# M&A Due Diligence Checklist

Comprehensive due diligence organized by domain. Not every item applies to every deal — focus on what matters for YOUR acquisition rationale.

## Financial Due Diligence

### Revenue Quality
- [ ] Revenue by customer (top 10 customer concentration)
- [ ] Revenue by product line
- [ ] Revenue by geography
- [ ] MRR/ARR trend (24 months minimum)
- [ ] Churn rate (gross and net, by cohort)
- [ ] Revenue recognition policies
- [ ] Deferred revenue / backlog
- [ ] One-time vs recurring revenue split
- [ ] Professional services vs product revenue

### Profitability
- [ ] Gross margin by product line
- [ ] Operating expenses breakdown
- [ ] Burn rate trend (improving or worsening?)
- [ ] Path to profitability (realistic or aspirational?)
- [ ] Unit economics (LTV, CAC, payback by channel)

### Cash & Liabilities
- [ ] Cash position and burn rate
- [ ] Outstanding debt (terms, covenants)
- [ ] Accounts receivable aging
- [ ] Accounts payable
- [ ] Pending or contingent liabilities
- [ ] Tax obligations (any back taxes?)
- [ ] Cap table (fully diluted, option pool)

### Financial Controls
- [ ] Audit history (audited vs reviewed vs compiled)
- [ ] Financial reporting cadence and quality
- [ ] Budget vs actual variance history
- [ ] Key financial policies

## Technical Due Diligence

### Architecture
- [ ] Architecture diagrams (current state)
- [ ] Technology stack inventory
- [ ] Infrastructure (cloud provider, regions, costs)
- [ ] Scalability assessment (current capacity vs load)
- [ ] Security architecture (encryption, access controls)

### Code Quality
- [ ] Test coverage (unit, integration, e2e)
- [ ] CI/CD pipeline maturity
- [ ] Technical debt inventory (estimated remediation cost)
- [ ] Code review practices
- [ ] Documentation quality

### Data
- [ ] Data architecture and storage
- [ ] Data privacy compliance (GDPR, CCPA)
- [ ] Data portability (can you migrate it?)
- [ ] Proprietary data assets (training data, user data)
- [ ] Data retention policies

### Operational
- [ ] Uptime history (SLA compliance)
- [ ] Incident history (frequency, severity, resolution time)
- [ ] Monitoring and alerting coverage
- [ ] Disaster recovery plan and testing history
- [ ] On-call rotation and processes

## Legal Due Diligence

### Intellectual Property
- [ ] Patents (granted and pending)
- [ ] Trademarks
- [ ] Copyright registrations
- [ ] IP assignment agreements (all employees/contractors)
- [ ] Open source usage and compliance
- [ ] Trade secrets protection measures

### Contracts
- [ ] Customer contracts (terms, renewals, termination rights)
- [ ] Vendor contracts (key dependencies, terms)
- [ ] Partnership agreements
- [ ] Lease agreements
- [ ] Employment agreements (non-competes, IP clauses)

### Compliance & Litigation
- [ ] Pending or threatened litigation
- [ ] Regulatory compliance status
- [ ] Government investigations
- [ ] Insurance coverage
- [ ] Prior legal disputes and resolutions

## People Due Diligence

### Team Composition
- [ ] Org chart with roles and tenure
- [ ] Key person dependencies (bus factor)
- [ ] Compensation details (salary, equity, bonuses)
- [ ] Employment agreements and non-competes
- [ ] Contractor vs employee classification

### Culture & Retention
- [ ] Recent engagement survey results
- [ ] Turnover rate (last 12-24 months)
- [ ] Glassdoor/reputation assessment
- [ ] Management quality assessment
- [ ] Culture compatibility analysis

### HR Compliance
- [ ] Employee handbook and policies
- [ ] HR complaints or investigations
- [ ] Benefits programs
- [ ] Equity plan details and administration

## Market Due Diligence

### Market Position
- [ ] Market size (TAM, SAM, SOM) with sources
- [ ] Market share estimate
- [ ] Growth rate (market and company)
- [ ] Competitive landscape (direct and indirect)
- [ ] Barriers to entry / competitive moat

### Customer Analysis
- [ ] Customer segmentation
- [ ] Win/loss analysis (why customers chose them)
- [ ] NPS or satisfaction scores
- [ ] Customer acquisition channels
- [ ] Customer lifetime and expansion patterns

## Red Flag Severity Guide

| Severity | Examples | Action |
|----------|---------|--------|
| **Deal killer** | IP not properly assigned, undisclosed litigation, fraud | Walk away |
| **Major renegotiation** | Customer concentration >40%, key person risk, technical debt >6 months | Reduce price or add protections |
| **Integration risk** | Culture mismatch, legacy systems, manual processes | Budget for remediation |
| **Monitor** | High churn, declining NPS, aging tech stack | Track post-close |

## Due Diligence Timeline

| Phase | Duration | Focus |
|-------|----------|-------|
| Preliminary | 1-2 weeks | Public info, financials, high-level tech |
| Deep dive | 4-6 weeks | All domains, interviews, code review |
| Confirmation | 1-2 weeks | Verify claims, resolve open questions |
| Final | 1 week | Legal review, final terms negotiation |