Due Diligence Checklist: Complete Guide for M&A, Fundraising & Investors

Introduction

If you've ever had an investor ask for "just a few documents" and watched that request snowball into 150 line items across eight categories, you know the pain. Due diligence is the most time-consuming, detail-intensive phase of any fundraising round or M&A transaction — and the companies that survive it cleanly are the ones that prepared months in advance.

I've been on both sides of this table. As a founder, I've scrambled to assemble data rooms under pressure. As an advisor, I've watched deals fall apart because a company couldn't produce a clean cap table or locate their IP assignments. The difference between a smooth 30-day close and a grueling 90-day ordeal almost always comes down to preparation.

This due diligence checklist covers 100+ items organized by category. It's designed to work whether you're raising a seed round, closing a Series B, or navigating a full M&A transaction. Bookmark it, print it, copy it into your investor data room — whatever gets you to actually use it.

What you'll get from this guide:

• A complete, checkbox-format due diligence checklist you can use immediately
• Category breakdowns covering legal, financial, commercial, IP, HR, tech, and compliance
• Stage-specific guidance (what's needed at seed vs. Series A vs. M&A)
• Data room organization best practices
• Common mistakes that delay or kill deals

What Is Due Diligence?

Due diligence is the formal investigation a buyer or investor conducts before committing capital. It's their opportunity to verify that everything you've claimed about your business — revenue, growth, team, technology, legal standing — is actually true.

For founders, due diligence is your opportunity to demonstrate operational maturity. A company that can produce clean, organized documentation on demand signals that it's well-run. A company that scrambles to find basic corporate records signals the opposite.

The stakes are real:

• Incomplete due diligence documents are the #1 cause of deal delays
• 30% of M&A transactions fail during due diligence (Deloitte)
• Investors who encounter friction early often reduce their offer or walk away entirely

The due diligence checklist below is comprehensive by design. Not every item will apply to every transaction — a seed-stage startup won't have three years of audited financials, and a services company won't need a technical debt assessment. Use this as a master list and customize it to your situation.

Types of Due Diligence

Before diving into the checklist, it helps to understand the eight categories of due diligence. Each one examines a different dimension of your business.

Financial Due Diligence

The foundation of any deal. Investors and acquirers verify your revenue, expenses, margins, cash position, and financial projections. This is where most of the scrutiny falls. Having a real-time executive dashboard that investors can reference during diligence builds enormous confidence.

Legal Due Diligence

Examines your corporate structure, contracts, intellectual property, litigation history, and regulatory compliance. Legal due diligence is where hidden liabilities surface.

Operational Due Diligence

Evaluates how your business actually runs — processes, systems, supply chain, facilities, and key vendor relationships.

Commercial Due Diligence

Assesses your market position, customer base, competitive landscape, and growth potential. This is where investors validate your TAM and go-to-market strategy.

Technical Due Diligence

For software companies, this is critical. Acquirers and investors evaluate your codebase, architecture, security posture, and technical debt.

HR/People Due Diligence

Examines your team, compensation, key person dependencies, employment agreements, and organizational structure.

Tax Due Diligence

Reviews tax compliance, outstanding liabilities, transfer pricing, and tax structure optimization.

Environmental Due Diligence

Primarily relevant for manufacturing, real estate, and industrial companies. Evaluates environmental liabilities, compliance with regulations, and potential remediation costs.

---

The Complete Due Diligence Checklist

This is the master checklist. I've organized it into eight categories with 100+ individual items. Each item represents a document, dataset, or disclosure that investors or acquirers commonly request.

How to use this checklist: Copy these items into your investor data room as a tracking document. Check off each item as you upload the corresponding file. Aim to have 80% of items ready before you start fundraising or engage an acquirer.

Corporate & Legal Documents

These are the foundational documents that prove your company exists, is in good standing, and is structured the way you say it is.

• ☐Certificate of incorporation (and all amendments)
• ☐Articles of incorporation or articles of organization
• ☐Bylaws or operating agreement (current version)
• ☐All amendments to corporate charter documents
• ☐Board meeting minutes and resolutions (last 3 years) — a board portal makes these instantly accessible
• ☐Written consents and unanimous written consents
• ☐Shareholder agreements (all current)
• ☐Voting agreements and proxies
• ☐Cap table — fully diluted, showing all share classes, options, warrants, SAFEs, and convertible notes
• ☐Stock option plans (equity incentive plans) and all amendments
• ☐Individual stock option grant agreements (for key employees)
• ☐SAFE and convertible note agreements
• ☐Warrants and warrant agreements
• ☐Good standing certificates (state of incorporation + all states where qualified)
• ☐Foreign qualification certificates
• ☐Organizational chart (legal entity structure)
• ☐List of all subsidiaries and affiliated entities
• ☐List of all jurisdictions where the company is registered or does business
• ☐Powers of attorney (if any)

Financial Documents

This is where investors spend the most time. Clean, consistent financials are non-negotiable. If your numbers don't tell a coherent story, the deal stalls.

• ☐Audited financial statements (last 3 fiscal years) — or reviewed/compiled if audit isn't available
• ☐Monthly P&L / income statements (last 24 months)
• ☐Monthly balance sheets (last 24 months)
• ☐Monthly cash flow statements (last 24 months)
• ☐Revenue recognition policy documentation
• ☐Revenue by product line, geography, and customer segment
• ☐Accounts receivable aging report (current)
• ☐Accounts payable aging report (current)
• ☐Budget vs. actuals for current fiscal year
• ☐Financial projections / forecast model (3-5 years)
• ☐Key assumptions underlying financial projections
• ☐Unit economics summary (CAC, LTV, payback period, gross margin per customer)
• ☐Debt schedule — all outstanding loans, credit facilities, and debt instruments
• ☐Bank statements (last 12 months)
• ☐Federal and state tax returns (last 3 years)
• ☐Sales tax / VAT compliance records
• ☐Deferred revenue schedule
• ☐Working capital analysis
• ☐Capital expenditure summary (last 3 years)
• ☐Related-party transactions disclosure

Pro tip: If you're using an executive dashboard to track financial KPIs in real time, give investors read-only access. It lets them verify metrics on demand instead of waiting for you to pull reports.

Commercial & Market

Investors want to understand your market, your customers, and how defensible your position is. This section is where growth stories are validated — or unraveled.

• ☐Customer list with annual revenue by customer (anonymized if pre-LOI)
• ☐Customer concentration analysis (% of revenue from top 5, top 10, top 20 customers)
• ☐Customer churn data — monthly and annual churn rates (last 24 months)
• ☐Cohort analysis (retention by signup month/quarter)
• ☐Net revenue retention (NRR) by cohort
• ☐Average contract value (ACV) and trends
• ☐Sales pipeline report (current, with stage breakdown)
• ☐Historical win rates by deal size and segment
• ☐Competitive landscape analysis
• ☐Market size analysis — TAM, SAM, SOM with methodology
• ☐Pricing strategy documentation
• ☐Pricing history (any changes in the last 3 years)
• ☐Customer acquisition channel breakdown with CAC by channel
• ☐Marketing spend by channel (last 24 months)
• ☐Customer testimonials and case studies (if publishable)

Intellectual Property

For technology companies, IP is often the most valuable asset. Gaps here — missing assignments, undocumented open-source usage — can crater a deal.

• ☐Patent filings (granted and pending) with status
• ☐Trademark registrations (granted and pending)
• ☐Copyright registrations
• ☐Domain name registrations (all domains owned by the company)
• ☐IP assignment agreements (from founders, contractors, and employees)
• ☐Invention disclosure records
• ☐Trade secret policies and protections
• ☐Licensing agreements — inbound (licenses you use) and outbound (licenses you grant)
• ☐Open-source software inventory with license types
• ☐Third-party code or content used in the product

Contracts & Agreements

Every material contract your company has signed will be reviewed. "Material" typically means anything above a certain dollar threshold or anything that impacts operations if terminated.

• ☐Top 10 customer contracts (by revenue)
• ☐Customer master service agreements (MSA template)
• ☐Terms of service and privacy policy (current)
• ☐Vendor and supplier contracts (all material agreements)
• ☐Partnership and channel agreements
• ☐Reseller or distribution agreements
• ☐Lease agreements (office, equipment, other)
• ☐Loan and credit facility agreements
• ☐Insurance policies (D&O, E&O, cyber, general liability, key person)
• ☐Non-disclosure agreements (material NDAs with third parties)
• ☐Government contracts or grants
• ☐Joint venture agreements (if any)

People & HR

Investors are buying your team as much as your product. This section reveals compensation, key person risk, and organizational health.

• ☐Employee roster — names, titles, start dates, compensation (salary + bonus + equity)
• ☐Organizational chart (functional, current)
• ☐Key person identification and dependency analysis
• ☐Executive employment agreements
• ☐Offer letter template (standard)
• ☐Non-compete and non-solicitation agreements
• ☐Confidentiality and invention assignment agreements (CIIA)
• ☐Contractor agreements (all current independent contractors)
• ☐Employee handbook (current version)
• ☐Benefits summary (health, dental, 401k, etc.)
• ☐Payroll records summary (last 12 months)
• ☐Pending or threatened employment disputes or claims
• ☐Diversity and inclusion data (if tracked)
• ☐Employee turnover data (last 24 months)

Technology & Product

For software and technology companies, this section is where technical acquirers spend the most time. Even financial investors increasingly request technical due diligence for SaaS deals.

• ☐Technology stack overview (languages, frameworks, infrastructure)
• ☐System architecture diagram
• ☐Infrastructure documentation (cloud providers, regions, redundancy)
• ☐Security audit reports (most recent penetration test, vulnerability assessment)
• ☐SOC 2 Type II report (or Type I if Type II isn't available yet)
• ☐Uptime and SLA performance history (last 12 months)
• ☐Incident response plan
• ☐Disaster recovery and business continuity plan
• ☐Product roadmap (next 12-18 months)
• ☐Technical debt assessment and remediation plan
• ☐Code repository access (post-LOI, for technical DD)
• ☐Third-party integrations list
• ☐Data architecture and database documentation
• ☐API documentation (if platform/API product)

Compliance & Regulatory

Regulatory risk can kill a deal faster than anything else. This section is especially critical for companies in healthcare, fintech, edtech, and data-intensive industries.

• ☐Data privacy policies and procedures (GDPR, CCPA, PIPEDA as applicable)
• ☐Data processing agreements (DPAs) with key vendors
• ☐Privacy impact assessments
• ☐SOC 2 Type II report (or equivalent security certification)
• ☐HIPAA compliance documentation (if applicable)
• ☐PCI DSS compliance (if handling payment data)
• ☐Industry-specific licenses and certifications
• ☐Regulatory correspondence (letters from regulators, if any)
• ☐Litigation history — all pending, threatened, or settled legal actions (last 5 years)
• ☐Regulatory filings and annual reports
• ☐Environmental compliance records (if applicable)
• ☐Anti-bribery and anti-corruption policies

---

Due Diligence Checklist by Stage

Not every fundraise demands the same depth of documentation. Here's what to prioritize based on your stage.

Seed / Pre-Seed Due Diligence

At the earliest stages, investors are betting on founders and market opportunity. Due diligence is lighter but still real.

Must-have:

• ☐Certificate of incorporation and bylaws
• ☐Cap table (fully diluted)
• ☐SAFE or convertible note agreements
• ☐IP assignment agreements (founders and any contractors)
• ☐Monthly financial statements (whatever history exists)
• ☐Bank statements (last 6 months)
• ☐Customer pipeline or LOIs (if available)
• ☐Founder employment agreements or CIIA

Nice-to-have:

• ☐Board minutes (if a board exists)
• ☐Competitive landscape overview
• ☐Technical architecture overview

Series A Due Diligence

Series A investors expect operational maturity. You'll need most of the corporate, financial, and IP sections completed.

Must-have (in addition to seed items):

• ☐Board minutes and resolutions (all meetings to date)
• ☐Stock option plan and grant schedule
• ☐Audited or reviewed financials (at least 1 year)
• ☐Monthly P&L, balance sheet, and cash flow (last 12-18 months)
• ☐Revenue by customer and customer concentration
• ☐Churn data and cohort analysis
• ☐Top 5 customer contracts
• ☐Employee roster with compensation
• ☐Key vendor contracts
• ☐Security overview (even if no formal SOC 2 yet)

Series B+ Due Diligence

At Series B and beyond, expect comprehensive due diligence across all categories. Investors will engage third-party firms for financial and legal DD.

Must-have (in addition to Series A items):

• ☐Audited financials (2-3 years)
• ☐Full financial model with assumptions
• ☐Net revenue retention by cohort
• ☐All material contracts
• ☐SOC 2 Type II report
• ☐Technical architecture and security audit
• ☐HR documentation (handbook, benefits, turnover data)
• ☐Tax returns and compliance records
• ☐Insurance policies
• ☐Regulatory compliance documentation

M&A Due Diligence

M&A due diligence is the most exhaustive. Expect every item on the master checklist above to be requested, plus additional items specific to the transaction structure.

Additional M&A-specific items:

• ☐Quality of earnings (QoE) report — often prepared by the buyer's accounting firm
• ☐Working capital analysis and normalization
• ☐Customer and supplier reference calls
• ☐Environmental assessments (for industrial/real estate assets)
• ☐Integration planning documentation
• ☐Key employee retention agreements
• ☐Representations and warranties insurance (RWI) supporting documentation
• ☐Escrow and indemnification terms preparation

---

How to Organize Your Data Room

Having the documents is only half the battle. How you organize them determines whether investors can actually find what they need — and whether they trust your operational discipline.

Recommended Folder Structure

📁 1. Company Overview
   ├── Executive summary
   ├── Pitch deck (current)
   ├── Company history and milestones
   └── Organizational chart (entity structure)

📁 2. Corporate & Legal
   ├── Incorporation documents
   ├── Bylaws and amendments
   ├── Board minutes and resolutions
   ├── Shareholder agreements
   └── Cap table

📁 3. Financial Information
   ├── Historical financials
   ├── Monthly statements
   ├── Budget and forecasts
   ├── Tax returns
   └── Debt and credit facilities

📁 4. Commercial & Market
   ├── Customer data
   ├── Market analysis
   ├── Competitive landscape
   └── Sales pipeline

📁 5. Intellectual Property
   ├── Patents and trademarks
   ├── IP assignments
   ├── Licensing agreements
   └── Open source inventory

📁 6. Contracts & Agreements
   ├── Customer contracts
   ├── Vendor contracts
   ├── Leases
   └── Insurance

📁 7. People & HR
   ├── Employee roster
   ├── Employment agreements
   ├── Benefits documentation
   └── Org chart

📁 8. Technology & Product
   ├── Architecture documentation
   ├── Security and compliance
   ├── Product roadmap
   └── Infrastructure overview

📁 9. Compliance & Regulatory
   ├── Privacy policies
   ├── SOC 2 reports
   ├── Regulatory filings
   └── Litigation

For a detailed walkthrough of setting up and managing this structure, read our guide on investor data room best practices.

Naming Conventions

Consistent file naming saves hours of confusion. Use this format:

[Category]-[Document Name]-[Date]-v[Version]

Examples:

• Financial-P&L-2025-12-v1.pdf
• Legal-Board-Minutes-2026-01-15-v1.pdf
• HR-Employee-Roster-2026-03-v2.xlsx

Rules:

• Always include the date (YYYY-MM or YYYY-MM-DD)
• Use version numbers — never "final" or "final-final"
• PDF everything that doesn't need to be editable
• Keep file names under 80 characters

Version Control

Due diligence is iterative. Investors ask follow-up questions, and you'll update documents multiple times.

• Upload new versions rather than replacing files (preserves audit trail)
• Use a changelog or cover memo for updated documents
• Timestamp all uploads
• Set up notifications so you know when investors access new documents

A purpose-built investor data room handles versioning, access tracking, and notifications automatically — which is significantly better than a shared Google Drive folder.

---

Common Due Diligence Mistakes

After watching hundreds of fundraising rounds and M&A transactions, these are the mistakes I see most often.

1. Starting Too Late

The #1 mistake. Most companies start assembling due diligence materials after they receive a term sheet. By then, you're under time pressure, and rushing leads to errors.

Fix: Start building your data room 2-3 months before you plan to fundraise. Treat it as an ongoing project, not a one-time scramble.

2. Incomplete or Outdated Cap Table

A cap table with errors — missing option grants, incorrect share counts, unrecorded SAFEs — is a red flag that slows every deal. Investors need to model their ownership precisely, and they can't do that with a broken cap table.

Fix: Reconcile your cap table quarterly. Include every instrument: common stock, preferred stock, options (vested and unvested), warrants, SAFEs, and convertible notes. Show the fully diluted picture.

3. Missing IP Assignments

If your founders or early contractors never signed IP assignment agreements, you may not legally own the code they wrote. This is a deal-breaker for acquirers and a major concern for investors.

Fix: Audit your IP assignments immediately. Get retroactive assignments signed where possible. For future hires and contractors, make CIIA agreements part of onboarding.

4. Inconsistent Financial Statements

When your monthly statements don't reconcile with your annual statements, or your revenue numbers change depending on which document an investor reads, trust erodes fast.

Fix: Use a single source of truth for financials. Ensure monthly, quarterly, and annual numbers tie out. Have your accountant or controller review for consistency before uploading.

5. Poor Data Room Organization

Dumping 200 files into a single folder with names like "Document1-FINAL-v3-revised.pdf" tells investors your company is disorganized. It also makes their lawyers' work harder, which makes them grumpy, which makes your deal harder.

Fix: Use the folder structure and naming conventions outlined above. Better yet, use a dedicated data room platform that enforces structure.

6. No Access Controls

Sending all documents to all investors from day one is a security risk and a strategic mistake. Early-stage conversations don't warrant full financial disclosure.

Fix: Stage your disclosures. Share the pitch deck and high-level metrics first. Open financial and legal sections only after an NDA is signed and serious interest is confirmed.

7. Ignoring the Narrative

A data room full of documents but no context forces investors to piece together your story themselves. They'll get it wrong, or they'll give up.

Fix: Include an executive summary and a "How to Read This Data Room" document at the top level. Provide context for unusual items (one-time expenses, customer concentration, etc.).

---

Due Diligence Timeline

How long does due diligence take? It depends on the transaction type, but here are typical ranges.

What accelerates timelines:

• Pre-built data room with documents already organized
• Dedicated point of contact for investor questions
• Clean, consistent financials with no surprises
• Board minutes and corporate records that are up to date — a board portal keeps these organized year-round, not just when you need them for diligence

What delays timelines:

• Missing or incomplete documents
• Cap table discrepancies
• Unresolved legal issues discovered during review
• Key personnel unavailable to answer questions
• Financial restatements

---

Building a Due Diligence Culture

The best companies don't treat due diligence as a one-time event. They build systems that keep documentation current at all times. Here's what that looks like in practice.

Monthly disciplines:

• Update financial statements within 15 days of month-end
• Record all board resolutions and meeting minutes in your board portal
• Reconcile cap table after any equity transactions
• Review and update customer/vendor contract tracker

Quarterly disciplines:

• Review and update data room contents
• Refresh competitive landscape analysis
• Update employee roster and org chart
• Verify insurance coverage and compliance certifications

Annual disciplines:

• Complete financial audit or review
• File all tax returns on time
• Renew IP registrations (trademarks, domains)
• Update corporate good standing certificates
• Review and refresh all governance documents

When you maintain this cadence, due diligence becomes a non-event. You open the data room, grant access, and get back to running the business. That's the goal.

For CFOs managing this process, our CFO solutions page outlines how AppDeck helps centralize financial reporting and investor communications.

---

Frequently Asked Questions

What is a due diligence checklist?

A due diligence checklist is a structured list of documents, data, and disclosures that investors or acquirers request when evaluating a company for investment or acquisition. It typically covers corporate records, financials, legal matters, intellectual property, contracts, team information, technology, and compliance. Having a comprehensive checklist ensures nothing falls through the cracks during the review process.

How long does the due diligence process take?

It varies by transaction type. Seed rounds may require only 1-2 weeks of light diligence, while Series A typically takes 3-4 weeks. Series B+ rounds can take 4-8 weeks, and M&A transactions range from 6-16 weeks depending on the size and complexity of the deal.

What documents do investors need for due diligence?

At minimum, investors need your certificate of incorporation, cap table, financial statements, key contracts, and IP documentation. As the deal size increases, so does the depth of documentation required — eventually covering HR records, technical architecture, compliance certifications, and detailed customer analytics.

What is the difference between a due diligence checklist for investors vs. M&A?

An investor due diligence checklist for a fundraising round focuses on growth metrics, market opportunity, and capital efficiency. An M&A due diligence checklist goes deeper into legal liabilities, working capital, integration feasibility, and comprehensive contract review. M&A diligence is typically more exhaustive and involves third-party advisory firms.

How should I organize my due diligence documents?

Use a structured investor data room with clearly labeled folders for each category (corporate, financial, legal, IP, contracts, HR, technology, compliance). Follow consistent naming conventions with dates and version numbers. Stage access so that sensitive documents are only shared after NDAs are signed.

What are the most common due diligence red flags?

The most common red flags include: incomplete or inconsistent cap tables, missing IP assignment agreements, customer concentration above 30% from a single customer, declining net revenue retention, unresolved litigation, lack of corporate governance documentation, and financial statements that don't reconcile.

Can I use Google Drive for my data room?

You can, but it's not recommended for serious fundraising or M&A. Google Drive lacks document-level access tracking, audit trails, watermarking, and granular permissions. Purpose-built data room software gives you control over who sees what and tracks every document view — which matters for both security and deal management. Compare your options in our investor data room software comparison.

When should I start preparing for due diligence?

Start 2-3 months before you plan to begin fundraising conversations. For M&A, start as soon as you're seriously considering a transaction. The best practice is to maintain an always-ready data room as part of your ongoing financial operations, updating it monthly as part of your close process.

---

Related Reading

If you're preparing for fundraising or M&A, these resources will help you get your data room and governance infrastructure in order:

• Investor Data Room Best Practices — the companion guide to this checklist, covering data room setup, security, and management
• Investor Data Room Software Comparison 2026 — detailed comparison of data room platforms for fundraising
• AppDeck Investor Data Room — set up a professional data room in minutes with built-in access tracking, version control, and investor analytics
• AppDeck Board Portal — keep board minutes, resolutions, and governance documents organized and accessible for due diligence
• Executive Dashboard — give investors real-time access to the financial metrics that matter
• Solutions for CFOs — how AppDeck helps CFOs centralize reporting, manage investor relations, and streamline due diligence