Your Ultimate Virtual Data Room Due Diligence Checklist
Mergers and acquisitions are complicated, intricate affairs, and there’s a lot of data that you need to sift through to get all of the information you need to make an informed decision–and it’s not just one decision, but many, over and over. The entire process can take months or more than a year. Through a virtual data room (VDR) you are able to manage all of these facets of the process, but it can get complicated.
Here is a definitive ultimate virtual data room due diligence checklist – the things that you need to investigate in your virtual data room before you make any decisions about finalizing your M&A.
General Information
The first thing that you’re going to need to assess is the basics, the general information about the company that is involved in the M&A. While most of this information doesn’t require a VDR because it’s often public, it’s still important to include in this checklist. These things include the following: documents of incorporation, management bios, board members, executives, and an overview of any subsidiary companies that the company oversees. This will give you a 30,000 foot view of the company, laying out the topography before you get down into the weeds.
Financial Information
This is where the VDR comes in, because most of this information is kept under lock and key. In days past, you would have to travel to a brick-and-mortar data room to get access to all of this documentation, but through VDRs, you can get connected to it rapidly and easily from wherever you are, anywhere in the world.
Some of the financial information that you’ll want to look into is: Financial projections; income statements; balance sheets; cash flows; budgets; breakdown of sales and gross profits by channel type, geography, and customer analysis; marketing and sales costs; and other financial information.
All of this information is extremely sensitive and it is only through the use of a VDR that you can gain access to this without traveling to the other company and going through security procedures to sit down with their books.
Accounts Payable
One part of the financial information you’re going to want to access is the accounts payable, as it gives you a good understanding of the outflow of cash from the target business. You will want to know the top vendors as well as their outstanding invoices to make sure that you’re not stepping into a situation where the target company hasn’t been paying their bills and has a big backload in payables.
Accounts Receivable
Just as you want to know how much money is flowing out of the company, you want an accurate view of how much is flowing in, where it’s coming from, and what terms the payers have. You’ll want to know the top customers, customer churn, and customer contracts so you can evaluate the future of the business.
Policies and Procedures
As another facet of the financial outlook of the company, you’re going to want to look at the financial policies the target company has in place. This includes accounting procedures, pricing policies, credit policies, return policies, and warranty policies.
Financial Projections
You’ll want to do your own projections, but it’s important to also look at the projections that the target company has laid out for its own future. This includes quarterly projections; projections by channel, product type, segment and customers. You’ll want to take a glance at the target company’s perceived growth drivers and prospects, as well as their strategic plans, business and marketing plans, and financial arrangements. Granted, all of this may change when you acquire or merge with this company, but it’s good to know where they are currently positioned and what plans they have in place so you can evaluate if these plans are good or bad.
Capital Structure
It’s essential to know the financial situation that the M&A target company is in, so you need to understand their capital structure. This includes current shares outstanding, options outstanding, warrants and rights outstanding, a summary of all debt instruments with key terms and conditions, and contingencies.
Contracts and Agreements
Contracts and agreements are one of the most important things to look at when considering a M&A, because it’s these contracts and agreements that will lay the groundwork to the future stability of the company (or reveal flaws that need to be rectified). These involve partnerships, joint ventures, distribution agreements, governmental contracts, purchase agreements, sales agreements, supplier and subcontractor agreements, and commissions or other payment agreements.
Products
You may not think you need a VDR to understand a company’s products, because you can see them for sale by the company, but there are some secrets to the products that are trade secrets that are under lock and key. These include research and development, competitive analysis, new product pipeline, product margins, patents and trademarks.
Marketing, Sales and Distribution
You want to acquire a healthy company with good plans in place – or maybe you want to revamp the entire operation – but you’re going to need to know what they’re doing right now and what effects it’s having. This includes strategy and implementation, distribution channels, positioning, marketing opportunities and risks, pipeline analysis, and sales structure.
Management and Personnel
One of the hardest parts of an M&A is making decisions regarding the reorganization and personnel. You’re going to want to look at organizational charts, headcount by function and location, bios of the senior management, compensation plans, employment agreements, benefit plans, incentive stock plans, worker’s compensation, and union contracts.
Properties and Real Estate
One of the big things you’re getting when you acquire a new business is their physical assets. You’ll want to inspect the valuation documents for all properties, sale documents for properties, factory floor plans, and property tax information.
Insurance and Legal
For insurance, you’re going to want a good look at the current policies and history of major claims. In the legal realm, you’ll need to inspect the intellectual properties, licensing agreements, patents, any pending litigation, copyrights, licenses, and trademarks. You’ll also want a description of environmental and employee safety issues and liabilities.
Regulation
Regulation can make a company sink or swim, and you need to go into the merger with your eyes wide open. This includes knowing any new regulations and their consequences, necessary authorizations, regulatory projects, and outstanding regulatory issues.
Taxation
Finally, you will want to get a full understanding of the company’s tax obligations, historical tax assessments, governmental audits, and tax financial statements.
Learn more about how a Virtual Data Room can assist you in managing your due diligence.
Fill in the form below to find out how Ince can streamline your M&A due diligence with InceLink, their VDR solution:
This article was originally published on the CapLinked website and has been amended for the Ince audience. Ince has partnered with CapLinked to bring their superior product to Africa under the InceLink brand. As a result of this partnership, you get all all the great features brought to you by CapLinked, priced in Rands and supported locally by the Ince team.
References
https://www.firmex.com/resources/tools-downloads/due-diligence-check-lists/
Dropbox vs VDR: What Should I Use?
If you’re launching the due diligence process for your firm’s next (or first) acquisition you may be thinking to yourself- is using Dropbox for due diligence okay? Have you been tasked with managing your company’s capital-raising initiative and need a way to share sensitive information? If so, then your ‘to-do’ list probably includes finding a solution for managing all the documents involved in these activities.
Dropbox – Easy Sharing, Simple Back-Ups. Secure? Not so much.
Dropbox is one of the oldest and most popular file sharing and storage solutions. Its most basic plan, which includes 2G of storage and access from phone, computer, or tablet, is free. For small deals, the ‘free’ price can be compelling, especially when you’re charged with frugally managing company funds.
If you need additional space, you can purchase a subscription starting at $12.50 monthly per user to get 2T of storage. The advanced plan with monthly charges of $20 per user has unlimited storage with additional security features for sign-on and file management. The enterprise plan, which requires a call to get pricing, puts a few more restrictions in place and provides round-the-clock technical support.
“$20 per user sounds great,” says the money-managing bot on your shoulder, “sign up for that one.”
“But wait, says the security-driven bot on your other shoulder, “Are you sure our data will be fully secure with Dropbox? Will we really have the controls we need to reassure our leadership team about the integrity of the process? And we have a fairly large team. Is Dropbox the best value? I think InceLink offers a better price for multiple users. And remember, we’re in an acquisition negotiation. Our legal team needs streamlined communication with the bank and Company Zed. Is using Dropbox for due diligence the most efficient and secure solution?”
We recommend you listen to the security guy.
Why Dropbox’s Security Isn’t Enough
In 2016, file hosting site Dropbox was hacked. Millions of people had their login credentials exposed, which prompted the company to reset all passwords going back four years. After learning about a set of emails and passwords that was stolen from their servers in 2012, it wasn’t until 2016 that the true impact of the hack would materialize, and the hack was much, much bigger than the company originally admitted.
When the Vice-owned tech publication Motherboard reported on the incident, they were in possession of the hack’s loot, some 68 million account records. Confirmed by security researchers within days, the hack was the biggest in Dropbox’s history, and it illustrated the danger of hosting sensitive material on the growing platform. Unlike a secure VDR, or virtual data room, which holds your files under multiple layers of security and round-the-clock surveillance that can’t be matched by larger, cloud-based solutions intended for the masses, Dropbox left a dormant hack that they knew about sit unaddressed for years while hackers shared and took their shots at decompiling and manipulating the data.
By September, the hack’s five gigabytes of data that included email addresses and hashed passwords were for sale on the dark web for the cost of two bitcoins, or the equivalent of about $1,200 at the time. Even today, information stolen from Dropbox can be cross-referenced on sites like haveibeenpwned.com, which allows you to enter an email address to see if an account has been compromised in one of the many data breaches from various tech companies over the years.
But what took most people by surprise during the 2016 Dropbox fiasco was that while the company had announced that an attack had occurred in 2012, the scope of it was seemingly kept under wraps for years. If they could stay silent on a hack of this magnitude, the reasoning goes, how could they be trusted to keep your documents and account information safe?
It’s a legitimate concern, and it’s precisely why secure VDRs exist — to enable secure document collaboration and review while strictly controlling user access and data permissions. After all, users are creatures of habit, and reused passwords are common, so the exposure at one platform can mean the risk of a data breach across other platforms, particularly if the same password is used. Ironically, it’s exactly this kind of data breach that led to Dropbox’s 2012 hack, where an employee’s reused password was hacked from another breach and used to gain entry to Dropbox.
But the bigger problem is that Dropbox accounts can be accessed from anywhere using a computer, tablet, or phone. Worse yet, files that have intentionally or inadvertently been switched to ‘public’ can be accessed by anyone with the link, regardless of whether they even have a Dropbox account, which greatly limits the forensic abilities of anyone trying to determine who has accessed a particular file or folder. So even though Dropbox encrypts files with 256-bit AES encryption and utilizes SSL and TLS security protocols, if someone has a login or a public URL to a sensitive file, you won’t be able to prevent their unauthorized access.
Further illustrating their issues with security, Dropbox in their help section provides a link to contact support for users that have been compromised or hacked. For security researchers, they suggest reporting any issues to the third-party service HackerOne, which pays hackers to identify security issues with businesses’ online tools and services. Dropbox asks for “reasonable time” to respond before making any issue public, and also asks the researchers to refrain from accessing or modifying user data they happen to come across. Furthermore, Dropbox admits that they do not provide client-side encryption, nor the creation of private keys, but they do allow users to add their own additional layer of encryption at their own cost.
Nonetheless, Dropbox professes that the “security of your data is our highest priority.”
We say it doesn’t even come close. Dropbox has a history of hacking incidents going back years, and all the encryption in the world won’t help if an account is compromised or if Dropbox complies with a data request to share sensitive information, which they have been known to do. While most people think that hacking is about typing on a keyboard until you magically gain entry, most experienced hackers know that the best way to gain access to a database or file is more social than technical. Compromising and resetting someone’s password is much easier and typically more fruitful than brute forcing your way through a login, which is exactly what led to Dropbox’s 2012 hack.
That said, Dropbox is actually pretty secure as far as digital storage goes, at least for individual use. They use the latest and greatest encryption protocols for storage and data in transit, as well as an optional a two-step verification layer, and they claim to regularly test their infrastructure for security vulnerabilities.
But for sensitive data, there’s really no match for a dedicated secure file management platform. Unfortunately, none of the existing cloud-based file storage solutions fit the bill, and enterprise-level virtual data rooms, also known as secure VDRs, provide a much higher level of security than you’ll get with any consumer-level product. Many VDRs come with secure data management capabilities, which allows you to define timing and availability of any sensitive document or folder. Additional features such as personalized watermarks or tools that block copying, printing, or saving further enhance the security measures of a VDR.
However, the most important piece may well be customer service. With Dropbox, Google Drive and Box.com, as well as other cloud-based solutions, you won’t be able to pick up the phone and talk to anyone about your account. If they have any sort of customer service, it’s likely a lengthy ticket-based system, which could take days or weeks to resolve any issue, and that’s if you get a response at all. On the other hand, a secure VDR often includes live support and a data room project manager, which all help to ensure that your data is appropriately secure and available, and can help teach you how to better use the system to maximize your organization’s security. Compared to Dropbox’s “you figure it out,” it’s a welcome line of assistance that can help you and your team get up to speed in a secure and safe manner. If there are any issues, you’ll also appreciate the 24/7 live support and, for crucial accounts, direct access to local reps and affiliates.
Virtual Data Rooms (VDR’s) – Built for Business, Prioritizing Security
Unlike Dropbox, which was developed for consumers to easily share and store files and retrofitted to appeal to business customers, VDRs originated as business storage solutions for activities like capital raising and due diligence. Physical security and document integrity features are also built into the framework of VDRs.
This business-first perspective takes into account the likelihood of multiple users in the virtual data room. Professional vendors like InceLink offer a basic VDR that tend to be less expensive than the per-user rate charged by Dropbox, Google Drive or other file sharing sites.
What do we mean by physical security? Top-notch secure VDR suppliers, like InceLink, use data centers protected by skilled personnel, surveillance, backup generators, and backup servers to ensure data protection and continuous access. Digital security measures are also robust, with multiple firewalls and the latest encryption software available. Smaller ‘cloud’ solutions aren’t currently providing these safeguards.
And what about document integrity? Well, maintaining document integrity in a paper world was straightforward. The original document was typed, altered with easy to see ‘white-out,’ filed, then sent to storage and eventually destroyed. In the digital world, a simple file storage solution can’t deliver the document integrity of a VDR. The process of document sharing and due diligence is now more complicated since it must address the following issues:
- recording who created a document
- capturing all changes
- encrypting the document before sending
- tracking access
- keeping an easy-to-use archive
- controlling printing and destruction
This information must also be accurate, unchanged, and reliable throughout the life cycle of a document. InceLink VDR features let administrators restrict document roles from viewer-only to authoring. Copying, downloading and printing authority can also be controlled. Watermarks can be used to protect against unauthorized screenshots. There’s no better solution for secure document sharing and collaboration.
Get Organized and Rest Easy with a VDR
Virtual data rooms were designed to support the vast amounts of data handled in corporate environments. Features VDRs offer to make data management more efficient include:
- numbering and indexing of documents when uploaded, helping you navigate through files
- advanced search functions for documents and files
- bulk uploads, drag/drop functionality, and compatibility with more than 25 file formats
This means you and your team can find needed documents much more quickly, giving you more time to focus on making decisions to move the deal forward.
A VDR also provides more protections for information sharing. As an administrator, you determine the following:
- who enters the virtual data room
- the files and documents individuals can access
- how long information can be viewed
- whether information can be printed or downloaded
The exposure of sensitive material is controlled (and limited). And the communication power of VDRs is unparalleled thanks to the detailed reports of VDR access, document alterations, new uploads, comments and questions that are available. These reports are also useful for any audits of your deals.
Moving Forward with VDR – and InceLink
Your security-driven bot is nodding and smiling about your decision to use a virtual data room instead of Dropbox. Why? Because InceLink’s Virtual Data Room provides strong document management, flexible storage, and state-of-the-art security to manage access and encryption. You might be able to make it work, but using Dropbox for due diligence doesn’t make much sense with such a compelling alternative available.
Fill in the form below and we will contact you with more information.
Our team is ready to talk with you about your specific project needs- whether you need a VDR for due diligence, capital raising, or anything your team can dream up.
This article was originally published on the CapLinked website and has been amended for the Ince audience. Ince has partnered with CapLinked to bring their superior product to Africa under the InceLink brand. As a result of this partnership, you get all all the great features brought to you by CapLinked, priced in Rands and supported locally by the Ince team.
How Ince is stimulating the South African economy through its digital services
As South Africa wrestles with the uncertainty that the COVID-19 pandemic presents, many businesses are changing how they communicate to the market and their stakeholders. With over a century of experience in helping businesses and organisations – large and small – communicate effectively, Ince is leading the way by supporting South African companies during this period.
One month ago, President Cyril Ramaphosa outlined the next steps to reopening the South African economy. In his address, he stressed the importance of unity in promoting and supporting local businesses. “Our country and the world we live in will never be the same,” Ramaphosa remarked. “Our economic strategy going forward will require a new social compact among all role players – business, labour, community and government – to restructure our economy and achieve inclusive growth.” The president urged South Africans to promote local businesses, services and products as pivotal in creating the new social contract.
Why not help to support the South African economy by making use of Ince’s proudly South African platforms for your next Annual General Meeting, Special General Meeting or any meeting where stakeholder participation is key?
Ince is a proudly South African, fourth generation family-owned and run company, with a level 2 B-BBEE rating. It is a story of entrepreneurship and adaption with a thirst for adventure and deeply rooted values. Ince may have started as a print business over 100 years ago, but as the market has changed, they have evolved into so much more than that in delivering excellence to the market. Today, as a fully-fledged digital company, Ince offers clients proven digital platforms and solutions that enable effective collaboration and voting which support inclusive stakeholder engagement.
Connecting to stakeholders – whether they be shareholders, analysts, employees, the media or NGOs – is high on the agenda now more than ever. Ince combines two easy-to-use platforms that enable successful stakeholder communication and engagement. These can be customised to meet all of your requirements.
Ince developed iProxy, a robust easy-to-use online proxy voting platform over 23 years ago. iProxy mirrors the traditional paper process of submitting proxy voting ballots into the digital age, enabling shareholders to vote on resolutions electronically from remote destinations. As the system completely mirrors the paper-based proxy voting system used by transfer secretaries in South Africa, it is fully compliant with the regulators. It provides a real-time birds’ eye view of votes as they happen. iProxy can be used ahead of a meeting as well as during the meeting as the voting platform.
iMeeting is an interactive, cloud-based solution that facilitates shareholder attendance at a live meeting. Attendees simply log on to view a streaming webcast and has a live interactive forum where attendees can interact directly with the speaker.
By integrating the iProxy platform into a virtual meeting, shareholders attending can vote on resolutions. These votes, together with any votes lodged ahead of the meeting, are sent to those tallying the votes for an efficient, seamless voting process.
Jill Parratt, Group Secretary of Liberty Holdings had this to say after using the Ince platform for their 2020 AGM: “Your platform worked extremely well. Your team provided excellent support, both prior to the AGM and during the AGM, and were immediately available to answer questions and test the platform. Nothing went wrong on the actual day and the sound and visuals were good. I have no hesitation in recommending INCE.”
