← All resources

Checklist · 8 min read

Red flags in data room diligence: what each document actually reveals

A document-by-document map of the signals buyers read in a sell-side data room, and the patterns that experienced acquirers use to assess seller credibility.

A sell-side data room is the primary source of information for buyer diligence. The documents in it answer factual questions about the company, but they also reveal information about the management team, the seller’s preparation, and potential issues the buyer should investigate further. Experienced buyers read data rooms not just for the facts they contain but for the signals they emit.

This guide outlines the standard contents of a sell-side data room, identifies common red flags by document type, and explains what each document type reveals about the company beyond its surface content.

Standard data room structure

A well-organized sell-side data room typically follows a structure something like this:

  1. Corporate and Legal
  2. Financial Information
  3. Commercial and Operations
  4. Customers and Contracts
  5. Suppliers and Procurement
  6. Human Resources
  7. Information Technology
  8. Intellectual Property
  9. Real Estate
  10. Insurance
  11. Tax
  12. Regulatory and Compliance
  13. Environmental, Health and Safety
  14. Litigation and Disputes

The structure itself is informative. A poorly organized data room with inconsistent folder structures, mixed file naming conventions, and overlapping content indicates a seller that is not well-prepared. This often correlates with operational issues that will surface elsewhere in diligence.

What is typically included

Articles of incorporation, bylaws, board minutes, shareholder agreements, capitalization tables, subsidiary structures, prior financing documents, equity grants.

Red flags

  • Board minutes that show frequent CEO replacement, indicating governance instability
  • Shareholder agreements with unusual protective provisions, suggesting prior conflicts among owners
  • Capitalization tables that do not reconcile to financial statements
  • Subsidiary structures with offshore entities that lack clear operational purpose
  • Equity grants to non-employees without clear consideration

What this section reveals

The corporate documentation reveals how the company is governed, who holds real decision-making authority, and how the cap table has evolved. Sophisticated buyers read the board minutes in detail to understand the decision-making history of the company.

Financial Information

What is typically included

Audited financial statements (typically 3-5 years), management accounts (typically monthly for the last 24-36 months), management’s reporting package, KPI dashboards, budget vs. actual comparisons.

Red flags

  • Audit opinions with qualifications, emphasis-of-matter paragraphs, or going concern flags
  • Significant differences between audited statements and management accounts
  • Recent change of auditor without clear explanation
  • Restated prior periods with limited disclosure of the reason for restatement
  • Working capital trends that suggest aggressive recognition of revenue or deferral of expense
  • Cash conversion that materially trails EBITDA, suggesting accrual quality issues
  • One-time adjustments that recur year after year, suggesting they are not truly one-time
  • Significant related party transactions
  • Inventory growth that outpaces revenue growth
  • Aging accounts receivable that suggests collection issues

What this section reveals

The financial section reveals not just the company’s performance but the quality of its financial controls and the management’s discipline. Companies with clean, well-organized financial documentation typically have stronger underlying operations.

Commercial and Operations

What is typically included

Product or service descriptions, operational KPIs, capacity utilization, supply chain documentation, quality metrics, customer satisfaction data.

Red flags

  • Operational KPIs that have deteriorated over time without explanation
  • Capacity utilization significantly below or above industry norms
  • Quality metrics that have declined materially in recent periods
  • Customer satisfaction data that has not been measured consistently
  • Operational documentation that appears to have been created specifically for the data room rather than from ongoing reporting

What this section reveals

Commercial documentation reveals whether management actually runs the business with operational discipline or whether the operations are managed informally and the documentation was assembled for the diligence process.

Customers and Contracts

What is typically included

Customer list with revenue contribution, key customer contracts, churn data, customer concentration analysis, sales pipeline, customer health metrics.

Red flags

  • Top customer concentration above 20-30% of revenue without clear contractual protection
  • Customer contracts with short remaining terms, suggesting renewal risk
  • Customer churn that is increasing in recent periods
  • Sales pipeline that does not align with revenue projections
  • Customer health metrics that suggest deteriorating relationships
  • Material change of control provisions that could allow customers to exit on a transaction
  • Customer contracts with unusual pricing terms or rebates that may not be sustainable
  • Recent loss of a major customer not yet reflected in the projections

What this section reveals

The customer section reveals the durability of revenue. Strong customer documentation with low concentration, long contract terms, and stable health metrics supports the equity story. Weak customer documentation undermines it.

Suppliers and Procurement

What is typically included

Top supplier list, key supplier contracts, supply chain risk analysis, procurement spend by category.

Red flags

  • Single-source suppliers for critical inputs without backup options
  • Supplier contracts with unfavorable pricing escalators
  • Recent supplier disputes or quality issues
  • Material change of control provisions in supplier contracts
  • Supplier concentration that exceeds industry norms

What this section reveals

Supplier documentation reveals operational risk exposure that may not be visible in the financial statements. Single-source dependencies are particularly important for buyers planning to make operational changes.

Human Resources

What is typically included

Org chart, employee census, compensation arrangements, key person agreements, benefits documentation, employment policies, training programs.

Red flags

  • Senior team tenure that is short relative to the maturity of the business, suggesting recent turnover
  • Compensation arrangements that include unusual deferred compensation or change-of-control provisions
  • Key person agreements that allow critical employees to exit on a transaction
  • Benefits programs with material underfunded liabilities (pensions, retiree health)
  • Pending labor disputes or unionization activity
  • Wage compliance issues, particularly in regulated industries

What this section reveals

HR documentation reveals the strength of the human capital that the buyer is acquiring. It also reveals retention risk, which employees may exit, and at what cost to replace them.

Information Technology

What is typically included

Technology architecture, IT inventory, software license register, cybersecurity policies, recent incident reports, system roadmap.

Red flags

  • Aging infrastructure with significant deferred capital expenditure
  • Software licenses that may not transfer on a change of control
  • Recent cybersecurity incidents, particularly those not yet disclosed publicly
  • Lack of documented disaster recovery or business continuity capability
  • IT systems heavily dependent on a small number of internal personnel
  • Cloud spend that has not been optimized

What this section reveals

IT documentation reveals the technology debt the buyer will inherit and the operational risk associated with the technology stack. Deferred IT investment is a common source of post-transaction surprise costs.

Intellectual Property

What is typically included

Patent register, trademark register, copyright register, domain name register, IP assignments from employees and contractors, licensing agreements.

Red flags

  • IP not properly assigned from employees or contractors
  • Open-source software dependencies without proper compliance
  • Trademark disputes or oppositions
  • Pending patent applications without prosecution updates
  • Domain name registrations that are not consolidated or near expiration
  • IP licensing agreements that may not survive a change of control

What this section reveals

IP documentation reveals the durability of the company’s competitive moat. Weak IP documentation suggests that the company’s positioning may not be as defensible as the equity story claims.

Tax

What is typically included

Tax returns (federal, state, international), tax provision workpapers, transfer pricing documentation, recent audits and settlements, deferred tax positions.

Red flags

  • Material uncertain tax positions
  • Ongoing tax audits, particularly in multiple jurisdictions
  • Transfer pricing documentation that does not align with the operational structure
  • Recent changes in tax structure that may not be sustainable
  • Significant deferred tax assets that depend on future profitability
  • International operations without clear tax planning

What this section reveals

Tax documentation reveals exposure to material liabilities that may not appear on the balance sheet. Tax issues are a common source of post-closing claims.

Regulatory and Compliance

What is typically included

Required licenses and permits, compliance program documentation, recent regulatory inspections, pending regulatory matters, sanctions screening, anti-bribery and corruption policies.

Red flags

  • Pending regulatory enforcement actions
  • Compliance program that exists on paper but not in practice
  • Recent inspection findings that have not been remediated
  • Operations in jurisdictions with elevated compliance risk
  • Limited or no documentation of anti-bribery training

What this section reveals

Regulatory documentation reveals the company’s relationship with its regulators and its operational discipline in regulated areas. Weak regulatory documentation can be deal-breaking in heavily regulated sectors.

Litigation and Disputes

What is typically included

Litigation register (pending and threatened), settled disputes in recent years, attorney letters, insurance recovery documentation, key disputes with customers, suppliers, or employees.

Red flags

  • Material pending litigation not adequately reserved
  • Pattern of settled disputes that suggests systemic issues
  • Threatened litigation that is not yet in the litigation register
  • Attorney letters that disclose more matters than the litigation register
  • Disputes with customers or key suppliers
  • Class action exposure

What this section reveals

Litigation documentation reveals contingent liabilities and operational issues. The quality of the documentation also reveals how the company manages legal risk generally.

Cross-document signals

Beyond document-specific red flags, sophisticated buyers look at the data room holistically. Some patterns indicate broader issues:

  • Documents that are dated very close to the data room launch suggest they were created for the process rather than from ongoing operations
  • Inconsistent file naming conventions and folder structures suggest weak operational discipline
  • Significant differences in document quality across sections suggest the seller has prepared some sections carefully and rushed others
  • Missing documents in standard categories (e.g., no customer contracts, no IT documentation) suggest either operational gaps or selective disclosure

Further reading

  • ABA M&A Committee publications on diligence best practices
  • Practising Law Institute treatises on M&A diligence
  • Industry-specific diligence checklists from major law firms
  • PEI Group publications on private equity diligence standards
  • Deloitte, PwC, EY, and KPMG transaction services group white papers

Ready to evaluate NaS_OS on your own data room? Explore the product or browse the blog.

Apply for Access