The Due Diligence Data Room Checklist institutional buyers actually use
Most sub-$50M businesses lose 20–40% of their valuation in diligence — not in price negotiation. The gap is documentation. This is the document-by-document checklist a lower middle market acquirer expects when you open the VDR. Built from real institutional deal teams across SaaS, healthcare, fintech, and professional services.
Documentation is how founder dependency leaves the building
Every undocumented workflow is a key-person risk buyers price into the multiple. Each SOP, contract, and reconciliation that lives only in a founder's head subtracts roughly 0.05–0.10 turns of EBITDA. The fastest way to lift valuation is not revenue growth — it is moving institutional knowledge out of people and into the data room.
Legal & Corporate
The legal substrate buyers verify first. Gaps here freeze the deal before financials matter.
- Certificate of incorporation, bylaws, operating agreement, all amendments
- Cap table with full history — issuances, transfers, vested vs unvested options
- Board minutes and written consents for the last 5 fiscal years
- Stockholder agreements, voting agreements, ROFR and drag-along provisions
- Subsidiary list with org chart and ownership percentages
- Good standing certificates in every jurisdiction of qualification
- Material litigation, settlements, demand letters, and threatened claims (5 yrs)
- Trademarks, patents, copyrights — registrations, applications, and assignments
Financial & Tax
Quality of earnings, working capital, and tax exposure. Buyers reprice the deal on every surprise.
- Audited financial statements (3–5 years) — income, balance sheet, cash flow
- Monthly internal financials trailing 24 months with management commentary
- Quality of Earnings (QoE) report or supporting reconciliations
- Revenue waterfall by customer / cohort with churn and net retention
- Working capital schedule — A/R aging, A/P aging, inventory roll
- Federal, state, and local tax returns (3 years) and any open audits
- Sales tax nexus analysis and economic-nexus exposure by state
- Debt schedule — every credit facility, note, and contingent liability
Commercial & Customer
The revenue durability narrative. Concentration and contract terms drive 1.0–1.5 turns of multiple.
- Top-50 customer list with revenue, contract length, renewal date, churn status
- Standard MSA, SOW, and SaaS subscription agreement templates
- Customer concentration analysis (top-5, top-10, top-20 as % of revenue)
- Pipeline export with stage, weighted value, expected close, and source
- Win/loss data trailing 12 months with reason codes
- Pricing history, list-to-net analysis, and discounting policy
- Strategic partnership and reseller agreements
- Material customer notices, churn drivers, and at-risk-account log
Operations, SOPs & Founder Dependency
Where buyers price key-person risk. Codified workflows reduce founder dependency and lift the multiple.
- SOP library — top 25 workflows, each with owner, version, last review date
- Founder Dependency Index — workflows still held by CEO / CTO / founder
- Org chart with role descriptions, comp bands, and tenure
- Vendor list — top-25 vendors with contract terms and switching cost
- IT systems inventory — apps, owners, MFA status, off-boarding playbook
- Quality metrics, SLAs, incident logs, and root-cause documentation
- Hiring funnel and 12-month workforce plan
- Insurance certificates — GL, E&O, cyber, D&O, key-person
People, IP & Compliance
Workforce health, IP ownership, and regulatory posture — diligence-stage blockers for institutional buyers.
- Employee census with title, comp, equity, location, and classification
- Offer letters, NDAs, IP assignment agreements for every contributor
- Contractor 1099 list with IP and confidentiality assignment confirmation
- Equity plan documents, vesting schedules, and 409A valuations
- Open-source license inventory and any copyleft exposure
- Data Processing Agreements (DPAs) and sub-processor list
- SOC 2 Type II report, ISO 27001, HIPAA, or PCI attestations as applicable
- Privacy policy, terms of service, and data-retention schedule
Stop assembling this manually
Lydell auto-builds your data room from existing artifacts — Slack, Notion, drives, financial systems — and continuously updates it as your business evolves. Most operators reach institutional-grade documentation in 60–90 days.