Insight Archive  | Subscribe to our insights >>

Aon  |  Professional Services Practice
Being Proactive, Being Prepared: The Importance of Due Diligence for Professional Service Firms

Release Date: August 2022
pdf download Implications for D&O Litigation From Climate-Related Risk

As awareness over corporate social responsibility continues to grow, professional service firms may need to review and revise their risk appetite and strengthen due diligence protocols. This article will provide an overview of some notable stories from recent years involving due diligence in mergers and acquisitions from a firm perspective and make some comments on assessing clients from an engagement specific ‘Know Your Client’ (KYC) point of view.

Pre-transaction due diligence is an essential tool to avoid costly problems. Similarly, knowing when to sever ties with existing clients due to, for example, reputational events or heightened regulatory scrutiny, is an equally important consideration.

Due Diligence: Definition and Origins

Originating from old English equity notions of good human character1, “due diligence” is defined by Encyclopedia Britannica as “a standard of vigilance, attentiveness, and care,”2 and by the Organisation for Economic Co-operation and Development (OECD) “as the process through which enterprises can identify, prevent, mitigate and account for how they address […] adverse impacts as an integral part of business decision-making.”3

Firm Due Diligence: Buyer Beware

Carrying out proper due diligence prior to signing off on key transactions may protect firms from the potential for financial losses and reputational harm. According to Stan Sterna, vice president of risk management at Aon Insurance Services, these questions could touch on the following issues:

  • The use of engagement letters
  • Training and expertise of staff 
  • Cyber-security policies
  • Know Your Client (KYC)
  • Identification of riskier clients
  • Knowledge of any current or potential claims4

Case Studies Involving CPA Firms

Consider for instance the CPA firm that acquired an IT company to assist in the implementation of machine-learning to upgrade both its accounting services and IT consulting practice. The algorithm designed by the IT company misclassified non-deductible expenses as deductible, an error only uncovered by the IRS during an audit of one of the firm’s accounting clients. The error ultimately impacted more than 100 clients and the CPA firm learned an expensive lesson.5

Another acquisition gone awry involved the purchase of a medical billing company by a CPA firm. The software used by the company contained a flawed billing validation code. This error was not identified prior to the acquisition and only came to light when several clients sued the firm for incorrect medical patient billing.6

In both cases, a more in-depth due diligence review of the IT providers may have allowed the firms to detect potential issues before regulatory enforcement or litigation became unavoidable. According to Sterna, it is precisely during this pre-transaction vetting process that firms need to ask the hard questions.7

The Bayer-Monsanto Acquisition

A relevant case from the agrochemical industry involves German pharmaceutical giant Bayer AG and its February 2020 announcement that it would be reviewing its due diligence procedures following its US$63 billion acquisition of Monsanto Co.8 Bayer has been drawn into legal battles over the use of Monsanto’s herbicide “Roundup” which contains an alleged carcinogen. Bayer has reportedly set aside more than US$16 billion to cover claims arising out of Roundup-related litigation.9

While it is difficult to know whether a more rigorous due diligence process would have saved Bayer from difficulties it is important to understand that due diligence is about prevention, not correcting mistakes after the fact. As a judge on the Ontario Court of Justice once eloquently phrased it: “it’s too late to close the barn door after the horse is out.”10

Data Breach Lawsuit: Hotel Industry

Another corporate takeover that drew criticism from shareholders for a lack of proper due diligence was a multibillion-dollar acquisition involving a major player in the hospitality industry. A data breach was already underway at the time of the acquisition, eventually compromising the personal information of millions of users. The hospitality company was accused of not having done enough to detect the breach during the due diligence process that preceded the acquisition.

Know Your Client (KYC): when to terminate a client relationship?

“An ounce of prevention is worth a pound of cure”

When assessing clients, the “ounce of prevention” involves the establishment of firm-wide written criteria and procedures for client acceptance, continuance and termination. Some important client acceptance considerations include:

  • A review of the client’s litigation and financial history
  • Conducting a background check of beneficial owners, key executives and those charged with governance
  • Evaluating the client’s reputation in the community11

The need for an evaluation of client reputation is increasingly important as awareness continues to grow in respect to environmental, social and governance (ESG) issues. Professional service firms have grown more sensitive to the concerns of a vast array of stakeholders.

Accounting firms continue to scrutinize their potential and existing clients and this scrutiny has led to audit resignations and difficulties in finding a statutory auditor for some companies. 

When assessing whether to continue providing services to an existing client some important considerations for firms are:

  • Any change in circumstances that calls into question management integrity, materially impacts the services or adversely impacts the firm’s risk appetite
  • Failure to adhere to their responsibilities under the engagement agreement
  • Failure to cooperate or provide relevant requested documentation
  • Failure to pay on time
  • Making unreasonable demands or regularly criticizing the services provided

Whether it be prior to a key merger or transaction or in the context of client acceptance and continuance, the importance of performing proper due diligence should not be ignored.


The Professional Services Practice at Aon will continue to monitor developments related to due diligence, client acceptance, client continuance and related matters. If you would like to discuss any of the issues raised in this article, please contact Daniel Hacikyaner or Rona E. Davis.

 Daniel Hacikyaner

Daniel Hacikyaner
Vice President and Director

Rona Davis

Rona E. Davis
Senior Vice President and Executive Director

1 Lajoux, Alexandra Reed and Elson, Charles M. The Art of M&A Due Diligence: Navigating Critical Steps and Uncovering Crucial Data. McGraw Hill, 2010.

2 Sprague, Robert and Valentine, Sean. “Due diligence”. Encyclopedia Britannica, 22 Jul. 2016, Accessed 4 August 2021.

3 OECD (2011), OECD Guidelines for Multinational Enterprises, OECD Publishing.

4 Sterna, Stan. “How to Increase the Odds of a Successful Accounting Firm M&A”. CPA Practice Advisor, 1 November 2018,

5 Rood, Deborah K. “Apples + Oranges = Risks in nontraditional acquisitions”. Journal of Accountancy, 1 December 2019,

6 Ibid

7 Sterna, Stan. “How to Increase the Odds of a Successful Accounting Firm M&A”. CPA Practice Advisor, 1 November 2018,

8 Bender, Ruth. “Bayer Agrees to Audit on Due Diligence After Monsanto Deal; New concession to shareholders comes as Bayer announces latest rise in Roundup lawsuits”. Wall Street Journal, 27 February 2020,

9 Kantchev, Georgi. “Bayer Welcomes Supreme Court’s Roundup Move”. Wall Street Journal,

10 R. v. Mijatovic, 2006 ONCJ 576 (CanLII), Accessed 4 August 2021.

11 Affinity Insurance Services, “Managing the Risks of Client Acceptance and Continuance”. The CPA Journal, February 2020,