Lenders spend a lot of time underwriting deals and keeping an eye on them after close. But some of the biggest credit problems don’t start with a sudden downturn; they start earlier, when the basics of due diligence don’t get the follow-through that they need.
Internal due diligence is the behind-the-scenes work that confirms a borrower and a deal are exactly as they appear. It includes things like lien and UCC checks, background reviews of key principals, confirming that the collateral is real and eligible, and making sure borrower or servicer reporting is complete and timely. Most lenders have a process for this. The trouble is that the process can turn into “collect and file,” rather than “verify and confirm.”
Where Internal Due Diligence Breaks Down
Data integrity is assumed rather than proven
Borrowing base certificates, data tapes, and system-generated reports can look perfectly fine on the surface, and yet still be wrong. The totals reconcile. The columns add up. When you’re up against a deadline, that kind of “it checks out” feeling is easy to lean on. But clean math doesn’t guarantee clean data. One hard-coded number, a manual tweak, or a bad pull from the system can quietly change what’s eligible and how much availability a lender really has.
Exception reports turn into paperwork
Many lenders lean on custodians or third parties to collect documents and flag what’s missing. The exception report is supposed to be a working tool — what should be in the file, what isn’t there yet, and what should’ve been resolved by now. But too often it gets saved and forgotten, even as the same open items show up month after month. Those gaps aren’t always fraud, but they’re rarely meaningless. They can point to weak controls, poor follow-through, or reporting that isn’t as reliable as it looks.
Pressure overrides process
Everyone’s trying to keep the deal moving. Deal teams want momentum, relationship managers want to close, and internal teams are often juggling too much with too little time. In that kind of environment, due diligence can quietly turn into “we’ll circle back later.” And when newer reviewers are involved, it’s even easier to miss the subtle red flags. What’s left is a quick reasonableness check, which is not the kind of testing that actually catches problems.
The False Sense of Security: “Availability Looks Good”
One of the easiest traps in credit oversight is getting comfortable because the numbers look good. If the borrowing base shows strong collateral coverage and plenty of availability, it’s natural to breathe a little easier. But availability only means something if the collateral behind it is real, eligible, and properly supported.
When that verification doesn’t happen, problems can hide in plain sight. Delinquencies are pushed out, so accounts still appear “current.” Repossessed assets can linger in the borrowing base even though they’re no longer eligible. Small reporting errors can repeat month after month until they add up to something material.
That’s also why it’s risky to rely on “system output” as proof. A report can be generated by a system and still be wrong—because the inputs were misclassified, pulled incorrectly, or even manually adjusted. The numbers can be consistent yet still inaccurate.
Why Involve an Independent Third Party
Even lenders with strong internal controls can have a hard time doing deep verification every time. When teams are lean, deadlines are tight, and deals are moving fast, diligence naturally drifts toward what’s easiest to confirm, rather than what actually needs to be tested.
That’s where an independent third party helps. They can take a fresh, unbiased look and do the follow-through that often gets squeezed: reviewing exception reports to see what’s still missing, flagging items that have been open too long, and tracing key numbers back to the source systems and supporting records.
Independence matters for another reason, too. Internal teams can get comfortable with long-time borrowers, servicers, or counterparties and start accepting reporting because it “usually” checks out. An outside reviewer is less likely to fall into that habit. And with more experience across different deals and structures, they can broaden testing beyond a single facility or pool to catch issues that only show up when everything is viewed together, like duplicate collateral or inconsistencies across facilities.
What Stronger Due Diligence Looks Like
Stronger due diligence doesn’t mean piling on more steps. It means taking the right steps consistently and going one step further than a quick review.
- Use exception reports like a working to-do list: Set clear expectations for how long items can stay open and escalate when they don’t clear.
- Test the inputs, not just the totals: Don’t stop at “it ties out.” Pull samples and trace them back to source data, especially where numbers can be hard-coded or manually adjusted.
- Make eligibility real, not theoretical: Confirm how things like extensions / modifications, delinquencies, and repossessions are actually treated in the reporting, not how they’re supposed to be treated.
- Test deal cash thoroughly: Confirm obligor cash payments come actually from the obligor to prevent a Ponzi scheme, perform proof of cash testing for several months, test the handling of NSF, stop payments and obligor bank accounts closures, review unapplied cash accounts and any suspense accounts, review bank reconciliations, review actual cash receipts versus expected cash receipts for each month, and other cash testing since testing cash in a critical component of performing the proper due diligence examination.
- Look at the full picture: If collateral could show up in more than one place, review across pools or facilities instead of assuming each one stands alone.
- Keep skepticism consistent: Build in an independent review so diligence doesn’t weaken when timelines tighten or deal pressure ramps up.
Conclusion
Most due diligence doesn’t fail with a single big mistake – it slips through in small gaps that don’t feel urgent until they are. Tightening the follow-through, testing beyond the surface, and keeping exception reports front and center can go a long way toward preventing surprises.
If you’d like an outside set of eyes to pressure-test your process, CBIZ can help. Reach out to learn how our credit risk professionals can support internal due diligence, collateral verification, and ongoing monitoring.
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.
