Transaction Services Training

The training

View full programme

Resources

Techstronix — Embedded ElectronicsFreeAtlas Components — AutomotiveFreeFAQTS GlossaryBlog

Pricing

€119.99 — Lifetime access
Contact
Get hired
Back to all posts
internal-controlsfinancial-due-diligencefddaccounting-quality

Internal Controls in Financial Due Diligence

The role of internal controls review in FDD: what analysts assess, why it matters for data reliability, and how control weaknesses affect the deal.

Published April 17, 2026· 3 min read

Internal controls are not the primary focus of Financial Due Diligence — that remains EBITDA, NWC and net debt. But the quality of a company's internal controls has a direct bearing on the reliability of the financial data the FDD team is working with. Weak controls create data risk, accounting uncertainty and potential post-acquisition surprises.

What Are Internal Controls?

Internal controls are the processes and procedures a business uses to ensure the accuracy, completeness and reliability of its financial reporting. They include:

  • Approval processes for transactions and payments
  • Segregation of duties (different people authorise, execute and record transactions)
  • Reconciliation procedures (bank reconciliations, intercompany reconciliations)
  • Month-end close processes
  • IT access controls and data integrity processes

Why FDD Analysts Care About Internal Controls

Data Reliability

The FDD analysis is only as good as the underlying data. If a company has weak controls — no bank reconciliations, delayed accruals, manual overrides in the accounting system — the financial data may not accurately reflect the business.

FDD analysts look for signs of data quality issues:

  • Reconciling items in the management accounts vs. statutory accounts
  • Late adjustments at year-end (suggesting financial data was not reliable mid-year)
  • Management accounts that are produced significantly after period-end
  • Large "other" or "miscellaneous" line items without clear explanation

Post-Acquisition Risk

Acquiring a business with weak internal controls creates integration risk:

  • The buyer may inherit accounting errors that take months to unwind
  • Fraud or misappropriation may be more likely in low-control environments
  • The cost of implementing adequate controls post-acquisition can be significant

These are risks the FDD team should flag to the buyer, even if they cannot quantify the exact exposure.

Common Internal Control Weaknesses Found in Mid-Market Businesses

  • No formal month-end close: Management accounts are prepared irregularly or without consistent accruals
  • No reconciliation of subledgers: Accounts receivable or payable ageing reports do not reconcile to the trial balance
  • Single person controls: One person handles all financial transactions without oversight (common in owner-managed businesses)
  • Outdated accounting software: Limited audit trails and reporting capabilities
  • Manual spreadsheet-based controls: Prone to error and lacking version control

How to Present Internal Control Findings in FDD

Internal control observations in an FDD report are typically:

  • Presented as a risk or limitation on the reliability of data used
  • Not a formal internal controls assessment (that would require a separate engagement)
  • Communicated to the client as factors to consider in the post-acquisition integration plan

The FDD team does not audit internal controls — they flag weaknesses observed as part of the financial analysis.

Conclusion

Internal controls sit in the background of FDD but matter significantly to data quality and post-acquisition risk. Analysts who maintain awareness of control quality as they work through financial data are more reliable in their conclusions.

The Transaction Services Interview Programme (€119.99, one-time) includes guidance on internal controls assessment in the context of FDD, with case examples from real deal scenarios. Get started today.