Diligence OS

ODD · Workflow

Operational due diligence for teams that need source-backed financial judgment.

A controls-and-operations review on a manager — SOC reports, valuation policy, service providers, and cyber posture read together, with exceptions surfaced and follow-up questions written next to each.

Request an introduction →Explore all workflows →

Closed-system workflow. Source-backed outputs. Versioned review.

Engagement console

Source intake through review state

Illustrative

Source intake

  • S-014 · PPM.pdfadmitted
  • S-021 · LPA.pdfadmitted
  • S-028 · DDQ.xlsxscanning

Workflow stage

controls assessment

Stage running · citations required

Evidence anchors

[S-014 · p.42 ¶3][S-021 · cl. 8.2][S-028 · tab 3]

Open risks

Valuation policy gap

severity · high · cited

Draft artifact

ODD memorandum · v1 draft

schema valid · 47 claims cited

Review state

Partner review

Awaiting challenge before lock

audit · memorandum.draft.v3 · 2026-05-24T14:32:01Z · engagement

Operational diligence fails when controls are rated from meetings, not documents.

ODD draws on SOC 1 and SOC 2 reports, service-provider lists, valuation policy, cyber posture, and business-continuity documentation. Analysts skim SOC exceptions; partners ask follow-up questions in email; the exception list and the memorandum diverge. A control rated present without a citation is not evidence — it is opinion.

  • SOC test results are summarized without citing the underlying test paragraph
  • Service providers implied but not named on the provider list go unchallenged
  • Valuation policy and committee minutes are read separately, not together
  • Follow-up questions are drafted without tying each to a specific exception
  • Annual reviews lack a delta against the prior exception register

Who uses this workflow

Built for senior finance teams who need committee-ready artifacts — not chat transcripts.

LP operational risk team

Use casePre-commitment ODD on a new manager

Moment of needOperational risk is the primary question on a single-PM or newly-formed fund

OutputODD memorandum and exception list

Allocator analyst

Use caseAnnual operational review

Moment of needThe question is whether controls changed since last year

OutputException delta against prior year's register

Family office CIO

Use caseManager commitment with novel custody arrangements

Moment of needThe LP has not previously underwritten the operating side

OutputFollow-up question pack keyed to each exception

Risk committee

Use caseControls sign-off

Moment of needCommittee needs rated controls, not meeting notes

OutputControls assessment with cited SOC test results

Admitted source envelope

Source materials enter the engagement as a controlled register — scanned, classified, and scoped before the workflow runs.

Source register for this workflow

Source register

Pending admission · scanner gate

5 sources
SourceDescriptionStatus
SOC 1 and SOC 2 reports for the manager and the fund administratorSOC 1 and SOC 2 reports for the manager and the fund administrator.01
Service-provider list — administrator, auditor, custodian, prime broker, transfer agentService-provider list — administrator, auditor, custodian, prime broker, transfer agent.02
Valuation policy and the most recent valuation committee minutesValuation policy and the most recent valuation committee minutes.03
Cybersecurity posture documentation.04
Business-continuity and operational policiesBusiness-continuity and operational policies.05

Workflow process

A versioned pipeline — each stage records what happened, what you can review, and what output it produces.

Stage pipeline

Topological DAG · runtime enforced

3 steps
CONTROLSASSESSMENTRISK REGISTERSYNTHESISE
Workflow · ODD · 3 steps · cited

  1. 01

    Admit operational source materials

    SOC reports, service-provider list, valuation policy, cyber documentation, and BCP policies enter the envelope.

    Recorded
    Source admission with hash and kind classification per document.
    Review
    ODD lead confirms the manager packet is complete for the framework.
    Output
    Admitted operational source register.

  2. 02

    Assess controls against the framework

    controls_assessment rates each control present, partial, absent, or unknown — with cited source spans.

    Recorded
    Per-control rating, rationale, and citation to SOC test or documented policy.
    Review
    Analyst verifies ratings against the framework checklist.
    Output
    Controls assessment matrix.

  3. 03

    Build the exceptions register

    risk_register enumerates every partial, absent, or unknown control with severity and rationale.

    Recorded
    Exception entries with severity and cited rationale.
    Review
    Partner challenges any exception that lacks document support.
    Output
    Typed exceptions register on the memorandum cover.

  4. 04

    Draft follow-up questions

    Follow-up question pack is derived from the same exceptions as the memorandum.

    Recorded
    Question-to-exception mapping in the draft metadata.
    Review
    Partner edits questions before they are sent to the manager.
    Output
    Follow-up question pack ready to send.

  5. 05

    Synthesise the ODD memorandum

    synthesise composes the ODD memorandum from controls assessment and exceptions.

    Recorded
    Draft version and schema validation result.
    Review
    Partner reviews; exceptions they cannot defend are removed.
    Output
    ODD memorandum draft.

  6. 06

    Lock and preserve

    Signed version locked with append-only audit trail.

    Recorded
    memorandum.locked audit event.
    Review
    Partner sign-off.
    Output
    Locked ODD memorandum with defensible record.

Workflow outputs

Committee-ready artifacts — each with a named reviewer and a defensibility standard.

  • ODD memorandum

    Structured against the controls framework with exceptions at the front.

    Reviewed by
    Partner and ODD lead
    Defensibility
    Each control rating cites a SOC test or documented policy — meeting notes are not citations.

  • Exception list

    Every partial, absent, or unknown control enumerated with severity and rationale.

    Reviewed by
    Partner and risk committee
    Defensibility
    Derived from the same source set as the follow-up pack — no divergence.

  • Follow-up question pack

    Questions keyed to each exception, ready to send to the manager.

    Reviewed by
    Partner before send
    Defensibility
    One-to-one mapping from exception to question; uncited exceptions excluded.

Controls are rated by what the documents support — not by what the manager states in a meeting.

ODD refuses to rate a control as present without a citation to a SOC test or documented policy. Unknown controls stay unknown. The exception list and follow-up pack render from the same facts.

  • Meeting notes are not citations — SOC tests and policies are
  • Annual reviews can delta against the prior year's exception register
  • Partner removes exceptions they cannot defend before sign-off
  • The system supports operational judgment; it does not replace onsite ODD

Diligence OS supports investment judgment. It does not make investment decisions, provide investment advice, or guarantee risk detection.

Why not generic AI

Prompt-based tools produce inconsistent outputs with weak provenance. This workflow runs a structured process with an admitted source envelope and a versioned review path.

Comparison of generic AI tools and Diligence OS for this workflow

Starting point

Generic AIChat-first

Diligence OSWorkflow-first

Process

Generic AIUser-defined prompts

Diligence OSVersioned process

Provenance

Generic AIWeak provenance

Diligence OSSource-span citations

Across documents

Generic AIOne file at a time

Diligence OSThe full set reconciled; contradictions surfaced

Review

Generic AIHard to review

Diligence OSPartner review states

Outputs

Generic AIInconsistent outputs

Diligence OSRepeatable artifacts

Memory

Generic AINo durable workflow memory

Diligence OSAppend-only audit trail

Committee use

Generic AIDifficult to defend

Diligence OSCommittee-ready outputs

Controls framework

Generic AIFreeform checklist

Diligence OSRated controls with SOC citations + exception register

Business value

Institutional outcomes — not productivity slogans.

  • Standardize ODD quality across managers and vintages
  • Surface exceptions early with cited rationale, not narrative buried in memos
  • Produce follow-up packs that map one-to-one to exceptions
  • Preserve institutional memory for annual operational reviews
  • Improve partner leverage on operational risk questions
  • Create a defensible record for allocator and IC sign-off

Security and control

Closed by construction — each engagement runs inside a dedicated chamber with an append-only audit trail.

  • Closed-system workflow — each engagement runs in an isolated chamber
  • Engagement-level isolation with row-level tenant scoping
  • Source-controlled review — partners read drafts against the audit log
  • No training on customer documents — ever, by anyone
  • Citation-backed artifacts with hash-verified source spans
  • Versioned workflow history preserved on every run
  • Audit trail on reads, retrievals, model calls, and locks
  • Reviewer traceability — partner review recorded before sign-off

Related workflows

Adjacent diligence processes in the same controlled system.

Request an introduction

Diligence OS is introduced through a controlled evaluation process. No public signup. No self-serve access.

Request an introduction →

Discuss this workflow with the Diligence OS team →