Merger and Acquisition Due Diligence Checklist

Execute the mutual NDA before any data flows. Confirm the engagement letter names the buyer entity, target, fee structure (fixed vs. T&E with cap), and explicitly excludes opining on valuation — diligence is procedures-based, not an attest engagement under SSARS.

Pull audited statements plus the management letters and any going-concern footnotes. Compiled or reviewed-only financials are a red flag for a deal of size — flag any auditor change in the period and ask why.

Bridge reported EBITDA to adjusted EBITDA: owner compensation normalization, one-time legal settlements, PPP/ERC credits, related-party rent, discontinued product lines. Document each adjustment with a supporting workpaper — these are the numbers that drive the purchase price.

Calculate trailing 12-month average net working capital and propose the peg. Include AR, AP, inventory, prepaid, and accrued expenses; exclude cash and debt (typical cash-free, debt-free deal structure). Disagreements over the peg are the most common post-close dispute.

Pull the last three years of 1120 / 1120-S / 1065 plus state returns. Reconcile book-to-tax (Schedule M-1/M-3), confirm NOL carryforwards survive Section 382 limitation, and check S-corp shareholder basis schedules where applicable.

Run a 50-state revenue summary against post-Wayfair economic-nexus thresholds (commonly $100K or 200 transactions). Cross-reference where the target has registered and filed. Unregistered nexus is a very common indemnification item — the lookback can be 7+ years in most states.

For each state with unregistered nexus, estimate back tax + interest + penalties through the lookback period. Coordinate with deal counsel on Voluntary Disclosure Agreement (VDA) strategy versus carving the exposure into the indemnification cap or escrow.

Pull customer master agreements, supplier contracts, leases, and loan documents. Flag every change-of-control, assignment, and consent provision — these become closing-condition consents and can give counterparties pricing leverage.

Request the litigation schedule, demand letters, and EEOC charges from the past five years. Tie reserves on the balance sheet to outside counsel's loss-contingency assessments per ASC 450 (probable / reasonably possible / remote).

Schedule a half-day on-site or video walkthrough of order-to-cash, procure-to-pay, and production. Look for key-person dependencies, manual reconciliations, and processes that exist only in spreadsheets — these are integration risks and synergy candidates.

Build the full application stack: ERP (NetSuite, Sage Intacct, Dynamics), CRM, payroll, HRIS, productivity. Capture seat counts, renewal dates, and per-seat pricing. SaaS contracts with annual lock-in and auto-renewal clauses are common surprises post-close.

Request the WISP, SOC 2 report (if any), MFA coverage, EDR deployment, and the breach log. Confirm cyber insurance policy limits and exclusions. A target without a written security plan is a GLBA / state-law indemnification trap.

Pull the full census: title, base, bonus, equity, hire date, location, exempt/non-exempt classification. Watch for exempt classifications that don't meet FLSA duties tests — a common wage-and-hour exposure on top of any state-law overtime issues.

Identify the top 10–20 employees the deal thesis depends on. Review existing employment contracts, change-of-control bonuses, non-competes, and vesting acceleration. Build the retention pool sizing to bring into final negotiations.

Identify customers representing the top 80% of revenue and arrange blind reference calls (often via the deal advisor to preserve confidentiality). Probe satisfaction, renewal intent under new ownership, and any recent pricing pushback.

Build the competitor map with pricing, positioning, and recent funding/M&A activity. Pull the target's pipeline win-loss data for the trailing 12 months — eroding win rates against a specific competitor signals a thesis problem.

Conduct structured interviews with the target's leadership team on decision-making, performance management, and remote/in-office norms. Founder-led targets joining a process-heavy buyer often produce the largest post-close integration friction.

Consolidate findings into the IC memo: QoE bridge, working capital peg, top five risks with proposed reps/indemnities, synergy plan, and recommended price adjustments. Attach supporting workpapers as appendices.