Due Diligence Explained: What Investors Will Ask About

sayanmalakar339@gmail.com

Master startup due diligence (2025): Financial audit checklist, team credential verification, customer reference calls, legal documentation review, technical code audit, what VCs evaluate, how to prepare comprehensive data room.

Table of Contents

What is Due Diligence and Why It Matters

Due diligence is the investigative process investors conduct before writing a check. They’re evaluating: Is this company real? Are the numbers truthful? Can this team execute? Are there hidden legal risks? Is the technology sound? Due diligence is systematic risk assessment

For founders, due diligence can feel intrusive. Investors ask for everything: financial records, customer lists, code repositories, employment agreements, IP documentation. But this is normal. Due diligence is not a personal attack; it’s institutional rigor

Why Investors Conduct Rigorous Due Diligence

  • Capital at risk: VCs are investing $500K-$10M+. They need confidence the money is going somewhere sound
  • LP accountability: VCs answer to limited partners (pension funds, endowments, family offices). They must be able to justify every investment
  • Reduce surprises: The last thing a VC wants is to close a deal, then discover 3 months later the company has a lawsuit pending or the product doesn’t work
  • Board protection: VCs will take board seats. They have fiduciary duty. Due diligence protects them legally

Key insight: Most deals die during due diligence, not during pitching. A bad investor meeting is survivable. Failing due diligence is not. The most important time to be honest is during due diligence

Due Diligence Timeline and Process

Due diligence typically takes 6-12 weeks from start to finish. It has phases

Due Diligence Phases

Phase Duration What Happens Key Stakeholders
Phase 1: Scoping Week 1-2 VC identifies key risks, requests preliminary financial statements and cap table, schedules interviews VC partner, CFO/Bookkeeper
Phase 2: Financial Deep Dive Week 2-5 Financial auditors review 3-5 years of statements, tax returns, contracts, burn rate, projections Accountants, Founders, CFO
Phase 3: Team & Background Checks Week 2-6 Reference checks on founders, background checks on key employees, LinkedIn verification VC partner, Recruiters, References
Phase 4: Customer & Product Validation Week 3-7 Customer reference calls (8-10 customers), product demo, review of customer data VC partner, Customer contacts, PM
Phase 5: Legal & Compliance Week 4-8 Legal review of incorporation docs, IP, contracts, litigation history, tax compliance VC counsel, Startup counsel, Founders
Phase 6: Technical Review Week 5-10 Code repository review, infrastructure audit, security assessment, tech debt evaluation Technical experts, CTO, Engineers
Phase 7: Final Review & Decision Week 10-12 VC partners review findings, create final due diligence report, decide to proceed or kill VC partners, Board

Timeline note: These phases overlap. While financial auditors are diving deep, team checks and customer calls happen simultaneously. But the critical path is: Financials → Legal → Technical → Final decision

Financial Due Diligence: The Audit Investors Conduct

Financial due diligence is typically the longest and most detailed phase. Investors hire accountants to audit your financials. They’re looking for three things: (1) accuracy, (2) sustainability, (3) growth trajectory

What Accountants Review

1. Financial Statements (3-5 Years)

Income Statement (P&L): Revenue, expenses, gross profit, operating profit, net profit. Accountants track trends. Is revenue growing? Are expenses controlled? Are you approaching profitability?

Balance Sheet: Assets (cash, equipment, receivables), liabilities (debt, payables), equity. Shows financial position snapshot. Are you cash-strapped? Do you have hidden debt?

Cash Flow Statement: Shows actual cash in/out (not just accrual accounting). Cash flow is king for startups. You can be profitable on paper but insolvent in reality if cash timing is wrong

2. Unit Economics Analysis

Accountants calculate: CAC (customer acquisition cost), LTV (lifetime value), churn, gross margin, burn rate. They want to know: Does the business model work? Are you heading toward unit economics that make sense?

Red flag: If CAC is $1,000 and LTV is $1,500, you’re barely profitable and vulnerable to market changes. Good unit economics: CAC $500, LTV $3,000+ (3:1 ratio or better)

3. Burn Rate and Runway

How much cash are you burning monthly? How many months of runway remain? If burn is $100K/month and you have $500K cash, you have 5 months. That’s aggressive. VCs want to see 12+ months runway at time of investment

4. Revenue Recognition and Accounting Standards

Are you following GAAP (Generally Accepted Accounting Principles) or equivalent standards? Have you recognized revenue correctly (especially for multi-year contracts)? Are there accounting irregularities?

Red flag: If you’re using non-standard accounting, accountants will restate your financials (which looks bad)

5. Tax Compliance

Have you filed all tax returns? Do you owe back taxes? Are there outstanding audits? Tax issues are litigation risks

Financial Documents Checklist: What to Prepare

Core Financial Documents (All Startups)

  • Last 3-5 years of financial statements: Income statement, balance sheet, cash flow (monthly for last 12 months, quarterly before that)
  • Tax returns and filings: Corporate tax returns, payroll tax filings, sales tax returns (if applicable)
  • Bank statements: Last 12 months from all operating accounts and investment accounts
  • Cap table: Equity ownership (founders, investors, employee options). Who owns what percentage
  • Financial projections: 3-5 year forward-looking income statement, balance sheet, cash flow. How you’ll use capital
  • Monthly financial summaries: Last 12 months MRR, ARR, customer count, churn, CAC, LTV if applicable

Supporting Documentation

  • Debt schedule: List all outstanding debt (term loans, convertible notes, lines of credit). Interest rates, terms, covenants
  • Customer contracts and invoices: 20-30 largest customers’ contracts showing pricing and terms
  • Expense documentation: Payroll register, vendor contracts, proof of major expenses
  • Insurance policies: General liability, D&O (directors and officers), cyber insurance, etc.
  • Board resolutions and minutes: Proof of board approval for major decisions (funding rounds, debt, equity grants)

Team Due Diligence: Verifying Founder Credibility

Investors don’t just read your LinkedIn. They call your references, verify your work history, and sometimes conduct background checks. They’re checking: Do you have relevant experience? Are you truthful about your background? Any hidden red flags?

What Investors Verify

Check How It’s Done What They’re Looking For Red Flags
Work History Verification Call previous employers. Verify dates employed, titles, achievements Did you actually work where you claim? For how long? In what role? Dates don’t match, titles inflated, employment gap unexplained
Reference Checks Call 3-5 personal references (former managers, peers, investors from prior company) What do people who know you say? Are you honest? Do you execute? References are weak (friends, not real colleagues). Negative feedback
Background Check Third-party company checks criminal records, bankruptcy, litigation history Any criminal history? Pending lawsuits? Bankruptcy? Undisclosed criminal conviction, fraud charges, hidden bankruptcy
Prior Company Success Research any prior companies you started or worked at. Check exit, current status Have you built/scaled before? What happened to prior ventures? All prior ventures failed. No exits. Pattern of failure
Educational Verification Verify degree from stated university, graduation year Do you have the credentials you claim? Degree doesn’t exist, dates wrong, major doesn’t match

Key Person Risk

Investors also assess: What if the founder leaves? How dependent is the company on one person? Do other leaders exist who could step in? If everything relies on one founder, that’s key-person risk

Mitigation: Have a strong co-founder team, capable direct reports, documented processes (not just in your head)

Customer References: What Investors Ask

Investors call 8-10 of your customers and ask tough questions. They’re validating: Do customers actually exist? Do they use the product? Are they satisfied? What’s the churn risk?

Typical Customer Reference Call

Duration: 20-30 minutes

Questions asked:

  • “What problem were you trying to solve before our product?”
  • “How long have you been a customer?” (validating tenure)
  • “What does success look like for you? Are you achieving it?”
  • “What would happen if [startup] disappeared tomorrow?” (measuring switching costs)
  • “Would you recommend this product to a peer?” (NPS-style question)
  • “Have you considered competitors? Why did you choose [startup]?”
  • “What are the main pain points with the product?”
  • “What’s your monthly/annual spend? Has it grown?” (contract value validation)
  • “How is the support? Responsiveness?” (customer satisfaction)

How to Prepare Customers for References

Proactively brief your customers: “We’re raising funding. Investors will call you with questions about our product. It’s standard. Would you be willing to speak with them?”

Good customers will say yes. If they say no, that’s a problem (signals unhappiness)

Don’t script customers. VCs can tell when answers sound rehearsed. Just make sure they understand context and are willing

Technical Due Diligence: Code and Infrastructure

For tech companies, investors hire technical experts to review your codebase. They want to know: Is the code well-built? Is it scalable? Are there security vulnerabilities? How much technical debt exists?

Technical Audit Components

Code Quality Review

Experts review source code for: cleanliness, documentation, test coverage, architectural patterns

Red flags: No test coverage (untested code = time bomb), spaghetti code (hard to maintain), inconsistent coding standards, no documentation

Good signs: Modular architecture, 70%+ test coverage, clear documentation, code reviews before merging

Infrastructure & Scalability

Review: hosting architecture (cloud vs on-premise), database design, auto-scaling capability, disaster recovery

Red flags: Servers on-premise, no backup plan, single point of failure, manual deployment (not automated)

Good signs: AWS/Google Cloud, automated CI/CD pipeline, redundancy, monitoring alerts

Security Assessment

Review: data encryption, authentication/authorization, vulnerability scanning, penetration testing results

Red flags: Passwords stored in plaintext, no encryption of sensitive data, no regular security audits, known vulnerabilities unpatched

Good signs: Regular security audits, penetration testing conducted, incident response plan, encryption at rest and in transit

Technical Debt Assessment

How much of your engineering time is spent fixing old code vs building new features? High technical debt = slower feature development = competitive disadvantage

Red flag: 50%+ of engineering time spent on tech debt. You’re not moving fast enough

Technical Due Diligence Deliverables

Technical experts provide: code review report, architecture diagram, security assessment, recommendations for improvement. Typical cost: $5K-$15K

Intellectual Property Review and Patents

Investors want to know: Do you own your IP? Is it properly protected? Are there competing patents that could threaten your business?

IP Due Diligence Checklist

  • Ownership documentation: Do you have written assignment of all IP from employees and contractors? Verbal agreements don’t count
  • Patents filed: Have you filed for patent protection? Utility patents (invention), design patents (look/feel), or trade secrets (keep proprietary)?
  • Trademark registration: Is your brand name trademarked? Domain registered? Logo protected?
  • Copyright: Documentation that you own all code and creative works (not licensed from others)
  • Third-party IP: Do you license any IP from others? Are those licenses perpetual or could they be revoked?
  • Infringement risk: Have you done freedom-to-operate analysis? Could you be sued for patent infringement?

Common IP Problems

Red flag 1: No IP assignment from prior employers If your CTO worked at Google before and built your product there first, Google might own it (unless properly assigned)

Red flag 2: Open source dependencies with GPL licenses GPL requires you to open-source your own code if you use GPL software. Can conflict with proprietary business model

Red flag 3: Patents blocking your path Competitor holds patent to core technology you’re using. Could mean licensing costs or pivot needed

Red Flags That Kill Deals

Certain findings during due diligence are deal-killers. VCs will walk away immediately if they find:

Financial Red Flags

  • Accounting irregularities: Revenue recognized improperly, off-book expenses, cash not reconciling to bank statements
  • Hidden debt: Outstanding loans not disclosed. Covenants that could default
  • Tax issues: Back taxes owed, pending IRS audit, non-compliant filings
  • Unit economics broken: CAC > LTV with no path to improvement. Business doesn’t scale

Legal Red Flags

  • Pending litigation: Undisclosed lawsuits or settlement agreements
  • Regulatory violations: Operating without required licenses, data privacy violations, environmental issues
  • IP disputes: Question about ownership of core technology. Infringement claims
  • Contract obligations: Locked into unfavorable vendor agreements or customer terms

Team Red Flags

  • Founder dishonesty: Resume lies, criminal history undisclosed, negative reference feedback
  • Key person dependency: Company totally reliant on one founder. No bench strength
  • Team instability: Multiple departures in last 6 months, no clear succession plan

Technical Red Flags

  • Security vulnerabilities: Critical vulnerabilities never patched. Data breach history
  • Scalability problems: Infrastructure can’t handle 10x customer growth without major rewrite
  • High technical debt: Codebase is mess. Slow feature development. Hard to hire engineers

Key insight: Most red flags can be managed if disclosed early and transparently. It’s the undisclosed risks that kill deals

How to Prepare: Building Your Due Diligence Data Room

Start preparing for due diligence before you fundraise. Don’t wait until an investor asks. Have your data room ready to share within 48 hours of deal interest

Data Room Structure (Typical)

Create a secure Dropbox/Google Drive/Carta folder with these sections:

Folder Contents Essential Docs
Financial P&L, balance sheet, cash flow, tax returns, cap table, projections Last 3 years monthly financials, last 2 years tax returns
Cap Table Shareholder ledger, option grants, equity history, SAFE/Note conversions Current cap table, vesting schedules for all equity
Legal Incorporation docs, bylaws, board minutes, stock option plan, employment agreements Articles of incorporation, bylaws, board resolution authorizing latest funding round
Contracts Top 20 customer contracts, vendor agreements, lease/office space agreement 10-15 largest customer contracts, key vendor agreements
IP Patent filings, trademark registrations, copyright notices, IP assignment agreements Proof of IP ownership, patent filing status
Technical Tech stack documentation, security assessment, infrastructure architecture, code repo access System architecture diagram, security audit report (if any)
HR Org chart, employee list with titles/salaries, offer letters, employment agreements, equity grants Current org chart with key roles and tenure
Metrics Monthly MRR/ARR, customer count, churn, CAC, LTV, customer list with spend Last 12 months monthly dashboard with key metrics

Best Practices for Data Room Management

  • Use professional data room software: Carta, Intralinks, or similar. Not personal Google Drive. Shows professionalism. Enables access control and audit trail
  • Organize logically: Investors get lost if docs are messy. Clear folder structure, consistent naming convention
  • Version control: If you update a document, clearly mark version. “Cap Table v3.2” not just “Cap Table”
  • Index/table of contents: Include document list showing what’s where and what’s complete vs pending
  • Redact appropriately: You can redact salaries, specific customer names (replace with “Customer A, Customer B”) to maintain confidentiality while showing investors business is real
  • Prepare Q&A document: Anticipate questions (Why is revenue down in month 7? Why did that employee leave?) and pre-answer. Shows transparency and preparation

Timeline: When to Start Preparing

Ideal: Start organizing data room 6 months before you plan to fundraise. Get legal, financial and HR docs in order. No rush

Realistic: 2-3 months before pitch. Have financial statements clean and cap table verified

Minimum acceptable: 2 weeks from investor asking. You’ll be scrambling, but it’s possible

Common Mistakes During Due Diligence

Mistake 1: Being Dishonest or Evasive

Wrong: “I don’t have that document” or “I’d rather not share that” when asked about customer contracts or legal issues

Better: “That document is not fully organized. Here’s what I have. Let me send the rest by Friday” Shows you’re transparent, just need time

Mistake 2: Providing Disorganized Documentation

Wrong: Dump 500 random documents in a folder with no structure. Investors have to hunt

Better: Organized data room with clear structure. Investors can find what they need in minutes

Mistake 3: Misrepresenting Financial Health

Wrong: “Revenue is growing 30% MoM” when that’s only true for 1 month, or it includes one-time deal

Better: “Revenue grew 30% in month 7, but that included a one-time deal. Run rate growth is 15% MoM. Here’s the monthly breakdown”

Mistake 4: Not Preparing Customer References

Wrong: Investor calls customer you haven’t briefed. Customer says “I’m not sure we’re even customers anymore” (accidental negative ref)

Better: Proactively email key customers: “We’re fundraising. Great news investor called you. Can you spend 20 min talking about your experience?” They’ll say yes and be prepared

Mistake 5: Hiding Bad News or Problems

Wrong: Investor discovers via customer reference that your top customer is about to leave. You never mentioned it

Better: Tell investor proactively: “We’re working to retain ABC customer who is negotiating price. Here’s our retention plan” Shows you’re aware and managing

Key Takeaways: Mastering Due Diligence

1. Due diligence is systematic risk assessment. Investors are checking: real company? True numbers? Can team execute? Hidden legal risks? Sound technology?

2. Due diligence timeline: 6-12 weeks with 7 phases (Scoping → Financial → Team → Customer → Legal → Technical → Final Decision). Phases overlap but critical path is Financial → Legal → Technical

3. Financial due diligence focuses on three things: Accuracy (following GAAP), Sustainability (unit economics work), Growth (trajectory is strong). Accountants audit P&L, balance sheet, cash flow

4. Financial documents checklist: 3-5 years financials, tax returns, bank statements, cap table, projections, debt schedule, customer contracts, board minutes. Organize and prepare this before fundraising

5. Team verification: Work history, references, background check, prior company success, educational credentials. VCs call your past managers. Be truthful about your background

6. Customer reference calls: VCs call 8-10 customers with tough questions about product quality, satisfaction, switching costs, willingness to recommend. Brief customers first to ensure they’re willing

7. Legal audit covers: Incorporation & governance (articles, bylaws, board minutes), Equity (option plan, cap table), Contracts (customer, vendor, employment), Litigation (any lawsuits?), Compliance (licenses, taxes, data privacy). Common red flag: missing board documentation

8. Technical review evaluates: Code quality (test coverage, documentation, architecture), Infrastructure (scalability, disaster recovery), Security (encryption, no known vulnerabilities), Technical debt (how much % of engineering time is firefighting?). Typical cost $5K-$15K

9. IP due diligence checks: Ownership documentation (IP assignment from employees/contractors), Patents filed, Trademark registered, Copyright, Third-party licenses, Freedom-to-operate (no infringement risk). Red flag: no IP assignment from prior employers

10. Deal-killer red flags: Accounting irregularities, hidden debt, tax issues, undisclosed litigation, IP disputes, regulatory violations, founder dishonesty, security vulnerabilities, high technical debt. Most can be managed if disclosed early

11. Build a data room (6+ months before fundraising ideally): Organize Financial, Cap Table, Legal, Contracts, IP, Technical, HR, Metrics in clear folder structure. Use professional data room software (Carta, Intralinks), not personal Dropbox

12. Data room essentials: 3 years monthly financials, 2 years tax returns, current cap table, Articles of incorporation, Bylaws, Board resolutions, Top 20 customer contracts, IP ownership docs, Security assessment, Org chart. Index everything

13. Transparency wins. Undisclosed risks kill deals. If there’s a problem (pending lawsuit, customer churn, tech debt), tell investor first. They’ll discover it anyway in due diligence. Getting ahead of it shows honesty

14. Prepare customers for reference calls. Brief them on context: “We’re raising funding. Investor will call you. Would you be willing to chat about your experience?” Good customers will say yes

15. Don’t misrepresent metrics. “30% MoM growth” needs context if it’s one-time deal. “15% sustainable growth plus this month’s one-time deal = 30% total.” Shows you understand your business

16. Key person risk matters. If company is 100% dependent on founder, mitigate by building strong team, documenting processes, developing bench strength

17. Unit economics are critical. If CAC $1,000 and LTV $1,500, business barely works. Red flag. Good: CAC $500, LTV $3K+

18. Technical debt kills companies. If 50%+ of engineering time is firefighting old code, you’re too slow. Clean it up before fundraising if possible

19. Board governance matters. VCs want to see board meeting minutes, board resolutions, formal decisions. Shows professionalism

20. Action plan: (1) Identify what due diligence docs you need to gather. (2) Organize financial records (last 3-5 years). (3) Verify cap table with lawyer. (4) Document all IP ownership (assignment agreements). (5) Prepare board minutes and resolutions for major decisions. (6) Brief top 10 customers on reference call possibility. (7) Have technical expert review code for security/scalability issues. (8) Build data room folder structure. (9) Create Q&A document anticipating investor questions. (10) Start collecting docs now, even if not fundraising yet. Due diligence rigor is an ongoing practice

 

Exit mobile version