How to Build a Due Diligence Checklist for M&A

A due diligence checklist is the structured framework that guides the investigation of a target company during an M&A transaction. It defines what documents to request, what information to verify, and what issues to investigate across every aspect of the target's business, legal, financial, and operational profile. The quality of the checklist directly determines the quality of the diligence, and the quality of the diligence directly determines whether the deal team catches the issues that affect deal value before signing.

Start with the Deal Thesis, Not a Template

Every experienced deal attorney has encountered the downloaded 50-page checklist template that includes items irrelevant to the deal at hand while missing industry-specific risks that matter most. Templates are starting points, not solutions.

The right starting question is: what is the acquirer buying and why? A private equity firm acquiring a SaaS company for its recurring revenue cares about different things than a strategic acquirer buying a manufacturing company for its supply chain capabilities. The deal thesis drives which categories need deep investigation and which can be addressed at a summary level.

For a technology acquisition, IP chain of title, open source compliance, employee invention assignments, and customer contract stability are primary categories. Environmental and real estate may be secondary.

For a healthcare services acquisition, regulatory compliance, licensure, payor contracts, and HIPAA compliance are primary. IP may be secondary.

For a manufacturing acquisition, environmental liabilities, equipment condition, supply chain contracts, and real estate (owned and leased) are primary. Software IP may be secondary.

The checklist should reflect this prioritization from the outset, ensuring that the most critical categories receive the most detailed request items and the earliest attention.

The Core Categories

While the specific items vary by deal, the category structure is remarkably consistent across M&A transactions.

Corporate Organization and Governance

Request items cover the target's organizational documents (certificate of incorporation, bylaws, operating agreements), capitalization table, board and shareholder minutes, subsidiary structure, and jurisdictions of qualification. This category establishes the legal identity of what the acquirer is buying and identifies structural issues (minority interests, outstanding options, dormant subsidiaries) that affect deal mechanics.

Financial

Financial diligence covers audited and unaudited financial statements, tax returns, accounts receivable and payable aging, debt and credit agreements, projections and budgets, and working capital analysis. While financial diligence is typically led by the accounting team, legal counsel should review debt instruments, guarantees, and financial covenants that create legal obligations.

Material Contracts

This is the category where contract review tools deliver the most value. Request all customer agreements, vendor contracts, distribution agreements, partnership arrangements, joint ventures, and any agreement with annual value exceeding a defined threshold. The specific provisions to extract and review are covered in depth in our guides on clause extraction: assignment restrictions, termination provisions, change of control triggers, exclusivity obligations, MFN clauses, and indemnification terms.

Intellectual Property

Request patent portfolios, trademark registrations, copyright registrations, trade secret inventories, IP licenses (in and out), open source usage, and the full chain of IP assignment documentation (employment agreements, contractor agreements, founder assignments). For technology companies, IP diligence is often the most complex and highest-stakes category.

Employment and Labor

Cover employee census, employment agreements (particularly for key personnel), compensation and benefits plans, non-compete and non-solicitation agreements, pending or threatened employment claims, WARN Act compliance, independent contractor classifications, and union or collective bargaining agreements.

Tax

Request federal and state tax returns, pending audits or assessments, tax sharing agreements, transfer pricing documentation, and analysis of any tax positions that carry audit risk. Tax diligence is typically led by tax counsel, but corporate counsel should understand the tax structure's implications for deal mechanics.

Litigation and Disputes

Request a schedule of all pending, threatened, and recently resolved litigation, arbitration, and regulatory proceedings. Include demand letters, settlement agreements, and consent decrees. Assess the adequacy of litigation reserves and the potential for unasserted claims.

Regulatory Compliance

Cover industry-specific regulatory requirements, permits and licenses, compliance programs, government contracts, sanctions and export controls, data privacy and security (GDPR, CCPA, HIPAA as applicable), and anti-corruption compliance (FCPA, UK Bribery Act).

Environmental

Request environmental assessments, permits, remediation obligations, compliance history, and any Phase I or Phase II environmental site assessments. Environmental liabilities can be significant and long-lasting, making this category particularly important for manufacturing, real estate, and energy targets.

Insurance

Request all insurance policies (general liability, D&O, cyber, E&O, property, workers' compensation), claims history, and coverage analysis. Assess whether the target's coverage is adequate for its risk profile and whether the acquirer needs to obtain tail coverage or new policies post-closing.

Real Estate

Cover owned properties (deeds, title reports, surveys), leased properties (lease agreements, amendments, subleases), zoning and land use compliance, and any environmental issues associated with real property.

Buy-Side vs. Sell-Side Checklists

The same categories serve different purposes depending on which side of the transaction you represent.

Buy-Side Focus

The buy-side checklist is an investigation tool. Its purpose is to uncover risks, liabilities, and issues that the acquirer will inherit. Buy-side request items should be:

• Probing. Ask not just for the document but for the context. "Please provide all customer contracts with annual value exceeding $100,000" is better than "Please provide customer contracts."
• Comprehensive. Include catch-all items like "any other agreements not otherwise produced that have annual value exceeding $50,000 or that contain unusual terms."
• Forward-looking. Request information about pending changes, threatened actions, and anticipated issues, not just the current state.

Sell-Side Focus

The sell-side checklist is a preparation tool. Its purpose is to organize the target's documentation and identify issues that should be addressed before the buyer's review. Sell-side preparation items should be:

• Remediation-oriented. If an employment agreement is missing an IP assignment clause, fix it before the data room opens rather than explaining the gap.
• Organized for disclosure. Structure the data room to make material information easy to find. A well-organized data room builds buyer confidence and reduces follow-up requests.
• Anticipatory. Address the questions buyers will ask before they ask them. Include summaries, schedules, and explanations alongside the underlying documents.

Tailoring by Transaction Structure

The transaction structure determines which liabilities transfer and, consequently, which checklist items matter most.

Asset purchases require item-by-item identification of assets being acquired and liabilities being assumed. The checklist should map every category to the asset/liability allocation and identify assumed contracts that require consent.

Stock purchases transfer the entity with all its assets and liabilities. The checklist should focus on identifying hidden or contingent liabilities that the buyer inherits by operation of law, regardless of what the purchase agreement says.

Mergers combine elements of both, with the surviving entity inheriting all assets and liabilities of the merged entity. The checklist should address entity-level issues (corporate approvals, dissenter rights) alongside the standard operational categories.

Updating the Checklist as Diligence Progresses

The initial checklist is a starting point. As diligence findings emerge, the checklist should evolve.

New categories surface. An initial review of customer contracts might reveal that the target has significant government contracts, triggering a new category for government contract compliance that was not in the original checklist.

Depth adjustments. If early findings reveal clean results in a category (no pending litigation, for example), resources can be redirected to categories where issues are emerging.

Follow-up requests. Every diligence finding that requires additional context generates a follow-up request. Tracking these alongside the original checklist ensures nothing falls through the cracks.

Red flag escalation. Issues identified during M&A diligence that could affect deal structure or valuation should be escalated immediately rather than waiting for the final diligence memo.

The checklist is a framework for thoroughness. The judgment about how to use it, where to go deep, where to go fast, and what to escalate, is what distinguishes excellent diligence from a completed form.

---