Due Diligence: What Buyers Really Look For

8 min read

Due diligence is the phase where most deals die.

Not because the business is bad. Not because the buyer changed their mind about the strategic fit. Most deals die in due diligence because the buyer finds things they weren’t expecting. Unpleasant surprises. Uncomfortable gaps. Question marks that the founder can’t answer.

And here’s the uncomfortable truth for most founders: those surprises, gaps, and question marks were there the whole time. The founder just hadn’t looked hard enough to find them.

I’m Adam J. Graham, and I’ve sat on both sides of due diligence more times than I can count. As a founder selling a business, as a buyer acquiring one, and as an advisor to founders preparing for a sale. The pattern that separates deals that close from deals that fall apart is almost always the same: the seller either knew what was coming, or they didn’t.

This post is about knowing what’s coming.

What due diligence actually is

Let’s start with definitions. Due diligence is the structured process by which a buyer investigates the business they’ve agreed in principle to acquire. It happens after the LOI is signed but before the final Sale and Purchase Agreement is executed.

Think of the LOI as a conditional agreement: “We’ll buy your business for £X, subject to verifying everything you’ve told us is true and discovering no material issues we weren’t aware of.”

Due diligence is where that verification happens.

The process typically lasts 6-12 weeks. During that time, the buyer’s advisors (lawyers, accountants, commercial consultants, sometimes industry experts) will examine your business in forensic detail. They’ll send hundreds of questions. They’ll request documents. They’ll interview your team. They’ll stress-test your financials, your contracts, your operations, your compliance.

At the end, they’ll produce a report. That report determines whether the deal closes at the agreed price, closes at a reduced price, gets restructured into something different, or dies.

Most founders haven’t lived through this process. When they do, for the first time, it’s usually shocking in its intensity.

The five pillars of due diligence

Due diligence typically covers five main areas. Buyers will drill into each of them in depth.

Pillar 1: Financial due diligence

This is usually the longest and most intensive part of the process. The buyer’s accountants will examine:

Historical accounts. Typically 3-5 years of audited or otherwise verifiable financial statements. They’ll reconcile the accounts to the bank, the ledger, the tax filings. Any unexplained discrepancies get flagged.

EBITDA normalisation. The buyer will rebuild your EBITDA from the ground up. They’ll strip out one-off revenues, non-recurring costs, owner benefits, and anything that doesn’t represent the ongoing economics of the business. They’ll then propose “adjustments” that often differ from the ones you’ve been using. Every adjustment is a negotiation point.

Revenue quality. Where does the money come from? How reliable is it? How concentrated is it? How sticky are the customers? What’s the churn pattern? What’s been growth vs lost business?

Cash flow and working capital. How does cash actually move through the business? Are there seasonal patterns? What’s the typical working capital requirement? The buyer needs to know what’s normal before they can price the deal.

Forecasts. Your forecasts will be examined line by line. The buyer will want to understand every assumption. If your forecasts are aggressive and unsupported, they’ll either be discounted or will form the basis for earn-out structures you won’t hit.

The financial due diligence report is the document that most often changes the deal. Price reductions, earn-out structures, deferred payments, escrow amounts, warranty and indemnity terms – all get refined based on what FDD reveals.

Pillar 2: Commercial due diligence

Commercial due diligence examines the business from a market perspective. The buyer is asking: is this business’s position defensible, and can it be grown?

Market analysis. How big is your market? How fast is it growing? What’s your share? What are the structural trends?

Competitive positioning. Who are your competitors? Why do customers choose you? What’s your unfair advantage? How sustainable is it?

Customer analysis. Customer interviews are common. The buyer will often speak directly to your top clients to understand the relationship, your reputation, and the risk of them leaving after the sale.

Pricing power. Can you raise prices? Have you done so recently? What was the response?

Growth opportunities. Where could the business go? How realistic are the opportunities? What would it take to capture them?

Commercial DD often identifies risks that financial DD doesn’t. A business can have perfect financials but a deteriorating competitive position. Buyers care about both.

Pillar 3: Legal due diligence

Legal due diligence is where nasty surprises tend to surface. The buyer’s lawyers will examine:

Corporate structure. Shareholdings, share options, shareholder agreements, any equity anywhere in the structure. Any ambiguity gets flagged.

Contracts. All material contracts – customer contracts, supplier contracts, partnership agreements, licences, leases. They’ll look for change-of-control clauses that might trigger on sale. They’ll look for unusual terms. They’ll look for contracts you can’t find.

Employment. Contracts of employment, employee handbooks, benefit structures, any ongoing disputes. They’ll want to understand key-person dependencies and any potential TUPE implications.

Intellectual property. What IP exists? Who owns it? Is it properly registered? Are there any disputes?

Litigation. Any current, pending, or threatened legal actions. This includes customer disputes, employment claims, regulatory issues.

Regulatory compliance. Depending on your industry – financial services, healthcare, data protection, environmental. Any compliance gaps become direct price reductions or deal-breakers.

Tax. Historical tax filings, any ongoing HMRC enquiries, any tax positions that could be challenged.

Legal DD is where the warranty and indemnity provisions of the eventual SPA are shaped. The more questions here, the more the buyer will want protection in the contract.

Pillar 4: Operational due diligence

Operational DD is about how the business actually runs.

Team. Org structure, key people, retention risks, succession planning.

Operations. Systems, processes, infrastructure, capacity constraints.

Technology. What systems run the business? Are they reliable? Are they scalable? Are they properly licensed? What’s the technology debt?

Data and cyber. How is data stored, protected, and managed? What’s the cyber posture?

Suppliers and third parties. Key vendor relationships, any single points of failure.

Premises. Leases, occupancy, any planned changes.

Buyers here are trying to understand what it will actually take to run the business post-acquisition. Hidden complexity shows up in operational DD and affects integration planning.

Pillar 5: ESG and reputational due diligence

A growing area in modern M&A. Buyers want to know:

Environmental. Carbon footprint, regulatory exposure, any contamination or environmental liabilities.

Social. Workforce diversity, pay equity, health and safety, any cultural red flags.

Governance. Board structure, decision-making, risk management.

Reputation. Social media presence, press coverage, customer sentiment, any brand issues.

For B2B founders, ESG was historically marginal. That’s changing fast. For larger deals and for any business involving PE or institutional capital, this is now meaningful.

The most common killers

Across all five pillars, there are patterns in what actually kills deals. The most common:

Unexplained revenue or cost anomalies. Anything that doesn’t reconcile or makes the numbers look better than they should be. Buyers become deeply suspicious.

Customer concentration. If more than 25-30% of revenue comes from one customer, this is a valuation killer. If more than 50%, it’s often a deal killer.

Key-person risk. If the business can’t run without the founder, or without one or two other senior people.

Undisclosed issues. Litigation you didn’t mention. Contracts you forgot about. Problems that emerge during DD rather than being disclosed upfront. Undisclosed problems destroy trust even when they’re relatively small.

Missing or sloppy paperwork. Contracts not signed. Share register not up to date. Employment documentation missing. Even when the underlying business is sound, buyers interpret messy paperwork as a signal of hidden problems.

Founder fatigue or hostility. Due diligence is intense. Founders who haven’t prepared for it often get defensive, short-tempered, or uncooperative. That’s read by buyers as a risk signal.

The work to do now

The good news is that almost every deal-killer is avoidable with preparation. The bad news is that the preparation needs to start 12-24 months before you go to market, not when the LOI arrives.

Here’s the short version of what to do now:

Get your accounts clean. Multiple years of consistent, audited accounts with a defensible EBITDA methodology.

Diversify your customer base. If you have concentration, work now to reduce it. Buyers can’t undo this during DD.

Remove founder-dependency. Systemise. Document. Hire. Reduce your own irreplaceability.

Tidy the paperwork. Every material contract signed and filed. Share register current. Employment contracts in place.

Resolve anything that’s nagging you. That dispute you’ve been avoiding. That legacy contract you should have fixed. That compliance gap you know about. Address it now, while it’s small.

Build a data room in advance. Don’t wait until the buyer asks. Build the folder structure now, populate it as you go, keep it current.

Due diligence should feel like a confirmation of what the buyer already believes about your business. When it’s a discovery exercise where the buyer finds things they didn’t expect, you’re in trouble.

The founders who exit well are the ones who’ve done the work long before the LOI arrives. The exit happens years before the deal closes. Due diligence is just the moment where all that work gets tested.

Want more insights like this? Join 10,000+ founders getting weekly strategies on scaling and selling their businesses. Subscribe to The Growth Mindset Newsletter →

About Adam J. Graham

Adam J. Graham is a serial entrepreneur, CEO of JustFix, and creator of Exit Mode. Over the last 25 years he has bought and sold over a dozen companies and helped countless founders take their businesses through to successful exits. His client exits total over $100m to date. Adam is the author of three business books on exit, scaling, and building companies worth buying.

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter