Due Diligence

What Is Due Diligence?

Due diligence is the investigative process through which a buyer verifies the information presented about a target company, identifies risks and opportunities, and builds the factual foundation for transaction pricing and structuring. It is the bridge between preliminary interest and a binding commitment.

In practice, due diligence involves teams of financial, legal, commercial, and operational specialists combing through the target’s records, contracts, financial statements, and operations to confirm that the business is what the seller represents it to be. Our M&A due diligence checklist provides a comprehensive breakdown of each workstream.

Types of Due Diligence

Financial Due Diligence

The most fundamental workstream, typically led by an accounting firm:

• Quality of earnings analysis — normalising reported EBITDA for one-off, non-recurring, and non-operational items
• Working capital analysis — establishing a normalised working capital baseline for the closing adjustment mechanism
• Net debt confirmation — identifying all debt and debt-like items to bridge from enterprise value to equity value
• Cash flow analysis — verifying that reported earnings translate into actual cash generation
• Financial projections review — stress-testing management’s forward-looking assumptions

Legal Due Diligence

Conducted by the buyer’s legal counsel:

• Corporate structure — verifying the target’s legal organisation, ownership chain, and jurisdictional registrations
• Material contracts — reviewing key customer, supplier, and partnership agreements for change-of-control provisions, termination rights, and unusual terms
• Litigation — assessing pending, threatened, or historical legal proceedings
• Regulatory compliance — confirming adherence to applicable laws, licences, and permits
• Intellectual property — verifying ownership, registrations, and freedom to operate

Commercial Due Diligence

Evaluates the target’s market position and growth prospects:

• Market sizing — total addressable market, serviceable market, and growth trends
• Competitive landscape — market share, competitor analysis, and barriers to entry
• Customer analysis — concentration, retention rates, contract terms, and satisfaction
• Revenue sustainability — recurring vs. non-recurring revenue, pipeline quality

Operational Due Diligence

Assesses the target’s operational capabilities:

• Management and organisation — quality and depth of the leadership team, key person dependencies
• Technology and systems — IT infrastructure, software platforms, cybersecurity posture (Corporate Finance Institute)
• Supply chain — supplier dependencies, sourcing risks, logistics
• Human resources — employment contracts, benefits, retention risks, cultural considerations

Additional Workstreams

• Tax due diligence — historical compliance, exposures, structural optimisation opportunities
• Environmental due diligence — contamination, regulatory compliance, remediation liabilities
• Insurance due diligence — adequacy of coverage, claims history
• ESG due diligence — environmental, social, and governance risk assessment

The Data Room

Due diligence is conducted primarily through a virtual data room (VDR) — a secure online platform where the seller uploads documents organised by category. The VDR allows controlled access, tracks which documents each bidder has reviewed, and maintains an audit trail. Emerging AI-powered data rooms are making this process faster by automating document indexing and anomaly detection. Common VDR providers include Intralinks, Datasite, and Firmex.

Red Flags

Experienced acquirers watch for warning signs during diligence:

• Inconsistencies between management representations and documented evidence
• Customer concentration — a single customer representing more than 20–30% of revenue
• Revenue quality issues — aggressive revenue recognition, channel stuffing, or one-time contracts disguised as recurring
• Off-balance-sheet liabilities — unrecorded obligations, guarantees, or contingent liabilities
• Key person dependency — critical relationships or knowledge concentrated in one or two individuals
• Deferred maintenance — underinvestment in capex, technology, or compliance

Due Diligence in Asia Pacific

Cross-border due diligence in Asia Pacific presents unique challenges. Private companies in many markets lack audited financials, requiring more intensive financial reconstruction work. Language barriers necessitate document translation and bilingual advisors. Regulatory environments differ substantially — from Australia’s well-established disclosure frameworks to emerging markets where corporate records may be incomplete.

Due Diligence for AI Company Acquisitions

Standard DD workstreams apply to any target. AI companies add distinct workstreams that generalist DD teams routinely miss — and that materially affect deal value.

Model and IP ownership verification. Confirm who owns model weights, training data, and any derivative works. Particular care is required where the AI was built on open-source foundations (Llama, Mistral, Qwen) — license terms vary materially and can create commercial-use restrictions post-acquisition. Web-scraped training data may create copyright or terms-of-service liability. AI engineer employment contracts must confirm adequate IP assignment.

Technical team retention risk. AI company value is concentrated in 3–15 key technical people. DD must identify named key personnel, current compensation and equity positions, cliff and vesting schedules, and what post-close packages would be required to retain them. Unaddressed retention risk on a single lead engineer can represent 15–25% of deal value.

Training data residency and cross-border compliance. If the target’s AI will be deployed across borders post-acquisition, DD must confirm training data residency complies with China PIPL, Japan APPI, Korea PIPA, and EU GDPR as applicable. For regulated AI (fintech, healthcare, legal), training data provenance must be auditable.

Model performance monitoring. AI systems degrade silently — model drift can erode performance without detection until revenue declines. Verify production monitoring infrastructure, retraining cadence, and the engineering capability to maintain model performance.

Customer contract AI-output obligations. Many B2B AI companies have customer contracts specifying output accuracy, SLAs, or explainability requirements. These can constrain post-acquisition product development.

For a detailed DD framework specifically for AI company transactions, see our guide on AI company due diligence. Amafi Advisory manages AI-specific DD workstreams for sellers and acquirers across APAC. Talk to our team.