Due Diligence Checklist Templates

You're three weeks into a merger, and documents are scattered across four law firms, two accounting teams, and an HR department that still runs on shared drives. Tax returns arrive as password-protected ZIPs. The seller's CFO keeps emailing updated financials that overwrite the last version. Your associate is tracking everything in a spreadsheet with 47 tabs — and no one trusts it anymore.

Due diligence falls apart not because people don't know what to collect, but because collecting it from multiple parties at the same time is an operational nightmare. Checklists help. Having one place to receive, organize, and track documents helps more.

This guide covers four due diligence checklist templates — HR, financial, tax, and identity verification — built from the actual items deal teams request, not theoretical frameworks. Use them as starting points and adapt to your transaction size, industry, and jurisdiction.

Checklist 1: HR Due Diligence

HR due diligence uncovers the real cost of a target company's workforce. Employee-related liabilities — pending lawsuits, unfunded retirement obligations, non-compete gaps — can reshape a deal's economics overnight if they surface after closing.

Request these items from the target's HR and legal teams:

1. Organizational chart — current structure showing reporting lines, headcount by department, and open positions. Include any planned restructurings.
2. Employee census data — full roster with titles, hire dates, compensation (base, bonus, commissions), employment status (full-time, part-time, contractor), and work location.
3. Employment agreements — copies of all executive contracts, offer letters for key personnel, and any side agreements (retention bonuses, severance triggers, change-of-control provisions).
4. Non-compete and non-solicitation agreements — all restrictive covenants currently in effect, including enforceability assessments by jurisdiction.
5. Benefits summary — health insurance plans, retirement plans (401k, pension, deferred compensation), stock option or equity plans, and any post-retirement benefit obligations.
6. Employee handbook and policies — current handbook, PTO policies, remote work policies, anti-harassment policies, and any recent revisions.
7. Workers' compensation claims history — three to five years of claims data, open claims, and experience modification rate (EMR).
8. Pending or threatened employment litigation — wrongful termination, discrimination, harassment, wage-and-hour claims, and EEOC charges.
9. Union and collective bargaining agreements — all CBAs, grievance history, upcoming negotiation dates, and any unfair labor practice charges.
10. Compliance records — I-9 audit results, OSHA citations, DOL investigations, and any consent decrees or settlement agreements from the past five years.
11. Key employee retention risk assessment — identification of critical talent, flight risk analysis, and any retention packages already in place or under discussion.
12. Contractor and consultant agreements — all independent contractor relationships, including classification analysis (1099 vs. W-2 risk).

Checklist 2: Financial Due Diligence

Financial due diligence answers one question: are the numbers real? You need to understand earnings quality, revenue sustainability, and whether disclosed liabilities are complete — before you price them into the transaction.

Request these items from the target's finance team and external auditors:

1. Audited financial statements — three to five years of income statements, balance sheets, and cash flow statements, including auditor's notes and any qualified opinions.
2. Monthly management accounts — last 24 months of internal P&L, balance sheet, and cash flow, broken down by business unit or segment where available.
3. Revenue breakdown — by customer, product/service line, geography, and contract type (recurring vs. one-time). Include customer concentration analysis — if the top 10 customers represent 60%+ of revenue, that is a risk worth pricing.
4. Accounts receivable aging schedule — current AR aging (30/60/90/120+ days), bad debt write-offs for the past three years, and any material disputed amounts.
5. Accounts payable aging schedule — current AP aging, any disputed payables, and historical trends showing whether the company is stretching vendor payments.
6. Debt schedule — all outstanding debt instruments (term loans, revolving credit, bonds, shareholder loans, convertible notes), including interest rates, maturity dates, covenants, and change-of-control provisions.
7. Working capital analysis — trailing 12-month working capital calculation, seasonal patterns, and any unusual items that inflate or deflate the current position.
8. Capital expenditure history and forecast — three years of actual capex plus forward projections, distinguishing maintenance capex from growth investments.
9. Financial projections and assumptions — management's forward-looking model (typically three to five years) with the underlying assumptions documented, including revenue growth rates, margin expectations, and headcount plans.
10. Off-balance-sheet items — operating leases, guarantees, letters of credit, contingent liabilities, and any special purpose entities.
11. Quality of earnings adjustments — list of one-time, non-recurring, or owner-specific expenses that should be added back or removed to arrive at normalized EBITDA.
12. Insurance policies and claims history — all active policies (property, casualty, D&O, cyber, E&O), coverage limits, and claims filed in the past five years.

Checklist 3: Tax Due Diligence

Tax due diligence identifies exposure: known liabilities, aggressive positions, and structural issues that create surprise costs after closing. Missing a state tax nexus issue or an unresolved transfer pricing dispute can wipe out the margin on a deal.

Request these items from the target's tax team and external tax advisors:

1. Federal and state/provincial income tax returns — three to five years of filed returns, including all schedules, elections, and any amended returns.
2. Tax provision workpapers — ASC 740 (or IFRS equivalent) calculations, including uncertain tax position (UTP) reserves and the methodology behind them.
3. Pending or completed tax audits — copies of all correspondence with tax authorities, revenue agent reports, notices of deficiency, and settlement agreements from the past five years.
4. Transfer pricing documentation — intercompany pricing policies, contemporaneous documentation, advance pricing agreements (APAs), and any related-party transaction schedules.
5. State and local tax obligations — nexus analysis, sales and use tax filings, property tax assessments, and any voluntary disclosure agreements (VDAs).
6. Tax credits and incentives — R&D credits, investment tax credits, economic development incentives, and any clawback provisions if employment or investment thresholds are not maintained.
7. Net operating losses and carryforwards — schedule of NOLs by jurisdiction, expiration dates, and any Section 382 limitation analysis.
8. Entity structure and election history — corporate org chart showing all entities, tax classifications (C-corp, S-corp, partnership, disregarded entity), and any check-the-box elections.
9. Employment tax compliance — payroll tax filings, worker classification positions, and any Section 409A deferred compensation issues.
10. International tax considerations — GILTI, BEAT, and Subpart F income calculations, foreign tax credit pools, and repatriation history or plans.

Checklist 4: Identity Verification (KYC/AML)

Identity verification confirms that the people and entities in a transaction are who they claim to be — and that doing business with them won't trigger regulatory penalties or reputational damage. This applies to M&A counterparties, investors, high-value clients, and beneficial owners of corporate entities.

For a deeper dive into KYC processes, see our complete Know Your Customer (KYC) checklist and form template.

Collect these items from each individual or entity being verified:

1. Government-issued photo identification — passport, driver's license, or national ID card. Collect from all principals, directors, and beneficial owners holding 25% or more equity.
2. Proof of address — utility bill, bank statement, or government correspondence dated within the last three months. Must match the address on the application or corporate filings.
3. Beneficial ownership declaration — completed form identifying all individuals who ultimately own or control 25% or more of the entity, consistent with FinCEN or local regulatory requirements.
4. Corporate registration documents — certificate of incorporation, articles of association, partnership agreement, or equivalent formation documents showing the entity's legal name, jurisdiction, and registered office.
5. Board resolution or authorization letter — document authorizing the transaction and identifying the individuals empowered to act on the entity's behalf.
6. PEP (Politically Exposed Person) screening — results of screening all principals and beneficial owners against PEP databases. Document any matches and the risk assessment outcome.
7. Sanctions and watchlist screening — screen all individuals and entities against OFAC SDN, EU sanctions, UN sanctions, and relevant local watchlists. Retain documentation of the search and results.
8. Source of funds and source of wealth documentation — for high-risk transactions, collect evidence supporting the legitimate origin of funds (bank statements, investment records, audited financial statements, tax returns).
9. Adverse media screening — search for negative news coverage related to fraud, money laundering, corruption, or regulatory enforcement involving any principal or related entity.
10. Ongoing monitoring plan — document the schedule and triggers for re-verification (annual review, material change in ownership, transaction above a defined threshold).

How to Collect Due Diligence Documents Without Losing Your Mind

The checklists above are the easy part. The hard part is collecting 80+ documents from five different parties — sellers, their lawyers, their accountants, their HR team — and tracking what has arrived, what is missing, and what needs re-submission before a deadline that keeps moving forward.

Email chains break down fast. Tax returns arrive in one thread, the employee census in another, and the audited financials in a reply to a forwarded message from someone you have never met. Version control becomes guesswork. People forget attachments. Files exceed size limits.

File Request Pro is built for exactly this problem. You create a branded upload page with specific fields for each checklist item. Everyone involved — the seller's CFO, their outside counsel, the HR director, the tax advisor — gets a link, uploads their documents to the right category, and submits. No accounts to create, no software to install.

What that looks like for a deal team:

• Collect from multiple parties at once — send separate upload links to the seller's legal team, finance team, HR department, and external advisors. Each submits to the same organized request without seeing each other's files.
• Automated reminders — schedule follow-up emails for parties who haven't submitted. Your analyst stops writing "gentle reminder" emails and starts actually reviewing documents.
• Cloud storage sync — uploaded files land directly in your Google Drive, OneDrive, SharePoint, or Dropbox, organized into the folder structure your team already uses. No manual downloading and re-uploading.
• Encryption and security — files are encrypted in transit and at rest. Sensitive financials, tax returns, and government IDs stay protected throughout the process.
• Audit trail — every upload is logged with timestamps, file names, and submitter details. When a regulator or deal partner asks who provided what and when, you have the audit trail ready.

Due diligence is stressful enough without fighting your document collection process. A structured intake tool lets your team spend time on analysis, not chasing submissions.

Due Diligence Best Practices

Customize the checklist before you send it

A $5M asset purchase needs different scrutiny than a $500M cross-border merger. Review each checklist against the deal's size, industry, and jurisdiction. Cut items that don't apply and add sector-specific ones — environmental assessments for real estate, IP schedules for tech companies, regulatory licenses for healthcare.

Assign clear ownership for each checklist section

One person owns HR diligence, another owns financial, another owns tax. They track their section, flag issues, and report to the deal lead. When everyone owns everything, nothing gets done.

Set deadlines with consequences

Open-ended document requests sit in inboxes. Set specific deadlines for each phase of document production and write them into the LOI or purchase agreement. Contractual consequences for delays move things faster than polite reminders.

Create a centralized tracker visible to all parties

Maintain one document request list showing what has been requested, received, and is still outstanding. Share it with the seller's team so they see exactly what is missing. Transparency cuts back-and-forth and keeps the deal on schedule.

Document your findings as you go

Don't wait until all documents arrive to start your analysis. Review submissions as they come in and flag issues in real time. Early findings often change what additional documents you need — and the sooner you spot a problem, the sooner you can negotiate protections or adjust deal terms.

FAQ

What is a due diligence checklist?

A due diligence checklist is a structured list of documents a buyer, investor, or compliance team collects and reviews before completing a transaction. It ensures every material area — financial, legal, tax, regulatory — is examined systematically instead of through scattered, ad hoc requests.

How long does a typical due diligence process take?

Most M&A due diligence processes take 30 to 90 days, depending on deal size, complexity, and how quickly the selling party produces documents. Cross-border deals and heavily regulated industries routinely push past 90 days. Document collection — not analysis — is almost always the bottleneck.

Who is responsible for providing due diligence documents?

The selling party (or target company) provides the documents. In practice, the work is split across the target's management team, external accountants, legal counsel, and sometimes HR consultants or tax advisors. The buying side provides the checklist, manages the review, and chases down what's missing.

What is the difference between financial and tax due diligence?

Financial due diligence focuses on the quality and sustainability of earnings — whether revenue is real, costs are normalized, and the balance sheet accurately reflects the company's position. Tax due diligence focuses on compliance, exposure, and structuring — filed returns, pending audits, transfer pricing, and liabilities that could survive the transaction.

Why is identity verification part of due diligence?

Identity verification (KYC/AML screening) confirms that the people and entities in a transaction are legitimate and not subject to sanctions or criminal investigations. For financial institutions, it's required by law. For private M&A transactions, it's increasingly expected — and skipping it can expose your organization to regulatory penalties and reputational damage.

How do I collect due diligence documents from multiple parties securely?

Email is the default — and the least secure option. Tax returns, financial statements, and government IDs should be collected through encrypted channels with access controls. File Request Pro lets you create branded, secure upload pages where each party submits documents directly to your cloud storage — with automated reminders for outstanding items and a full audit trail of every submission.