Key Takeaways
- Due diligence covers 12 categories - financial, legal, contracts, IP, employment, tax, environmental, regulatory, insurance, real property, technology, and commercial
- Every finding translates into a deal term - price adjustment, indemnification, escrow, or walk-away right
- The legal categories (contracts, IP, employment, corporate) are where most first-time buyers are weakest
- A Quality of Earnings report adjusts the purchase price in 85% of deals - don't skip it
M&A due diligence is the process that separates good acquisitions from catastrophic ones. It's the investigation period between signing a letter of intent and committing to the purchase - your last chance to verify everything the seller has told you, discover what they haven't, and price the deal based on reality instead of promises.
Most due diligence guides focus on the financial side: verify revenue, check expenses, normalize EBITDA. That's important. But in my experience, the issues that kill deals or cost buyers hundreds of thousands of dollars post-closing are almost always legal - a contract that terminates on change of control, IP that was never properly assigned, an employment agreement that triggers a six-figure severance payment, or an environmental liability buried in a lease.
This guide covers all 12 categories of M&A due diligence, with the red flags I actually look for, the questions you need to ask, and how each finding should translate into deal terms that protect you.
THE COST OF GETTING IT WRONG
85% of deals see purchase price reductions during due diligence. 50% of technology deals see buyers walk away entirely based on findings. The most famous due diligence failure - HP's acquisition of Autonomy - resulted in an $8 billion writedown after accounting irregularities surfaced post-closing.
You don't need to be buying a billion-dollar company for due diligence to matter. On a $2M acquisition, a missed $200K environmental liability or a key customer contract with a change-of-control termination clause can be equally devastating relative to the deal size.
The Due Diligence Timeline
Due diligence isn't a single event - it's a phased process that runs on multiple parallel tracks.
| Week | Phase | Key Activities |
|---|---|---|
| 1-2 | Setup & Document Collection | Send due diligence request list, gain data room access, begin initial document review |
| 2-6 | Deep Dive Review | Financial analysis (QoE), contract review, IP audit, employment review, site visits |
| 4-8 | Follow-Up & Clarification | Second document requests, management interviews, expert consultations (environmental, regulatory) |
| 6-10 | Findings Synthesis | Due diligence memo, risk assessment, deal term recommendations |
| 8-12 | Negotiation Integration | Translate findings into purchase agreement terms - reps, indemnification, escrow, price adjustments |
The 12 Categories of M&A Due Diligence
Every due diligence process should cover these 12 areas. The depth depends on the business, industry, and deal size - but skipping any category entirely is how problems get missed.
1. Financial Due Diligence
Led by: Transaction CPA | Key deliverable: Quality of Earnings (QoE) report
This is the foundation. Your CPA verifies the seller's claimed earnings, normalizes one-time items, and identifies accounting inconsistencies. In 85% of deals, the QoE reveals adjustments that change the effective purchase price.
What to Review
- 3-5 years of financial statements
- Tax returns (5-7 years)
- Revenue by customer and product
- Accounts receivable/payable aging
- Working capital trends
- EBITDA normalizations and add-backs
Red Flags
- Revenue recognition inconsistencies
- Tax returns don't match financial statements
- Aggressive owner add-backs
- Declining cash flow despite revenue growth
- Frequent auditor or CPA changes
- Related-party transactions
2. Legal and Corporate Due Diligence
Led by: M&A Attorney | Key deliverable: Corporate clean-up memo
Verify that the company is properly organized, the seller actually owns what they're selling, and there are no title defects that could prevent a clean closing.
What to Review
- Articles of incorporation/organization
- Bylaws, operating agreement
- Board minutes (3-5 years)
- Cap table, stock certificates
- Good standing certificates
- Shareholder/operating agreements
Red Flags
- Incomplete or missing board minutes
- Lapsed annual filings
- Unresolved ownership disputes
- Transfer restrictions in operating agreements
- Undisclosed equity holders
- Missing corporate formalities
3. Contract Due Diligence
Led by: M&A Attorney | Key deliverable: Change-of-control analysis
Every material contract needs to be reviewed for provisions that could affect the transaction. This is one of the most important - and most overlooked - areas of due diligence.
What to Review
- Top 20 customer agreements
- Key vendor/supplier contracts
- All lease agreements
- License agreements (software, IP)
- Distribution/franchise agreements
- Non-compete and exclusivity provisions
Red Flags
- Change-of-control termination rights
- Non-assignment clauses
- Contracts expiring within 12 months
- Most-favored-nation pricing clauses
- Auto-renewal opt-outs approaching
- Side letters amending key terms
Real example:
A buyer acquired a distribution company without reviewing the supplier agreements in detail. Three of the five largest supplier contracts contained change-of-control provisions allowing termination with 30 days' notice. Two suppliers exercised that right within 60 days of closing. The business lost 40% of its product line. The buyer's general attorney had reviewed the contracts but didn't flag the change-of-control clauses because they weren't looking for them.
Starting due diligence on a deal? Get experienced M&A counsel involved early. Request a consultation →
4. Intellectual Property Due Diligence
Led by: M&A Attorney (with IP counsel if needed) | Key deliverable: IP ownership verification memo
For technology companies, SaaS businesses, and any company where proprietary knowledge drives value, IP due diligence can be the most critical category. The question isn't just "what IP does the company have?" - it's "does the company actually own it?"
What to Review
- Patent, trademark, copyright registrations
- IP assignment agreements (employees + contractors)
- License agreements (inbound and outbound)
- Open-source software usage and compliance
- Trade secret documentation and protections
- Domain names and digital assets
Red Flags
- No written IP assignments from contractors
- Key software developed before company formation
- Pending infringement claims
- GPL or copyleft open-source in proprietary code
- Expiring patents covering core technology
- Employee-created IP without assignment clauses
5. Employment and HR Due Diligence
Led by: M&A Attorney | Key deliverable: Employment risk assessment
What to Review
- Employment agreements (key personnel)
- Non-compete and non-solicitation clauses
- Benefits plans (health, retirement, equity)
- Worker classification (W-2 vs. 1099)
- Pending HR claims or EEOC complaints
- Org chart and compensation benchmarking
Red Flags
- Key employees without non-competes
- Change-of-control severance triggers
- Misclassified independent contractors
- Underfunded pension obligations
- High turnover in critical roles
- No employee handbook or inconsistent policies
6. Tax Due Diligence
Led by: Transaction CPA + Tax Counsel | Key deliverable: Tax risk memo
What to Review
- Federal and state tax returns (5-7 years)
- Sales and use tax compliance
- Payroll tax filings
- NOL carryforwards and limitations
- Open audits or disputes
- Transfer pricing (multi-state/international)
Red Flags
- Unfiled returns in any jurisdiction
- No sales tax nexus analysis despite multi-state sales
- Open IRS or state audit
- Aggressive tax positions without support
- Payroll tax delinquencies
- Inconsistencies between returns and financials
Don't discover problems after closing.
Our due diligence team brings deep M&A experience to every review. We know what to look for, where problems hide, and how to translate findings into deal terms that protect your investment.
7. Environmental Due Diligence
Led by: Environmental consultant + M&A Attorney | Key deliverable: Phase I Environmental Site Assessment
Required for any deal involving real property. Environmental liabilities can follow the property regardless of who caused them - if you acquire contaminated land, you may be liable for cleanup even if the contamination predates your ownership.
Key items: Phase I assessment ($3K-$5K), permit compliance, hazardous waste records, underground storage tanks, Superfund exposure. Red flags: Known contamination, lacking permits, prior industrial use without assessment.
8. Regulatory and Compliance Due Diligence
Led by: M&A Attorney (with regulatory counsel if needed)
Industry-specific. Healthcare businesses need HIPAA review. Financial services need AML/KYC compliance checks. Food businesses need FDA compliance. Any deal above the HSR threshold (~$119.5M in 2026) requires antitrust filing.
Key items: Licenses and permits (current status, transferability), industry-specific compliance, data privacy (CCPA/state laws), anti-bribery (FCPA if international). Red flags: Lapsed licenses, pending regulatory investigations, data breach history.
9. Insurance Due Diligence
Led by: M&A Attorney + Insurance broker
Key items: All policies (liability, D&O, property, cyber, workers' comp), claims history (3-5 years), coverage gaps, tail coverage availability for pre-closing claims. Red flags: Lapsed policies, high claims frequency, self-insured retentions above normal, no cyber insurance despite handling customer data.
10. Real Property Due Diligence
Led by: M&A Attorney
Key items: Title reports, lease agreements (transferability, consent requirements, remaining term), zoning compliance, surveys, encumbrances. Red flags: Lease expires within 24 months with no renewal option, landlord consent required but not yet obtained, zoning violations, title defects.
11. Technology and IT Due Diligence
Led by: IT consultant + M&A Attorney (for licensing)
Key items: IT infrastructure assessment, software licenses (compliance and transferability), cybersecurity posture, data backup and disaster recovery, SaaS vendor agreements. Red flags: Legacy systems requiring expensive upgrades, unlicensed software, no disaster recovery plan, recent data breaches, key systems dependent on a single vendor.
12. Customer and Commercial Due Diligence
Led by: Buyer (with market research support if needed)
Key items: Revenue by customer (concentration analysis), contract renewal rates, customer churn history, sales pipeline quality, competitive positioning, pricing structure sustainability. Red flags: Any customer >20% of revenue, declining renewal rates, shrinking pipeline, pricing pressure from competitors, loss of key accounts in past 12 months.
How Due Diligence Findings Become Deal Terms
Due diligence isn't just about finding problems. It's about quantifying risk and translating that risk into contractual protections. Here's how different findings typically affect the deal:
| Finding | Deal Term Response | Typical Impact |
|---|---|---|
| QoE shows EBITDA is 15% lower than claimed | Purchase price reduction | Price drops by the multiple applied to the EBITDA shortfall |
| Key customer contract has change-of-control clause | Seller must obtain consent pre-closing + escrow holdback | 5-10% of price held in escrow until consent obtained |
| Pending litigation with uncertain outcome | Special indemnification + escrow for potential liability | Escrow sized to cover maximum exposure |
| IP assignment missing for key contractor | Seller must obtain assignment pre-closing (condition to close) | Deal doesn't close until assignment is completed |
| Key employees lack non-competes | Seller must obtain signed agreements pre-closing | Escrow holdback or price reduction if not obtainable |
| Environmental contamination discovered | Specific environmental indemnification (often uncapped) | Seller bears full liability for pre-closing contamination |
| Revenue concentration >30% in one customer | Earnout tied to customer retention | 20-40% of price contingent on customer staying 12-24 months |
| Undisclosed tax exposure | Tax indemnification with extended survival period | Seller liable for pre-closing tax issues for 5-7 years |
The key takeaway: due diligence findings are negotiation tools, not deal-killers. Your M&A attorney's job is to quantify each risk and build the appropriate protection into the purchase agreement. Walking away should be the last resort, reserved for fundamental issues (fraud, irreparable business decline, or risks that can't be adequately priced or indemnified).
Due Diligence From the Seller's Side
If you're selling, due diligence is your biggest vulnerability - and your biggest opportunity. Every issue the buyer discovers becomes a negotiation point. But a well-prepared seller who has conducted their own exit planning and pre-sale due diligence controls the narrative.
Seller's Due Diligence Preparation Checklist
- Organize your data room before going to market - don't scramble to find documents during the buyer's investigation
- Conduct your own "red flag" review - have your M&A attorney review your contracts, IP, and corporate records for issues a buyer will flag
- Fix what you can fix - get IP assignments signed, renew expiring contracts, cure corporate formalities, update employee agreements
- Prepare your disclosure schedules - the representations in the purchase agreement will require you to disclose exceptions; know your disclosures in advance
- Brief your team - designate a point person for due diligence requests, establish a Q&A protocol, and ensure all communications go through counsel
For a detailed seller preparation roadmap, see our business exit planning guide and due diligence checklist.
How We Handle Due Diligence at Acquisition Stars
- • I personally review every deal. After years of focused M&A practice, I know where problems hide. I review contracts, IP, corporate records, and employment matters myself - not a junior associate doing their first deal.
- • Better rates, better attention. 15+ years of transaction experience without the large firm overhead. No hourly meter running while we review your data room. The engagement covers the full review, findings memo, and integration into purchase agreement terms.
- • Findings become protections. We don't just hand you a list of problems. Every finding comes with a recommended deal term - price adjustment, indemnification provision, escrow structure, or closing condition. Our job is to protect your investment, not just report on it.
- • Both sides of the table. We represent both buyers and sellers, which means we know what the other side is looking for. When we do your due diligence, we're anticipating the arguments before they're made.
Don't discover problems after closing. Discover them now.
Whether you're buying or selling, our due diligence team catches what others miss. Managing partner on every engagement. Deep M&A experience on every deal.
Or call directly: (248) 266-2790
Frequently Asked Questions About M&A Due Diligence
What is due diligence in M&A?
Due diligence in M&A is the investigation process a buyer conducts after signing a letter of intent (LOI) to verify everything the seller has represented about the business. It typically covers financial records, legal matters, contracts, intellectual property, employment, tax compliance, environmental issues, and operations. The goal is to identify risks, verify the business's value, and inform the terms of the purchase agreement. Due diligence usually takes 6-12 weeks and involves the buyer's M&A attorney, transaction CPA, and sometimes operational consultants.
How long does M&A due diligence take?
Most due diligence processes take 6-12 weeks (60-90 days). Simple deals with clean records can close in 4-6 weeks. Complex deals - those with regulatory approvals, multi-state operations, significant IP portfolios, or environmental concerns - can take 4-6 months. The LOI typically grants the buyer a 90-day exclusivity period to complete due diligence. If you're the buyer, don't rush it. Every shortcut in due diligence is a risk you're accepting with your money.
What does due diligence cost?
For a mid-market acquisition ($1M-$10M), legal due diligence typically costs $15,000-$50,000 depending on the complexity of the business. A Quality of Earnings report from a transaction CPA adds $15,000-$40,000. Environmental assessments (Phase I) cost $3,000-$5,000. Total due diligence costs for a typical deal: $30,000-$100,000. Compare that to the cost of not doing it - HP's inadequate due diligence on Autonomy resulted in an $8 billion writedown. The investment in due diligence is always a fraction of what a missed issue costs.
Who conducts due diligence in an M&A transaction?
Due diligence is conducted by the buyer's advisory team: the M&A attorney leads legal due diligence (contracts, IP, litigation, corporate records, employment), the transaction CPA leads financial due diligence (Quality of Earnings, tax review, working capital analysis), and the buyer or operational consultants handle operational due diligence (customers, systems, management). The buyer's M&A attorney typically coordinates the entire process, managing the data room access, document requests, and timeline.
What happens if due diligence reveals problems?
Due diligence findings don't automatically kill deals - they inform negotiations. Common outcomes include: purchase price reduction (to account for identified risks or lower-than-expected earnings), enhanced indemnification provisions (seller remains liable for specific issues), escrow holdbacks (a portion of the price held in escrow to cover potential claims), earnout structures (tying part of the price to post-closing performance), or deal termination (if the issues are fundamental and can't be priced). Your M&A attorney translates findings into deal terms that protect you.
What are the most common due diligence red flags?
The red flags I see most frequently: customer concentration above 20% of revenue in a single customer, declining revenue trends hidden by one-time items, missing or unsigned IP assignment agreements, change-of-control provisions in key contracts that allow termination upon sale, pending or threatened litigation not initially disclosed, tax returns that don't match financial statements, key employees without non-compete agreements, and corporate records with gaps in board minutes or missing filings.
What is a Quality of Earnings (QoE) report?
A Quality of Earnings report is an independent financial analysis prepared by a transaction CPA that verifies the seller's claimed EBITDA or SDE. It normalizes one-time items, owner add-backs, and accounting inconsistencies to reveal the business's true recurring earnings. A QoE typically costs $15,000-$40,000 and takes 3-6 weeks. It's the single most important financial due diligence document - in 85% of deals, the QoE reveals adjustments that reduce the purchase price from the seller's asking number.
What is a due diligence data room?
A data room (or virtual data room / VDR) is a secure online repository where the seller organizes all documents the buyer's team needs to review during due diligence. It typically contains corporate records, financial statements, tax returns, contracts, employee agreements, IP documentation, insurance policies, and litigation files. A well-organized data room signals professionalism and accelerates the process. A disorganized one raises red flags and slows everything down - which often signals deeper organizational problems in the business.
Can I do due diligence without an attorney?
You can review financials and operations yourself, but legal due diligence requires an M&A attorney. Contract review (change-of-control provisions, assignment restrictions), IP ownership verification, employment agreement analysis, litigation assessment, and corporate record review all require legal expertise. More importantly, due diligence findings need to be translated into purchase agreement protections - indemnification provisions, representations and warranties, escrow structures. Without an attorney, you'll identify problems but won't have the legal tools to protect yourself from them.
What is the difference between buyer and seller due diligence?
Buyer due diligence investigates the target business to verify its value and identify risks before committing to the purchase. Seller due diligence (also called 'reverse due diligence' or 'sell-side preparation') is when the seller reviews their own business before going to market - identifying and fixing issues that buyers would flag. Smart sellers conduct their own due diligence 12-18 months before selling to fix problems proactively. We cover this extensively in our business exit planning guide.
Related Resources
Due Diligence Checklist
50+ items organized by category for your due diligence review.
How to Buy a Business
The complete acquisition guide - all 7 phases from search to close.
What Does an M&A Attorney Do?
Understand the five core functions of M&A counsel.
Business Exit Planning
The seller's roadmap - preparing your business for due diligence.
Our Due Diligence Services
Due diligence for buyers and sellers, nationwide.
Due Diligence After LOI
What happens between signing the LOI and closing.
M&A Attorney Services
LOI through closing. Managing partner on every deal. Selective M&A practice nationwide.