Practical guide
These points support an initial assessment. The decisive legal, tax, financial and operational questions depend on the business, the people involved and the chosen transaction structure.
Set a risk-based scope before opening the data room
Start from the investment case: why does the buyer want this company, which assumptions support the price and what could make the acquisition fail? Convert those questions into review areas and assign responsibility, priority and evidence. A regulated medical practice, software company and restaurant require different emphasis even though all have accounts and contracts. The transaction structure matters too: a share deal generally exposes the buyer to the company's existing liabilities, while an asset deal focuses attention on the selected assets, contracts, permits and transfer requirements. A written scope prevents both blind spots and unnecessary work.
- link every workstream to a material acquisition assumption
- adjust depth for sector, size and transaction structure
- name the reviewer, evidence and deadline for each question
Reconcile financial performance and cash requirements
Review annual accounts, current management figures, tax records, bank and debt information, working capital, investment history and forecasts. Reconcile headline revenue and earnings with the underlying records and investigate changes, exceptional items and owner-related expenses. Sustainable cash flow matters more than a single adjusted profit number because it must support salary, taxes, investment and financing. Examine receivables, stock, deferred revenue and seasonality to understand the cash needed after closing. Forecasts should be tested against capacity, contracts, sales pipeline and historical accuracy rather than accepted as a continuation of the seller's presentation.
- reconcile published and management figures to source records
- normalise earnings without hiding recurring expenditure
- model working capital, investment and downside cash flow
Review customers, contracts, people and compliance
Identify customer and supplier concentration, contract duration, termination rights, change-of-control clauses and dependencies on personal relationships. Review employment terms, key-person risk, pension and payroll matters, permits, disputes, insurance, intellectual property, privacy duties and any sector-specific regulation. Personal data should be shared proportionately and securely; early review often works with anonymised schedules rather than full employee or customer files. The aim is to understand what legally and commercially continues after closing, what needs consent and which obligations could undermine the buyer's operating plan.
- map concentration, renewal, termination and consent risks
- verify ownership of intellectual property and key assets
- review employment, privacy, permits and pending disputes
Test operations, technology and the handover plan
Inspect how the business actually delivers its products or services. Consider premises, equipment, maintenance, suppliers, quality controls, cyber security, software licences, backups, access rights, documentation and business continuity. Compare written processes with interviews and available operating evidence. Owner dependence is often visible in pricing, customer contact, technical knowledge and approvals rather than in the organisation chart. Estimate the investment and support required to operate safely after closing, then incorporate those needs into financing, price and a dated knowledge-transfer plan.
- observe critical workflows and verify operational capacity
- assess systems, security, licences and recovery arrangements
- quantify owner dependence and transition support
Turn findings into economics, protection and actions
Maintain a findings register that distinguishes facts, unanswered questions, professional opinions and management actions. Rate each matter by likelihood, financial or operational impact and timing. Some findings justify a price or working-capital adjustment; others call for a warranty, indemnity, closing condition, retained amount, seller action or post-closing plan. Not every issue needs a contractual clause, and a clause cannot make an unmanageable risk disappear. The buyer should close only when the combined evidence supports the investment case, financing and ability to operate the company under realistic downside assumptions.
- record severity, evidence, owner and proposed treatment
- connect findings with price, contract and integration
- make an explicit go, renegotiate, pause or stop decision
Sources and further information
Frequently asked questions
How long does due diligence take?
There is no standard duration. Timing depends on company size, data quality, transaction structure, sector, adviser availability and how quickly questions are answered. A focused small-business review may progress quickly when records are organised, while complex contracts, tax issues or missing documents can extend the timetable. The parties should agree a realistic scope and milestones, but the buyer should not let an arbitrary deadline replace review of matters that are material to value, financing or the ability to operate after closing.
Which documents belong in a due-diligence data room?
Typical categories include corporate records, accounts, current trading, tax, financing, material contracts, customers and suppliers, employees, pensions, property, assets, insurance, permits, disputes, intellectual property, technology and privacy. The exact list should follow the risk-based scope. Sensitive records can be redacted or summarised until detailed access is justified. A clear index, consistent file names, version control and a question log make the evidence more useful than an unstructured dump of every document the seller can find.
Can a buyer perform due diligence without advisers?
A buyer can review commercial fit and many operating matters directly, but specialist advice is often appropriate for legal, tax, accounting, pension, property, regulatory or technical risks. The need depends on complexity and materiality, not only transaction value. Advisers should receive a defined scope and report findings in language the buyer can connect to the decision. Even with advisers, the buyer remains responsible for asking how the company will be managed and for deciding whether the combined risk is acceptable.
What should happen when due diligence finds a problem?
First verify the evidence, scale and likelihood rather than reacting to a label. Then determine whether the issue changes sustainable earnings, required investment, financing, timing or the ability to operate. Possible responses include further investigation, seller remediation, a price adjustment, specific indemnity, closing condition, retained payment or a post-closing action plan. If the risk cannot be understood, funded or protected and is central to the acquisition, pausing or ending the process may be more rational than forcing a contractual solution.
Does due diligence guarantee that no risk remains?
No. Due diligence reduces uncertainty based on available information, agreed access and professional judgement; it cannot identify every future event or undisclosed fact. Contracts, insurance and seller protections also have limits. The buyer should understand residual risks, keep adequate financial reserves and plan monitoring after closing. A sound process supports an informed decision under uncertainty, not a promise that the business will perform as forecast or that every statement will remain true indefinitely.