← Back to articles

Due Diligence Survival Guide: What Buyers Investigate and How to Prepare

Author: Yanni Papoutsi - Fractional VP of Finance and Strategy for early-stage startups - Author, Exit Ready Published: 2026-03-13 - Last updated: 2026-03-13

Reading time: ~11 min

The Five Diligence Workstreams

Buyer diligence is organized into parallel workstreams, each led by a specialist team. For a $50-100M transaction, expect:

Financial Diligence (2-3 auditors/analysts)

The buyer's accounting firm audits three years of historical financial statements, validates revenue recognition policies, reconciles GL to tax returns, and verifies EBITDA calculations. They review contracts to validate the revenue reflected in the financials. They check: are revenue figures consistent with customer contracts? Is the revenue recognized in the right period? Are there side agreements or oral commitments that affect the reported figures?

Common financial diligence findings: revenue timing mismatches (revenue recognized before cash received, or vice versa), discrepancies between tax returns and financial statements, undisclosed liabilities (accrued but not recorded), customer concentration risk, and unsupported EBITDA add-backs.

How to prepare: Get your financials audited by a reputable firm 6-12 months before you expect a sale. If an audit finds issues, fix them. Financial audits cost $30-50K but are far cheaper than discovering issues during buyer diligence. Ensure your financial statements match your tax returns. Provide detailed revenue reconciliation: show how the revenue in the P&L reconciles to customer contracts and invoices. Provide a detailed EBITDA bridge: show what adjustments are being made and why. Do not include aggressive or unsupported add-backs.

Legal Diligence (2-3 lawyers)

The buyer's legal team reviews corporate documentation, contracts, litigation history, compliance, and intellectual property. They verify: company formation and capitalization (cap table), board resolutions and shareholder agreements, customer contracts (terms, termination rights, change of control provisions), vendor contracts, employee agreements, IP ownership, insurance policies, regulatory compliance.

Common legal findings: ambiguous IP ownership (who owns customer customizations?), customer contracts with change-of-control termination rights (which allow customers to leave after the sale), undisclosed litigation or regulatory matters, missing or incomplete employment agreements, misclassified employees (contractors vs. W2), missing insurance policies, and IP infringement risk.

How to prepare: Hire a lawyer to review all contracts 3-6 months before sale launch. Identify issues: missing signatures, non-standard terms, unfavorable renewal provisions. Fix what can be fixed. Create a detailed schedule of all material contracts, highlighting problematic provisions. Prepare a litigation summary: list any disputes, employment claims, or regulatory actions ever taken against the company, with dates and resolutions. Prepare an IP schedule: document what IP is owned vs. licensed, what is patented vs. proprietary, what is source code vs. trade secrets. Ensure all founders and key employees have signed IP assignment agreements assigning their work product to the company.

Commercial Diligence (1-2 commercial analysts)

The buyer validates the business claims in the CIM: are customers real? Are contracts accurate? Is growth sustainable? Do unit economics hold up? What is churn really? Are there customer concentration risks?

They may request customer references: phone calls with 5-10 largest or most strategic customers to understand their satisfaction, usage, and likelihood to renew. They validate revenue through reference calls and contract review. They stress-test unit economics: if CAC is $100K and LTV is $400K, is that sustainable? What if churn increases 10%? What if ARPU decreases?

Common commercial findings: customer churn higher than stated, customer concentration risk (top 5 customers = 40%+ revenue), soft contracts (terms unclear, subject to renewal negotiations), customers who use the product minimally and may churn, and unit economics that deteriorate with scale (CAC increases faster than ARPU).

How to prepare: Build a detailed customer cohort analysis: show retention rates and LTV by customer cohort (by acquisition date, by sales source, by product). Show how retention trends have evolved. If retention is declining, explain why and what you are doing. Prepare a customer concentration analysis: show what percentage of revenue comes from top 10, top 25, and top 50 customers. If top 5 = 50% revenue, be proactive: explain why these customers are sticky and unlikely to churn. Prepare a contracts summary: list all material customer contracts, with key terms highlighted. Ensure all customer contracts are signed and documented. Do not rely on email exchanges or verbal agreements.

Technology Diligence (1-2 technical experts)

The buyer assesses the technical architecture, code quality, scalability, security posture, and technology roadmap. They may conduct a code review, architecture review, and security assessment. They validate: Is the product scalable? Can it handle 10x user growth? Is the code maintainable? Are there technical debt or legacy systems? Is security adequate? Are there unresolved vulnerabilities?

Common tech findings: technical debt (code that is hard to maintain and expensive to extend), outdated dependencies (libraries with known vulnerabilities), incomplete test coverage, undocumented code, single points of failure (critical functions dependent on one person), and scalability concerns (database queries that slow down with scale).

How to prepare: Conduct a technical audit 6-12 months before you expect to sell. Hire external engineers to review your architecture, code quality, and security. Address major findings: pay down technical debt, upgrade vulnerable libraries, increase test coverage. Document the architecture: create system diagrams showing how components interact, what external services you depend on, and what data flows exist. Have the engineering team document the technology roadmap: what is planned, what problems are being solved, what capacity do you have to support new features vs. maintain existing features. This demonstrates that you have a thoughtful tech strategy and that the buyer is acquiring a sustainable platform, not a legacy system.

HR and Employment Diligence (1 HR specialist, 1 employment lawyer)

The buyer verifies that all employees are legally classified, that employment agreements are in place, and that there are no undisclosed employment issues. They review org structure, compensation, benefits, and any equity arrangements. They validate: Are employees W2 or contractor? Are equity agreements in place for all equity holders? Have all employees been properly classified under wage and hour law? Are there outstanding employment disputes, discrimination claims, or wage claims?

Common HR findings: misclassified contractors (should be W2 employees), incomplete equity documentation, no written employment agreements, key people with no retention agreements or equity vesting, and undisclosed employment disputes or regulatory complaints.

How to prepare: Conduct an HR audit with an employment lawyer. Verify all employment classifications. Ensure all equity holders have signed equity agreements and understand their vesting schedules. Create employment agreements for all employees (at minimum, offer letters with confidentiality and IP assignment language). Prepare an org chart and key person dependencies analysis: show who the critical functions are and what happens if they leave. If key people are staying post-close, prepare retention packages or equity grants. Prepare a litigation summary: any employment complaints or disputes, even those resolved, should be disclosed. Non-disclosure increases legal risk and damages trust with the buyer.

The Diligence Timeline

A typical diligence process follows this timeline:

Week 1-2: Data Room Setup and Initial Requests

You provide access to a secure data room (Intralinks, CapTable, or similar) with organized documentation. The buyer's team submits initial information requests (IRs) across all workstreams. You should have a single diligence coordinator who collects responses and uploads to the data room daily.

Week 2-4: Initial Wave of Diligence

Financial team asks for GL, trial balance, revenue aging, customer contracts, and detailed reconciliations. Legal team asks for cap table, board resolutions, contracts, litigation summary. Commercial team requests customer lists, retention analysis, and CAC/LTV calculations. Tech team asks for architecture documentation, code repositories, and security assessments. HR team asks for employee list, equity schedules, and employment agreements.

Week 4-6: Deep Dive Diligence

Follow-up questions based on initial findings. Financial team digs into unusual items or large adjustments. Legal team requests copies of all material contracts. Commercial team conducts customer reference calls. Tech team may do hands-on code review and security testing. HR team interviews key employees.

Week 6-8: Closing Diligence and Management Presentations

Final questions, diligence summary preparation. Management presentations by CEO, CFO, VP Sales, VP Product, VP Tech. You address open issues and questions. Buyer team prepares preliminary findings document.

Week 8-10: Post-Diligence Negotiation

Buyer identifies diligence findings (issues, liabilities, risks) and negotiates reps and warranties insurance, escrow adjustments, earnout adjustments, or purchase price reductions based on findings.

Common Diligence Issues and How to Avoid Them

Missing or Incomplete Documentation

The biggest diligence problem is incomplete or disorganized records. If you cannot produce signed customer contracts, employment agreements, or regulatory licenses, the buyer assumes the worst. Spend time before diligence organizing all documentation and creating an index so the buyer can find what they need.

Unsupported Financial Claims

If the CIM says revenue grew 35% YoY, but customer contracts and invoicing only support 28% growth, there is a problem. Ensure all financial claims in the CIM are supported by underlying contracts and records.

Key Person Risk

If the business depends entirely on the founder or one person, the buyer becomes concerned about post-close execution. Mitigate by: document processes and playbooks, involve other team members in customer relationships, provide retention agreements or equity for key people staying post-close.

Customer or Revenue Concentration

If top 5 customers = 60% of revenue, the buyer sees risk. Be upfront about concentration and explain stickiness: long contracts, high switching costs, strategic importance of the product.

Technical Debt or Scalability Issues

Identify technical problems early and fix them or explain the roadmap to fix. Better for the buyer to know about a database scalability issue pre-close than to discover it post-close and blame you.

Managing the Diligence Process

Assign a single diligence coordinator on your side: typically CFO or Chief of Staff. This person owns all diligence responses, ensures consistency, and escalates issues. Do not have every exec responding independently; it creates confusion and inconsistent messages.

Set response deadlines: "All diligence responses due by Friday close of business." Slow responses extend diligence timelines. Fast, comprehensive responses compress timelines and show you are organized and professional.

Prepare management for diligence: the buyer's team will interview management, conduct site visits, and dive deep into operations. Prepare your team to be professional and consistent in their messaging.

Do not hide issues. If a customer is at risk of churning or an employee is planning to leave, disclose it. Issues discovered later through customer references or employee interviews damage credibility far more than proactive disclosure.

Post-Diligence: Adjustments and Renegotiation

After diligence, the buyer prepares a findings list: issues identified, liabilities discovered, risks assessed. Material findings are negotiated. Common outcomes:

- Escrow increase: Higher escrow holdback to compensate for identified risks.
- Earnout adjustment: Higher earnout contingencies tied to specific customer retention or operational metrics the buyer is concerned about.
- Price reduction: Direct reduction in purchase price if findings are material (reps breach, customer churn, technical debt).
- Reps and warranties insurance: If findings are significant but cannot be quantified, the buyer may ask the seller to purchase representations and warranties insurance to cover potential claims.
- Specific closing conditions: The buyer may require specific items to be cured before close (employment agreements signed, customer contracts obtained, etc.).