The Red Flag For Deal Risk | FTI Consulting

Staying in Control: The Red Flag to Watch Out for Before Accepting Deal Risk

Cartoon of a man with a contract
Whether accepting representations and warranties risk as a buyer or insurer, pay attention to the seller’s control environment.

Insurance experts aren’t the only people who constantly think about risk these days. Over the past few months the subject has leapt to the top of everyone’s minds. That’s not surprising, given the anxieties of the COVID-19 crisis. But the change also underscores an interesting phenomenon: When a great risk has our attention, it’s easy to overlook smaller ones.

In business, overlooking risk of any size can be costly. And yet, within the mergers and acquisitions market, where so much uncertainty exists — and serious rewards are at stake — one great risk is getting short shrift during the due diligence process of a deal.

Understanding a seller’s control environment is important in assessing the overall risk during M&A due diligence.

A typical due diligence process by the buyer is an important component of understanding the risk of a breach of representations and warranties by the seller. 

That risk has historically been mitigated by traditional seller indemnification, where a portion of the sales proceeds is placed in escrow for a negotiated period after closing. In recent years, however, both sides in a deal have embraced a third-party alternative: representations and warranties insurance (RWI).

The rise of RWI has the underwriter on the outside looking in during due diligence, leaving them a step removed from examining the “smaller” risk factors that are common in a seller’s breach but often left out of due diligence. In essence, the underwriter becomes an observer to the relationship between the buyer and seller.

By expanding the underwriting diligence process to include a peek at the target company’s control environment, insurance carriers can gain insight into the "smaller" risk factors. That can arm carriers with better knowledge about potential claims, which in turn might make them change pricing or coverage language during underwriting.

Talk about peace of mind.

What Is a Control Environment and Why Should I Care?

The control environment is the “the set of standards, processes and structures that provide the basis for carrying out internal control across the organization.”1 This includes components such as management’s integrity, the company’s commitment to attracting, developing and retaining competent individuals, and individual awareness of and accountability for internal control.

Understanding the control environment is important in assessing the overall deal risk and mitigating warning signs such as management’s overemphasizing top-line growth, poor or nonexistent internal controls, or incompetent individuals’ overseeing financial statement closings.

Each can lead to a general mindset at the company and actions by organizational leaders that contradict the standard representations and warranties made by a seller. 

RWI claims resulting from undisclosed liabilities, the failure to prepare financial statements in accordance with applicable accounting standards, and misrepresentations regarding the longevity of material contracts — to name a few — are often related to these kinds of weaknesses in the control environment prior to executing the deal.

If the Control Environment So Important, Why Is It Often Overlooked?

Buyers can come up short in understanding a target’s control environment as part of their standard due diligence for a variety of reasons. For example:

  • Buyers face pressure under tight deadlines to conduct all of the necessary financial, regulatory, strategic and other due diligence required by a transaction. If they perceive these as more important than understanding the control environment, they prioritize accordingly.
  • After closing, the buyer may replace existing management and staff. Or, it may plan to replace the buyer’s existing systems, policies and procedures, and internal controls, including the control environment, with its own.
  • Too often, buyers perceive audited financial statements by external auditors as vaccines preventing financial misstatements. But auditors don’t opine on the seller’s control environment, and the scope of their work is limited to obtaining sufficient evidence for reasonable — not absolute — assurance that the financials as a whole are free from material misstatements.
  • Insurers often rely upon the buyer’s due diligence, in whole or in part, and are left with minimal to no insight into the seller’s control environment during underwriting due diligence.

Ask: Is the Seller’s Control Environment Effective?

While not all-encompassing, buyers and carriers should focus on the following three key areas when assessing the control environment by asking specific questions for each:

  • The company’s commitment to internal controls (does management view internal controls as a burden or an essential part of the business?)
    • Are there internal controls?
    • Why were they developed?
    • Are they documented?
  • Company culture
    • What are management’s goals? Is there a focus on revenue growth, for example? Greater market share? Employee or customer satisfaction?
    • How is authority delegated? Does one individual authorize everything? Is there a hierarchical structure in each department?
    • How are errors handled? Are there repercussions and what are they?
  • The company’s commitment to competence
    • Do employees feel they have the appropriate knowledge to do their jobs effectively?
    • How often do new accounting or financial reporting situations arise that employees don’t know how to handle? How do they get resolved?

There is no guarantee for predicting or preventing a seller’s breach of representations and warranties made to a buyer. But these are important questions for assessing the risk of such breaches.


1: Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (COSO), 2013.

© Copyright 2020. The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals. FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.

More Info

Share this page