BlogMergers and AcquisitionsOperational Due Diligence in 2026: Process, Scope, and Checklist

Operational Due Diligence in 2026: Process, Scope, and Checklist

20 min read
Marc Seitz

Marc Seitz

Operational due diligence workflow and virtual data room analytics

Operational due diligence is the review that determines whether a target company can actually execute its business model, scale efficiently, and deliver the results its financials promise. It examines people, processes, technology, supply chain, and cost structure to surface hidden execution risk before a deal closes.

Quick recap

  • Operational due diligence (ODD) assesses a target's ability to run and scale its operations, as distinct from financial DD (past results) and commercial DD (market and revenue).
  • Core scope covers organizational structure, technology and systems, processes and workflows, supply chain, facilities, scalability, and cost structure.
  • Timing runs 4-8 weeks for strategic acquisitions, 6-10 weeks for private equity, and 8-12 weeks for operational turnarounds, usually starting after an LOI is signed.
  • Private equity firms weight ODD heavily because their returns depend on operational improvements delivered after close.
  • The process typically moves through document request, interviews, site visits, benchmarking, scalability modeling, value-creation planning, and a final report.
  • Common red flags include key person dependence, outdated technology, supplier concentration, deferred maintenance, and manual processes that break at scale.
  • Documents are usually exchanged through a secure virtual data room so consultants, IT auditors, and operational experts can review under controlled access.
  • Papermark offers virtual data rooms with granular permissions, dynamic watermarking, and page-by-page analytics from €99/month.

A company can have strong financials, a defensible market position, and happy customers, and still be a poor acquisition if its operations are a mess. Operational due diligence is how buyers find that out before wiring the money rather than after. It reveals the risks that never appear on an income statement, such as a single engineer who holds the whole product together or a supply chain that depends on one factory, and it uncovers the upside: the process that can be automated, the contracts that can be consolidated, the headcount that can be redeployed. This guide walks through what operational due diligence covers, when to run it, how the process works step by step, and the checklist and red flags to keep on hand.

What is operational due diligence?

Operational due diligence (ODD) assesses a target's ability to execute its business model efficiently and to scale for future growth. Where financial due diligence validates that past results are real and commercial due diligence forecasts whether the market will keep generating revenue, operational due diligence asks a narrower, more practical question: can this company actually deliver those results profitably, and keep delivering them at two or three times the current size? It is the diligence stream concerned with how work gets done rather than what the work has earned.

In practice, ODD spans the full operating machine of a business, and each dimension is examined not only for its current state but for how it behaves under growth. A process that works today at 100 orders a day may collapse at 300, and that fragility is exactly what operational diligence is meant to expose. The scope of a typical review breaks into seven areas, each covered in depth later in this guide: organizational structure and talent, technology and systems, processes and workflows, supply chain and operations, facilities and assets, scalability, and cost structure. Taken together, these tell an acquirer whether the business is a well-run operation that simply needs capital, or a fixer-upper whose valuation should reflect the work required to make it perform.

Why operational due diligence matters

The strongest argument for operational due diligence is that the biggest post-close surprises are almost always operational, not financial. Audited financials are usually accurate. What catches buyers off guard is discovering, three months after close, that the head of engineering is the only person who understands the codebase, that the manufacturing line is running at 95 percent capacity with no room to grow, or that half the cost savings in the deal thesis depend on a systems integration that will take two years. Operational diligence exists to move those discoveries to before the deal, where they can still influence price, structure, and planning.

Beyond risk, operational due diligence is where value creation gets identified. Operational improvements such as automation, vendor consolidation, and technology rationalization frequently deliver more value than the revenue synergies that headline a deal, and because they sit inside the business rather than in an uncertain market, they tend to be more reliable sources of return. A good operational review turns those opportunities into a costed, prioritized roadmap the buyer can execute on day one. Private equity firms in particular treat this work as central rather than supplementary, because their entire model depends on improving a company between purchase and sale. A thorough review is meant to produce the following outcomes:

  • Identify execution risks such as key person dependence, single points of failure, and fragile processes.
  • Uncover cost savings through process inefficiencies, vendor consolidation, and automation.
  • Assess scalability by testing whether the business can handle 2-3x growth without major new infrastructure.
  • Validate integration complexity by mapping system dependencies and the effort required to combine them.
  • Inform post-close value creation so the buyer walks in with a plan rather than a hypothesis.

Skipping this work does not remove the risk, it simply defers the discovery to a point where it is more expensive to fix.

Operational DD versus other diligence types

Operational due diligence does not stand alone. It runs alongside financial, commercial, and legal diligence, and each stream answers a different core question about the target. Financial diligence proves the numbers are real, commercial diligence proves the market is attractive, legal diligence proves the company is not carrying hidden liabilities, and operational diligence proves the company can execute and scale to deliver on all of the above. The four are complementary, and a deal team that treats them as interchangeable will miss the specific risks each is designed to catch.

Operational diligence becomes especially decisive in private equity, where the thesis often rests explicitly on operational improvement, and in turnarounds, where a buyer acquires a distressed asset precisely because they believe the operations can be fixed. In both cases the review is not a box to tick but the heart of the analysis. The table below summarizes how the four types divide the work.

TypeFocusKey questions
Operational DDProcesses, systems, executionCan they execute and scale efficiently?
Financial DDHistorical financials, earnings qualityAre the numbers real and sustainable?
Commercial DDMarket, customers, competitionIs this a good business in an attractive market?
Legal DDContracts, compliance, IPAre there legal risks or liabilities?

All four are essential. Operational DD is the one that most directly connects the deal thesis to what the buyer will actually have to do after close.

When to conduct operational due diligence

Operational due diligence almost always begins after a letter of intent has been signed, once both parties are committed enough to justify opening sensitive operational information to outside reviewers. Before an LOI, a buyer rarely has the access or the standing to interview department heads, tour facilities, or inspect system architecture. After it, operational diligence runs in parallel with financial and commercial workstreams so the findings can be reconciled into a single view before the final purchase agreement. The right duration and emphasis depend heavily on the type of deal, because a strategic tuck-in acquisition demands different operational scrutiny than a distressed turnaround.

The three common scenarios differ mainly in depth and timeline, from a strategic tuck-in focused on integration to a distressed turnaround that reaches into root causes. The following breakdown captures the typical timing and focus for each.

For strategic acquisitions, run operational DD in parallel with financial and commercial DD after signing the LOI, roughly 4-8 weeks before the final purchase agreement. The emphasis falls on integration complexity, system compatibility, talent retention, and cost synergies, because the value of the deal depends on how cleanly the two operations combine.

For private equity investments, plan for a deeper 6-10 week review before the final investment decision. Here the focus is on operational improvements, cost optimization, scalability, and the quality of the management team that will have to deliver the value-creation plan.

For operational turnarounds, allow 8-12 weeks, including on-site assessments. The work centers on root-cause analysis of underperformance, identifying quick wins, and building an improvement roadmap that justifies the acquisition of a distressed or underperforming asset.

Key components of operational due diligence

Operational due diligence is broad, and the most reliable way to keep it from becoming an unfocused fishing expedition is to work through a defined set of components. The seven areas below each combine an assessment of current state with a scalability lens, and each produces its own set of findings, red flags, and value-creation opportunities that ultimately roll up into the final report.

Organizational structure and talent

The first component asks whether the people in the business can execute the plan the buyer is paying for. Organization and talent risk is easy to underestimate because it never appears on a financial statement, yet a thin management bench or an over-reliance on a handful of individuals can sink an otherwise healthy company. Reviewers interview department heads and read org charts, compensation data, and turnover reports to answer three questions: can the current team execute and scale, who are the critical people and will they stay, and what talent gaps must be filled post-close. The specific areas to examine are:

  • Organizational design: reporting structure, headcount by function, span of control, and how decisions get made.
  • Management team: experience, depth of bench, succession planning, and retention risk for each key leader.
  • Key person dependencies: functions that rest on one individual, and the state of documentation and succession.
  • Talent gaps: missing capabilities such as a CFO or CTO, skill gaps, and the hiring plan to close them.
  • Compensation and culture: pay competitiveness, equity structures, retention agreements, and turnover by function.

Technology and systems

The second component evaluates the IT infrastructure and technical capabilities the business runs on. Technology risk cuts two ways: modern, well-architected systems are an asset that supports growth and lowers integration cost, while aging systems loaded with technical debt quietly consume the capital a buyer expected to spend on growth. Reviewers read system diagrams, security audits, and roadmaps, and interview the CTO or IT lead to establish whether systems are modern and scalable, what the cybersecurity risks are, and how complex integration will be. The areas to cover are:

  • Systems landscape: core systems (ERP, CRM, HRIS, finance), the stack, integrations, and the cloud-versus-on-premise split.
  • Technology assessment: system age and technical debt, scalability under 2-3x volume, and uptime history.
  • Cybersecurity and compliance: security controls, data protection under GDPR and CCPA, breach history, and certifications such as SOC 2, ISO 27001, and HIPAA.
  • IT organization and integration: team capability, in-house versus outsourced mix, IT budget as a share of revenue, and integration timeline and cost.

Processes and workflows

The third component examines how work actually gets done and where inefficiency hides. Every business runs on a set of core processes, and their maturity determines both how efficiently the company operates today and how well it holds up under growth. A process that depends on manual data entry and tribal knowledge may function at current volume while being a serious constraint on scale and a prime automation candidate. Reviewers map the core processes and benchmark them against industry standards to establish whether they are efficient and scalable, where the bottlenecks are, and what quick wins exist. The areas to examine are:

  • Core processes: order-to-cash, procure-to-pay, hire-to-retire, and product development, traced end to end.
  • Process maturity: documentation, the manual-versus-automated balance, SOPs, and error rates.
  • Process efficiency: cycle times, capacity utilization, bottlenecks, and the level of waste and rework.
  • Continuous improvement: any Lean or Six Sigma initiatives, the KPIs in use, and whether feedback loops drive iteration.

Supply chain and operations

The fourth component assesses procurement, production, logistics, and inventory, the physical flow of goods and services through the business. Supply chain risk is often the most concentrated and the least visible until something breaks: a business that sources 60 percent of a critical input from one supplier is one dispute away from a crisis. Reviewers read vendor contracts, production reports, and inventory data, and visit sites firsthand to judge whether supply chains are resilient and diversified, where the inefficiencies lie, and whether operations can scale. The areas to work through are:

  • Supplier relationships: vendor concentration, contract terms, supplier reliability, and switching costs.
  • Procurement: approval workflows, vendor management, spend analytics, and available volume discounts.
  • Production and manufacturing where applicable: capacity and utilization, defect rates, and equipment age and maintenance.
  • Logistics and inventory: warehousing and fulfillment, delivery performance, 3PL relationships, inventory turns, obsolete stock, and forecasting accuracy.

Facilities and assets

The fifth component evaluates real estate, equipment, and capital assets, the physical footprint that supports operations. It matters because deferred maintenance and looming capital expenditure can turn a business that looks profitable on paper into one that will demand significant cash shortly after close. A warehouse near the end of its lease, a line full of aging equipment, or an unaddressed environmental liability can all change deal economics. Reviewers conduct site visits, read condition reports, and assess capex plans to understand what capital is needed, whether facilities support growth, and whether hidden liabilities exist. The areas to cover are:

  • Real estate: the owned-versus-leased split, lease terms and expirations, condition, and expansion capacity.
  • Equipment and machinery: inventory and age, maintenance history, upcoming capex, and obsolescence risk.
  • Capital planning: recent investments, planned capex over 3-5 years, and deferred-maintenance liabilities.
  • Environmental and safety: compliance and permits, safety record including OSHA violations, and remediation liabilities.

Scalability analysis

The sixth component pulls the others together to answer the question that most directly connects operations to the deal thesis: can the business support 2-3x growth without major structural change? Scalability analysis is less about any single system and more about finding what breaks first as volume rises. Every business has a binding constraint, whether a system that cannot handle higher transaction volume, a process too manual to scale, a facility with no room to expand, or a supplier that cannot meet demand. Identifying that constraint, and the sequence behind it, tells the buyer how much capital and time real growth will require. Model growth across:

  • Technology: whether systems can handle higher volumes or need replacement.
  • People and processes: whether the team can scale and whether processes are automated enough to keep up.
  • Facilities and supply chain: whether there is physical capacity and whether suppliers can meet increased demand.
  • Capital: how much investment scaling will require, and on what timeline.

Cost structure and efficiency

The seventh component analyzes where money is spent and where it can be saved, converting the qualitative findings from the earlier components into a quantitative view of margin and savings potential. By breaking spending into major categories and benchmarking each against industry peers, reviewers pinpoint where the business over-spends and estimate how much is recoverable. This is where value creation becomes concrete, because most operational savings, from vendor renegotiation to automation to facility consolidation, show up first as a line in the cost structure. The areas to build the analysis around are:

  • Cost breakdown: COGS, personnel, facilities, technology, marketing and sales, and G&A.
  • Cost benchmarking: comparison to peers, over- and under-spending, and cost trends.
  • Optimization opportunities: vendor consolidation, process automation, outsourcing of non-core functions, and technology rationalization.
  • Gross margin analysis: margin by product, customer, or segment, its trend, and the levers available to improve it.

How to conduct operational due diligence

With the components defined, the operational review runs as a sequence of seven steps that move from gathering raw material to delivering a decision-ready report. The steps are largely linear but overlap in practice, and the whole sequence is usually orchestrated through a secure virtual data room so that the deal team, external consultants, and the target's management can collaborate without exposing sensitive material more widely than necessary.

Step 1: Document request

The review begins by requesting the operational documents and data that everything else depends on. A well-structured request signals to the target that the buyer is serious and organized, and it front-loads the material reviewers need before interviews and site visits. The request typically spans organizational data such as org charts, headcount reports, compensation data, and turnover reports; technology material including system landscape diagrams, IT budget and roadmap, security audits, and software contracts; process documentation such as SOPs, process maps, and KPI reports; and supply chain and facilities records including vendor contracts, spend data, inventory reports, production metrics, and facility leases and condition reports. Because these documents are highly sensitive and shared with multiple outside parties, buyers use a secure data room to request, organize, and review them rather than passing files over email.

The alternative for document version control

No credit card required

Page by page analytics
Require email verification
Require password to view
Allow/Block specified viewers
Apply Watermark
Require NDA to view
Custom Welcome Message

Step 2: Conduct interviews

Documents describe the intended state of a business; interviews reveal the real one. The deal team meets the leaders who run the company day to day, typically the COO or head of operations, the CTO or head of IT, the VP of supply chain, any VP of manufacturing, facility managers, and department heads across finance and HR. The conversations probe current strengths and weaknesses, the bottlenecks leaders actually feel, scaling constraints, the technology roadmap, and integration considerations. The goal is to surface red flags and validate whether the data room materials match what the people running the business describe.

Step 3: Conduct site visits

Some problems only become visible in person. Site visits let the team observe facility condition, workflow efficiency, equipment age and utilization, employee morale, safety practices, and the real level of technology adoption on the floor. A tour frequently exposes issues that never appear in documents, such as equipment kept running past its life, disorganized workflows no process map captures, or a workforce whose body language contradicts the engagement survey. For manufacturing, logistics, and turnaround situations especially, walking the site is where the most important findings are made.

Step 4: Benchmark performance

To judge whether the target's operations are strong or weak, the team compares its metrics against industry benchmarks, turning raw data into a relative verdict. Useful benchmarks include revenue per employee, IT spend as a share of revenue, gross margin by segment, inventory turns, days sales outstanding, and employee turnover rate. A company with revenue per employee well below its peer group, for example, is signaling either overstaffing or underpricing, both of which point to specific follow-up questions and value-creation levers.

Step 5: Assess scalability

Next the team models what the operation looks like at 2x and 3x scale, translating the scalability component into concrete numbers: at what point technology needs replacement, how many additional hires each function requires, where manual processes break, when the business runs out of space, and what capital those changes demand. The output is an estimate of the timeline and investment required to scale, which feeds directly into the deal model. Growth that looks free in a spreadsheet often carries a real operational cost, and this is where that cost gets priced.

Step 6: Identify value creation opportunities

Operational diligence is not only about risk; it is where the buyer builds the case for return. The team documents the operational improvements that can drive post-close value and estimates the impact of each: process automation that improves speed, vendor consolidation that unlocks better rates, technology rationalization that eliminates redundant systems, organizational redesign that removes management layers, facility consolidation, and outsourcing of non-core functions. Each opportunity is ranked by ROI, calculated as savings divided by implementation cost, and by time to realize, so the buyer walks in with a ranked list rather than a wish list.

Step 7: Synthesize findings

The final step distills everything into an operational due diligence report the deal team can act on. A typical report opens with a two-to-three-page executive summary, then works through the operational picture section by section. It is presented to the deal team and used to adjust valuation, inform integration planning, and shape the 100-day value-creation plan. Its structure typically follows this order:

  1. Executive summary
  2. Organizational assessment covering team, talent, and key person risks
  3. Technology and systems covering infrastructure, scalability, and integration
  4. Processes and efficiency covering bottlenecks, automation, and improvements
  5. Supply chain and operations covering vendors, production, and logistics
  6. Facilities and assets covering real estate, equipment, and capex
  7. Scalability analysis covering constraints and investment requirements
  8. Cost optimization covering savings opportunities and benchmarks
  9. Integration considerations covering complexity, timeline, and risks
  10. Value creation roadmap covering initiatives, timeline, and ROI

A worked example: Meridian Partners acquires a logistics business

To see how these steps connect, consider Meridian Partners, a hypothetical mid-market private equity firm evaluating a €40 million regional logistics and fulfillment company. After signing the LOI, Meridian opens an eight-week operational due diligence process and stands up a virtual data room to gather the target's org charts, system diagrams, vendor contracts, warehouse leases, and fulfillment metrics in one controlled place, giving its two outside consultants folder-level access rather than a blanket view of the business.

The document review flags two concerns early. First, the warehouse management system is a heavily customized on-premise platform more than a decade old, with a single internal developer maintaining it. Second, one carrier handles 58 percent of outbound shipments. Interviews confirm the technology risk: the COO admits that the warehouse developer has no backup and little documentation, a textbook key person dependency. A site visit adds a third finding the documents concealed, with two of four fulfillment lines running near capacity and no floor space to add more.

Benchmarking shows revenue per employee roughly 20 percent below peers, pointing to overstaffing in administrative functions. Modeling the operation at 2x volume, Meridian's team concludes the warehouse system would need replacement within eighteen months and a second facility would be required to support growth. On the upside, consolidating carriers and renegotiating the dominant contract could cut freight cost by an estimated 12 percent.

Meridian's final report reprices the deal to reflect the system replacement and new-facility capex, makes a retention package for the warehouse developer a closing condition, and hands the incoming management team a 100-day plan built around carrier consolidation and administrative streamlining. The operations that looked clean on paper carried real risk, and finding it before close changed both the price and the plan.

How Papermark helps with operational due diligence

Operational due diligence generates one of the most sensitive document sets in any transaction, and it has to be shared with people outside the deal team, including operations consultants, IT auditors, supply chain experts, and the target's own management, often under a compressed timeline. A virtual data room is the standard way to run that exchange, and Papermark is built specifically for the controlled, auditable sharing that operational diligence demands. Rather than emailing org charts and vendor contracts or dropping them into a generic cloud folder, the deal team organizes everything into a single secure workspace with clear structure and tight access control.

Granular permissions are central to the workflow. Because operational diligence pulls in several outside specialists who each need only part of the picture, Papermark lets you grant folder- and file-level access by user or group, so an IT auditor sees the systems and security folder while a supply chain consultant sees only vendor contracts and inventory data. Dynamic watermarking stamps each viewer's email, IP, and a timestamp across every page of sensitive operational material, which discourages leakage of exactly the documents, such as compensation data and supplier pricing, that are most damaging if they escape. Every action is captured in a complete audit trail, giving the deal lead a defensible record of who accessed what and when.

Papermark's analytics are especially useful during a fast-moving review. Page-by-page analytics show which documents each consultant actually opened and how long they spent on each page, which helps the deal lead see whether the technology reviewer has genuinely worked through the system diagrams or whether a key document has been ignored. A built-in Q&A module keeps diligence questions and management's answers threaded against the relevant documents instead of scattered across email, and full-text search lets reviewers find a specific clause or figure across hundreds of files in seconds. The platform is SOC 2 Type II compliant, which matters when the material includes security audits and personal data governed by GDPR.

Virtual data room page-by-page analytics for operational due diligence

Papermark's page-by-page analytics show exactly which operational documents each reviewer opened and how long they spent, so deal leads can track diligence engagement in real time.

Unlike legacy virtual data rooms that charge per page or per gigabyte and make a document-heavy operational review unpredictably expensive, Papermark offers transparent pricing at €99/month for its Data Rooms plan, with unlimited documents and viewers. That lets a deal team run the entire operational diligence process, from the initial document request through interviews, consultant reviews, and the final report, inside one secure platform without watching the meter.

Operational DD red flags

Certain findings recur across operational reviews and should always trigger deeper investigation or a price adjustment. None of them are automatically deal-breakers, but each one changes the risk profile enough that a buyer needs to understand its cause and cost before proceeding. The most common red flags are the following:

  • Key person dependence where critical functions rest on one or two individuals with no backup or succession plan.
  • Outdated technology carrying high technical debt, security exposure, or scalability limits.
  • Poor process documentation where knowledge lives in people's heads and turnover would be catastrophic.
  • Supplier concentration where a single vendor supplies half or more of a critical input.
  • Deferred maintenance in the form of aging equipment, facilities in disrepair, and a large capex backlog.
  • High employee turnover, especially in critical functions such as engineering, sales, and operations.
  • Manual processes at scale that are already straining under current load and will not survive growth.
  • Compliance issues including failed audits, regulatory violations, and unresolved findings.
  • Negative culture signals such as low Glassdoor ratings, disengagement, and elevated attrition.

Any one of these warrants a closer look; several together suggest the operational risk is material enough to reshape the deal.

Key takeaways

Operational due diligence reveals whether a target can execute efficiently and scale profitably, and it is the diligence stream most likely to change a deal's price and plan. Done well, it moves the biggest surprises to before close, where they can still be managed, and it hands the buyer a costed, prioritized value-creation roadmap rather than a hopeful thesis. The essentials to carry forward are these:

  1. Assess organizational structure, key person dependencies, and talent gaps.
  2. Evaluate technology infrastructure, systems scalability, and cybersecurity risk.
  3. Map core processes, identify bottlenecks, and benchmark efficiency.
  4. Review supply chain resilience, vendor concentration, and logistics performance.
  5. Conduct site visits to observe operations firsthand.
  6. Model scalability at 2-3x growth to find constraints and investment needs.
  7. Identify cost-optimization opportunities across automation, vendors, and outsourcing.
  8. Use the findings to inform valuation, integration planning, and the value-creation roadmap.

Strong operational diligence reduces post-close surprises and accelerates value creation. It is especially important for private equity deals, where operational improvements are the primary source of return.

More useful articles from Papermark

Ready to create your deal room?