.png)
.png)
.png)
.png)
.jpg)
%20F%20(1).jpeg)
.webp)
Login
It is significant that between 70 and 90% of mergers and acquisitions fail to create the expected shareholder value. Although there are some signs that this is improving, it should provide a cautionary tale for companies looking to buy or merge with another entity.
The problem is that there are so many moving parts in an M&A transaction that unexpected risks can crop up after you sign the deal. Whether it turns out that the target company was under the early stages of regulatory scrutiny or its financials were not what they appeared to be, failing to carry out full and proper due diligence when buying a business can lead to detrimental outcomes later that can affect your company negatively.
Skipping or rushing due diligence opens your company up to inheriting debts, lawsuits or acquiring a business that is not ready or able to scale as you would like. This article explores the process of due diligence for buy-side companies, looking into the timescale, key risks, what to watch out for and how to manage the workflow in a secure and structured manner.
Key takeaways
- Due diligence is a buyer-led investigation that verifies the seller’s claims, identifies risks and helps confirm whether the business is worth the proposed purchase price.
- The process usually begins after signing a letter of intent (LOI) and covers five core areas: financial, legal, operational, commercial and regulatory due diligence.
- Buyers should watch carefully for red flags such as customer concentration, key person dependency, inconsistent financial reporting and unresolved legal or compliance issues.
- The structure of the deal matters because stock purchases transfer the company’s liabilities to the buyer, while asset purchases can allow buyers to avoid unwanted historic risks.
- A secure virtual data room (VDR) helps organise documentation, manage requests for information (RFIs), maintain audit trails and streamline due diligence workflows across all stakeholders.
What due diligence is and why it matters
Due diligence is the process where a buyer checks that all information the seller presents about the business is accurate. It is a detailed investigation into the company’s finances, operations, legal position, contracts, technology and risks before the deal is completed.
In most business sales, due diligence begins after the parties sign a letter of intent (LOI). The buyer’s offer is usually conditional on the findings of this review.
The purpose of due diligence is to:
- Confirm that the business is worth what the buyer plans to pay
- Verify the seller’s claims with evidence and documentation
- Identify risks, liabilities or operational problems early
- Avoid expensive surprises after completion
- Help shape the final price, deal structure and contract terms.
During the process, buyers send requests for information (RFIs) to the seller. These are formal requests for documents, explanations and supporting evidence. The seller’s responses become part of the wider negotiation and disclosure record.
Due diligence is not only one-sided. Sellers often carry out internal checks, including a red flag due diligence report, to assess their own risks before moving further into the process. They might also carry out due diligence on the buyer too, particularly around its financial backing and ability to complete the transaction. This helps both parties understand who they are entering into business with before the deal closes.
How long due diligence takes
The length of a due diligence process depends on a range of factors, including the size of the business, the complexity of the transaction, whether there are multiple jurisdictions involved, the financing arrangements, whether either company is in a regulated sector and other such considerations.
However, here are some indicative timelines to give you an idea of how the process might run for you and your organisation:
Stage | Smaller, straightforward deals | Larger, complex transactions |
Letter of intent (LOI) signed | Day 1 | Day 1 |
Initial requests for information (RFIs) | Days 1 to 5 | Weeks 1 to 2 |
Data room setup and document review | Weeks 1 to 2 | Weeks 2 to 6 |
Financial, legal and operational due diligence | Weeks 2 to 4 | Months 2 to 4 |
Management meetings and Q&A | Weeks 3 to 5 | Months 2 to 5 |
Risk analysis and issue resolution | Weeks 4 to 6 | Months 3 to 6 |
Final negotiations and revised pricing | Weeks 5 to 7 | Months 4 to 7 |
Signing and closing preparation | Weeks 6 to 8 | Months 5 to 9+ |
You might also experience delays due to issues such as incomplete documentation, regulatory approvals, unresolved legal issues or slow or vague responses during the Q&A, for example.
The five core areas of due diligence
Financial due diligence
Financial due diligence helps you understand whether the target business is genuinely profitable and financially stable. It enables you to calculate whether it is worth the proposed purchase price. You would usually review three to five years of tax returns, profit and loss statements, cash flow reports and management accounts to identify trends and spot any inconsistencies in the information provided by the seller.
Pay particular attention to any “add-backs” used to increase reported earnings, ensuring they are properly documented and justifiable. Compare headline figures against underlying records such as invoices, payroll data and bank statements.
Differences between reported performance and supporting evidence can indicate that there are deeper problems that may affect the future profitability of your deal.
Download our free financial due diligence checklist
To ensure your financial due diligence is as extensive and effective as possible, download our free checklist below.
Legal and corporate due diligence
Legal and corporate due diligence examines whether the business is properly structured, compliant in its processes and legally protected. You should review the corporate structure, shareholder agreements, material customer and supplier contracts, intellectual property ownership and any past or ongoing litigation during this section of the analysis.
It is important to check whether contracts are valid and if they are transferable after a sale. Also, confirm that trademarks, patents and software rights are properly registered and owned by the company.
Missing paperwork, unclear ownership structures or unresolved disputes are common sources of post-completion liability and can lead to expensive legal or operational problems later.
Download our free legal due diligence checklist
This concise checklist outlines the main elements to check during legal due diligence, helping you ensure a smooth transaction.
Operational due diligence
Operational due diligence focuses on how the business functions day to day and whether it can continue operating effectively after the acquisition.
You should analyse employee contracts, salaries, tenure and any restrictive covenants to identify retention risks or if there is an overreliance on key individuals within the company to keep it operating effectively. If the business relies too heavily on the current owner, for example, you may inherit significant operational risk after completion.
Inventory management, equipment condition, leases and ownership of physical assets also fall under this umbrella. Vendor agreements, standard operating procedures, KPI reporting and technology infrastructure may reveal any hidden costs or inefficiencies that might affect post-deal life. It can also uncover outdated systems the company uses that will require investment to allow for easier integration after the deal goes through.
Market and commercial due diligence
Market and commercial due diligence helps you assess whether the target business has a sustainable future in its market. This includes analysing customer retention rates, recurring revenue, sales pipeline strength and overall market demand.
Review how the company compares with its competitors and whether its market position is genuinely backed up by solid evidence. It is also important to examine industry trends and future growth opportunities in that sector and location. A business may appear financially healthy today while operating in a declining market or losing ground on innovative competitors.
Commercial due diligence helps you understand whether the target’s current performance is likely to continue and whether the business can grow successfully after your acquisition.
Regulatory and compliance due diligence
Regulatory and compliance due diligence assesses whether the target business complies with the laws and regulations governing its operations. Review its licences, permits, employment practices, tax compliance, environmental obligations and data privacy controls as a matter of course. GDPR compliance is often a major focus, particularly where the company processes customer or employee data.
The level of scrutiny depends heavily on the sector and jurisdictions involved. Highly regulated industries such as healthcare, finance, energy and manufacturing, for example, usually require deeper review than others. Compliance failures can expose your company to fines, litigation, operational disruption and reputational damage, making this a critical part of the due diligence process.
Red flags to watch for
During due diligence on a selling company, you may come across aspects that do not seem right. Some of these red flags can alert you to issues that might negatively affect your business in the future if you complete a deal without analysing and mitigating these concerns. Examples include:
- Revenue concentration. If a single customer accounts for more than 20 to 25% of the target’s revenue, this is a material risk. If the company loses that client, this would cause a significant impact on its profitability and also suggests there might not be a wide appeal for its products or services.
- Key person dependency. If the business can’t survive without the owner, you are not buying a valuable business. In many M&As, being bought out is the founder or owner’s exit plan, and if they are the only thing making that company profitable, the deal is very risky indeed.
- Inconsistent financials. Look for gaps in reporting, irregular bookkeeping or unsupported add-backs to understand where there might be issues and where you need to focus your scrutiny.
- Seller behaviour. Evasiveness, urgency or refusal to discuss problems or concerns can indicate that there is something wrong that needs to be addressed before you can confidently close a deal to buy that business.
- Legal exposure. There may be pending litigation, unresolved tax liabilities or regulatory violations on the part of the target company that will become your problem after the deal closes, unless you can secure an indemnity that ensures the seller maintains responsibility for that risk.
Asset purchase v stock purchase
The type of deal affects liabilities and, therefore, the manner of due diligence you should undertake.
- In an asset purchase, the buyer selects specific assets and operations to acquire, such as contracts, equipment, intellectual property or customer relationships. The seller usually keeps the legal entity itself and many historic liabilities remain with them.
- In a stock purchase, the buyer acquires the shares of the company and takes ownership of the entire business, including its assets, contracts and liabilities. This means the buyer may inherit historic legal, tax or compliance risks.
If major legal or regulatory red flags emerge during due diligence, buyers often prefer an asset purchase because it allows them to acquire valuable parts of the business while avoiding unwanted liabilities.
How a data room supports the due diligence process
A virtual data room (VDR) is a secure, centralised online environment where sellers share confidential documents with buyers. For buyers, it means you don’t have to make ad-hoc document requests and wait for delivery. Instead, the VDR is a single organised repository, where everything is in one place, accessible on demand.
It allows for:
- Granular access controls so users only see what they are authorised to see at each stage of the process
- Full audit trail, where you can track which documents have been reviewed, by whom and when
- Built-in Q&A functionality so you can raise questions directly within the platform, keeping all communications on record and secure
A well-structured data room shows that the seller is prepared and open to scrutiny. This helps to speed up the due diligence process and get the deal done in a timely manner.
Ensure a smooth M&A transaction
Admincontrol’s VDR provides a secure and ordered central location for managing important, sensitive business documentation. It allows for confidential Q&A processes so you can ask the seller for any additional detail or clarification, too.
Due diligence when buying a business is essential to understand whether you are paying a reasonable price for the target company and to avoid unnecessary risk and liability after the deal goes through. Take a structured approach to deal with the different areas of due diligence and bring in experts to ensure you cover all bases in your analysis of the company that you are buying.
FAQ
The due diligence period usually begins after the buyer and seller sign a letter of intent or heads of terms agreement.
You may renegotiate the price, request indemnities, restructure the deal, ask the seller to fix the issue before closing or walk away from the transaction entirely.
Yes. Online businesses often require additional focus on cybersecurity, intellectual property, customer acquisition data, platform dependency and GDPR compliance.
A quality of earnings (QoE) report analyses a company’s earnings to assess whether profits are sustainable, recurring and supported by genuine business performance rather than one-off events or accounting adjustments.
References and further reading
- Guide to VDR security
- VDR audit trails
- Due diligence risk
- What data room terms mean
- Improve M&A efficiency
- [a]@delphine@sorted.co https://www.corporatesolutions.euronext.com/fr/blog/pistes-audit-data-room-securite-juridique