Internal Controls in Financial Due Diligence

Internal controls are not the primary focus of Financial Due Diligence — that remains EBITDA, NWC and net debt. But the quality of a company's internal controls has a direct bearing on the reliability of the financial data the FDD team is working with. Weak controls create data risk, accounting uncertainty and potential post-acquisition surprises.

What Are Internal Controls?

Internal controls are the processes and procedures a business uses to ensure the accuracy, completeness and reliability of its financial reporting. They include:

• Approval processes for transactions and payments
• Segregation of duties (different people authorise, execute and record transactions)
• Reconciliation procedures (bank reconciliations, intercompany reconciliations)
• Month-end close processes
• IT access controls and data integrity processes

Why FDD Analysts Care About Internal Controls

Data Reliability

The FDD analysis is only as good as the underlying data. If a company has weak controls — no bank reconciliations, delayed accruals, manual overrides in the accounting system — the financial data may not accurately reflect the business.

FDD analysts look for signs of data quality issues:

• Reconciling items in the management accounts vs. statutory accounts
• Late adjustments at year-end (suggesting financial data was not reliable mid-year)
• Management accounts that are produced significantly after period-end
• Large "other" or "miscellaneous" line items without clear explanation

Post-Acquisition Risk

Acquiring a business with weak internal controls creates integration risk:

• The buyer may inherit accounting errors that take months to unwind
• Fraud or misappropriation may be more likely in low-control environments
• The cost of implementing adequate controls post-acquisition can be significant

These are risks the FDD team should flag to the buyer, even if they cannot quantify the exact exposure.

Common Internal Control Weaknesses Found in Mid-Market Businesses

• No formal month-end close: Management accounts are prepared irregularly or without consistent accruals
• No reconciliation of subledgers: Accounts receivable or payable ageing reports do not reconcile to the trial balance
• Single person controls: One person handles all financial transactions without oversight (common in owner-managed businesses)
• Outdated accounting software: Limited audit trails and reporting capabilities
• Manual spreadsheet-based controls: Prone to error and lacking version control

How to Present Internal Control Findings in FDD

Internal control observations in an FDD report are typically:

• Presented as a risk or limitation on the reliability of data used
• Not a formal internal controls assessment (that would require a separate engagement)
• Communicated to the client as factors to consider in the post-acquisition integration plan

The FDD team does not audit internal controls — they flag weaknesses observed as part of the financial analysis.

Conclusion

Internal controls sit in the background of FDD but matter significantly to data quality and post-acquisition risk. Analysts who maintain awareness of control quality as they work through financial data are more reliable in their conclusions.

The Transaction Services Interview Programme (€119.99, one-time) includes guidance on internal controls assessment in the context of FDD, with case examples from real deal scenarios. Get started today.