Every bad deal looked good in the deck. The numbers grew, the market was huge, the founders were impressive, and the synergies were going to pay for the whole thing. Due diligence is the part where you stop reading the deck and start checking whether any of it is true, before the money leaves the building.

The quick version

  • Due diligence is a test, not a tour. It exists to find the reasons not to do the deal, and to re-price the ones you can live with, before you are committed.
  • It runs in workstreams. Financial, commercial, legal, operational, tax, people, technology and IP, each a different lens on one question: what am I actually buying?
  • The biggest risk is your own enthusiasm. Most diligence confirms a decision already made. The discipline is letting it have the power to kill the deal.
  • It pays off only if it can change the price or the walk-away point. A finding that arrives after the offer is signed is a regret, not a control.

The idea in depth

Strip away the jargon and due diligence is one move: before you commit, you investigate. You verify the facts a counterparty has presented, you surface the ones they haven't, and you decide, with evidence rather than optimism, whether the deal is worth its price. The phrase comes from securities law, but the principle is broader than any acquisition: you run diligence whenever the cost of being wrong is large and the other side knows more than you do.

And the cost of being wrong is large. The uncomfortable backdrop to this whole topic is that most deals disappoint. In their 2011 Harvard Business Review article "The Big Idea: The New M&A Playbook," Clayton Christensen and colleagues note that "study after study puts the failure rate of mergers and acquisitions somewhere between 70% and 90%." Diligence is the main place that failure rate is supposed to be caught. The honest question is why it so often isn't, and the answer is rarely a missing spreadsheet.

The job is to disconfirm, not to confirm

The deepest theory under good diligence isn't financial, it's behavioural. In 1986, the financial economist Richard Roll published "The Hubris Hypothesis of Corporate Takeovers" in the Journal of Business. His puzzle: if buyers gain little or nothing on average while sellers pocket a fat premium, why do acquirers keep bidding? His answer was the winner's curse. When many parties bid on something of genuinely uncertain value, the winner is disproportionately the one who overestimated it most. Hubris, the manager's confidence that their valuation is the right one, is what makes them comfortable paying the cursed price.

This reframes what diligence is for. If the danger is that you've already fallen for the deal, then a process designed to confirm your decision is worse than useless, it launders a bias into a justification. The evidence that this happens is not just academic. Bain & Company reports that only about one in three corporate-development executives they surveyed are satisfied with how their firms run deal diligence, and that roughly half of deals larger than $250 million fail to deliver the returns promised. So the move is: assign someone to argue the deal should die. Give a named person or team the explicit job of building the case against, the bear thesis, the reasons this is the cursed bid, and make them present it to the same room that hears the optimists. A deal that survives a real disconfirming attempt is a stronger deal. One that can't is one you just avoided.

Diligence done as a checklist confirms the decision you already made. Done as a test, it earns the right to make one.

Different lenses see different risks

"What am I buying?" is too big a question to answer in one go, so diligence breaks into workstreams, each with its own specialists and its own failure modes. The four that carry the most weight:

  • Financial, are the earnings real and repeatable? The centrepiece here is a quality of earnings (QoE) analysis. Where an audit checks that the accounts comply with standards, a QoE strips out one-off, non-recurring and owner-flattering items to find the business's true, sustainable earning power, the number you'll actually be paying a multiple of. It also tests revenue quality and customer concentration: a "growing" business that depends on one client is a different risk than the headline implies.
  • Commercial, is the market real? Financial diligence tells you what the business earned; commercial diligence asks whether it can keep earning it. It pressure-tests demand, competitive position, pricing power and the growth assumptions baked into the price. Bain points to commercial diligence as the weak link in the value chain, the workstream where over-priced deals most often come apart.
  • Legal, what could blow up? Contracts (and their change-of-control clauses), litigation, regulatory exposure, and ownership of the intellectual property you think you're buying. This is where a "great asset" turns out to be licensed, encumbered, or about to be sued.
  • Operational, can it actually run, and can you integrate it? Org structure, key-person dependency, systems, supply chain, and the unglamorous question of whether the two businesses can be stitched together without breaking either.
flowchart TB
    Q(["What am I really buying?"]) --> F(["Financial, are the earnings real & repeatable? (QoE)"])
    Q --> C(["Commercial, is the market & demand real?"])
    Q --> L(["Legal, contracts, litigation, IP, regulation"])
    Q --> O(["Operational, can it run, scale & integrate?"])
    F --> V(["A re-priced offer, or a walk-away"])
    C --> V
    L --> V
    O --> V
The workstreams are different lenses on one question; each must be able to change the offer. Leaders Loop

The practical discipline: for each workstream, agree in advance what finding would change the price and what finding would end the deal. A risk you've named and priced is manageable; a risk you discover after signing is a write-down. Which brings up the honest limitation of all of this.

What diligence can't do

Diligence reduces risk; it does not abolish it. A determined seller can hide things from even a thorough buyer. The most-cited cautionary tale is Hewlett-Packard's 2011 purchase of the software firm Autonomy for about $11 billion: roughly a year later HP took an $8.8 billion writedown, blaming what it called serious accounting improprieties at Autonomy, despite diligence support from major accounting firms. (A 2025 UK High Court judgment later called HP's fraud claim "substantially exaggerated" and traced most of the loss to overpayment, awarding HP far less than it sought, itself a lesson about not blaming the seller for a price you chose.) The point isn't that diligence is futile. It's that diligence buys you better-priced risk, not certainty, and its single biggest weakness is a process you run to reassure yourself rather than to test yourself.

A worked example

The figures below are illustrative, a composite scenario, not a real company, chosen to show the mechanics.

Imagine a logistics firm, "Northbridge," looking to acquire "Cartwheel," a regional delivery business. Cartwheel's deck shows £6m of EBITDA and 20% annual growth. At an 8× multiple, that's a £48m valuation, and the deal team, who have spent four months on it and would quite like to close, are keen.

Diligence does three things to that story. Financial: the QoE finds that £1m of the £6m EBITDA is a one-off pandemic-era contract that won't repeat, and a further £0.4m is the founder's under-market salary that a buyer would have to top up. True sustainable EBITDA is closer to £4.6m. Commercial: the 20% growth turns out to be one large retail client who is mid-tender with a competitor, concentration risk the deck never flagged. Legal: Cartwheel's two biggest contracts contain change-of-control clauses, so the customers can walk on day one of the acquisition.

None of this means the deal is dead. It means the deal is different. At 8× a real £4.6m, the business is worth around £37m, not £48m, and the customer-concentration and change-of-control findings justify either a lower multiple or an earn-out that ties part of the price to those clients staying. The diligence didn't kill an £11m problem; it moved £11m of value from the seller's side of the table to the buyer's, and replaced a leap of faith with a structured bet. That is the entire job.

flowchart LR
    A(["Deck: £6m EBITDA × 8 = £48m"]) --> B(["QoE: strip non-recurring + owner add-backs → £4.6m"])
    B --> C(["Commercial: single-client concentration found"])
    C --> D(["Legal: change-of-control clauses found"])
    D --> E(["Re-priced ~£37m + earn-out on key clients"])
Illustrative only. Each finding moves the price or restructures the deal, it doesn't just describe the company. Leaders Loop

Frequently asked questions

How long does due diligence take?

It varies with deal size and complexity, a small bolt-on might be weeks, a large cross-border acquisition several months. The more useful answer is that the calendar matters less than the timing relative to the offer. Diligence that finishes before you commit to a price can change the deal; diligence that finishes after merely confirms what you're already obligated to do. Bain's argument cuts the same way: treat diligence as the test that tells you what you don't know you don't know, not the audit that confirms what you already believe, and run it while the price is still movable.

Who actually does it?

A mix. Financial diligence is usually led by accountants (often producing the QoE report); legal by lawyers; commercial by a strategy team or specialist consultancy; operational and technical by internal experts or hired specialists. The deal lead's job isn't to do every workstream, it's to make sure each one can genuinely influence the decision, and that nobody's findings get quietly buried because they're inconvenient.

Isn't this just for buying companies?

No. The same discipline applies to taking an investment, signing a major partnership or joint venture, onboarding a critical supplier, or vetting a senior hire. Anywhere the cost of being wrong is high and the other side knows more than you, the move is the same: investigate before you commit. (For the partnership case specifically, see joint ventures, alliances & strategic partnerships.)

What are the classic red flags?

Earnings that lean heavily on one-off items or one customer; reluctance to share data or restricted access to management; numbers that change between meetings; aggressive accounting (revenue booked early, costs deferred); key contracts with change-of-control or short termination clauses; and a founder whose departure would take the business with them. None is automatically fatal, but each is a reason to investigate harder, not to look away.

How is due diligence different from valuation?

They feed each other. Valuation estimates what the business is worth; diligence tests whether the inputs to that estimate are true. A QoE finding that earnings are smaller and lumpier than claimed flows straight into the valuation model, which is why the two should never be run in isolation.

Related in the Toolkit

Where to go next