The number in your letter of intent is not the number you will close at. The distance between the two is decided in due diligence, and it only moves in one direction. Buyers do not raise their offer because your data room impressed them; they hold the price when nothing surfaces and cut it when something does. Every item their diligence team pulls that you have not already cleaned is a negotiation you enter from the weaker seat — after exclusivity, after your alternatives have gone quiet, after walking away has become expensive for you and cheap for them.
We see this from both sides. Fiducia Adamantina runs commercial and investor due diligence for buyers evaluating GCC targets, which means we have written the request lists that land on founders’ desks. This article is that checklist turned around: everything a serious buyer will ask of a founder-led SME, organized as what you need to fix before going to market, and what each item costs when it surfaces dirty instead.
How buyers use an M&A due diligence checklist against your price
Buyers diligence hard because their downside is real. Studies suggest 70–90 percent of acquisitions fail to create value for the acquirer, and every buyer who has read that research treats your business as the potential exception they have to prove. Their checklist is not curiosity. It is a pricing instrument.
When an item comes back dirty, the damage takes one of four shapes, in rising order of cost to you:
The price chip. A discrete finding with a number attached — an unrecorded liability, a customer about to churn, a license gap — comes off the headline price dirham for dirham, usually with a margin of safety added in the buyer’s favour.
The escrow bump. Findings that create uncertainty rather than a known cost get parked in holdbacks. More of your proceeds sit in escrow, for longer, against broader indemnities. You still “got your price”; you just cannot spend a slice of it for eighteen months, and some of it you may never see.
The re-trade. Enough accumulated findings and the buyer restructures the deal itself — cash at closing shrinks, an earnout appears, the risk you thought you were selling moves back onto your side of the table. How those mechanisms work, and what they cost sellers, is covered in our guide to M&A deal structure.
The dead deal. The worst outcome is not a lower price. It is a buyer who walks after three months of exclusivity, leaving you with a stale process, a management team that knows the business was for sale, and a market that wonders what the buyer found.
The pattern across all four: the issue was almost always knowable in advance. The seller paid retail for a problem that would have cost wholesale to fix a year earlier. The rest of this checklist works through each diligence area in that spirit — what they will ask, and what it costs you dirty.
Financial due diligence: the numbers behind your numbers
This is where buyers spend the most time and where founder-led businesses fail most often. Expect requests for three to five years of financial statements (audited if you have them — and if you do not, start now, because a missing audit trail is itself a finding), monthly management accounts, revenue recognition policies, debt schedules, working capital history, and aged receivables.
What they are really testing is earnings quality. Is revenue recurring or one-off? Is growth organic? And the founder-business classic: how much owner spending runs through the P&L? Personal vehicles, family salaries, travel that is half business — every regional SME has some of this, and buyers know it. The problem is not the spending; it is discovering it. Adjustments you present upfront, documented and quantified, become part of your normalized EBITDA story. Adjustments the buyer’s accountants find become evidence that your numbers cannot be trusted at face value, and the discount they apply covers everything else they now assume they have not found.
The fix is to run the buyer’s analysis before the buyer does. Normalize your earnings, document every adjustment, and know what the cleaned-up number supports. The free valuation calculator returns an indicative enterprise-value range built on your sector’s multiple band, with the net-debt bridge to equity — the same arithmetic a buyer’s analyst runs in week one. If your asking price and that range are strangers, diligence is where they will be introduced.
Contingent liabilities deserve their own pass: pending disputes, warranty exposure, guarantees signed years ago and forgotten. Off-balance-sheet items found by a buyer are price chips with interest.
Legal due diligence: the paper trail that has to hold
The buyer’s lawyers will ask for corporate records, shareholder agreements, the full contract base, IP registrations, litigation history, and regulatory standing. Founder-led businesses fail here not through wrongdoing but through accumulated informality — and informality reads as risk on a buyer’s checklist.
The single most expensive item in this category is the change-of-control clause. Many commercial contracts let the counterparty terminate, or require consent, when ownership changes. Picture a hypothetical: a services business where a third of revenue sits in contracts with consent-on-transfer clauses nobody has read since signing. Discovered eighteen months before a sale, that is a renegotiation project. Discovered by the buyer mid-diligence, it is a price chip on the affected revenue, an escrow against the consents not yet obtained, and a delay while you ask your biggest customers for permission to sell — which also tells them you are selling.
The UAE adds its own layer. Buyers will check that your trade license activities match what the business actually does, that free zone registrations are current, that beneficial ownership filings are clean, and that the MOA reflects reality. None of this is hard to fix in advance. All of it stalls a deal when found late, because legal findings, unlike financial ones, often cannot be priced — they have to be cured, and curing takes time a deal timetable does not have.
Verbal agreements are contracts you cannot put in a data room. Paper them before the process starts.
Tax due diligence: the new UAE reality
Tax used to be a thin section of GCC diligence. Corporate tax ended that. Buyers now test your corporate tax registration and filings, VAT compliance history, related-party transaction documentation, and the defensibility of any free zone qualifying-income position.
Tax findings behave worse than other findings because the exposure is open-ended: a buyer cannot cap what the authority might assess, so they respond with specific indemnities and dedicated escrows that outlive the rest of the deal. A seller with two years of clean, well-documented filings sails through this section. A seller whose compliance was an afterthought funds an escrow for someone else’s peace of mind.
HR due diligence: contracts, gratuities, and the key-person question
Expect requests for every employment contract, the organization chart, compensation and benefits detail, and — easy to overlook — the accrued end-of-service gratuity liability. That gratuity number sits off the radar of many owner-managed businesses and lands directly in the working capital negotiation when the buyer’s accountants calculate it first.
The harder question in this section is not on any document list: can this business run without you? Buyers probe it through the org chart, through management meetings, through asking your second tier questions you would normally answer. A business where the founder holds the customer relationships, approves every decision, and carries the operating knowledge is, to a buyer, a salary negotiation wearing a company’s clothes. The pricing response is predictable — less cash at closing, more earnout, a longer handcuff period for you. Building management depth is the single highest-return preparation item on this entire checklist, and the one that takes longest; the full playbook is in our guide on how to prepare your business for sale.
Commercial and customer due diligence: where deals actually die
Financial diligence tells the buyer what the business earned. Commercial diligence tells them whether it will keep earning, which is what they are actually buying. Expect customer-level revenue analysis, retention and churn data, contract terms and renewal dates, pipeline quality, and — for any serious buyer — direct customer reference calls.
The anchor number here is customer concentration. Above 20 percent of revenue with a single customer, expect the question in the first management meeting. Materially above that, expect it in the structure: buyers discount the multiple, carve the concentrated revenue into an earnout, or both. This is also the slowest item on the checklist to fix — diversification takes years, not months — which is exactly why it belongs at the top of a pre-sale plan rather than in a mid-diligence defense.
Be equally honest about supplier dependence. A single-source supplier, or one in an unstable jurisdiction, is the same concentration risk wearing different clothes, and the buyer’s operational team will find it.
Operational due diligence: can someone else run this?
Buyers want to see documented processes, operating metrics, capacity and bottleneck analysis, and quality certifications. The underlying question is transferability: does the business run on systems, or on habits living in the heads of the founder and two long-tenured employees?
Documentation feels like busywork until you watch it get priced. A business with written SOPs, clean KPI reporting, and certified processes lets a buyer model the handover with confidence. A business that runs on tribal knowledge forces the buyer to price the risk that the knowledge leaves — through a lower multiple, a longer founder lock-in, or retention escrows for staff they have never met.
IT and data due diligence: the section nobody prepares for
Smaller than the others, but it produces findings with disproportionate leverage because they are concrete and checkable: unlicensed software (an immediate, quantifiable cleanup cost), customer data held without a defensible basis under data-protection rules, no documented security practices, a past breach that was never disclosed. None of these kill a deal alone. Each hands the buyer one more chip, and chips compound.
An afternoon of license audit and a written data-protection policy are among the cheapest items on this list relative to what they remove from the table.
The seller’s due diligence checklist
The condensed version, organized by what to clean before going to market:
Financial. Three to five years of statements, audit trail in place. Owner expenses identified, quantified, documented as normalizations. Revenue recognition consistent. Debt schedule and covenants summarized. Working capital history clean. Contingent liabilities surfaced — by you.
Legal. Corporate records current; shareholder agreements reflect the actual cap table. Every material contract read for change-of-control and assignment clauses, with a consent plan for the flagged ones. IP registered in the company’s name, not yours. Litigation log honest and complete. Trade license, free zone, and beneficial-ownership filings reconciled with reality. Verbal agreements papered.
Tax. Corporate tax and VAT registrations and filings clean. Related-party transactions documented. Free zone positions defensible on paper, not just in practice.
HR. Employment contracts compliant and complete. Gratuity liability calculated before the buyer calculates it. Retention plan for the people the buyer will not close without. Owner-dependence honestly assessed — and reduced.
Commercial. Customer concentration measured quarterly; diversification underway if any client exceeds 20 percent. Contracts, renewal dates, and churn data assembled. Supplier dependence mapped.
Operations. SOPs written for critical functions. KPIs reported consistently. Certifications current.
IT and data. Software licenses audited. Data-protection policy written and followed. Security practices documented.
The same checklist, in the buyer-side format their teams work from, is available as a printable PDF — useful precisely because it shows you the document in the form it will be used against you. Download it here.
Run the process before the buyer does
Everything above reduces to one principle: in due diligence, whoever finds the issue owns the framing. Found by you, a problem is a managed disclosure with a remediation story. Found by them, it is a pricing event.
The sequencing depends on your timeline. If a sale is a year or more out, start with the structural work — concentration, management depth, audit trail — using how to prepare your business for sale as the roadmap. If you are closer to market and need the data room, normalized numbers, and narrative built to a deadline, that is what the Investor Readiness Sprint does in two to three weeks — the same preparation survives buyer diligence and investor diligence, because the questions overlap far more than founders expect. For the process itself — buyer outreach through negotiation and closing — our exit and divestiture advisory runs the sell side end to end.
And if you simply do not know where your business stands against this checklist, that is a 30-minute conversation, not a guess. Book a strategy call and we will walk the list against your actual numbers — the same way a buyer’s team will, except a year earlier and on your side of the table.