Dashboard › Checklists

✅ Practical Checklists

Ready-to-use checklists for recurring CLO workflows. Click to expand.

  • Confirm meeting date, time, and quorum requirements (check bylaws for quorum threshold)
  • Distribute board materials at least 5 business days in advance (7 preferred)
  • Prepare and circulate draft agenda; confirm with CEO and board chair
  • Draft resolutions for all action items requiring board approval
  • Prepare committee reports (Audit, Compensation, Nominating/Governance)
  • Confirm D&O questionnaires and disclosure updates are current
  • Review any pending or threatened litigation for board update
  • Prepare executive session agenda items (if any)
  • Ensure board portal access is working for all directors
  • Arrange for corporate secretary or designee to attend and take minutes
  • Post-meeting: circulate draft minutes within 10 business days; finalize at next meeting
  • Identify triggering event (litigation filed, government investigation, reasonable anticipation of litigation)
  • Define scope: custodians, date range, data sources, document types
  • Issue written legal hold notice to all identified custodians
  • Suspend routine document destruction and retention policies for in-scope materials
  • Notify IT to preserve relevant electronic systems, backups, and auto-delete processes
  • Identify and preserve relevant third-party data (cloud vendors, outside counsel, contractors)
  • Document the hold process (who was notified, when, what instructions were given)
  • Send periodic reminders to custodians (quarterly minimum)
  • Track custodian acknowledgments; follow up on non-responses within 48 hours
  • Establish process for new hires/departures who fall within hold scope
  • Review and release hold only after matter is fully resolved and with legal sign-off
Spoliation sanctions can be case-ending. Over-preserve rather than under-preserve. Document everything.
  • Corporate organization: charter, bylaws, good standing certificates, board/stockholder minutes, capitalization table
  • Material contracts: review top 20 by revenue/spend; identify change-of-control provisions, consent requirements, and anti-assignment clauses
  • Litigation: pending, threatened, and settled matters within past 5 years; assess material exposure
  • IP: patent portfolio, trademark registrations, trade secret protections, open-source usage, IP assignments from employees/contractors
  • Employment: executive agreements, equity plans, severance obligations, non-compete enforceability, pending EEOC/labor claims
  • Real estate: lease terms, renewal options, assignment provisions, environmental liabilities
  • Regulatory: licenses, permits, compliance history, pending investigations, consent decrees
  • Tax: federal/state/local tax returns (3 years), pending audits, tax sharing agreements, NOL carryforwards
  • Insurance: current program summary, claims history (5 years), tail coverage needs
  • Data privacy: privacy policies, data processing agreements, breach history, GDPR/CCPA compliance status
  • Government contracts: if applicable — ITAR, CFIUS, FOCI considerations
  • Prepare diligence summary memo with risk ratings (high/medium/low) for each category
  • Within 4 business days: Form 8-K for any reportable event (material agreements, executive changes, financial restatements, etc.)
  • Within 2 business days: Section 16 Forms 3/4 (insider transactions) — monitor continuously
  • 40 days after quarter end (accelerated filer): Form 10-Q quarterly report
  • 60 days after fiscal year end (accelerated filer): Form 10-K annual report
  • 120 days after fiscal year end: Proxy statement (DEF 14A) and annual meeting
  • February (Q4 earnings): Earnings release (8-K), earnings call script, Reg FD compliance review
  • Quarterly: Reg FD training reminder; insider trading window open/close notices; blackout period enforcement
  • Annual: D&O questionnaires; director independence determinations; committee charter reviews
  • Annual: Section 302/906 CEO/CFO certifications (with 10-K and 10-Q)
  • Annual: SOX 404 internal controls assessment; auditor attestation (for accelerated filers)
  • As needed: Form S-3/S-8 shelf registration updates; Rule 144 opinions; 10b5-1 plan reviews
All deadlines assume accelerated filer status. Large accelerated filers and non-accelerated filers have different deadlines. Calendar assumes December fiscal year end — adjust for non-calendar FYE.
  • New Hire: Verify non-compete/non-solicit from prior employer; assess enforceability risk
  • New Hire: Confirm no misappropriation of prior employer's trade secrets or confidential information
  • New Hire: Execute employment agreement, IP assignment, confidentiality/NDA, arbitration agreement
  • New Hire: I-9 verification within 3 business days of start date
  • New Hire: Equity grant paperwork and Section 83(b) election (if applicable — 30-day deadline)
  • Termination: Document performance issues and progressive discipline (if for cause)
  • Termination: Review employment agreement for severance, notice period, and post-termination obligations
  • Termination: Prepare separation agreement and general release (ADEA: 21 days to consider, 7 days to revoke; group: 45 days)
  • Termination: Calculate final pay including accrued PTO (check state law — some require immediate payment)
  • Termination: Revoke system access, collect company property, deactivate credentials
  • Termination: COBRA notice within 14 days of qualifying event
  • Termination: Assess WARN Act applicability (60-day notice for mass layoffs / plant closings)
  • Hour 0-1: Activate incident response team (Legal, CISO, IT, Communications, CEO)
  • Hour 0-1: Engage outside breach counsel (privilege — all communications through counsel)
  • Hour 0-4: Contain the breach — isolate affected systems, preserve forensic evidence, do NOT destroy logs
  • Hour 0-4: Engage forensic investigation firm (through outside counsel for privilege protection)
  • Hour 4-12: Determine scope: what data, how many individuals, what jurisdictions, what data types (PII, PHI, financial)
  • Hour 4-12: Review cyber insurance policy; provide notice to carrier per policy terms
  • Hour 12-24: Assess notification obligations by jurisdiction (state AG notification, GDPR 72-hour rule, HIPAA 60-day rule, SEC 4-day 8-K)
  • Hour 12-24: Draft internal communications; prepare board notification
  • Hour 24-48: Prepare consumer notification letters; engage credit monitoring/identity protection vendor
  • Hour 24-48: Prepare regulatory notifications (state AGs, HHS if PHI, relevant federal regulators)
  • Hour 48-72: Prepare external communications (press statement if warranted, customer FAQ)
  • Hour 48-72: Document all response actions, decisions, and timeline for regulatory defense
GDPR requires supervisory authority notification within 72 hours. SEC requires 8-K within 4 business days of determining materiality. State laws vary widely — some require notification within 30 days, others have no specific deadline but require "expedient" notice.
  • Parties: correct legal entities, authority to bind, good standing
  • Term and termination: duration, auto-renewal, termination for convenience vs. cause, wind-down obligations
  • Scope of work / deliverables: clearly defined, measurable, acceptance criteria
  • Payment terms: amount, schedule, late payment penalties, price adjustment mechanisms
  • Representations and warranties: scope, survival period, materiality qualifiers, knowledge qualifiers
  • Indemnification: scope (IP, third-party claims, breach), caps, baskets, exclusions for gross negligence/willful misconduct
  • Limitation of liability: consequential damages waiver, aggregate cap (typically 12-24 months of fees)
  • IP ownership: work product ownership, license grants, pre-existing IP carve-outs
  • Confidentiality: definition of confidential information, exceptions, term, return/destruction obligations
  • Data protection: DPA required? data processing roles, sub-processor consent, breach notification
  • Insurance requirements: minimum coverage amounts, additional insured status, certificates
  • Assignment / change of control: consent requirements, anti-assignment clauses
  • Governing law and dispute resolution: jurisdiction, venue, arbitration vs. litigation, jury waiver
  • Force majeure: scope of qualifying events, notice requirements, termination right after extended force majeure
  • Define scope and objectives in writing before engagement begins
  • Execute engagement letter with fee arrangement (hourly, fixed, success, blended), staffing plan, and budget
  • Distribute outside counsel guidelines (billing standards, staffing restrictions, reporting requirements)
  • Establish budget with not-to-exceed cap; require written approval for overages
  • Define billing standards: no block billing, minimum time increments, no charges for administrative tasks
  • Staffing requirements: named partner responsible, no associate staffing changes without approval, leverage ratio
  • Reporting cadence: weekly status updates for active matters, monthly for maintenance
  • Conflicts check: confirm firm-wide conflicts clearance before sharing confidential information
  • Review invoices monthly against guidelines; use e-billing platform if available
  • Conduct matter post-mortem: outcome, total cost vs. budget, lessons learned, firm performance assessment
  • Maintain firm roster with performance ratings for future matter staffing decisions
  • Begin renewal process 90-120 days before expiration
  • Review prior year claims experience with broker; assess impact on premiums
  • Update company profile: revenue, headcount, asset values, new products/services, geographic expansion
  • Review D&O limits in light of current market cap, litigation environment, and peer benchmarking
  • Assess cyber insurance adequacy: coverage limits vs. estimated breach costs, sublimits for specific coverages
  • Review EPL (Employment Practices Liability) in light of workforce changes, RIFs, or pending claims
  • Confirm all policies are coordinated: no gaps between primary and excess layers
  • Review policy exclusions: are any new business activities excluded? negotiate carve-backs if needed
  • Obtain multiple quotes from competing carriers (broker should market to at least 3-5 carriers per line)
  • Review Reps & Warranties insurance needs for any pending M&A transactions
  • Confirm certificates of insurance are updated and distributed to counterparties as required by contracts
  • Document program structure, premium allocation, and renewal decisions for board/audit committee reporting
  • T-18 months: Engage IPO counsel (company-side and underwriter's counsel)
  • T-18 months: Form IPO steering committee (CEO, CFO, CLO, outside counsel, auditors, bankers)
  • T-12 months: Corporate housekeeping — clean up capitalization table, option grants, convertible instruments
  • T-12 months: Audit readiness — ensure 2+ years of audited financials (3 years for large accelerated filers)
  • T-12 months: SOX 404 internal controls implementation — begin documentation and testing
  • T-9 months: Board composition — recruit independent directors (majority independent, audit committee financial expert)
  • T-9 months: Adopt corporate governance framework: committee charters, code of conduct, insider trading policy, Reg FD policy
  • T-6 months: Draft S-1 registration statement — business description, risk factors, MD&A, compensation disclosure
  • T-6 months: Prepare executive compensation programs (Section 162(m), golden parachute analysis, equity plan for stockholder approval)
  • T-3 months: File S-1 with SEC; begin comment/response cycle
  • T-3 months: D&O insurance placement (pre-IPO tower + public company program)
  • T-1 month: Roadshow preparation; lock-up agreements executed; Section 16 filings prepared
  • Pricing: Board approval of final price and share count; underwriting agreement execution
  • Post-IPO: Quiet period compliance; first 10-Q filing; investor relations program launch
Timeline assumes traditional IPO. SPAC and direct listing processes differ materially in timing and workstreams.