M&A Due Diligence Checklist Template

Deal Setup & Scope Definition

Scope definition is the most important decision made before diligence begins. An undefined or poorly scoped diligence process produces findings that do not address the risks that actually matter for this deal.

• Confirm the deal structure — share purchase, asset purchase, merger, or other; the structure determines which liabilities transfer and which diligence workstreams are most material
• Define the diligence scope — which workstreams are required, what depth is appropriate, and what is explicitly out of scope; document the scope before work begins
• Assemble the deal team — internal corporate development, legal counsel, financial advisors, tax advisors, specialist technical advisors; confirm roles and accountability for each workstream
• Establish the data room — virtual data room (VDR) access granted to appropriate team members; document review protocols and NDA requirements
• Define the diligence timeline — key milestones, data room request deadline, management presentations, draft report deadlines, and investment committee date
• Prepare and issue the initial due diligence information request — a structured list of all documents and information required across all workstreams; issued to the seller at data room opening
• Confirm the management presentation schedule — Q&A sessions with the target’s management across key workstreams
• Define the issue escalation process — how material findings are escalated to the deal lead and IC; at what threshold does a finding affect price, structure, or deal certainty?
• Confirm regulatory pre-clearance requirements — competition authority notification, sector regulator approval, foreign investment review (CFIUS in the US, NSI Act in the UK); identify which are required and timeline implications
• Confirm confidentiality procedures — who knows about the deal inside and outside both organisations; insider trading protocols for listed entities

Strategic & Commercial Due Diligence

• Validate the strategic rationale — does the target genuinely advance the acquirer’s strategic objectives? Is the deal thesis grounded in independently verified assumptions?
• Validate market size and growth — independently assess TAM, SAM, and market growth drivers; confirm the opportunity is as large as assumed in the deal model
• Assess competitive position and moat — is the target’s competitive advantage real and durable? Review through independent customer and competitor interviews, not just management presentation
• Conduct customer reference calls — minimum five to eight independent customer conversations; include back-channel references not provided by management
• Assess customer concentration and contract quality — what percentage of revenue is concentrated in the top customers? What are the contract terms, renewal rates, and customer satisfaction scores?
• Review revenue quality and sustainability — recurring vs non-recurring, cross-sell and upsell potential, pipeline quality and conversion rates
• Assess go-to-market capability — sales team quality, channel strategy, and whether growth is dependent on individuals who may not stay post-acquisition
• Identify synergy opportunities — revenue synergies (cross-sell, market expansion) and cost synergies (overhead, procurement, operational efficiencies); document assumptions and validate feasibility
• Conduct industry expert interviews — engage independent sector specialists to validate market assumptions and competitive positioning
• Document commercial diligence findings — deal thesis validation, revenue quality assessment, synergy quantification, and key risks

Financial Due Diligence

Quality of earnings is the core of financial due diligence. It answers a single question: are the earnings the model is being built on real, recurring, and owner-independent — or inflated by one-time items, related-party transactions, or accounting adjustments?

• Review audited financial statements for three to five years — income statement, balance sheet, and cash flow; confirm auditor quality and accounting policy changes
• Conduct quality of earnings (QoE) analysis — adjust reported EBITDA for one-time items, non-recurring costs, related-party transactions, and accounting adjustments to arrive at normalised earnings
• Analyse unit economics and management KPIs — customer acquisition cost, lifetime value, gross margin by product or segment, and key operational metrics
• Review and validate the financial model — assess revenue growth assumptions, margin trajectory, capital requirements, and working capital dynamics
• Conduct working capital analysis — determine normalised working capital; establish the basis for the locked box or completion accounts mechanism
• Review net debt position — all debt-like items including finance leases, pension obligations, earnout liabilities, deferred revenue, and off-balance-sheet commitments
• Assess capex requirements — distinguish maintenance capex from growth capex; confirm capex assumptions in the model are realistic
• Review cash generation quality — understand the relationship between reported earnings and cash generation; working capital traps and seasonal patterns
• Review treasury and banking arrangements — committed facilities, covenant compliance, change of control provisions in facility agreements, and hedging arrangements
• Document financial diligence findings — normalised earnings, working capital assessment, net debt analysis, and key financial risks

Legal Due Diligence

• Review corporate structure and governance — articles of association, shareholder agreements, board minutes, and subsidiary structures in all jurisdictions
• Review the cap table — ownership, options, warrants, conversion rights, and any pre-emption or drag/tag rights that affect the transaction
• Identify all change of control provisions — in material customer contracts, supplier agreements, financing documents, licences, and real estate leases; flag all that require consent or trigger termination rights
• Review all material contracts — customer agreements, supplier agreements, partnership and distribution agreements, and any contracts with unusual terms, obligations, or liabilities
• Review IP ownership and protection — patents, trade marks, copyright, trade secrets; confirm all IP is properly owned by the target entity and free of encumbrances
• Review all pending and threatened litigation — current claims, regulatory investigations, and any matters that could affect deal value or timing
• Review regulatory status — all licences, permits, and regulatory approvals material to the business; confirm they are current and transferable
• Review real estate — owned and leased properties; title, lease terms, dilapidations, environmental liabilities, and any site-specific obligations
• Confirm no material undisclosed liabilities — representations and warranties scope to be confirmed through legal review
• Document legal diligence findings — issues identified, conditions precedent required, W&I insurance scope, and deal structure implications

Tax Due Diligence

• Review the tax structure — confirm the optimal acquisition structure from a tax perspective (share vs asset purchase, jurisdiction, debt push-down); engage tax advisors before the deal structure is finalised
• Review historical tax returns and compliance — corporation tax, VAT/GST, payroll taxes, and any other material tax obligations; confirm all returns are filed and up to date
• Identify any open tax years or investigations — any periods under review by tax authorities; any material tax disputes or assessments
• Review transfer pricing arrangements — intercompany transactions between group entities; confirm documentation and compliance with arm’s length principle
• Review any deferred tax assets and liabilities — timing differences, tax loss carry-forwards, and any deferred tax positions material to the deal model
• Assess R&D tax credit claims — confirm claims have been made correctly and are not subject to challenge
• Review employee share schemes and their tax treatment — options, restricted shares, and any tax-favoured arrangements that may crystallise on a change of control
• Confirm tax residence and permanent establishment positions — for businesses operating across multiple jurisdictions
• Review indirect taxes — VAT/GST registration and compliance; any historic indirect tax exposures or assessments
• Document tax findings — historic exposures, structural recommendations, and any provisions or indemnities required in the transaction documents

Operational & Technology Due Diligence

• Review operational model and processes — core operations, supply chain, production or service delivery; assess efficiency, scalability, and operational risk
• Assess operational dependencies — key suppliers, single points of failure, and operational resilience
• Review technology architecture — core technology stack, proprietary systems, cloud vs on-premise, and key technical dependencies
• Assess technical debt — confirm the scale and cost of legacy systems or code quality issues that will require investment post-acquisition
• Review cybersecurity posture — security controls, certifications, incident history, and data breach exposure; confirm alignment with acquirer’s security standards
• Review data assets and data protection — what proprietary data does the target hold? Is it protected, compliant, and transferable?
• Assess technology integration complexity — how difficult and costly will it be to integrate the target’s systems with the acquirer’s? Are the platforms compatible?
• Review IT contracts and third-party dependencies — major software licences, SaaS subscriptions, managed service agreements; confirm change of control provisions and transferability
• Review business continuity and disaster recovery arrangements — confirm adequacy for the acquirer’s requirements
• Document operational and technology findings — scalability assessment, technical debt quantification, integration complexity estimate, and key operational risks

HR, People & Culture Due Diligence

More acquisitions underdeliver because of people and culture failures than because of commercial or financial ones. HR diligence is the workstream most commonly under-resourced and least frequently followed through to integration.

• Review the organisational structure — headcount by function, seniority levels, and reporting lines; identify key person dependencies
• Identify key management and talent retention risks — who are the individuals critical to the deal thesis? What are their retention terms and succession plans?
• Review employment contracts for key personnel — notice periods, restrictive covenants, change of control provisions, and good/bad leaver terms on equity
• Review the overall employment terms and conditions — salaries, bonuses, benefits, and pension arrangements across the workforce; identify any material liabilities
• Review any outstanding or threatened employment claims — wrongful dismissal, discrimination, harassment; confirm all claims are disclosed and quantified
• Assess pension obligations — defined benefit pension schemes represent some of the largest hidden liabilities in M&A; obtain independent actuarial assessment if applicable
• Assess cultural compatibility — how do the two organisations compare on decision-making style, risk tolerance, pace, and values?
• Review HR policies and procedures — handbooks, performance management, grievance and disciplinary procedures; confirm they are compliant and up to date
• Assess integration HR complexity — TUPE obligations (UK), WARN Act (US), or equivalent transfer of undertakings legislation; redundancy process requirements where restructuring is planned
• Document HR findings — retention risk assessment, pension liability quantification, employment claim exposure, cultural fit assessment, and integration HR plan requirements

ESG & Regulatory Due Diligence

• Define the ESG scope — which ESG factors are material to this deal, sector, and acquirer’s ESG commitments and investor requirements
• Review environmental compliance — applicable environmental regulations in all jurisdictions; permits, licences, and any historic or ongoing environmental investigations or liabilities
• Assess environmental contamination risk — for manufacturing, industrial, or property-intensive businesses; commission Phase 1 or Phase 2 environmental assessments where relevant
• Review climate and transition risk — the target’s exposure to physical climate risk and transition risk; relevant to industries with high carbon intensity or energy exposure
• Review ESG reporting and disclosures — what ESG data does the target report? Is it consistent with the acquirer’s ESG reporting framework and investor requirements?
• Review supply chain ESG exposure — labour practices, human rights due diligence, and conflict minerals or other supply chain ESG risks that may transfer to the acquirer
• Review sector-specific regulatory requirements — any industry-specific regulatory approvals or notifications required for the transaction to complete
• Confirm competition clearance requirements — turnover thresholds and market share considerations in all relevant jurisdictions; timeline and risk of remedies
• Review sanctions and trade compliance — does the target operate in or have customers in sanctioned jurisdictions? Any exposure to export control regulations?
• Document ESG and regulatory findings — material ESG risks, regulatory clearance requirements and timeline, and any deal-critical conditions

Integration Planning & Transaction Execution

Integration planning must begin during due diligence — not after signing. The due diligence findings directly inform the integration plan, and deals that delay integration planning until post-signing consistently destroy more value than those that begin the work earlier.