Every important business decision comes with some risk. Buying a company, investing in a startup, signing a major contract, closing a property deal - all of these have consequences if things go wrong. Due diligence is the process that helps you understand those risks before you commit.
In this guide, we'll walk through what due diligence really means, why it matters, how it works in practice, and what tools make the process go smoothly. We'll also show you how Ellty, a secure virtual data room built for document sharing and deal management, fits into that process.
What is due diligence?
Due diligence is the process of carefully reviewing information before making a major decision. In a business context, it means investigating a company, asset, or opportunity to make sure everything is as it appears, before you sign anything or hand over money.
Think of it like doing your homework before a big purchase. You'd check reviews before buying a car, right? Due diligence is that same instinct, but applied to mergers, acquisitions, investments, real estate deals, vendor agreements, and more.
It typically involves reviewing financial records, legal documents, contracts, operational data, and anything else that helps the other party understand what they're getting into. The goal is simple: no surprises after the deal closes.
What is the purpose of due diligence?
The main purpose of due diligence is to reduce risk. But there's more to it than just checking for problems. Here's what a well-run due diligence process actually achieves:
- Uncovers hidden liabilities - outstanding debts, pending lawsuits, undisclosed obligations
- Validates claims - confirms that financial figures, customer numbers, and contracts are accurate
- Builds informed confidence - gives the buying or investing party a real basis for their decision
- Supports negotiation - findings can affect the final price or deal terms
- Protects all parties legally - a thorough process shows that proper care was taken
Whether you're on the buy side or sell side, due diligence protects your interests. For sellers, having your documents organized and ready to share signals credibility. For buyers, it's the foundation for every decision you're about to make.
Ready to run a cleaner, more secure due diligence process? Start with Ellty - free to try, no per-user fees.
The 3 principles of due diligence
While every due diligence process looks a little different depending on the deal, there are three core principles that apply across the board:
1. Thoroughness
You can't cut corners in due diligence. Missing even one key document, an undisclosed lien on a property, a pending lawsuit, an expired license, can have serious consequences. A good process covers all relevant areas, not just the obvious ones.
2. Accuracy
It's not enough to collect documents. You need to verify them. Numbers should be cross-checked. Contracts should be read in full. Claims should be backed by evidence. Accuracy means you're working with facts, not assumptions.
3. Confidentiality
Due diligence requires sharing sensitive information such as financials, customer data, intellectual property, internal reports. Protecting that information throughout the process is non-negotiable. This is where a secure platform like Ellty becomes essential. With access controls, NDA gating, and audit logs, you can share what's needed without losing control of your documents.
Types of due diligence
Due diligence isn't one-size-fits-all. Depending on the deal, you may need to focus on different areas. Here are the most common types:
Financial due diligence
This is usually the starting point. It involves reviewing financial statements, tax returns, revenue and profit trends, debt levels, cash flow, and any financial obligations. The goal is to confirm that the numbers add up and understand the financial health of what you're evaluating.
Legal due diligence
This covers contracts, licenses, intellectual property, litigation history, regulatory compliance, and corporate structure. Legal due diligence checks whether the business operates within the law and whether there are any legal risks that could affect the deal.
Operational due diligence
This looks at how the business actually runs, its processes, supply chain, technology infrastructure, key personnel, and day-to-day operations. It helps identify operational weaknesses or dependencies that might not show up on a balance sheet.
Commercial due diligence
This focuses on the market, who the customers are, how competitive the space is, what the growth potential looks like, and whether the business model is sustainable. It answers the question: does this company have a real future?
Technical due diligence
Common in tech deals and software acquisitions, this reviews the codebase, technology stack, security posture, scalability, and technical debt. It tells you whether the product can actually do what it claims and what it would cost to maintain or grow it.
Environmental due diligence
Especially relevant in real estate and industrial deals, this assesses environmental risks such as contamination, regulatory compliance, waste management. It's critical for avoiding long-term liability.
Why Ellty is the go-to platform for due diligence
When you're running a due diligence process, document management is everything. You're sharing sensitive files with multiple parties, tracking who's reviewed what, managing access permissions, and keeping a clean record of every interaction. Doing this over email or generic cloud storage is slow, risky, and hard to manage.
Ellty is built specifically for this kind of work. It's a secure virtual data room that gives you the tools to run a controlled, professional document review, at a price that makes sense.
Here's what you get with Ellty:
- Access controls - decide exactly who can see which documents
- NDA gating - require visitors to sign a non-disclosure agreement before they can access your data room
- Dynamic watermarking - every document is marked with the viewer's information to discourage unauthorized sharing
- Real-time activity tracking - see who opened what, when, and for how long
- Full audit logs - a complete record of all activity in your data room
- eSignatures - request and collect signatures without leaving the platform
- Custom branding - present your data room professionally with your own logo and colors
Ellty pricing is flat and transparent. No per-user charges. No per-page fees. No custom enterprise quotes. You choose a plan and get to work:
Whether you're managing a Series A fundraise, a property transaction, or a corporate acquisition, Ellty gives you the structure and security to run due diligence the right way.
How to conduct the due diligence process
A well-run due diligence process follows a clear sequence. Here's how it typically works:
Step 1: define the scope
Not every deal requires the same depth of review. Start by identifying which areas matter most based on the nature of the transaction. A clear scope saves time and keeps everyone focused.
Step 2: build a request list
Create a detailed list of documents and information you need. This usually includes financial statements, contracts, corporate records, employee agreements, and anything specific to the deal type. Share this list with the other party early.
Step 3: set up a secure data room
This is where Ellty comes in. Instead of emailing documents back and forth, set up a structured data room where all files live in one place. Organize folders by category, assign permissions based on who needs to see what, and enable NDA gating before anyone gets access.
Step 4: review documents systematically
Work through each document category methodically. Flag anything that raises questions. Use Ellty activity tracking to see which documents have been reviewed and which are still pending.
Step 5: ask follow-up questions
No document tells the full story on its own. As you review, you'll likely have questions. A well-organized data room makes it easier to reference specific documents and get answers faster.
Step 6: compile your findings
Summarize what you found: positives, risks, open questions, and deal-breakers if any. This report becomes the basis for your final decision and any negotiation on price or terms.
Step 7: make a decision
With a complete picture in front of you, you can move forward with confidence, whether that means proceeding with the deal, renegotiating terms, or walking away.
Real-world examples of due diligence
Startup fundraising
A founder raising a Series B round sets up an Ellty data room and uploads financials, cap table, customer contracts, and growth metrics. Investors access the room after signing an NDA, and the founder can see exactly who's reviewing which documents, helping them prioritize follow-up conversations with the most engaged investors.
Commercial real estate
A property firm preparing for a sale organizes title deeds, inspection reports, tenant agreements, and planning documents in an Ellty data room. Multiple buyer parties are given tiered access, some see the summary documents, others get full access after advancing in the process.
Mergers and acquisitions
A mid-size company being acquired by a larger firm shares three years of audited financials, employment contracts, IP filings, and regulatory approvals through Ellty. The acquirer's legal and financial teams work in parallel, and the audit log provides a clear record of who reviewed what, useful for both parties during closing.
Consulting and advisory
A consulting firm shares a deliverable with a client through Ellty. The client can view the report but can't download or forward it. Dynamic watermarking ensures every page is tied to the client's identity, protecting the firm's work product.
Managing a deal right now?
Ellty gets you set up in minutes, with all the features of a professional data room, none of the enterprise pricing.
Key components of an effective due diligence program
If you run deals regularly, as an investor, advisor, or business owner, it helps to have a repeatable due diligence program rather than rebuilding the process from scratch each time. Here's what that looks like:
- Standardized request templates - a master list of documents for each deal type, adjusted as needed
- A secure document platform - one consistent place to collect and review files (Ellty works well here)
- Clear team roles - who is responsible for reviewing which areas
- Defined timelines - a realistic schedule with milestones for each review stage
- Issue tracking - a way to log and follow up on red flags as they emerge
- A findings report template - a consistent format for summarizing what was found
- Post-deal review - a process to compare pre-deal findings with post-deal reality, to improve future processes
Having these components in place means your team can move faster, make fewer mistakes, and maintain consistency across deals.
Due diligence red flags and pitfalls
Knowing what to look for is just as important as knowing how to look. Here are some of the most common red flags that show up during due diligence and the process mistakes that can cause you to miss them.
Common red flags
- Inconsistencies between financial statements and tax returns
- Key customer contracts that are expiring or up for renewal
- Pending litigation or unresolved regulatory issues
- High employee turnover, especially in senior roles
- Revenue that's heavily concentrated in one or two clients
- Intellectual property that isn't properly registered or protected
- Unusual related-party transactions
- Reluctance to share documents or unexplained delays in the process
Common process pitfalls
- Moving too fast and skipping important document categories
- Relying on representations without verifying the underlying documents
- Not having the right specialists involved (legal, financial, technical)
- Sharing documents insecurely, creating confidentiality risk
- Failing to document what was reviewed and when
A well-organized data room with access controls and audit logs, naturally addresses several of these pitfalls. When everything is tracked and documented, it's harder for things to slip through the cracks.
Build a credible due diligence program
Whether you're running due diligence for the first time or looking to improve an existing process, the goal is the same: make it thorough, structured, and secure.
Start by getting the right tools in place. A secure data room is not a luxury, it's a basic requirement for any serious deal. Ellty gives you everything you need to run a professional due diligence process without the complexity or cost of legacy platforms.
From NDA gating and dynamic watermarking to full audit trails and eSignatures, Ellty is built for deals where the stakes are real and the documents are sensitive.
The best due diligence programs are the ones that become habits, standard templates, consistent tools, and a team that knows exactly what to do when a new deal comes in.
Start building your due diligence program on Ellty.
Frequently asked questions
What is the difference between due diligence and an audit?
An audit is a formal, regulated review of financial records, usually performed by a licensed accountant and required by law or regulation. Due diligence is broader and less formal. It covers financials, but also legal, operational, commercial, and technical areas. Due diligence is typically done in the context of a specific transaction, not as a regular compliance requirement.
How long does a due diligence process take?
It depends on the deal size and complexity. A small acquisition might take two to four weeks. A large, cross-border M&A transaction can take several months. The better organized the data room and the more responsive both parties are, the faster the process tends to go. Ellty activity tracking helps identify delays early so you can follow up before they become problems.
Who is responsible for conducting due diligence?
Usually the party making the acquisition or investment, the buy side. They may involve internal teams (finance, legal, operations) or bring in external advisors (accountants, lawyers, consultants). The sell side is responsible for making documents available in a timely and organized way.
What documents are typically included in a due diligence data room?
The exact list depends on the deal, but common categories include: financial statements and tax returns, corporate records and ownership structure, material contracts, employment agreements, intellectual property registrations, regulatory and compliance documents, and operational reports. Ellty Room and Room Plus plans support up to 4,000 assets per data room, so you can include as much as you need.
Is due diligence legally required?
In most cases, due diligence is not legally required, but it is standard practice, and skipping it can create serious legal and financial exposure. In some regulated industries and transaction types, specific forms of investigation may be legally mandated. Consulting a lawyer familiar with your transaction type is always a good idea.
Can due diligence uncover deal-breakers?
Yes, and that's exactly the point. Due diligence is designed to surface issues before you commit. It's far better to find a problem during the review process than after the deal closes. Common deal-breakers include undisclosed liabilities, regulatory violations, material misrepresentations, or fundamental issues with the business model.
How does Ellty protect sensitive documents during due diligence?
Ellty gives you multiple layers of protection. NDA gating requires visitors to agree to a non-disclosure agreement before accessing your data room. Granular permissions let you control exactly who can view, download, or print each document. Dynamic watermarking marks every page with the viewer's identity. And full audit logs record every action taken in the room, who opened what, when, and for how long. These features are available on Ellty Room and Room Plus plans.
Ready to run better due diligence?
Ellty is a secure virtual data room with flat, transparent pricing, built for deals of every size.
No per-user fees, no long setup, no surprises. Get started now!
