On-site visits have become de rigueur in operational due diligence, with many investors putting a high premium on face-to-face meetings with fund managers.  But the difference between a superficial and an effective on-site visit can be profound.  Merely showing up is not sufficient.  In fact, going on site without the right strategy can create the illusion of a “deep dive” without the substance.  Effective on-site due diligence is not just a matter of staying longer, asking more questions and reviewing more documents.  It is a discipline unto itself, with techniques that are proven to work.  Usually, those techniques can only be learned through trial and error.  This article, the third in a three-part series, aims to minimize the “error” part of that learning process by revealing best practices learned by long-time ODD practitioners.  Specifically, this article details: workable and effective on-site diligence procedures, including evaluating cybersecurity programs; red flags to identify; and an investor’s options following the on-site visit.  The first article focused on the rationale for the on-site visit and the mechanics of preparation.  The second article discussed how investors should conduct due diligence visits, and how managers can prepare for them effectively.  See also “Operational Due Diligence from the Hedge Fund Investor Perspective: Deal Breakers, Liquidity, Valuation, Consultants and On-Site Visits,” Hedge Fund Law Report, Vol. 7, No. 16 (Apr. 25, 2014).