Onley Law Professional Corporation
Book a Call

Due Diligence Checklist for Buying a Small Business in Canada

Due Diligence: The Non-Negotiable Foundation of Any Smart Acquisition

Due diligence is your only defense against buying a business with hidden liabilities, undisclosed contracts, or financials that don’t match reality. It’s the difference between a great acquisition and a disaster you discover six months after closing.

As a corporate lawyer who’s worked on hundreds of transactions, I’ve seen the cost of skipping due diligence. It’s always more expensive to uncover problems post-closing than to find them pre-closing when you can still negotiate price adjustments or walk away.

The Due Diligence Process: Three Tracks

Financial due diligence: Is the revenue real? Are margins what they claim? What are the actual costs?

Legal due diligence: Are contracts what we think they are? Are there any undisclosed liabilities? Is the IP truly owned?

Operational due diligence: How is the business actually run? What’s the customer churn? Will key people stay?

All three happen in parallel over 30-90 days (depending on complexity). You’ll typically hire an accountant for financial due diligence, a lawyer for legal due diligence, and conduct operational due diligence yourself with your team.

Due Diligence Checklist: What to Request and Review

FINANCIAL AND ACCOUNTING

  • Last 3 years of audited or reviewed financial statements
  • Last 3 years of tax returns (corporate and personal if sole proprietorship)
  • Monthly financial statements for the last 12 months (to verify trend)
  • Balance sheet as of most recent month
  • Revenue breakdown by customer (top 20 customers, ideally)
  • Customer contract list with contract values and terms
  • Accounts receivable aging (how much revenue is overdue?)
  • Accounts payable aging (what do they owe suppliers?)
  • Bank statements for the last 12 months (verify cash position)
  • Debt and credit facilities (loans, lines of credit, terms)
  • Payroll records and employee compensation
  • Inventory valuation (if applicable)
  • Capital expenditure plans and equipment leases
  • Contingent liabilities (pending lawsuits, warranties to customers)

CONTRACTS AND COMMERCIAL RELATIONSHIPS

  • List of all material customer contracts (those over 5% of revenue)
  • All customer contracts themselves (you’ll need to review terms, assignability, change-of-control clauses)
  • Top 20 customer contracts specifically
  • Supplier and vendor agreements (major ones)
  • Partnership or distribution agreements
  • Technology licenses (any software, platforms, or IP you’re relying on)
  • Real estate lease(s) – is it assignable? What’s the term remaining?
  • Equipment leases
  • Service agreements (cloud hosting, SaaS tools, support contracts)
  • Non-compete or non-solicitation agreements with employees or consultants
  • Any agreements with founders or key shareholders (non-compete, right of first refusal)

INTELLECTUAL PROPERTY

  • List of all patents, trademarks, and copyrights (registered and unregistered)
  • IP assignment agreements from founders and employees
  • Evidence that the company owns the IP (work-for-hire agreements, assignment documents)
  • Any license agreements that grant rights to third-party IP
  • Search results for trademark and patent conflicts
  • Source code escrow agreements (if applicable for software companies)
  • Any litigation or disputes involving IP

LEGAL AND COMPLIANCE

  • Certificate of incorporation and corporate bylaws
  • Share register (who owns shares, how many, any options outstanding)
  • Cap table showing all shareholders and their ownership percentages
  • Minutes of shareholder and board meetings (last 3 years)
  • Shareholders’ agreement (if any)
  • Directors’ and officers’ liability insurance
  • List of all licenses and permits required and held
  • Compliance documentation (industry-specific regulations)
  • All insurance policies (liability, D&O, other)
  • HR documentation (employee handbook, policies, agreements)
  • Privacy and data protection compliance (PIPEDA, GDPR if applicable)

LITIGATION AND DISPUTES

  • List of all pending or threatened litigation
  • Details of any regulatory investigations or complaints
  • History of customer complaints or disputes
  • Any settlements or judgments from the last 5 years
  • Insurance claims from the last 3 years

EMPLOYMENT AND HUMAN RESOURCES

  • Complete list of employees with roles and compensation
  • Employment agreements or offer letters
  • Equity or option agreements
  • Payroll records and benefits (benefits costs, retirement plans)
  • Any employment disputes, complaints, or pending claims
  • Compensation and bonus plans
  • Key person insurance policies
  • Non-compete and confidentiality agreements

TAX COMPLIANCE

  • Confirmation that all corporate tax returns have been filed
  • Confirmation that all payroll source deductions have been remitted to CRA
  • Confirmation that HST/GST has been collected and remitted (if applicable)
  • Any outstanding tax assessments or disputes with CRA
  • Tax loss carryforwards (valuable if you can use them)
  • Personal tax returns of major shareholders (to understand personal tax status)

ENVIRONMENTAL (if applicable)

  • Phase 1 environmental assessment (for property)
  • Environmental compliance records
  • History of environmental claims or incidents

TECHNOLOGY AND SYSTEMS (for software/tech companies)

  • Technology stack and architecture documentation
  • Source code and development environment access
  • Code quality audit (optional but valuable)
  • Data infrastructure and backup procedures
  • Cybersecurity and data protection practices
  • Open source licenses in use (can create compliance risk)

CUSTOMER DUE DILIGENCE

  • Customer list with MRR/ARR for each
  • Customer churn rate and trend
  • Customer acquisition cost (CAC) and lifetime value (LTV)
  • Calls or meetings with top customers to assess satisfaction and retention risk
  • Contract renewal rates
  • Any customer complaints or at-risk relationships

OPERATIONAL DUE DILIGENCE

  • Visit the business and see operations firsthand
  • Meet with key employees and assess retention risk
  • Understand critical processes and where they depend on specific people
  • Assess quality of operations and scalability
  • Review customer satisfaction metrics and NPS
  • Understand the pipeline (for sales-focused businesses)

Key Questions to Ask and Answer

Financial Health

  • Is revenue growing or declining? What’s the trend?
  • What are the actual profit margins, and what’s driving them?
  • Are there any one-time revenue items that won’t repeat?
  • What’s the customer acquisition cost? What’s the lifetime value?
  • How much is revenue recurring vs. one-time?
  • Are there any related-party transactions (are they at market rates?)
  • What’s the debt situation, and when is it due?

Customer and Revenue Risk

  • Are you losing customers at a concerning rate?
  • Are any customers more than 20% of revenue? (Concentration risk)
  • Will major customers stay under new ownership?
  • Is there long-term contracted revenue, or is it month-to-month?
  • Are there any contracts in jeopardy due to change-of-control clauses?

Legal and Liability Risk

  • Are there any pending lawsuits or regulatory investigations?
  • Are all contracts assignable, and will they be assigned at closing?
  • Is the IP clearly owned by the company?
  • Are there any environmental, employment, or compliance issues?
  • Is the company solvent and up to date on taxes?

People and Operational Risk

  • Will the founder or key employees stay post-acquisition?
  • What processes are dependent on specific people?
  • Is the team capable of scaling, or is there capacity constraint?
  • Are there any employment disputes or HR issues?

Red Flags During Due Diligence

Financial Red Flags

  • Financial statements that don’t match tax returns
  • Revenue that appears too good to be true
  • Significant related-party transactions at non-market rates
  • Poor accounts receivable collection (money is owed but not paid)
  • Declining revenue trend or customer churn
  • Large one-time revenue items
  • Inadequate bookkeeping or accounting systems

Legal/Contract Red Flags

  • Seller won’t provide contracts or access to records
  • Contracts with unfavorable terms for the customer (likely to be challenged)
  • Major customers with contracts that restrict assignment or have termination rights
  • Significant contingent liabilities (pending litigation, regulatory issues)
  • IP ownership is unclear or disputed
  • Related-party loans or guarantees

Operational Red Flags

  • Key person dependency (if one person leaves, business falls apart)
  • High employee turnover
  • Customer complaints or satisfaction issues
  • Outdated technology or operations
  • Lack of documented processes or systems

Timeline for Due Diligence

  • Weeks 1-2: Information request and initial document gathering
  • Weeks 2-4: Financial review (accountant work) and legal document review
  • Weeks 3-6: Customer calls and operational assessment
  • Weeks 6-8: Wrap-up, final questions, and deal decision

Typical total time: 60-90 days. For smaller deals, you can sometimes compress this to 30-45 days if the seller is well-organized and cooperative.

Who Does Due Diligence?

You (the buyer/acquirer): Operational due diligence. You need to assess whether you can successfully run this business.

Your accountant/CFO: Financial due diligence. They verify revenue, analyze margins, and assess financial health.

Your lawyer (or fractional GC): Legal due diligence. They review contracts, assess liability, and structure the deal.

Specialists as needed: Technology audit (for tech companies), environmental assessment (for property), insurance broker (for coverage), industry expert (for specific sectors).

FAQ: Due Diligence Checklist

Q: How detailed should due diligence be?
A: It should be proportionate to deal size and risk. A $500K acquisition gets a lighter due diligence than a $10M acquisition. But never skip customer contracts or financial verification.

Q: What if the seller won’t provide complete due diligence access?
A: That’s a red flag. You can’t make an informed offer without seeing the business thoroughly. Push back. If they won’t cooperate, it’s reasonable to walk away.

Q: Can I do due diligence myself to save money?
A: You can do some of it (operational, customer calls), but you need experts for financial and legal review. The cost of hiring professionals (typically 2-5% of deal value) is cheap insurance against buying a disaster.

Q: What happens to due diligence if we buy shares instead of assets?
A: Due diligence is MORE thorough in a share purchase because you inherit unknown liabilities. In an asset purchase, you can be a bit more selective about what you investigate (you only care about what you’re buying).

Making the Decision: Buy or Walk Away

After due diligence, you have three choices:

  1. Buy at the original price. Due diligence confirms everything is as promised.
  2. Negotiate price down. Due diligence reveals issues that reduce value. Renegotiate.
  3. Walk away. Due diligence reveals deal-breakers. Sometimes the best deal is no deal.

The purpose of due diligence is to make this decision with confidence and data.

Planning to acquire a business and need guidance on due diligence? Learn about our M&A advisory services, or reach out to discuss your specific acquisition. I can lead due diligence, coordinate with specialists, and help you make the right decision.

Share the Post: