The reality: Most first-time buyers rely on enterprise checklists that miss small-business risks: owner dependence, cash accounting quirks, and customer concentration. These gaps cost deals and create post-closing surprises.
This playbook provides the practical framework used by successful searchers—focused on businesses under $5M with real-world tactics that actually catch problems before they cost you money.
What Good Due Diligence Actually Does
Due diligence isn't paperwork—it's a decision system to:
Verify you're buying what's represented
Surface risks early enough to re-price or walk away
Pre-build your 100-day integration plan
Go in skeptical. Confirmation bias ruins deals.
The R.E.M.A.P. Due Diligence Framework
Use this five-step loop on every target:
Reconstruct Reality
Rebuild revenues from bank deposits and tie to tax returns. If deposits don't reconcile with reported sales, escalate and resolve quickly—if unresolved, walk away.
Action: Request 24 months of bank statements and match deposits to reported revenue monthly. Note: Card processor netting, chargebacks, or multiple accounts can create legitimate mismatches.
Evaluate Durability
Hunt dependencies: owner-key person risk, customer concentration, seasonality, and any revenue pulled forward pre-sale.
Stress Test: Model "lose top 2 customers tomorrow"—can the business still service debt?
Model & Price the Risk
Normalize EBITDA using only verifiable add-backs. Set working capital baseline and build downside scenarios.
Key Calculation: Owner salary + personal expenses + one-time costs = acceptable add-backs
Assign Protections
Turn findings into deal protections: escrows, earnouts, working capital adjustments, and specific representations.
Example: If 40% revenue comes from top customer, structure earnout tied to retention.
Proceed or Pass
Write an investment memo forcing a yes/no decision. Use external experts to challenge your thesis.
Decision Gates: Buy at agreed price, re-trade based on findings, or walk away completely.
Pre-LOI: Fast Screens (Week 1)
Goal: Earn the right to an LOI or pass in under 7 days.
Essential Documents
Trailing 36 months P&L, balance sheet, cash flow
Bank statements for all business accounts (24+ months)
Current year financials
Customer concentration breakdown
3 years business tax returns
Accounts receivable aging
Red Flag Fast Fails
🚨 No tax returns or bank statements
🚨 A/R over 90 days exceeds 10%
🚨 Unexplained revenue spikes in last 6 months
🚨 Top 3 customers over 35% of revenue
🚨 Outright refusal of customer calls post-LOI (pre-LOI reluctance is normal)
Quick Tests
Monthly revenue trend: Consistent or declining?
Gross margin stability: Variance under 300 basis points year-over-year (unless explained)
A/R health: Over 90 days under 10% of total
Cash conversion: How long from sale to cash?
Scalability check: Can this model actually grow?
Key Terms: Most small business listings show SDE (Seller's Discretionary Earnings = net income + owner salary + owner benefits + non-cash expenses). This differs from EBITDA used in larger deals.
Post-LOI: The Confirmatory Checklist
1. Financial Deep Dive
Proof of Cash (Critical)
Match bank deposits to reported sales for 24 months
Where possible, obtain IRS transcripts via seller-signed Form 4506-C through seller's CPA/lender
If unavailable, triangulate with bank deposits, state sales tax filings, and 1099-K
Reconcile general ledger to bank statements
Revenue Quality Check
Look for "pulled forward" sales before listing
Verify recurring vs. one-time revenue mix
Check for related-party transactions
SDE/EBITDA Normalization
Valid Add-Backs | Invalid Add-Backs |
|---|---|
Owner salary above market rate | Rent below market (unless documented) |
Personal expenses through business | Aggressive growth assumptions |
One-time legal/accounting fees | Family salaries without documentation |
Depreciation & amortization* | Market rate adjustments without proof |
*Add back D&A, then subtract normalized maintenance capex separately
2. Customer & Revenue Analysis
The EBIT 10-Point Revenue Quality Test
Factor | Score 0-2 | Target |
|---|---|---|
Bank-verified revenue trail | 2 = perfect match, 0 = major gaps | 2 |
Customer churn | 2 = <10% annually, 0 = >25% | 2 |
Customer diversification | 2 = largest <15%, 0 = >35% | 2 |
Contracted/recurring revenue | 2 = >50%, 0 = <20% | 1-2 |
Pricing power | 2 = recent increase stuck, 0 = price pressure | 1-2 |
Seasonality managed | 2 = working capital plan, 0 = cash crunches | 2 |
No pulled-forward revenue | 2 = clean trail, 0 = obvious manipulation | 2 |
Channel diversification | 2 = no platform >30%, 0 = single channel | 1-2 |
Healthy A/R | 2 = <10% over 90 days, 0 = >20% | 2 |
Clean data systems | 2 = CRM/audit trail, 0 = manual/missing | 1-2 |
Scoring: 16-20 = Proceed | 11-15 = Price for risk | 0-10 = Walk away
Customer Concentration Strategy
Revenue % | Risk Level | Recommended Structure |
|---|---|---|
<20% from top customer | Low risk | Proceed normally |
20-35% from top customer | Moderate risk | Require customer calls + assignable contract |
35-50% from top customer | High risk | Multi-year contract OR earnout/holdback |
>50% from top customer | Extreme risk | Walk away unless long-term contract signed |
3. Operations Review
The "Walk the Order" Process Map the complete customer journey: Quote → Order → Delivery → Payment → Renewal
Key Questions:
What happens if the owner disappears for 30 days?
Which processes depend on owner relationships?
Can employees make decisions without owner approval?
Are there written procedures for core functions?
4. Technology & Cybersecurity
Modern Essential: Even "offline" businesses need cyber due diligence
Quick Cyber Checklist:
System inventory and access controls
Backup systems and recovery testing
Vendor/supplier cyber risk assessment
Previous security incidents or breaches
Customer data protection compliance
Day 1 Security Fixes
Priority | Action | Timeline |
|---|---|---|
High | Rotate all passwords & enable MFA | Week 1 |
High | Review user access & implement least-privilege | Week 1 |
Medium | Test backup systems & recovery procedures | Week 2 |
Medium | Audit vendor access & update agreements | Week 3 |
Low | Implement incident response procedures | Week 4 |
5. Legal & Compliance
Core Legal Review:
UCC searches and lien checks
Pending litigation or disputes
Contracts and assignability
Required licenses and permits
Data privacy compliance
SBA-Specific Gotchas:
A/R Retention: If seller keeps receivables in asset deal, you need cash to fill the hole—price accordingly
Recession Stress Test: Model 30% revenue drop against debt service requirements
Training Requirements: Confirm seller availability for required transition hours
License Transfers: Verify qualifying licenses transfer before closing (can delay SBA approval)
Landlord Consent: Secure lease assignment approvals early in process
Deal Protection Strategies
Working Capital Adjustments
Define net working capital (NWC) as current assets (excluding cash) minus current liabilities (excluding debt-like items). Include accrued expenses, payroll liabilities, and customer deposits.
Use a 12-month average or seasonal like-for-like months to set the baseline peg. Lock accounting policies pre-close to prevent post-closing disputes.
Example: HVAC company peak season (summer) working capital will be higher than shoulder months. Use same-month comparisons year-over-year for accurate baseline.
Earnout Structures for Risk
Customer concentration: 15% of revenue from retained key customers
Growth targets: 25% of EBITDA above normalized baseline
Operational milestones: Specific transition achievements
Contract Protections
Representations & Warranties: Include cyber/privacy reps with 6-24 month survival (varies by jurisdiction)
Escrows: 5-15% of purchase price for 12-18 months (calibrate to deal-specific risks)
Seller Notes: Tie payments to customer retention and performance metrics
R&W Insurance: For sub-$10M deals, traditional coverage may be uneconomical—rely on targeted reps and escrows instead
Your 100-Day Integration Plan
Week 1-2: Secure & Stabilize
Rotate all system passwords and enable MFA
Set up weekly cash flow dashboard
Meet individually with all employees
Call top 10 customers personally
Week 3-8: Monitor & Measure
Track customer retention against projections
Monitor cash conversion cycle weekly
Identify operational bottlenecks
Document all key processes
Week 9-12: Optimize & Improve
Fix one operational bottleneck
Implement customer feedback system
Plan technology upgrades
Develop growth initiatives
Common Due Diligence Mistakes
❌ Accepting financial statements at face value
✅ Always verify with bank deposits and tax transcripts
❌ Focusing only on historical performance
✅ Model future cash flows under stress scenarios
❌ Ignoring cybersecurity in "traditional" businesses
✅ Every business has cyber risk—assess and protect
❌ Rushing due diligence to meet closing deadlines
✅ Negotiate adequate time periods and stick to process
Master Due Diligence Checklist
Financial Verification
24 months bank statements vs. reported revenue
Tax returns + IRS transcripts for 3 years
A/R aging analysis and collection patterns
Working capital baseline calculation
Seasonal cash flow analysis
Capital expenditure requirements
Customer Analysis
Top 10 customer 3-year revenue trend
Customer retention and churn analysis
Customer concentration risk assessment
Contract assignability review
Customer reference calls
Operations Assessment
Written standard operating procedures
Order-to-cash process mapping
Inventory condition and obsolescence
Vendor agreements and dependencies
Capacity constraints and bottlenecks
People & Organization
Organizational chart and key roles
Employee compensation analysis
Non-compete and non-disclosure agreements
Required licenses and certifications
Succession planning for key positions
Legal & Compliance
UCC searches and lien verification
Litigation history and pending matters
Regulatory permits and compliance
Intellectual property ownership
Data privacy and security compliance
Technology & Security
System inventory and documentation
Access controls and user management
Backup and disaster recovery testing
Third-party vendor security assessment
Incident response procedures
The Bottom Line
Due diligence isn't about finding the perfect business—it's about understanding exactly what you're buying and structuring the deal to succeed despite the risks.
The best acquisition entrepreneurs use due diligence as a competitive advantage. They understand businesses deeper than other buyers, negotiate better terms, and plan successful integrations from day one.
Ready to put this playbook into action? Join the EBIT Community Pro for access to our curated marketplace, connect with experienced searchers, and get expert guidance on your due diligence process. Because the best deals go to the best-prepared buyers.
Disclaimer: This guide is for educational purposes only and does not constitute legal, financial, tax, or investment advice. Business acquisitions involve significant risks, and outcomes can vary widely based on individual circumstances. Always consult with qualified professionals including attorneys, CPAs, and financial advisors before making acquisition decisions. The EBIT Community does not guarantee the accuracy of information provided or the success of any acquisition strategy. Past performance and examples do not guarantee future results.
