The Due Diligence Checklist (By Deal Type)
A due diligence checklist is the difference between a deal that closes on schedule and one that dies in the data room from a thousand small "can you send us that?" emails. I have run diligence from bo
On this page
- What a due diligence checklist actually does
- The master due diligence checklist (by category)
- Corporate and legal
- Financial
- Commercial and customers
- Technology and product
- People and HR
- Contracts, compliance, and risk
- How to use the checklist (without drowning the other side)
- Adjusting the checklist by deal type
- Fundraising (seed to growth)
- Mergers and acquisitions
- Technical and product diligence
- Commercial and customer-focused diligence
- Mapping the checklist to your data room
- A quick pre-launch sanity check
- Frequently asked questions
- How long should a due diligence checklist be?
- Who is responsible for filling out the checklist?
- When should I start building the checklist?
- Does the checklist change for an acquisition versus a fundraise?
- How does a data room relate to the checklist?
- What is the single most common diligence mistake?
A due diligence checklist is the difference between a deal that closes on schedule and one that dies in the data room from a thousand small "can you send us that?" emails. I have run diligence from both sides of the table, as a founder raising capital and as the person reviewing documents on an acquisition, and the pattern is always the same: the deals that move fast are the ones where someone built a real checklist before the first request list ever arrived.
This guide gives you copyable checklists organized by category and by deal type, explains how to use them, and shows how a well-structured data room maps to each line item. If you want the strategic background first, start with the broader due diligence guide and come back here when you are ready to build the list itself.
What a due diligence checklist actually does
A checklist does two jobs at once. For the party being reviewed, it is a preparation tool that tells you exactly what to gather before anyone asks. For the party doing the review, it is a coverage map that ensures nothing important slips through because everyone assumed someone else was checking it.
The mistake I see most often is treating the checklist as a one-time document dump. It is a living index. Every item should have an owner, a status, and a home in your data room. I keep mine in a shared sheet alongside the room: one column for the item, one for the responsible person, one for status (not started, in progress, in room, N/A), and one for the exact folder path where the document lives. That last column is what makes a room feel organized to the other side. They are not hunting; they are reading.
The master due diligence checklist (by category)
This is the core list. It applies to most equity raises and acquisitions of operating companies. Use it as your spine, then add or trim based on the deal-type sections further down.
Corporate and legal
| Item | Why it matters | Typical owner |
|---|---|---|
| Certificate of incorporation and bylaws | Confirms the entity exists and how it is governed | Legal / founder |
| Cap table (fully diluted) | Shows who owns what, including options and SAFEs | Finance / founder |
| Board and stockholder consents | Proves major decisions were properly approved | Legal |
| Stock option plan and grant records | Verifies equity issuance is clean | Finance |
| Prior financing documents (SAFEs, notes, prior rounds) | Surfaces conversion terms and investor rights | Legal |
| Corporate org chart and subsidiary list | Maps the legal structure | Founder |
| Good standing certificates | Confirms the company is current in each state of operation | Legal |
Financial
| Item | Why it matters | Typical owner |
|---|---|---|
| Income statements (3 years or since inception) | Shows revenue and cost trends | Finance |
| Balance sheets and cash flow statements | Reveals liquidity and obligations | Finance |
| Monthly management accounts | Demonstrates operating rhythm | Finance |
| Financial model and assumptions | Connects history to projections | Founder / finance |
| Accounts receivable and payable aging | Flags collection and payment risk | Finance |
| Bank statements and reconciliations | Verifies the numbers are real | Finance |
| Tax returns and any open audits | Surfaces tax exposure | Accountant |
For anything in this category, the depth of review escalates fast in a buyout. If your deal is acquisition-driven, the dedicated financial due diligence walkthrough covers quality-of-earnings analysis and the adjustments buyers actually make.
Commercial and customers
| Item | Why it matters | Typical owner |
|---|---|---|
| Customer list with revenue concentration | Shows dependency risk | Sales |
| Top customer contracts | Reveals terms, renewal, and termination rights | Legal / sales |
| Churn and retention data | Indicates product stickiness | Finance / ops |
| Pipeline and bookings report | Signals forward momentum | Sales |
| Pricing and discount policy | Explains margin behavior | Sales |
| Key partnership and reseller agreements | Maps revenue dependencies | BD |
Technology and product
| Item | Why it matters | Typical owner |
|---|---|---|
| Architecture overview and tech stack | Shows how the product is built | Engineering |
| IP assignment agreements (all contributors) | Confirms the company owns its code | Legal / eng |
| Open-source license inventory | Flags licensing risk | Engineering |
| Security policies and any audit reports | Demonstrates security posture | Security |
| Uptime, incident, and infrastructure records | Reveals reliability | Engineering |
| Product roadmap | Signals where the product is going | Product |
People and HR
| Item | Why it matters | Typical owner |
|---|---|---|
| Org chart with headcount and comp | Shows team structure and cost | HR / finance |
| Employment and contractor agreements | Confirms terms and IP assignment | HR / legal |
| Key-person and non-compete arrangements | Flags retention risk | Legal |
| Benefits and any equity-linked plans | Surfaces obligations | HR |
| Any pending HR disputes | Reveals liability | Legal |
Contracts, compliance, and risk
| Item | Why it matters | Typical owner |
|---|---|---|
| Material supplier and vendor contracts | Maps operational dependencies | Ops |
| Insurance policies | Shows coverage | Finance |
| Litigation history and pending claims | Surfaces legal exposure | Legal |
| Regulatory licenses and permits | Confirms the right to operate | Compliance |
| Data privacy and processing documentation | Flags GDPR and similar exposure | Legal / security |
How to use the checklist (without drowning the other side)
A checklist only helps if the workflow around it is disciplined. Here is the sequence I use every time.
- Build the list before the room. Populate the categories above, mark anything genuinely "not applicable" as N/A so it is clearly intentional, and assign every remaining item an owner.
- Gather to a status, not to perfection. Get each item to "in room" or to a clear note explaining why it is delayed. A half-built room with honest status notes beats a pretty empty one.
- Structure the room to match the checklist. Your folder tree should mirror your categories, so when a reviewer opens "03 Financial," they find exactly what the financial checklist promises, in order.
- Map every line item to a folder path. This is the step most people skip, and the one that saves the most time. When a request comes in, you reply with a folder, not an attachment.
- Track requests against the list. Log each incoming request against its checklist line. If a category generates a flood of follow-ups, that is a signal you under-prepared it.
Diligence fatigue is real, and every disorganized request adds a day. A room that maps cleanly to a recognizable checklist tells the other side you run a tight operation, and that impression carries into price and terms. For a deeper treatment of the room layout itself, the virtual data room due diligence guide breaks down folder structures and access controls in detail.
Adjusting the checklist by deal type
The master list is the spine. What changes between deal types is the emphasis and the extra sections you bolt on.
Fundraising (seed to growth)
For a raise, investors weight the cap table, the financial model, customer concentration, and the team. They care less about exhaustive contract review and more about whether the story holds up. Keep the corporate and financial sections airtight, and add a clean metrics dashboard (growth, retention, burn, runway). The room I set up for our own raise lived or died on how fast an investor could move from the deck to the supporting numbers, so the financial folder sat right at the top.
Mergers and acquisitions
An acquisition is where the checklist expands the most. Buyers review everything in the master list plus integration questions, working-capital adjustments, change-of-control clauses in every material contract, and indemnification exposure. The legal and contracts sections balloon. If you are on either side of a sale, the m&a due diligence guide covers the additional workstreams (regulatory clearance, transition planning, escrow) that a fundraise never touches.
Technical and product diligence
When the target is a software business, or when an investor is technically minded, the technology section gets its own deep review: code ownership, architecture scalability, security audits, and technical debt. A clean IP assignment chain for every single contributor is non-negotiable here. The technical due diligence breakdown goes line by line through what reviewers actually inspect in the codebase and infrastructure.
Commercial and customer-focused diligence
For buyers focused on revenue durability, the commercial section leads. Market position, competitive dynamics, customer interviews, and the realism of the growth plan all come under scrutiny. The commercial due diligence guide and the customer due diligence guide cover, respectively, the market-and-strategy lens and the narrower compliance-and-identity checks (KYC, AML, sanctions screening) that regulated transactions require.
Mapping the checklist to your data room
A checklist and a data room are two views of the same thing. The checklist is the index; the room is the shelf. The closer they mirror each other, the less friction the deal carries. I structure rooms with numbered top-level folders that match the checklist categories exactly, so the order is predictable:
| Folder | Checklist category it serves |
|---|---|
| 01 Corporate | Corporate and legal |
| 02 Financial | Financial |
| 03 Commercial | Commercial and customers |
| 04 Technology | Technology and product |
| 05 People | People and HR |
| 06 Contracts and compliance | Contracts, compliance, and risk |
| 07 Deal-specific | Whatever the deal type adds |
Inside each folder, I name files so they read as answers, not raw dumps: "2024 Audited Financials" rather than "scan_final_v3." Numbering folders forces a deliberate order and keeps the room from drifting into alphabetical chaos.
This is where the tooling earns its keep. I run our rooms in Plox because it shows me exactly which documents each reviewer opened and for how long, which tells me where the real questions are forming before they hit my inbox. Granular access controls also let me stage sensitive items (detailed customer contracts, for instance) behind a separate permission so they only open up once a deal is serious. Plenty of teams run good diligence in other tools too; the principle matters more than the brand. What matters is that the room maps to the checklist and that you can control and observe access. For a ready-made folder skeleton, the due diligence data room checklist gives you a structure to copy directly, and the best data room for due diligence comparison weighs the options if you are still choosing a platform.
On budget, data room pricing ranges from free tiers up to enterprise quotes that depend on data volume, number of users, and contract length. Most providers price per user, per page, or on a flat monthly plan, and the spread is wide. Rather than anchor on a single number, the virtual data room cost breakdown explains the pricing models so you can match one to your deal size, and the current pricing page lists what Plox charges.
A quick pre-launch sanity check
Before you send the first invite, run the room against five questions:
- Does every checklist item have a status and an owner?
- Does the folder tree match the checklist categories one to one?
- Is anything marked N/A genuinely not applicable, with a note explaining why?
- Are sensitive documents staged behind appropriate access controls?
- Can a reviewer get from "first login" to "core financials" in under a minute?
If you can answer yes to all five, you are more prepared than most companies that walk into a raise or a sale. The checklist did its job before the diligence even started.
Frequently asked questions
How long should a due diligence checklist be?
There is no fixed length. A seed-stage raise might run 40 to 60 line items; a mid-market acquisition can run into the hundreds once you account for every contract and jurisdiction. The right length is the one that covers your actual risk surface without padding the list with items that do not apply. Mark non-applicable items as N/A rather than deleting them, so reviewers can see you considered and dismissed them.
Who is responsible for filling out the checklist?
Both sides build a version. The company being reviewed builds a preparation checklist to assemble its documents, and the reviewing party builds a coverage checklist to make sure nothing is missed. In practice the company-side list does most of the heavy lifting, because a well-prepared room answers most reviewer questions before they are asked. Assign each line item to a specific owner so accountability is clear.
When should I start building the checklist?
Before you start the data room, and ideally before you even decide to raise or sell. The companies that close fastest treat diligence readiness as an ongoing habit, keeping core corporate, financial, and contract documents current year-round. If you are starting cold, give yourself two to four weeks to assemble a solid room, longer for a complex acquisition.
Does the checklist change for an acquisition versus a fundraise?
Yes. The master categories stay the same, but acquisitions add substantial weight to legal, contracts, and integration items: change-of-control clauses, working-capital adjustments, indemnification, and regulatory clearance. A fundraise leans harder on the cap table, the financial model, and the growth story. Start from the master list and bolt on the deal-specific section that matches your situation.
How does a data room relate to the checklist?
The checklist is the index and the data room is where the documents live. The best setups mirror each other: numbered folders that match the checklist categories, files named as clear answers, and every line item mapped to a folder path. That mapping is what turns a request into a two-second reply ("see folder 02 Financial") instead of an inbox search.
What is the single most common diligence mistake?
Building a room without a checklist behind it. A pile of documents with no index forces reviewers to hunt, which generates follow-up requests, which adds days, which erodes confidence. Build the checklist first, structure the room to match it, and assign owners to every item. Everything else is downstream of that discipline.
Written by Aryan Pereira · Co-founder, Plox
Aryan co-founded Plox. He works on the product side, mostly on how viewers experience a shared link and what the sender gets to see back.
Connect on LinkedIn