Due DiligenceDue DiligenceData Rooms

Operational Due Diligence (ODD): A Practical Guide

Operational due diligence (ODD) is the part of a deal where you stop reading the pitch and start checking whether the business actually runs the way the seller says it does. Financial diligence tells

By Rohan Nayak11 min readUpdated July 2026
Operational Due Diligence (ODD): A Practical Guide
On this page

Operational due diligence (ODD) is the part of a deal where you stop reading the pitch and start checking whether the business actually runs the way the seller says it does. Financial diligence tells you the numbers add up. Operational diligence tells you whether those numbers can survive contact with reality: the people, the processes, the systems, the suppliers, and the day-to-day workflows that turn a plan into revenue. I have sat on both sides of this, raising for my own company and reviewing operations as part of an acquisition, and the pattern is always the same. The deals that go sideways after close rarely fail because the spreadsheet was wrong. They fail because nobody looked closely enough at how the work gets done.

This guide covers what operational due diligence is, who runs it and when, a step-by-step process you can actually follow, a working checklist, the red flags I watch for, and how a well-organized data room turns a painful scavenger hunt into a clean review. It sits inside the broader practice of due diligence, so if you want the wide-angle view first, start there and come back.

What operational due diligence actually means

Operational due diligence is a structured review of a target company's ability to deliver its product or service reliably, efficiently, and at the scale the deal assumes. It looks at the engine, not just the dashboard. Where financial due diligence examines quality of earnings and working capital, ODD examines the machinery that produces those earnings: org structure, key-person dependency, core processes, technology and tooling, vendor and supplier relationships, capacity, and the operational risks hiding in the gap between "what the deck claims" and "what the team does on a Tuesday."

In practice the scope flexes with the target. For a SaaS business, operational diligence overlaps heavily with technical due diligence and leans into deployment cadence, on-call coverage, incident history, and how dependent the roadmap is on two specific engineers. For a manufacturer or a physical-goods company, it leans into plant utilization, maintenance backlogs, and supplier concentration. For a services firm, it is mostly about people: utilization rates, delivery quality, and whether the founder is the actual product.

The common thread is repeatability. You are trying to answer one blunt question. If the current leadership walked out the door tomorrow, would this business still produce what the model promises next quarter?

Who runs it and when

Operational due diligence shows up in a few distinct contexts, and the "who" depends on the context.

In M&A and private equity, the acquirer or sponsor runs ODD, usually with an internal operations or value-creation team plus outside specialists for technical, IT, or supply-chain depth. This is the most thorough version because the buyer intends to own and improve the operation. If you are on the buy side, this work feeds directly into your buy-side due diligence thesis and your first hundred days of integration planning.

In the fund world, ODD has a second meaning worth flagging so you do not confuse the two. Limited partners run operational due diligence on the funds they invest in, reviewing a manager's back office, valuation policy, custody arrangements, compliance, and service providers. Same name, different object. This guide focuses on the deal version (reviewing a company you are buying or investing in), but the discipline of "verify the operation, not the story" carries across both.

On timing, operational diligence typically runs in parallel with financial and legal workstreams once a letter of intent is signed and exclusivity begins. Light operational screening can happen earlier, during initial review, but the deep work needs management access, real documents, and ideally a few site visits or working sessions. Plan for two to six weeks of focused effort for a mid-sized target, longer if the operation is complex or geographically spread.

A step-by-step operational due diligence process

Here is the sequence I use. It is deliberately boring, because boring is what catches problems.

1. Scope and prioritize

Before requesting a single document, decide what actually matters for this specific deal. A 200-line checklist applied uniformly wastes everyone's time. Identify the two or three operational areas that drive the value (and the risk) for this target, and weight your effort there. For a subscription business that might be churn operations and infrastructure. For a logistics company it might be fleet and warehouse throughput.

2. Request and organize documents

Send a tailored information request list, then get everything into one structured workspace. This is where most of the friction lives. Documents arriving by email in random batches is how diligence falls apart. A virtual data room with a clear folder tree solves this, and I will come back to it.

3. Review the org and key-person risk

Map the org chart against reality. Who actually makes decisions? Where is knowledge concentrated in one head? Read the employment agreements for key staff, check notice periods and non-competes, and look at recent attrition. Key-person dependency is the single most common operational issue I find in founder-led companies.

4. Walk the core processes

For each critical process (order to cash, manufacturing, customer onboarding, support, release management), get the documented version and then test it against what people describe. Ask three different people to walk you through the same process. Divergence is a signal.

5. Examine systems and tooling

Inventory the operational stack: ERP, CRM, ticketing, monitoring, the spreadsheets that quietly run the business. Look for fragile single points of failure and for systems nobody has upgraded in years. This is where ODD shades into technical due diligence for tech-heavy targets.

6. Assess suppliers, vendors, and capacity

Review supplier concentration, contract terms, lead times, and whether the operation can actually handle the volume the deal model assumes. A company running at 95 percent capacity has no room to deliver the growth case.

7. Synthesize into findings and adjustments

Turn observations into a ranked list of operational risks, each with an estimated cost to fix and a suggested deal implication: price adjustment, escrow, a condition to close, or a post-close action item. The output is a memo, not a pile of notes. Good due diligence reports connect each finding to a dollar value or a decision.

Operational due diligence checklist

Use this as a starting frame and trim it to the target. The point is coverage across the operation, not box-ticking.

AreaWhat to verifyWhy it matters
OrganizationOrg chart, key roles, decision rights, attrition trendsReveals key-person risk and culture gaps
EmploymentContracts, notice periods, non-competes, incentive plansDetermines retention risk after close
Core processesDocumented SOPs for order-to-cash, delivery, supportShows whether the operation is repeatable
Technology stackERP, CRM, monitoring, critical spreadsheetsSurfaces fragile systems and integration cost
CapacityUtilization, throughput, headroom vs. growth planTests whether the growth case is deliverable
Suppliers and vendorsConcentration, contract terms, lead timesExposes single points of failure in the chain
Quality and incidentsDefect rates, outage history, complaint logsIndicates operational maturity
Compliance and licensingPermits, certifications, regulatory statusAvoids post-close surprises and fines
Facilities and assetsCondition, maintenance backlog, leasesQuantifies deferred capital spend
KPIs and reportingOperational metrics actually tracked and trustedShows whether management runs by data

If your deal involves a broader transaction workstream, pair this with the document-side view in the due diligence data room checklist so nothing falls between the operational and the legal cracks.

Common operational red flags

Some findings are routine. Others should make you slow the deal down. These are the ones I treat as serious until proven otherwise.

Everything runs through one person. If the founder or a single operations lead is the load-bearing wall, you are buying a retention problem, not a business. Confirm what happens when they leave.

Undocumented processes. When the answer to "how does this work" is "ask Sarah," the operation is not a system, it is a habit. That does not scale and it does not transfer.

Supplier or customer concentration. A single supplier you cannot replace quickly, or one customer that is 40 percent of revenue, is an operational risk dressed up as a commercial one. Worth coordinating with commercial due diligence on the demand side.

Metrics that nobody trusts. If management quotes numbers but the underlying systems cannot reproduce them, the reporting is theater. I want to see the same figure pulled live, not from a polished board deck.

Deferred maintenance and tooling debt. Old equipment, unpatched systems, a monitoring stack held together with manual checks. These show up post-close as capital you did not budget for.

A gap between the documented process and the lived one. When the SOP says one thing and three employees describe three different realities, the documentation is for show. Trust what people do, not what the binder says.

How a data room streamlines operational due diligence

Operational diligence generates a lot of paper: org charts, contracts, SOPs, maintenance logs, system inventories, supplier agreements, incident reports. The single biggest time sink is not analysis, it is chasing and corralling those documents. A well-structured virtual data room is the difference between a clean two-week review and a six-week game of email tag.

This is where I am genuinely partial to working inside a proper room rather than a shared drive. With Plox, the room I set up for our own raise had a folder per workstream, granular permissions so each reviewer saw only their lane, and a full audit trail of who opened what and when. For operational diligence specifically, three things matter. First, a logical folder tree that mirrors your checklist, so a reviewer can move through the operation in order. Second, controlled access, since you do not want every junior analyst browsing sensitive employment contracts. Third, analytics, because seeing which documents a buyer actually engaged with tells you where their concerns sit before they say a word.

Good tooling here is not unique to one vendor. Ansarada, Datasite, and iDeals all run serious diligence every day, and if your deal is a large regulated transaction those platforms earn their keep. For founders and smaller funds who want the structure and the audit trail without an enterprise quote, Plox covers the same operational needs at a price that fits a single raise rather than an annual seat commitment. If you are weighing options, the rundown of the best data room for due diligence and a clear-eyed look at virtual data room cost will save you a few demos. The mechanics of running the room itself are covered in the guide on virtual data room due diligence, and you can see how Plox handles it on the data rooms page.

The principle is simple. Operational diligence is hard enough when the question is "does this business actually work." Do not make it harder by also fighting your file system.

Frequently asked questions

What is the difference between operational and financial due diligence?

Financial due diligence verifies the numbers: quality of earnings, working capital, debt, and the accuracy of the financial statements. Operational due diligence verifies the engine that produces those numbers: the people, processes, systems, and suppliers. The two are complementary. Strong financials sitting on a fragile, key-person-dependent operation is exactly the kind of deal that looks good on paper and disappoints after close.

How long does operational due diligence take?

For a mid-sized target, plan for roughly two to six weeks of focused work once you have management access and the documents are in a data room. Simpler service businesses can be quicker. Complex operations with multiple sites, heavy regulation, or a tangled tech stack take longer. The single biggest variable is how quickly the target produces clean, organized documents, which is why the data room setup matters so much.

Who performs operational due diligence?

On a deal, the buyer or investor runs it, usually with an internal operations or value-creation team plus outside specialists for technical, IT, or supply-chain depth. In the fund context the term also describes limited partners reviewing a manager's back office and service providers, which is a different exercise with the same name. Either way the people doing the work need real operational experience, not just a checklist.

What documents do I need for operational due diligence?

At minimum: org charts and key employment agreements, documented standard operating procedures for core processes, a system and tooling inventory, supplier and vendor contracts, capacity and utilization data, quality and incident logs, and the operational KPIs management actually tracks. Organizing these against a checklist inside a data room, rather than collecting them ad hoc, is what keeps the review from sprawling.

Can operational due diligence change the deal price?

Yes, regularly. Operational findings translate into estimated remediation costs (deferred maintenance, system upgrades, retention packages for key staff) and into risk that gets priced through escrow, holdbacks, or conditions to close. A finding that the growth case is undeliverable at current capacity can reshape the valuation. That is the point of doing the work before you sign, not after.

Rohan Nayak

Written by Rohan Nayak · Co-founder, Plox

Rohan co-founded Plox. He spends most of his time with founders working out how to share a deck or a data room without losing control of it.

Connect on LinkedIn