What to Expect When You Are Expecting SaaS Due Diligence
By Katie Burns
Apr 18 2019
If you’re expecting to give birth to a deal in SaaS, you’re expecting due diligence. And if you haven’t been through it before, SaaS due diligence may be more burdensome than you might think. Then again, maybe it will be less onerous than you’re expecting. I seriously doubt the latter, but anything is possible.
Your reason for facing due diligence is mostly irrelevant — investment, sale, banking, partnership, or even insurance. But there’s a spectrum of intensity, and pre-acquisition diligence may be more demanding than banking questions for a line of credit. In any case, you’re going to be asked to provide and substantiate data on your SaaS business that may make you feel uneasy. And in the case of in-depth due diligence from an acquirer, you may even feel battered on the underpinnings of your valuation. That’s reason enough to be prepared.
Back in April, I wrote an article on the Value of Process and how that relates back to the grueling demands of diligence. The fact is, SaaS due diligence continues to look deeper and harder at everything. And anything of substance will be spun into a covenant, rep or warranty, or perhaps even a re-trade of deal terms. What’s at stake is real, and diligence is designed to de-risk deals. That’s what makes it both hard and critical for you, as the CEO, COO or founder, to stay emotionally even-keeled through the roller coaster. And as diligence expands to include your broader team, the task of keeping everyone even-keeled will start with the example set at the top.
The Miracle of Childbirth
One of our investment bankers likes to say that a SaaS deal is like childbirth — they happen every day and each one is a miracle. Done deals are not miraculous exclusively because of diligence, but many a deal blows up when the data doesn’t quite add up. Another fact is that SaaS metrics aren’t universal. So if the bankers’, buyers’, and sellers’ formulas for revenue churn aren’t the same, there could be discord at the table.
Mitigating SaaS Due Diligence Risk
Mitigating risk in SaaS due diligence begins with institutional readiness. And as my process article points out, you can’t just conjure up solid data if you haven’t been preparing. But you can know where you’re strengths and weaknesses lie, and do your best to shore up the weaknesses sooner rather than later.
When I was the CEO of ion interactive, my first experience with serious SaaS due diligence didn’t go well. It was many years ago, and luckily there were few consequences. I got a free pass to learn the ropes of diligence in a meaningless context. Our institutional readiness at the time was laughable. We were woefully unprepared, and I felt embarrassed.
SaaS Due Diligence Expectations
To save those of you who are diligence newbies from that embarrassment, or worse yet, transactional consequences, here are some expectations. Keep in mind that each of these falls on a vast continuum that varies with your business, stage, industry, and regulatory environment, as well as the institution’s investment criteria, risk aversion, deal size, intention, and so on. There are a lot of variables that shift these expectations in both directions, and these are just the highlight topics. My last diligence list was well over 600 items (where individual items were things like — all customer contracts; all software licenses; and so on.)
SAAS REVENUE DILIGENCE
Since revenue is the most likely driver of valuation in SaaS companies, it’s also the most onerous due diligence topic. Expect colonoscopy-level scrutiny of revenue recognition, classes, discounts, free months, services attached, and booking procedures. More broadly, expect more invasive evaluation the closer something relates to valuation or risk. If you’re not audited or not GAAP, expect even more revenue-related diligence joy.
SAAS CHURN DILIGENCE
Churn is another topic that ties back to valuation and risk, and one that will get very close attention in diligence. When customers are counted as churned, how they are treated if they come back from the dead, how revenue churn is calculated, and what the processes and procedures are around booking churn, are all topics that will likely be dissected. Then there’s likely to be a line-by-line random sampling to audit how accurately all of that was done. This is likely to include interviews with churned customers. Churn will become more onerous if the risk associated with yours is considered high or if you have red flags like zero paying, non-churned customers.
SAAS CUSTOMER DILIGENCE
Risk rises with customer concentration, so if you have a few big ones, expect them to get a lot of attention. If you don’t and risk is evenly spread, there may still be some customers that warrant more scrutiny — big logos, unusual sales cycles (short or long), unusual contracts (discounts, free months), unusual terms (unlimited liability, transferability), and so on. Customers who demand attention by being outliers will likely get it. Random customer interviews are not so random, and again, churned customers and even non-customers (lost in sales) can all be fair game. All of this will rise from a review of customer contracts and accounts receivable. Don’t be surprised if outlier customer contracts get de-risked in reps and warranties. And keep in mind that customer contracts that require the customer’s permission or a rewrite to be transferred will be a hot topic.
In my experience, tech diligence isn’t necessarily what’s expected. Actual code-level diligence can be limited if churn is in check, customer satisfaction is verifiable (NPS), and the tech is of reasonable age and lineage. There may be more code-level scrutiny if any or all of those are deemed risky. But, even if all of those are fine, intellectual property rights will get a hard look. This will likely include developers, employment agreements (non-competes), and third-party and open source licenses. In addition, product management, process, and ecosystem may get a deep dive for compatibility.
Another tech area that could go deep is usage. Historically, this has been looked at more closely when there’s perceived risk, but more recently usage has become a standard axis in diligence. Usage is interested in number and frequency of logins; and depth and breadth of adoption.
Your people will be looked at as closely as they are key to the business going forward. The more important someone is, the more he or she will be scrutinized. This starts with employment agreements; compensation plans; performance histories; non-competition agreements; equity agreements; and so on. As usual, outliers will be under the microscope. And don’t be offended if you need to stack rank everyone right out of the gate. And be prepared to explain if your stack rank and your equity list don’t line up.
PARTNER AND VENDOR DILIGENCE
Partner and vendor contracts will be reviewed and evaluated for IP rights, dependencies, business continuity, disaster recovery, potential competitive exposure, terms and conditions, accounts payable, and so on. Outliers will get the scrutiny, so know where they are and what the exposure is.
If you’re a party to a contract, it’s part of diligence. This includes obvious things like leases and loans, and smaller (but often more painful) things like corporate and dev software licenses.
TAXES, COMPLIANCE, LEGAL
Now we’re getting into the obvious territory, but these still have some sharp, resource-consuming edges. Depending on your regulatory climate and the nature of the institution investing, you may see scrutiny over geographic revenue and taxes (countries, states, etc.); regulatory approval or licensing (by geo); enforceability of contracts; and so on. If you have litigation or contingencies, those will be in here as well.
SaaS Due Diligence Rule Number One
I had a conference call with a founder who’s about to initiate the process of selling his company. At the end of the call, he asked me for any additional advice. I told him to remain calm. SaaS due diligence is a major roller coaster, and a big part of working to a successful outcome is keeping your emotions and reactions in check. By the time you get to diligence, it’s likely you’re already fatigued by pre-book diligence for your bankers; buyer or investor pitches (or interrogations); and term sheet negotiations. All of that happens while you are responsible for keeping the business growing. You’re likely on edge, and then you get 600 requests.
I hate to call it stressful because (1) I love it; and (2) everything in SaaS can be called stressful. But, like childbirth, diligence is both exhausting and miraculous.