U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Due Diligence— Just “Due” It


  1. Home
  2. Due Diligence— Just “Due” It
Due Diligence— Just “Due” It

Successful Department of Defense (DoD) acquisitions are the product of comprehensive, structured and ongoing due diligence strategies, custom tailored for each phase of each program. Program managers (PMs) are only half right to believe that due diligence is reactive and starts with the proposal.

Due diligence must be proactive as well and start with the Needs Assessment. PMs must be equally industrious when initially identifying needs and developing the requests for proposals (RFPs)—and then throughout the remaining acquisition process.

Figure 1 outlines a generic DoD acquisition process, suggesting to PMs that there is both a need and an opportunity for due diligence at every program phase.
Management books define due diligence as “investigation by or on behalf of an intended buyer of a product or service to check that the seller has the desired assets, turnover, profits, market share positions, technology, customer franchise, patents and brand rights, contracts and other attributes required by the buyer or claimed by the seller.”
In the private sector, designated due diligence personnel (e.g., a team of financial, technical and/or legal experts) review and analyze all operative documents submitted by potential contract awardees. Moreover, growing numbers of business enterprises are pursuing additional legal protection for themselves in order to shield themselves from harm if their due diligence efforts fail to uncover serious problems with mergers or purchase transactions.

For our purposes, due diligence in acquisitions means making certain that all the facts regarding an organization are available and have been measurably verified. More on this later.

Effective due diligence processes include Environmental due diligence, like environmental site assessments to avoid liability under the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA), commonly referred to as the “Superfund law.” Manufacturing due diligence involves a number of concepts regarding either the performance of source inspections or surveillances, such as quality system audits. Due diligence in contractor quality is the effort made by safety, quality and environmental professionals to validate conformance provided by sellers to purchasers. Investigative due diligence involves a general obligation to identify true root causes for noncompliance on a standard or contract requirement.

Failure to exert due diligence may (and perhaps should) be considered negligence.

In performance, due diligence audits are very similar to any other audits. I advise clients that it may be less complicated just to think of due diligence as a part of their day-to-day management strategy, like any other internal control.

Identifying the Requirement—
First Things First
DoD cannot expect contractors to create spot-on products or actionable services unless it is precise in the development and specification of its requirements. The Needs Assessment and the research it both entails and generates impose ongoing due diligence demands and expectations on DoD. Only the most scrupulous developmental processes will do for the “Buy or Cancel Decision,” and a flawed Statement of Work will inevitably produce a flawed product or service. See Figure 2.
All this before the contractor even gets a peek at the RFP.

The RFP 
A great deal has been written about the RFP process, primarily regarding the U.S. Government and its formal acquisition programs. You can find just as much written about how contractors answer RFPs with (seemingly) credible and executable proposals and their plans to achieve the success expected following contract award. We could discuss that all day, but we will stay with what you need to do to impress upon contractors that to bid for DoD business is to perform in an atmosphere of mutual honesty, mutual understanding, and mutual benefit. DoD must impress on contractors its seriousness and ­commitment—and that, if the product does not achieve the goals for which it was built, a heavy cost could be exacted in mission failures and losses of life.

The RFP’s size and complexity are functions of the work requested. However, regardless of the physical size, the RFP must include many fundamentals, each well-researched and unambiguous. Technical specification of the required product or service desired should be as precise as possible. Include an abbreviated management plan, again containing material previously developed (e.g., objectives), plus organizational responsibilities, interfaces, reporting requirements, regulatory requirements and schedules.
The RFP is the sum of all the research, analyses, and intelligence collection that you have done. It must be scrupulously performed and just as scrupulously reflected in the RFP, if the acquisition is expected to obtain the product or service that the troops need.

How well the contractor understands and is willing to comply is the subject of the next section.

The Proposal
An ethical contractor, like an ethical management consultant, should never bid on a job he or she cannot do well.
Proposals must do more than answer the mail—they must answer the need.

Upon receiving the RFP, it is hoped that the contractor will analyze it thoroughly to determine whether there is an advantage to be gained in responding with an offer of work. The contractor’s proposal should address every point of the RFP, in accordance with the stated provisions.

Some companies have business development personnel ready to respond to any RFP, either by themselves or with a staff of nameless, faceless, “cut and paste” commandos. Resulting proposals often are mosaics of favorite blurbs from previous proposals. The objective: Get the contract first, and then worry about how to perform the work. Be afraid—be very afraid!

Proposals require the greatest possible due diligence from both the contractor and the DoD PM. Review must go far beyond block-checking and page-counting by cubicle-dwellers. Proposals must be more than just correct and comprehensive. They must be forthright, straightforward and free of deception, credible beyond question, and scrupulously reflect the state of the contractor’s organization and management approach. The Proposal is “cradle to grave”; it should describe the entire life cycle of the product or service.

The Statement of Work must be as it was written, but now with the contractor’s description of how it will perform your tasks. This is critical. The proposal must be responsive to the DoD’s needs as specified in the RFP, complete with performance requirements and measures of effectiveness.

The Management Approach—again restating yours but with the contractor’s execution plan, specifies that the design process (if appropriate) is adequately defined and incorporates appropriate technologies, such as computer-aided design; databases are comprehensive and test and evaluation procedures are established or confirmed, and life-cycle requirements are defined.

A comprehensive proposal also should include (in some format or another):

  • A quantifiable summary of the organization’s performance track record with similar projects
  • Adherence to statutory and regulatory requirements
  • A vision of the outcome
  • Products and services and their end uses
  • Comparison of the organization’s products and services with those of potential adversaries
  • Warranties, guarantees, and follow-on service
  • Synergies and innovations
  • A formidable understanding of the threat necessitating the product or service and whether the products or services address the threat for which they were developed
  • Post-delivery service support (hotline, maintenance, complaints, upgrades, acquisition from stateside sources not deployed forward, etc.)

There should also be evidence (often separately provided) of contractor soundness and the assumptions underlying that soundness (i.e., will the contractor go under if it does not win the contract?).

A contractor, in order to get the job, may underbid (i.e., “low ball”) the competition, often expecting to recoup lost money in amendments, modifications and extensions. They often succeed, but they just as often wind up working nights and weekends “for free” because the money to pay for all those deliverables simply isn’t there. Another unacceptable reaction is for the contractor to assign the work to less-qualified personnel because the cost is less than that of the original personnel assigned. When this is planned at the outset, it’s often called “bait and switch” and is unethical. In any event, this risks delivering a low-quality product or service, not what is being paid for—and, even worse, not what the troops need.

When the contractor complains to his or her congressman, you really need to have your act together.

Review the proposal carefully, to ensure that you will be getting exactly what you asked for within the time, funding, and quality constraints you stated—before you sign on the dotted line.

From the first moment of the acquisition process, PMs operate in a “triple threat” environment, as gloomily described in Figure 3. Performance is critical, and the reader is reminded that there should be no doubt in anyone’s mind about what the product is supposed to do. That’s why the Concept of Operations and the Statement of Work must be scrupulously developed, understood and followed. Time and cost often have an inverse relationship with performance. That is, the contractor often wants more time and funding, in return for lower product expectations. Again, program success in the triple threat environment requires due diligence in internal controls—constant and unwavering.
And all credible organizations, military and civilian, require comprehensive and meaningful internal controls. A due diligence audit of these controls should judge not only the products of the controls (e.g., records and reports), but also the sufficiency and comprehensiveness of the controls themselves and the level of importance and relevance attached to them by the contractor. Private sector organizations that let their internal control processes slide, or do not take action on problems surfaced by the controls, deservedly lose their credibility—maybe even their existence.

Acquisition managers may need outside help from additional personnel with specialized experience, expertise or certification.

Many organizations in both the public and private sectors undertake the due diligence process with insufficient vigor. In some cases, the prevailing culture suffers from malaise and views due diligence as a perfunctory exercise to be checked off quickly. In other instances, the outcome of the due diligence process may be tainted (either consciously or unconsciously) by stakeholders who stand to benefit personally or professionally from contract awards.
DoD must guard against such casual or flawed attitudes from impacting its programs. A robust and actionable DoD due diligence strategy can prevent costly failures—measured both in lives and funds. Moreover, failures and/or shortcomings in one mission area (e.g., intelligence collection) also can adversely impact related missions (e.g., power projection). Those same failures will have profound consequences not only on our security, but on our national posture and international reputation.
I close with my favorite quote from 19th-century jurist Edmund Burke: “The only thing necessary for evil to triumph is for good men to do nothing.” 

Razzetti is a retired U.S. Navy captain, management consultant, auditor, and military analyst. He is the author of five management books, including a book for the military: “Hardening by Auditing—A Handbook for Measurably and Immediately Improving the Security Management of Any Organization” and has served on the advisory boards of two business schools.

The author can be reached at [email protected].

To print a PDF copy of this article, click here.