Due Diligence in M&A: the bit where the deal stops being a romance and starts being a plumbing inspection

Due diligence is meant to answer a simple question: what am I actually buying? The trouble is that businesses are excellent at looking tidy from a polite distance. Step closer and you discover the corporate equivalent of a “recently refurbished” flat where the bathroom door doesn’t close and the electrics hum when you boil the kettle.

In M&A, due diligence is the phase where optimism meets paperwork, and paperwork meets reality. Done properly, it protects you from inheriting liabilities you didn’t price, buying revenue that doesn’t repeat, or paying “growth multiple” for a business whose best year was 2019. A sensible due diligence process will cover financial, tax, legal, commercial and operational areas, with the emphasis shifting depending on whether you’re buying a service-led business (people, clients, contracts) or an asset-heavy one (plant, property, maintenance, compliance). (British Business Bank) (British Business Bank)

What follows is a practical walk-through of what “normal basic due diligence” looks like, how it differs between service and asset-heavy targets, and the pitfalls that repeatedly turn up—like unserviced machines, “clients” who haven’t been contacted since the Queen’s Diamond Jubilee, and tax nasties that arrive after completion like an uninvited relative staying “just for a few nights”.

The core due diligence workstreams (the boring list that saves you real money)

Most deals—whether you’re buying a software consultancy or a fabrication shop—need a baseline set of checks. The categories are standard for a reason: they’re where surprises hide. (Diligent / DFIN due diligence checklists) (diligent.com)

1) Financial due diligence (what the numbers really mean)

This is not “do the accounts add up?” It’s “are the earnings sustainable, and what’s the quality of those earnings?”

Typical scope:

• Historical performance: audited accounts + management accounts; reconcile the two; check consistency of accounting policies year to year.

• EBITDA normalisation: verify add-backs (owner salary, one-offs, “exceptional” costs that are strangely recurring).

• Working capital: seasonality, debtors ageing, stock quality, creditor terms, and whether the business runs on goodwill and late payments.

• Cash conversion: profit is a theory; cash is a fact. Compare EBITDA to operating cash flow.

• Revenue recognition: especially for projects, subscriptions, retentions, WIP, and deferred revenue.

• Customer concentration: one whale can sink the boat if it swims away.

• Forecasts: stress-test assumptions, pipeline realism, and sensitivity to losing top customers or key staff.

• 
  

2) Tax due diligence (where yesterday’s shortcuts become tomorrow’s invoices)

Tax due diligence exists because you can do everything else right and still end up paying for someone else’s past. It’s also where deals slow down, because once an issue is found, it tends to require either fixing, pricing, or contractual protection. (BDO, 26 June 2025) (BDO UK)

Typical scope:

• Corporation tax: open enquiries, aggressive positions, loss utilisation, group relief, transfer pricing (where relevant).

• VAT: filings, partial exemption, reverse charge issues, overseas VAT risk, and whether controls are robust. (Johnston Carmichael, 3 Oct 2024) (Johnston Carmichael)

• PAYE/NIC: benefits in kind, expenses, termination payments, off-payroll/contractor status risk.

• Stamp taxes: SDLT/SDRT considerations depending on structure and assets.

• R&D claims: legitimacy and documentation (a frequent “looks fine until it doesn’t” area).

• Tax governance: whether the business can evidence how it makes tax decisions and maintains compliance—HMRC cares about process, not just outcomes. (Grant Thornton, 8 Jul 2022) (Grant Thornton UK)

• 
  

A niche-but-important buyer trap: HMRC can, in certain scenarios involving specified goods and VAT fraud risks, make parties jointly and severally liable for unpaid VAT—one reason due diligence isn’t just a finance team hobby. (VAT Notice 726, GOV.UK) (GOV.UK)

3) Legal due diligence (the contract graveyard)

Legal due diligence is the hunt for obligations you inherit and restrictions that block your plans.

Typical scope:

• Corporate: ownership, cap table, shareholder agreements, historic allotments, filings, authorities.

• Material contracts: customer/supplier agreements, change-of-control clauses, termination rights, service levels, pricing protections, rebates.

• Property: leases, break clauses, dilapidations, rent reviews, title issues.

• Litigation: threatened/actual disputes, regulatory complaints.

• IP and data: ownership of IP created by contractors, licences, GDPR compliance, data processing agreements.

• Security/charges: what’s pledged to lenders. In the UK, charges are registered at Companies House, and understanding what security exists matters when you’re buying shares (you’re buying the company with its finance arrangements). (GOV.UK charges guidance; Companies House registration basics) (GOV.UK)

  
  

4) Commercial due diligence (is the market story true?)

This is where you check whether the “strategic rationale” is real or merely PowerPoint-shaped.

Typical scope:

• Market structure: growth, pricing power, disruption risk, competitor mapping.

• Customer reality: why customers buy, switching costs, contract stickiness, procurement behaviour.

• Sales pipeline: conversion rates, average cycle length, dependency on a founder’s relationships.

• Reputation: reviews, renewal patterns, complaint data, key account interviews where possible.

  
  

5) Operational due diligence (how the sausage is made)

Operations DD is the bridge between “it makes money” and “it can keep making money after we arrive”.

Typical scope:

• Process mapping: key workflows, bottlenecks, single points of failure.

• Systems: finance stack, CRM, ERP, cybersecurity basics, backup and access controls.

• People dependencies: who actually knows how it works; what happens if they leave.

• Quality & compliance: certifications, audit history, incident logs.

  
  

6) People / HR due diligence (the asset that can resign)

Service businesses live and die by people, but even asset-heavy businesses can be crippled by losing the wrong operations manager.

Typical scope:

• Employment contracts: restrictive covenants, notice periods, bonus schemes, commission structures.

• Pensions: deficits, auto-enrolment compliance, historic issues.

• Claims: grievances, tribunals, settlement agreements.

• TUPE (when relevant): in asset deals/business transfers, employee obligations can transfer and the seller has information duties. (Brodies, 9 Dec 2025; TUPE overview commentary) (Brodies LLP)

  
  

7) ESG / environmental due diligence (especially when there’s land, plant, waste, or regulation)

If you buy a site, you can buy its history. Environmental risk is often “low probability, high cost”.

Typical scope:

• Permits and licences

• Waste handling and hazardous materials

• Contamination risk

• Health & safety record

• Supply chain and modern slavery exposure

(ESG DD framing) (toolkit.bii.co.uk)

Due diligence for service-oriented businesses (where the “assets” drink coffee and have opinions)

Service businesses are attractive because they’re often lighter on capital and can scale quickly. They’re also dangerous because the value is usually a mix of relationships, recurring work, and institutional knowledge that may not be written down anywhere sensible.

Here’s what gets special attention.

Revenue quality: the “recurring” that isn’t

Service sellers love the word “retained”. Buyers should love the phrase “show me”.

Key checks:

• Client cohort analysis: how many clients repeat, how often, and at what gross margin.

• Churn and reasons: not the tidy version, the actual one.

• Contract coverage: how much revenue is contracted vs “we’ve worked with them for years”.

• Pricing integrity: discounts granted quietly, price rises that never happened, or one big client on legacy rates.

  
  

The “client list” illusion: names that look like revenue

One of the most common service-business pitfalls is the impressive client list that turns out to be… a museum exhibit.

Red flags:

• A CRM full of “active clients” who haven’t been contacted in 12–24 months.

• Invoices that show sporadic, low-value work dressed up as a “relationship”.

• “Key accounts” where the account manager left and nobody replaced them.

• Pipeline that consists of “waiting to hear back” entries from last spring.

  
  

Fix: sample-test the top clients. Don’t just ask who they are—ask when they last bought, why they buy, and what would make them leave.

Delivery capacity: utilisation, bench, and the founder-shaped hole

Service businesses can look profitable because they’re running hot—too hot.

Key checks:

• Utilisation: billable rates and whether staff are permanently over capacity (burnout risk).

• Bench strength: can the business deliver without heroic effort?

• Founder dependency: who sells, who retains, who smooths complaints, who knows the “real” pricing.

• Talent retention: are key people tied in with proper incentives or just vibes?

  
  

WIP, deferred revenue, and the accounting booby traps

Common traps:

• Unbilled WIP that’s effectively a hope and a spreadsheet.

• Deferred revenue that implies future delivery cost the forecast forgot.

• Project margin drift where scope creep has been quietly absorbed to keep clients happy.

  
  

Regulatory/compliance risk in service businesses

Depending on sector (financial services, healthcare, legal services, recruitment), compliance can be a hidden cost centre.

Look for:

• Evidence of policies actually followed, not just filed.

• Complaint handling, safeguarding, data protection compliance.

  
  

Due diligence for asset-heavy businesses (where the value is bolted to the floor and expensive to fix)

Asset-heavy businesses often look reassuring because you can see the stuff. But physical assets come with a special set of risks: condition, compliance, maintenance, and the fact that metal doesn’t care about your EBITDA multiple.

Asset register integrity: does the list match reality?

Start with the basics:

• Asset register vs physical verification: sample-check serial numbers; confirm location and operational status.

• Ownership/title: is equipment owned outright, financed, leased, or subject to security?

• Encumbrances: lender security/charges can affect what you’re effectively buying in a share deal. (GOV.UK / Companies House charges guidance) (GOV.UK)

  
  

Maintenance and servicing: the quiet killer of forecasts

This is the one buyers routinely underweight, and it shows up right after completion when something vital breaks.

Checks to insist on:

• Service logs: planned preventative maintenance schedules, evidence of completion, contractor invoices.

• Breakdown history: frequency, downtime, root cause, recurring faults.

• Calibration records: critical in regulated manufacturing/medical/measurement environments.

• Spare parts strategy: lead times, obsolescence risk, single-source dependencies.

• Capex backlog: the list of “we’ve been meaning to replace that” items.

Red flags that should change the price or structure:

• Machines serviced “when they need it” (translation: when they break).

• Missing maintenance records because “the engineer keeps it all in his head”.

• A plant that runs fine provided Dave is on holiday leave cancellation standby.

  
  

Environmental, H&S, and permits: the liabilities that stick to the land

If there’s property, waste, chemicals, noise, emissions, or heavy transport, environmental and safety risk can dwarf the deal value.

Checks:

• Permits, inspections, non-compliance notices, incidents.

• Asbestos surveys and building compliance where relevant.

• Contamination risk if there’s historic industrial use.

(General DD framing includes operational and environmental categories; ESG DD rationale) (diligent.com)

Inventory and obsolescence: stock that looks like money but behaves like yoghurt

Key checks:

• Stock ageing, write-offs, and whether slow-moving items are valued like they’re about to sell tomorrow.

• Quality returns and warranty claims (a canary for process issues).

• Supplier terms and exposure to price volatility.

  
  

Customer contracts in asset-heavy businesses: the “service obligation” trap

Asset-heavy businesses often sell products and service them. That service element can be a margin leak if it’s underpriced or uncontrolled.

Checks:

• Warranty terms (actual historic claim rates vs assumptions).

• Service contracts: pricing, response times, penalty clauses, parts costs.

• Field service capability and backlog.

  
  

The pitfall hall of fame (where deals go to develop ulcers)

Here are the recurring problems that show up across both service and asset-heavy deals—and what to do about them.

1) “The data room is complete” (it isn’t)

A data room can be a theatre set: everything looks plausible until you open drawers.

Common signs:

• Documents uploaded in bulk with no index logic.

• Critical schedules “to follow”.

• Management accounts that don’t reconcile to bank statements or VAT returns.

Fix: run a disciplined Q&A log and insist on reconciliations, not explanations.

2) The client list that includes ghosts

You asked for top customers. You received a spreadsheet of names. The business speaks of them fondly. It just hasn’t spoken to them recently.

Fix:

• Tie customer list to invoicing history.

• Sample-call (or at least request evidence of recent engagement and renewal discussions).

• Check that top clients are contractually transferable and not subject to change-of-control termination.

• 
  

3) Servicing and maintenance are “fine” until they aren’t

Particularly in asset-heavy businesses, missing maintenance documentation is not a paperwork issue; it’s an earnings-quality issue.

Fix:

• Treat missing records as a risk premium.

• Build a capex and maintenance catch-up model.

• Consider retention/escrow or specific indemnities for known issues.

  
  

4) Tax liabilities: the deal’s least funny surprise

Tax issues cause delays and price renegotiations because they are often binary: either you’re exposed or you’re protected. (BDO, 26 June 2025) (BDO UK)

Common tax DD issues include VAT errors, employment tax exposure, overseas tax complications, and weak governance around tax risk. (Johnston Carmichael, 3 Oct 2024; Grant Thornton, 8 Jul 2022) (Johnston Carmichael)

Fix:

• Insist on proper tax DD, not a light-touch review.

• Use findings to negotiate warranties/indemnities, retention/escrow, or price adjustment.

• Where risk is specific and quantifiable, ringfence it contractually.

  
  

5) TUPE and people obligations: the “we’ll deal with it later” mistake

In business transfers, employment obligations can transfer—and information must be provided. This isn’t the area to improvise. (Brodies, 9 Dec 2025) (Brodies LLP)

Fix:

• Identify early whether TUPE is in play and build it into your timeline, costs, and communications plan.

  
  

6) Locked box pricing without locked box discipline

Locked box mechanisms can be efficient, but they push more weight onto pre-signing due diligence and leakage protections. (EY locked box vs completion accounts) (EY)

Fix:

• If you’re doing locked box, tighten financial DD and negotiate robust leakage definitions and monitoring.

  
  

7) “Warranty & indemnity insurance will cover it”

W&I insurance can help bridge buyer/seller risk preferences, but it’s not a substitute for due diligence, and insurers typically expect proper legal, financial and tax DD. (Winston & Strawn; W&I DD expectations) (winston.com)

Fix:

• Assume W&I supports a well-run process; it does not rescue a casual one.

  
  

Practical tips for running due diligence so it actually works

• Start with a hypothesis: what is value made of here—people, machines, contracts, IP, location, licences? Then design DD around that.

• Triangulate everything: if management say “top 20 clients are stable”, prove it via invoicing history, contracts, and churn metrics.

• Sample-test, don’t just read: pick transactions, pick customers, pick assets, trace them end-to-end.

• Do site visits early: nothing reveals operational risk like watching the process and asking inconvenient questions.

• Turn findings into deal protections: price, structure (share vs asset), completion accounts/locked box, escrow/retention, specific indemnities, and post-completion covenants.

  
  

Closing thought

Due diligence is not about finding perfection. It’s about finding the truth early enough to price it, structure around it, or walk away with your dignity intact.

If you want, I can also produce a due diligence request list tailored to (1) service businesses and (2) asset-heavy businesses, with a red-flag scoring column and “what to ask for if they dodge the question” prompts—so it’s usable in a real deal, not just educational.

How Lexis Capital Group can help

If due diligence is the plumbing inspection, Lexis Capital Group is the team that turns up with the right tools, asks the awkward questions early, and makes sure the findings change the deal—not just the mood.

We help buyers and sellers through the due diligence phase by:

• Structuring the process properly: a clean, buyer-ready data room, a sensible timetable, and a Q&A log that actually closes issues rather than creating new ones.

• Targeted diligence that matches the business: service-led (client concentration, churn, pipeline reality, key-person risk, delivery capacity) versus asset-heavy (asset register integrity, maintenance and servicing records, capex backlog, compliance, operational fragility).

• Translating issues into deal protections: price adjustments, working capital mechanisms, retention/escrow, specific indemnities, warranty scope, and practical remedies where something can be fixed pre-completion.

• Preventing the classic traps: “clients” that haven’t been contacted in years, unpriced maintenance liabilities, hidden tax exposure, and contracts that quietly allow termination or repricing on a change of control.

• Keeping momentum without cutting corners: the buyer gets confidence, the seller gets a fair outcome, and the deal stays on track because the right questions are asked at the right time.

  
  

If you’re preparing for a sale, we can run a vendor-assist / sell-side readiness review to surface problems before a buyer does. If you’re buying, we’ll help you focus diligence on value drivers and deal-breakers, so you don’t spend weeks measuring things that won’t move the needle while the real risks sit untouched.