Due diligence is where the story meets the evidence. Your deck might look sharp, your growth might be real, but this is the point where investors or buyers test whether the business is repeatable, controlled and worth backing.
That sounds heavy, but it doesn’t need to feel chaotic. Good preparation saves weeks of back and forth, lowers stress and gives everyone more confidence in the valuation. If you want that without hiring a full-time finance team, solid investor readiness preparation with a Fractional SaaS CFO makes a big difference.
Start with the numbers investors will test first
In SaaS due diligence, the numbers go first. If they don’t stack up, nothing else gets the benefit of the doubt.
Prove recurring revenue and how it is calculated
Start with your MRR and ARR definitions. Write them down in plain English. Use the same rules in your dashboard, board pack, model and data room.
Recurring revenue usually includes subscription fees and repeatable add-ons. It does not include setup fees, training, consulting, pass-through charges or tax. Discounts, credits and failed payments need to be reflected properly too. If a customer pays annually up front, that doesn’t mean you count all 12 months as day-one MRR.
Investors will ask a simple question: “Is every pound in this number truly recurring?” If the answer changes by spreadsheet, trust starts to slip.
If you can’t explain a metric in one sentence, expect an investor to recalculate it for you.
Show margin, cash flow and runway with no surprises
Your management accounts need to tell a clean story. That means a current profit and loss account, balance sheet, cash flow view, burn rate and runway, all tied together.
Don’t stop at historic results. Buyers want to see enough forward visibility to believe the next 12 to 24 months. A proper investor-grade SaaS financial model helps here because it links revenue, cost, cash and headcount in one logic, rather than five separate tabs and crossed fingers.
Cash is where weak planning gets exposed. In 2026, most serious investors still want clear visibility on SaaS burn rate and runway, and they will test whether your forecast lines up with your hiring plan, payment terms and growth assumptions.
Explain customer concentration and churn early
If one customer can shake the whole business, say it early and frame it properly. Show revenue concentration across your top one, five and ten customers. If one logo is above 10 to 15 per cent of revenue, it will get attention.
Churn needs the same honesty. Be ready with logo churn, revenue churn and cohort behaviour over time. Older cohorts should usually look steadier than fresh ones. If they don’t, investors will ask whether the product has staying power.
Don’t try to bury bad news in averages. Explain why customers stay, why they leave and what has changed. A clear answer is better than a pretty graph with no substance.
Get your customer and revenue evidence in order
This part matters because due diligence is not about claims. It’s about whether every key revenue number can be traced back to proof.
Keep contracts, invoices and payment records easy to trace
Each customer record should connect cleanly. Signed contract, pricing terms, billing schedule, invoice history, payment receipt and revenue recognition should all line up.
Messy records slow everything down. Worse, they create doubt where there may be no real problem. A strong business can look weak if no one can follow the trail from contract to cash.
If you have historic migrations between systems, note them. If an invoice was raised manually, explain why. Silence makes routine admin look suspicious.
Prepare clear reporting on pricing, discounts and renewals
Pricing discipline tells investors a lot about how the company is run. If your list price says one thing but half the customers are on side deals, that will come out.
Show monthly versus annual plans, renewal dates, auto-renewal terms and notice periods. Pull out unusual discounts, grandfathered plans, credits and any side letters that change standard commercial terms. A customer signed at 40 per cent off for “strategic value” may still be fine, but only if you can explain it.
Renewals matter because they shape near-term risk. Investors want to know what is rolling over, what is up for negotiation and what could slip.
Make your KPI definitions simple and consistent
Founders often know their numbers, but the definitions live in people’s heads. That’s a problem. Put them in one place.
Define churn, NRR, GRR, CAC, LTV and payback period clearly. Decide whether CAC includes only sales and marketing spend or also onboarding. Decide what counts as a churned customer. Then stick with it.
When those definitions move mid-process, the whole data room starts to wobble. If your business tracks by cohort, a cohort-based SaaS financial model can stop the usual confusion and keep the logic consistent.
Review the legal, ownership and compliance basics
A lot of SaaS deals don’t get stuck on growth. They get stuck on paperwork that should have been sorted months earlier.
Confirm the company owns its IP and code properly
You need clean ownership of the product. That means signed IP assignment documents from employees, founders and contractors where needed. If a developer built core code before the company existed, tidy that up now, not mid-deal.
Look at open-source software use as well. Investors won’t panic because you use open source, but they will want to know what licences apply and whether anything creates restrictions around distribution or commercial use. Add trademarks, domains and key third-party assets to the same review.
The question is simple: does the company own what it sells?
Check the cap table, board approvals and option paperwork
Your cap table should match the legal documents exactly. Share issues, option grants, SAFEs, warrants and any conversions need to reconcile cleanly.
Board minutes matter more than founders expect. Missing approvals for option grants or share allotments can create a disproportionate amount of deal pain. So can unsigned EMI paperwork, missing consents or outdated articles.
Small record-keeping gaps can turn into expensive legal clean-up. That is not the kind of surprise you want when heads of terms are already signed.
Make tax, GDPR and contract risks visible now
Check that tax filings are current, with no loose ends on VAT, PAYE or corporation tax. If there are issues, document them and show the fix.
Data protection deserves the same treatment. If you process personal data, you need the basics in place, including lawful basis, retention, security controls and data processing terms. If your product uses automated decision-making, UK GDPR rules, including Article 22, may come into play. If you sell into the EU and your AI system falls into a high-risk category, August 2026 matters because tougher AI Act obligations land then.
Review customer, supplier and partner contracts for clauses that affect funding or sale terms. Change-of-control rights, exclusivity clauses and unusual service credits can all change the shape of a deal.
Show that the product, security and systems can scale
Buyers don’t need perfection. They do need proof that growth won’t break the machine.
Document how the product works and where the technical debt sits
You do not need a 60-page architecture novel. You do need a simple overview of the product, the stack, hosting environment, major integrations and dependencies.
Map the parts that matter most. Which APIs are business-critical? What sits on third-party infrastructure? Where are the known weak points? Technical debt is not a deal killer. Hidden technical debt is.
A short note on what is being rebuilt, what is deferred and why helps far more than pretending everything is clean.
Be ready to talk about security, access and incident history
Security is table stakes now. Investors will look for access controls, admin rights, offboarding processes, backups, recovery plans and evidence that someone owns security internally.
If you have had an incident, don’t dance around it. State what happened, what the impact was and what changed afterwards. If you haven’t had one, show the controls anyway. Recent penetration testing, access reviews and incident response procedures are all useful proof points.
The point is not to look bulletproof. It is to look well run.
Address AI, data privacy and compliance issues clearly
If your SaaS product uses AI, be transparent. What models are in use? What data was used for training or fine-tuning? Do you have rights to use that data? Can customers opt out? Where does human oversight sit?
This matters even more if the product touches hiring, credit, education, insurance or other high-impact decisions. Investors will want to see governance, testing and clear customer disclosures. They will also want to know that privacy controls are built into the workflow, not taped on later.
AI can add value. It can also add legal and reputational risk fast. Clear documentation keeps that risk from growing legs during diligence.
Organise the data room so diligence feels smooth, not chaotic
A tidy data room doesn’t win a deal on its own, but a messy one can lose confidence quickly.
Group documents into simple folders with clear names
Keep the structure boring. That is the point. Anyone on the deal team should be able to find what they need without asking.
A simple layout usually works best:
- Financials
- Legal
- Customers and revenue
- Product and tech
- Security and compliance
- Board and cap table
Use clear file names, consistent dates and one current version of each key document. “Final_v7_revised2” is how confusion starts.
Answer likely questions before they are asked
A short narrative note helps more than most founders think. Explain the headline numbers, the known risks and what has already been fixed. If churn rose for one quarter, say why. If a large customer makes up 18 per cent of ARR, explain the contract status and mitigation.
It also helps to keep a red-flag list with context. Not a defensive memo, just a factual note on what exists, what it means and what action has been taken. That gives investors less room to imagine something worse than reality.
Good diligence starts before the deal
The best SaaS due diligence processes don’t feel dramatic. They feel calm because the numbers are clean, the records are easy to trace and the story matches the evidence.
That is the real goal. Not a prettier data room, not more spreadsheets, just a business that is ready for investment, acquisition or the next stage of growth. Good preparation protects valuation, saves time and lets you walk into the process without guessing what will be found.
Over 12 years across Big Four audit, investment banking and corporate advisory. Kishen works with UK SaaS and AI companies on financial strategy, fundraising and board-level CFO support. ICAEW regulated. Big Four trained. Based in London.