Due diligence risk factors are a part of an organization or project that need to be evaluated to determine if there are risk to the objectives and goals. These include the legal, financial, operational and IT aspects of a business.
An example of due diligence is customer due diligence (CDD). Verifying the identity of a person and assessing their risk is a component of this procedure. It assists in ensuring the compliance of anti-money laundering and anti-terrorism laws. CDD usually takes place before the new customer is enrolled and continues to be conducted periodically throughout their relationship with the firm. It’s crucial to know the various risk categories and the frequency at which each should be checked.
For example it’s unreasonable and disproportionate for an organisation to undertake CDD on every country or business associate it has around the world, especially when some of these may have a low risk of corruption. Therefore, an organisation should use its GIACC programme to categorize and identify countries as well as projects and business partners in relation to the probability of them being corrupt and the due diligence carried out on those considered to have more than a moderate risk.
Another type of due diligence is IT due diligence, which involves an assessment of a target company’s infrastructure for information technology as well as cybersecurity and data management practices. This can identify potential risks or costs associated with the purchase of a target company, such as replacing hardware or software. This could also identify any vulnerabilities in the IT system that could lead to the disclosure of sensitive or confidential information.