Due diligence is carrying out reasonable checks on new funders, partners contractors or others to help ensure problems will not arise in working with them. This is risk management and, as such, a core responsibility for the CEO and trustees. You may not actually do it, but it's your responsibility to ensure that it's done.
Trustees and CEOs may delegate authority, but the responsibility for getting it right remains theirs. Do you have adequate processes in place and what controls/checks are carried out to enable you to be confident these are working? Perhaps an agenda item for your next board meeting? Because, if something does go wrong, you amy well be asked what you did to prevent it.
Ensure that your conflict of interest policy is complied with. If you don't have one, you can download one from the governance questionnaire.
Additionally, our sector is driven by passion and funding is hugely challenging for many, which brings with it the risk of urgent need clouding thinking. The fundraisers and project leaders may well be best placed to carry out due diligence. However, their findings should be reviewed and approved by someone with the necessary experience and seniority, who is also sufficiently and demonstrably distant from the issue.
Check that the balance between the costs, benefits and liabilities is fair, and there are no onerous or unreasonable obligations.
Any potential negative media attention, or concerns from other funders/partners from being associated with this company/individual.
· Ask them.
Capacity to deliver services/products, track record in delivery, security around key staff (eg a small company relying on a single individual), any supply chain issues (eg reliance on shipments from overseas), or an organisation that has operated in only a single area delivering in an entirely new one.
· Check during negotiations and take up references specifically covering any areas of concern.
Risk of takeover, sustained annual operating losses, level of leverage (debt) too high for their sector, bad credit risk, liquidity (cash flow) issues, weak asset base, unusual related party or intercompany transactions, or significant amounts of capital being taken out of company, adverse comments by auditors, court judgements, significant recent debt restructuring/profit warnings or redundancies.
· If applicable, Companies House (or other registrar) records and obtain a copy of their accounts.
· Buy an online company assessment/risk report.
Significant breaches of regulatory or other frameworks, investigations by government agencies/police, court cases, debt default, or disqualifications.
· Check with any relevant regulator for reports and other information that might be available. You can find a list of regulators here.
· Confirm registration with any relevant trade/professional bodies, and that any licenses, qualifications or insurances are held and in-date.
· For donors - potentially tainted donations (tax avoidance schemes).
Check your Gift Acceptance Policy. For example, the objects and powers in your governing document may restrict what you can do. You may also need to consider issues, such suspicious donations, or managing large anonymous gifts, or those from vulnerable individuals. If you don't have a policy, you can download Ethical Fundraising and Donation Acceptance & Refusal policies from the income questionnaire.
Acctivities that are illegal or incompatible with your organisation's values. Issues such as corruption/bribery, criminal activities, discrimination, exploitation of people, or the environment, or involvement with radical groups, or companies, regimes, products or services that conflict with your aims/values.
· For large companies, you may wish to ask about their compliance with the Modern Slavery Act UK, including their supply chain management.
Detailed below are some issues you may wish to think about and checks you might consider.
Below are some very simple, but effective checks that anyone can carry out, followed by others that are a bit more technical. This checklist is not exhaustive and, if in any doubt, seek professional advice.
· If they have a website, check that what they’re proposing fits with what’s on there. If available, review what it says about key members of their team and, download and review, their annual report/accounts.
· Carry out an internet search. On the company, if applicable, and key individuals, to see if there is anything of concern. Don’t just check page 1, as older issues may be sufficiently serious to still be relevant.
· Speak to someone who has worked with them, or knows their sector well. A phone call is best, as people tend to be more open.
· Take up references, if appropriate.
There are various types of software that you can use to review companies. I'm not specifically recommending it to you, but Due Dil is one of them that has a free version.
· Is the project/contract particularly sensitive, important, complex or large scale?
· Is the organisation/individual well known and respected, or might they hold views, undertake activities or work in an area that may potentially be problematic?
· How much potential is there for things to go wrong and what’s the worst that could happen?
First, assess the potential scale of risk and allocate adequate time/resources, in light of this. Then identify the specific risks and implement appropriate action to manage these. For large scale, complex issues, such as mergers, this will require lawyers and accountants. However, it can be as simple as phoning round to check that your proposed new window cleaner is reliable.