Last Updated: June 2026
A mid-market M&A due diligence checklist is the structured set of risk categories a buyer reviews before closing, and for deals worth $5M to $150M, due diligence is where deals are repriced, restructured, or killed. Buyers spend 45 to 90 days reviewing 14 categories of business risk, and what they find determines whether the headline price holds. Sellers who enter the process without preparation routinely leave money on the table.
The scope of due diligence has grown over the past decade. PE buyers and strategic acquirers now run quality of earnings analyses as a baseline. They also add IT and cybersecurity review. Seller rep and warranty insurance is standard above $15M. The days of handing over three years of tax returns and closing fast are over. Sofer Advisors helps owners and their advisors work through exactly these questions and turn the analysis into a defensible business valuation they can act on.
The following takeaways summarize the key valuation and transaction factors covered in this guide.
Key Takeaways
- Quality Earnings Foundation Financial – Quality of earnings is the foundation of financial diligence – it is not the same as an audit.
- Customer Concentration 20 Single – Customer concentration above 20% in any single customer is a red flag that buyers address with earnouts, escrows, or price reductions.
- IT Cybersecurity Diligence Now – IT and cybersecurity diligence is now a full standalone category – undisclosed data breaches can kill a deal.
- Environmental Diligence Applies Business – Environmental diligence applies to any business that has operated from a physical location for 10+ years with chemicals or waste.
- Sellers Organize Clean Indexed – Sellers who organize a clean, indexed data room compress the diligence timeline and signal operational competence to buyers.
- Deal Killers Found Diligence – Deal killers found in diligence – undisclosed litigation, missing licenses, unresolved environmental – almost always produce price reductions or deal termination.
Each of these factors is examined in depth in the sections that follow.
Category 1: Financial Statements and Tax Returns
Buyers require three to five years of financial statements. They also need federal and state tax returns. The primary goal is confirming that statements match tax returns. Large gaps between book income and taxable income are a red flag.
Buyers review revenue trends, gross margin, and EBITDA trajectory. They also check capital expenditure history and working capital. The data room must include full financial statements for three years. Add all tax returns for the same period. Include a monthly income statement for the trailing twelve months. Add a full debt schedule. Buyers want monthly financials for the trailing 24 months. Seasonality patterns matter to them. Buyers also want bank statements for 24 months. Cash flow patterns matter.
Analysis at this level is the work of a credentialed valuation professional operating under the AICPA Statement on Standards for Valuation Services, which governs how a defensible conclusion of value is developed and documented.
Category 2: Quality of Earnings Analysis
A quality of earnings (QoE) analysis examines whether reported EBITDA is real. It is not an audit. It focuses on economic reality, not GAAP rules.
| QoE Finding Type | Typical Impact on Price |
|---|---|
| Owner pay normalization (above market) | Increases EBITDA; can increase price |
| One-time revenue removal | Decreases EBITDA; price reduction |
| Deferred CapEx identification | Price reduction or escrow holdback |
| Related-party revenue at above-market rates | Major red flag; price reduction or restructure |
| Revenue recognition issue | Can be deal-killer; requires restatement |
Sellers who commission their own sell-side QoE reduce surprises. They build credibility with buyers. They often compress closing by two to four weeks. The sell-side QoE should precede the buyer’s own report. This reduces negotiation risk.
Category 3: Customer Contracts and Concentration
Buyers analyze customer concentration and contract terms. They also review renewal history. The key red flag: any single customer above 20% of revenue. A customer at 30%+ triggers deal structure changes. Buyers will cut the price, add an earnout, or require the seller to stay post-close.
The data room must include all material customer contracts. Add a customer revenue schedule for three years. Show evidence of renewals. Disclose any known customer attrition. Change-of-control clauses need special attention. If a key contract requires consent for assignment, the buyer will require that consent before closing. Buyers map revenue by customer for three years. They look for attrition trends and watch for any single customer above 20%.
Category 4: Key Employee Agreements and Compensation
Human capital diligence asks: who are the people whose loss would hurt the business? Do they have employment agreements? Buyers require employment agreements for all key employees. These must include non-compete and non-solicitation clauses. They are a condition of closing.
The data room must include all employee agreements and pay schedules. Add org charts and any pending HR claims. Deferred pay plans, phantom equity, and rollover equity must be disclosed early. These reduce net seller proceeds and affect deal structure.
Category 5: Legal and Litigation
Legal diligence covers active lawsuits and threatened claims. It also examines regulatory investigations. Buyers require a litigation schedule for the past three to five years. Red flags include undisclosed lawsuits and pending class action claims. Regulatory investigations and IP disputes are also red flags. The seller’s legal team must provide a complete disclosure schedule. Sellers must disclose all threatened claims, not just filed suits. Ambiguity here kills deals.
Category 6: Intellectual Property and Technology
IP diligence confirms the business owns its IP. Common problems exist in this area. Software built by contractors without a written assignment means the contractor owns the IP. Trademarks may not be registered. Domain names may be held by the owner personally. The data room must include IP ownership records. Add registration certificates and assignment agreements from all developers.
Category 7: Real Estate Leases
Real estate diligence reviews all leases and owned property. Buyers care about lease term and renewal options. They also check assignment provisions and rent versus market rates. Personal guarantees need to be released. Get landlord consent for lease assignment before closing when possible. A landlord who learns about the sale through diligence may use it as leverage to raise rent. Buyers check whether leases are above-market. Long-term leases can be an asset or a liability.
Category 8: Equipment and Fixed Assets
Fixed asset diligence confirms the business owns the assets it claims. Buyers verify the assets are in the condition described. They also check that maintenance has been current. Deferred maintenance is one of the most common diligence findings. An owner who cut maintenance CapEx to boost EBITDA will face a buyer. That buyer will estimate the cost to restore assets. They will deduct that from the price directly or through a working capital adjustment. Buyers also check equipment age and useful life. Aging equipment near end-of-life is a valuation risk.
David Hern CPA ABV ASA, founder of Sofer Advisors, brings a Heart of a Teacher to every engagement – translating complex valuation methodology into clear, actionable guidance that clients can act on before and after the report is delivered. With 15+ years of valuation experience, 11+ expert witness cases across multiple jurisdictions, and 180+ five-star Google reviews, David built Sofer Advisors into an Inc. 5000-recognized firm. The Sofer Difference is a four-phase process of Discovery, Diligence, Analysis, and Delivery that ensures every conclusion is defensible, documented, and tied to the specific facts of the business.
While national firms like Stout and Kroll serve large enterprise clients, Sofer Advisors specializes in middle-market businesses that require personalized attention, direct access to credentialed professionals, and a next business day response policy.
Category 9: Environmental
Environmental diligence applies to any business at a physical site. It is especially important where chemicals, fuel, or waste are involved. A Phase I Environmental Site Assessment is standard for owned real property. A Phase I finding that recommends Phase II is a major deal event. Phase II results can produce remediation cost estimates. These range from thousands to millions of dollars. Sellers who run a Phase I before going to market control the timing of any findings. Phase I assessments typically cost $2,000–$4,000. They are standard in any deal.
Category 10: Regulatory and Licenses
Regulatory diligence confirms the business holds all required licenses and permits. It also checks whether those licenses transfer to a new owner. License transfer is deal-critical in regulated industries. These include healthcare, financial services, and food and beverage. If a required license is not transferable, the closing timeline extends significantly. License transfers can take 30–180 days. Start this process early in the timeline.
Category 11: Insurance
Insurance diligence reviews coverage and claims history. Buyers check key lines including general liability, property, and workers’ compensation. They also review professional liability, D&O, EPLI, umbrella, and cyber liability. Claims history that shows patterns of operational risk triggers buyer questions. It can also produce price adjustments. Gaps in coverage are red flags. Buyers want to see cyber liability coverage in place.
Category 12: HR and Employee Benefits
HR diligence examines workforce compliance and benefits obligations. Buyers review FLSA classification for all employees. They also check independent contractor classification. A 401(k) plan without a timely annual compliance test creates large liability. Defined benefit pension plans get close scrutiny. Unfunded obligations transfer with the business. Buyers also check for unpaid vacation accruals. These are a hidden liability that reduces net proceeds. Misclassified workers create tax liability. Buyers price this risk into the offer.
Category 13: IT Systems and Cybersecurity
Cybersecurity diligence is now a full standalone category. Buyers run IT security assessments as a standard step. These include penetration testing and security controls review. They also include network architecture review and data classification. Buyers check for end-of-life systems. Old software adds risk to a deal. Undisclosed breaches are a near-universal rep and warranty claim category. Any unauthorized system access must be disclosed. Even if no data was confirmed stolen, it must be disclosed. Failure to disclose a known breach can void rep and warranty insurance coverage.
Category 14: Seller Representations and Warranties
The seller’s representations and warranties are the legal backbone of the deal. Sellers represent that all disclosures are accurate and complete. Rep and warranty insurance is standard above $15M–$20M. Premium is typically 2.5%–4% of the policy limit. Sellers must take a disclosure-first approach. Every known issue must be disclosed. Items not disclosed that surface post-close produce insurance claims and indemnity exposure.
The questions below address the most common issues business owners raise before engaging a qualified appraiser for a mid market manda due engagement.
Frequently Asked Questions
How long does mid-market M&A due diligence take?
Most mid-market deals complete diligence in 45–90 days from the letter of intent. A clean, indexed data room is the biggest factor in compressing the timeline.
What is a quality of earnings analysis and why do buyers require it?
A QoE examines whether reported EBITDA reflects real, recurring earnings. Buyers use it to identify adjustments that affect the true earnings base.
What is the most common deal killer in due diligence?
Financial fraud or material misrepresentation kills deals fastest. After that come undisclosed litigation and environmental Phase II findings with large remediation estimates.
What is rep and warranty insurance in an M&A deal?
Rep and warranty insurance covers losses the buyer suffers if seller representations are false. It allows sellers to receive clean proceeds at closing instead of holding escrow.
How much does due diligence cost the seller?
Sell-side preparation typically costs $50,000–$200,000 depending on deal size. This cost is consistently recovered through a higher purchase price and faster closing.
What is a data room and how should sellers organize it?
A data room is a secure virtual repository for all due diligence materials. The standard structure mirrors the 14 due diligence categories with indexed, labeled folders.
How does a business valuation help sellers prepare for due diligence?
A pre-sale valuation establishes your market value before engaging buyers. It supports a defensible negotiating position and identifies issues to address before going to market.
Related Case Studies
- Business Valuation For Mergers Buy Side Vs Sell Side
- Fairness Opinion In MA Atlanta What Georgia Business Owners And Boards Need To Know
- What To Expect During A Business Valuation Step By Step Process
Executive Summary
- Mid-market M&A due diligence covers 14 categories: financials, QoE, customers, employees, legal, IP, real estate, equipment, environmental, regulatory, insurance, HR, IT/cybersecurity, and seller reps.
- Quality of earnings is the financial foundation of diligence – sellers who do a sell-side QoE first compress the timeline and reduce surprises.
- IT and cybersecurity diligence is now a full standalone category – undisclosed breaches are among the most common post-close rep and warranty claims.
- Sellers who organize a complete, indexed data room before engaging buyers consistently achieve better outcomes on price and timeline.
What Should You Do Next?
If you are preparing to sell a business in the $5M–$150M range, a certified pre-sale business valuation is the first analytical step. It establishes your baseline negotiating position, identifies value drivers and risks before buyers do, and supports a faster, cleaner due diligence process. David Hern CPA ABV ASA, founder of Sofer Advisors, holds dual ASA and ABV credentials recognized by the IRS, SEC, and FINRA, with 15+ years of valuation experience and 180+ five-star Google reviews. Schedule a consultation to discuss your business valuation needs.
People Also Read
- What Documents Do I Need For A Business Valuation Complete Checklist
- How To Calculate Fair Market Value Of Business Expert Guide
About the Author
This guide was prepared by David Hern CPA ABV ASA, founder of Sofer Advisors – a business valuation firm headquartered in Atlanta, GA serving clients across the United States. David holds dual accreditations as an Accredited Senior Appraiser (ASA) and is Accredited in Business Valuation (ABV), credentials recognized by the IRS, SEC, and FINRA. He also holds the Certified Exit Planning Advisor (CEPA) designation. With 15+ years of valuation experience, David has served as an expert witness in 11+ cases across multiple jurisdictions and built Sofer Advisors into an Inc. 5000-recognized firm with 180+ five-star Google reviews. The firm’s full W2 employee team maintains subscriptions to all major valuation databases and operates under a next business day response policy.
For professional business valuation services, visit soferadvisors.com/about-us/ or schedule a consultation at soferadvisors.com/contact-us/.
This content is for informational purposes only and does not constitute professional valuation advice. Business valuation conclusions depend on specific facts and circumstances. Contact Sofer Advisors for guidance regarding your specific situation.
