of attention to ongoing due diligence once an acquisition has closed can lead to significant unbudgeted liabilities and diversion of the time and energy of key executives. Ongoing due diligence is important in your organization, both immediately after the closing of the acquisition and as an ongoing enterprise activity.

Post-Closing Transactional vs. Ongoing Enterprise Due Diligence

It is useful to view post-closing transactional due diligence and ongoing enterprise due diligence as different activities with certain common elements. Post-closing transactional due diligence will overlay the ongoing enterprise due diligence activity with specific issues relevant to the transaction. Ongoing enterprise due diligence, when handled efficiently, should be focused and tailored to meet the needs of the organization, and thus will vary from organization to organization. Both types of due diligence should be viewed as dynamic processes and subject to change as circumstances unfold.

The post-closing transactional due diligence plan should be designed to (i) monitor whether key assumptions used to justify the transaction are being realized, so that if they are not, management can be alerted as soon as possible so that remedial efforts can be undertaken; and (ii) help ensure that the target company is being effectively integrated into the organization. In the M&A arena, studies have shown that approximately 70 percent of all M&A transactions fail to create meaningful shareholder value. While a number of different factors can contribute to post-M&A disappointment, lack of ongoing due diligence is often one of the leading factors.

An organization’s ongoing enterprise due diligence plan should be designed to help ensure that (i) the organization avoids unnecessary losses and expenses, (ii) the organization’s governing body (be it a board of directors, trustees or governors) can demonstrate that it has engaged in effective oversight, and (iii) senior officers of the company avoid job- and bonus-threatening adverse events.

These are, of course, broad concepts. Set forth below are several examples where they apply. Each example could be the topic of a separate article, so only a few high spots will be addressed. Each example has implications for both post-closing transactional due diligence and ongoing enterprise due diligence. The individuals designing the due diligence plan can pick and choose which aspects of due diligence are relevant for their organization and circumstances. However, in every instance it is important to plan the organization’s due diligence activities to maximize their effectiveness and minimize their cost to the organization and their burden on management and staff.

While a number of different factors can contribute to post-M&A disappointment, lack of ongoing due diligence is often one of the leading factors.

Financial and Accounting Operations

Internal malfeasance involving an organization’s financial and accounting personnel has always existed. Unfortunately, we have seen a recent increase in these events, perhaps due to the transition from manual, paper-based systems to electronic ones. But whatever the cause, the problem is real, and it is growing.

Most people naturally assume the good faith and fidelity of those who work in an organization. It is difficult and unpleasant to contemplate that the person who reports to work on time, works diligently and is pleasant to co-workers may also be diverting the organization’s financial assets. Since it would be counterproductive to create in an organization an atmosphere of mistrust and suspicion, how does an organization maintain a pleasant and productive environment while engaging in appropriate due diligence?

The lack of attention to ongoing due diligence can lead to significant unbudgeted liabilities and the diversion of the time and energy of key executives.

One avenue is to remember that almost all monetary activities of an organization interface with parties outside of the organization — in particular, banks and customers. With regard to banks, only those individuals who appear on the authorized-access list maintained in the files of the bank should have the ability to access the funds of the organization. With the ever-increasing ability to scan and manipulate documents, it is well within the ability of the creative yet malevolent employee to alter documents and create fictitious originals, such as the signature-authority list. Similarly, the creation of blank-check stock is as easy as ordering checks in response to the ubiquitous advertisements from discount check printers in the Sunday newspaper. Furthermore, when an employee departs the organization, notifying the bank that this person is no longer authorized to deal with the account may be a detail that is overlooked. Accordingly, the easy solution is to request periodically that the organization’s bank or other financial institution send to a designated individual in the organization a copy of its authorities file. This should then be compared to what is in the internal file of the organization.

Dormant checking accounts, and those being phased out and with minimal activity, are another area of risk where continuing due diligence is important. Because it is expected that these accounts will have little or no activity, they may not receive the same review as the organization’s active accounts. Such accounts provide a ready vehicle for diverting funds for inappropriate purposes. Thus, they should receive the same level of review and scrutiny as any other account. And, once an account becomes dormant, it should be closed as soon as possible.

As most public accountants and auditors will advise, checks and balances should exist with regard to the review of the organization’s financial accounts. Individuals who have the authority to sign checks or otherwise move funds (such as by wire transfer) should not be the same people who receive the bank statements or perform the reconciliation function.

The financial interface of an organization with its customers or clients who remit on the organization’s invoices is another area for due diligence. Unexpected voiding of invoices from the organization’s accounts receivable system should be investigated, particularly if your organization is structured so that people who have the ability to void an invoice also have the ability to receive or issue checks. Intercepting and diverting a customer’s payment, followed by voiding the invoice so that it is removed as an account receivable (meaning, of course, that the organization no longer anticipates receiving payment on that invoice), is a classic criminal methodology.

Collateral losses in this area can exceed the funds actually misappropriated. The costs of investigation and attempted recovery, coupled with the diversion of management time, can be significant. Furthermore, if the loss is of a sufficient size and the organization is publicly traded, an embarrassing public announcement may be required.

Due Diligence Involving Organizational Records

Organizational actions outside of the ordinary course of business often require the approval of the organization’s governing body, such as a corporation’s board of directors. Periodically, a review of the minutes of board actions should be undertaken to verify that such actions, such as (i) the issuance of stock, (ii) entering into a contract or other activity outside the ordinary course of business, (iii) activities where the organization’s governing documents require more than just the authorization of an officer, or (iv) interested-party transactions, have been duly considered and properly approved by the board (or similar body in the organization) and that such consideration and approval has been appropriately documented. Among other benefits, such documentation assists the governing body of the organization in taking advantage of the business judgment rule should the owners of the organization take issue with its decisions. It also helps defend against the allegation that appropriate oversight was not effected.

A method of organizing key contracts and agreements, and summarizing and cross-referencing critical terms for future reference, is important for avoiding inadvertent conflicts.

Record retention policies have become a hot topic over the past several years and are the subject of many articles. However, regardless of the type of record retention policy the organization has in place, it is vital that periodic due diligence be undertaken to ensure compliance with the policy. A policy that is ignored may expose the organization to more risk and liability than having no policy at all.

No financial officer wants to be embarrassed by having a key customer file a bankruptcy petition shortly after a large order has been shipped.

Legal Compliance

Ongoing due diligence to assure that your organization is in compliance with applicable law has always been important. In recent years the importance has escalated to a whole new level with legislation such as the Sarbanes-Oxley Act of 2002. It is vital to the ongoing success of the organization (and, as found by an increasing number of executives, vital to their personal freedom) that the activities of the organization as a whole, and the individual activities of those within the organization for whom an executive is responsible, are in compliance with applicable law. Depending on the nature and size of an organization’s business, professional advisors should be engaged to evaluate which laws and regulations are applicable, and to help management design a due diligence plan to not only monitor compliance with existing laws and regulations, but also keep abreast of trends toward new legislation, and to be proactive in recommending actions so that compliance can be achieved in an orderly, cost-effective and timely manner.

Interaction of Contracts

The process of an organization entering into contractual relationships does not exist in a sealed environment. Rather, many contractual relationships exist in a universe where they must co-exist with other contractual arrangements. Two examples illustrate this point. One is the executive employment agreement that offers stock option benefit terms that are inconsistent with the pre-existing stock option plan. As a matter of contract law, the executive may be able to enforce the terms of her contract, even though it could cause the employer to violate the terms of its stock option plan. Another example is the organization factoring selected accounts receivable in order to generate short-term cash, which has the consequence of violating a negative covenant in the organization’s loan agreements with its lenders. A method of organizing key contracts and agreements, and summarizing and cross-referencing critical terms for future reference, is important for avoiding inadvertent conflicts. This is particularly necessary where a contract has a multiyear duration, and where the officers of the organization who negotiated the contract have departed the organization. Their replacements will not have the same familiarity with the document, and at least early in their tenure may not even know that it exists.

Due Diligence of Information Systems

Due to rapid advances in electronic information systems in the last 10-plus years, many organizations have dismantled their manual system infrastructure, either in whole or in significant part. The ability to operate effectively in a manual mode is gone, likely never to return. The acquisition and successful implementation of new technology or material upgrades to existing technology require significant amounts of lead time as the complexity and the requirement of interoperability of information systems increase. Furthermore, information systems and regulatory compliance have been converging for several years, as exemplified by the Health Insurance Portability and Accountability Act (HIPAA). Just being satisfied that your current information system “works” today is not an advisable method of review. Personnel should be tasked to evaluate periodically when (and it is “when,” not “whether”) new or updated technology will be required, due either to growth or to changes in the law, and to embark on appropriate modifications well in advance.

Key Customers and Suppliers

If your organization has key customers or suppliers, ongoing monitoring of their operations and plans is important. While this may sound like snooping, it most certainly is not, nor is it a particularly difficult task. Routine review of a customer’s or supplier’s Web site (if available), searches on any of the major Internet search engines and periodic review of credit reports can reveal important information on its current financial and operational status, as well as near-term future events. Finding out after the fact that a key supplier with whom you trade on open account (as opposed to a contractual relationship) has been vertically integrated into your competitor would be a very unpleasant surprise. Likewise, no financial officer wants to be embarrassed by having a key customer file a bankruptcy petition shortly after a large order has been shipped, when a review of credit reports would have revealed a deteriorating financial condition in advance.

The Rule of Enlightened Self-Interest

Those readers who saw the 2002 motion picture K-19: The Widowmaker will recall a scene early in the film depicting the failure of an important test of a Soviet submarine’s missile system. The commander of the submarine then screams that he “wants names” — he wants someone to take the responsibility and blame for the failure.

President Harry Truman kept a plaque on his desk that read, “The Buck Stops Here.” Like it or not, and whether it is fair or not, if there is a serious problem that has arisen in an organization, it is common for one or more senior executives to shoulder the blame and suffer the consequences. In the situation where effective due diligence could have ferreted out the problem in advance, boards of directors can be most unforgiving. And, in light of ever-increasing shareholder activism, coupled with an aggressive plaintiffs’ bar in the securities litigation context, material problems that trigger the restatement of a company’s financial statements can be the catalyst for a class action. Such problems can also be grounds for a for-cause termination in some instances.

For many senior executives, meeting financial goals (including earnings) is the litmus test of whether or not year-end bonuses are paid. It would be extremely frustrating to motivate the sales and marketing team to achieve high top-line performance, only to see the bottom line suffer due to unexpected liabilities that could have been avoided by due diligence.

Thus, an effective ongoing due diligence program is not only in the best interest of the organization as a whole, it is also in the enlightened self-interest of senior management. Both post-closing due diligence and ongoing enterprise due diligence require effort and operational discipline to plan and implement. However, when properly accomplished, such due diligence can yield benefits to both the overall organization and senior management that more than justify its use.