IT & Software Companies: Diligence and Retention Risks
Executive Summary (TL;DR)
- If you’re planning to buy it software company diligence should start with retention math (churn, renewals, customer concentration) and people risk (key engineers, founders, delivery leaders).
- In IT services, the deal often hinges on client stickiness + delivery capacity; in SaaS, it hinges on product moat + recurring revenue quality (ARR/MRR, net revenue retention, support burden).
- Buyers/investors should push for a clean NDA (non-disclosure agreement) → quality CIM (confidential information memorandum) → disciplined LOI (letter of intent) with retention-based protections (holdbacks, earnout, seller note terms).
- A light-touch QoE (quality of earnings) plus targeted technical, security, and IP diligence usually beats “checking everything” without a thesis.
- Who should act now: buyers/investors evaluating IT services, MSPs, software development agencies, SaaS, or hybrid businesses where customer renewals and team continuity drive value.
Table of Contents
- Why diligence and retention risk matter in IT & software acquisitions
- Buy IT software company diligence: the non-negotiables
- Valuation lens for IT services, SaaS, and hybrid models
- Deal process overview: NDA → LOI → diligence → close
- Due diligence checklist (with table)
- Myth vs. Fact: common assumptions that blow up software deals
- Decision matrix: asset vs stock sale for software-heavy businesses
- 30/60/90-day execution plan
- Next steps on BizTrader
Why diligence and retention risk matter in IT & software acquisitions
IT and software companies can be deceptively “clean” on the surface: high gross margins, subscription billing, and lightweight physical assets. But that same asset-light profile is what makes diligence and retention the center of gravity.
In many IT services and software deals, you’re not really buying equipment—you’re buying:
- Relationships (customer contracts, renewal habits, trust in the delivery team)
- Human capital (engineers, architects, project managers, sales leaders)
- Intellectual property (code, integrations, automation scripts, data models)
- Operational capability (SLA performance, support processes, release discipline)
- Reputation (security posture, uptime history, compliance track record)
When retention risk is mispriced, you see it quickly:
- A top customer doesn’t renew after a founder exits.
- A key engineer leaves, velocity drops, and support tickets spike.
- A codebase can’t scale (or can’t pass buyer security requirements), killing pipeline.
- Deferred revenue gets misread, and “profit” vanishes once revenue is normalized.
The goal of diligence is not to generate a 200-item checklist. It’s to confirm two things:
- Can the revenue stay?
- Can the team keep delivering and improving the product/service without the seller?
Buy IT software company diligence: the non-negotiables
If you’re looking at listings in IT & Software Companies for sale, use this section as your diligence filter before you get emotionally attached to a deal.
1) Map revenue to “retention mechanics”
Different IT/software models retain revenue in different ways:
- Managed service provider (MSP) / IT services: retained via contracts + switching costs + relationship with account managers + consistent delivery.
- Software development agency: retained via ongoing projects, retainers, and referrals; often more volatile and people-dependent.
- SaaS: retained via product usage, integrations, ROI, and renewal process; driven by churn, expansion, and support quality.
- Hybrid (services + software): retained via both delivery team continuity and product stickiness—often the trickiest to diligence.
Non-negotiables to request early:
- Customer list with customer concentration view (top 10 and top 20 revenue shares)
- Renewal history and churn by cohort (even if the seller hasn’t labeled it “cohorts”)
- Contract terms (renewal dates, termination rights, SLAs, pricing escalators)
- Pipeline and sales cycle evidence (CRM exports, closed-won notes, win/loss reasons)
2) Separate “founder magic” from transferable process
A classic retention landmine: the seller is the relationship and the delivery “brain.”
Look for signals of transferability:
- Documented onboarding, support, and escalation paths
- Repeatable sales motion (lead sources, qualification, discovery, proposal templates)
- Named operators (delivery lead, support manager, product owner) who can stay
- A real transition period commitment with defined responsibilities
3) Do a “people continuity” stress test
In IT/software, one resignation can change the revenue curve.
Ask:
- Who are the key employees by function (delivery, product, sales, customer success)?
- What’s the compensation structure (base/bonus/commission) and what changes at close?
- Are there retention risks from remote work policies, leadership changes, or burnout?
- Are there non-solicitation / confidentiality agreements in place (and enforceable where the business operates)?
Practical approach: identify the “top 5 seats” you can’t lose for 6–12 months post-close, then structure protections around them (retention bonuses, stay interviews, milestone-based earnout).
4) Confirm you’re actually acquiring the IP you think you are
Software diligence often fails in boring documents:
- IP assignment agreements with employees/contractors
- Contractor statements of work (who owns what)
- Open-source licensing obligations (copyleft vs permissive licensing)
- Third-party components and their terms (SDKs, API dependencies)
You don’t need to be a developer to diligence this well—you need to insist that counsel and technical reviewers verify IP chain-of-title and licensing posture.
5) Treat security and compliance as a value driver, not a checkbox
Even small software companies can lose deals (or customers) due to security gaps.
At a minimum, ask for:
- A summary of security controls (access management, MFA, logging, backups)
- Incident history and response process
- Vendor list and security posture of critical vendors
- Any certifications/attestations (if they exist), plus customer security questionnaires
If the product touches regulated data (health, finance, minors), diligence expands quickly.
Valuation lens for IT services, SaaS, and hybrid models
IT/software valuation can be framed with a few common building blocks. Start with the right earnings measure:
- SDE (seller’s discretionary earnings): common in smaller owner-operator businesses; includes owner compensation and discretionary add-backs.
- EBITDA (earnings before interest, taxes, depreciation, and amortization): more common as deals get larger or when management is already in place.
- ARR/MRR: relevant for subscription-heavy SaaS, but only meaningful when paired with retention and gross margin reality.
Add-backs: be strict
Add-backs should be supportable and repeatable, not wishful. In IT/software, common add-back debates include:
- Owner compensation above market
- One-time legal or restructuring costs
- Non-recurring contractor expenses
- “R&D” that was actually keep-the-lights-on maintenance
If add-backs are the only reason the deal looks attractive, treat that as a risk signal.
Working capital: don’t let software lull you into skipping it
Even asset-light companies can have meaningful working capital dynamics:
- Deferred revenue and prepaids
- Annual software vendor renewals paid upfront
- A/R aging in services-heavy models
- Support staffing lag relative to growth
Make working capital a named term in the LOI, not an afterthought.
What retention does to valuation (conceptually)
You don’t need a precise formula to price retention risk—just consistency:
- Higher concentration + weak contract terms → higher risk → more structure/protection
- Strong renewal history + diversified customers → cleaner cash flows → cleaner terms
- Poor documentation + founder dependence → assume churn, require transition, use holdbacks/earnout
If you’re buying a SaaS company listing, retention metrics should be the first page of your internal investment memo, not a footnote.
Deal process overview: NDA → LOI → diligence → close
Most IT/software acquisitions still follow a familiar path:
- Teaser and initial screening
Focus on revenue quality, concentration, delivery model, and why the seller is exiting. - NDA (non-disclosure agreement)
Protect the seller; protect your ability to evaluate. Clarify what you can share with lenders and advisors. - CIM (confidential information memorandum) + data room access
Ask for a structured data room early. If materials are scattered, that’s often how operations are run. - LOI (letter of intent)
The LOI should lock the economic headline and the retention protections:- Purchase price and structure (cash, seller note, earnout)
- Working capital mechanism
- Exclusivity period
- Diligence scope, timeline, and access requirements
- Diligence (financial + legal + technical + commercial)
Consider a targeted QoE (quality of earnings), especially if revenue is subscription-heavy or project accounting is messy. - Definitive agreement and close
Many Main Street deals use an APA (asset purchase agreement) even when software/IP is core. Expect heavy focus on:- IP ownership and assignments
- Reps & warranties
- Customer/employee non-solicits
- Security disclosures and incident representations
- Post-close transition obligations
- Post-close transition
The transition plan is where retention becomes real: customer calls, team meetings, escalation paths, and handoffs.
Due diligence checklist
Use this checklist to keep diligence focused on retention and transferability, not trivia.
Diligence table (retain-and-transfer focused)
| Area | What to Request | What You’re Proving | Red Flags |
|---|---|---|---|
| Revenue & retention | Customer list, contract terms, renewal dates, churn/expansion, cohort or customer history | Revenue durability and predictability | Top 1–3 customers dominate, weak contracts, informal renewals |
| Delivery & support | SLA reports, ticket volume trends, staffing model, escalation workflows | Ability to keep customers happy post-close | “Hero culture,” no runbooks, backlog growing |
| Product & tech | Architecture overview, repo access (read-only), roadmap, technical debt summary, uptime history | Product viability and delivery capacity | Outdated stack, fragile integrations, no test discipline |
| Security & compliance | Access controls, backups, incident history, vendor risk list, policies | Whether security blocks growth or renewals | No MFA, shared credentials, unclear incident response |
| IP & licensing | IP assignments, contractor agreements, open-source inventory, third-party licenses | You truly own what you’re buying | Contractor-built core product with unclear ownership |
| Finance & QoE | Bank statements, GL detail, revenue recognition approach, deferred revenue support, add-backs proof | Earnings quality, normalization, hidden liabilities | “Cash basis storytelling,” unsupported add-backs |
| Legal & liabilities | Entity docs, litigation, insurance, privacy terms, customer obligations | Exposure that can break retention | Unusual indemnities, missing agreements, privacy gaps |
| Liens & obligations | UCC/lien search, debt schedule, leases, vendor contracts | You can take clean title and operate | Blanket liens, hidden debt, non-transferable contracts |
| People & retention | Org chart, comp plan, contractor list, key employee agreements | Team continuity and incentive alignment | Key roles underpaid, high turnover, founders as bottleneck |
| Closing & transition | Transition plan, training schedule, customer comms plan | Smooth handoff protects renewals | “We’ll figure it out after close” |
Practical scope control: “two-track diligence”
For IT/software deals, diligence works best in two tracks:
- Track A (value confirmation): retention, customer contracts, delivery capacity, tech viability
- Track B (deal protection): legal/IP chain-of-title, security representations, liens, working capital, tax/accounting normalization
If Track A is shaky, don’t over-invest in Track B until the thesis holds.
Myth vs. Fact: common assumptions that blow up software deals
- Myth: “If the product is good, customers will stay.”
Fact: Customers often stay because of people, responsiveness, and trust—especially in IT services and enterprise-style SaaS. - Myth: “Recurring revenue means predictable cash flow.”
Fact: “Recurring” can still be fragile if renewals are informal, contracts are month-to-month, or customer concentration is high. - Myth: “We’re buying the code, so we automatically own the IP.”
Fact: IP ownership is a paper trail: employee/contractor assignments, licensing terms, and third-party dependencies. - Myth: “Security issues can be fixed after close.”
Fact: Sometimes yes—but security gaps can cause immediate customer churn, failed enterprise deals, or insurance/contract issues. - Myth: “The seller will train us for a few weeks and it’ll be fine.”
Fact: Retention risk often requires a structured transition period, documented processes, and clear accountability—especially for key customer relationships.
Decision matrix: asset vs stock sale for software-heavy businesses
Many smaller deals lean toward asset sales, but software-heavy businesses raise special considerations.
| Consideration | Asset sale | Stock sale |
|---|---|---|
| Legacy liabilities | Often easier to isolate (but not always) | Buyer may inherit more historical exposure |
| IP transfer | Must be explicitly assigned (code, domains, customer data, licenses) | IP stays inside entity (still verify ownership and restrictions) |
| Customer/vendor contracts | May require consents/assignments | Sometimes smoother, but change-of-control clauses still apply |
| Taxes and allocation | Purchase price allocation matters (including intangibles) | Different tax outcomes; needs professional modeling |
| Simplicity for Main Street | Common structure with clear schedules | Often used when licenses/contracts make assignment hard |
| Financing compatibility | Often workable with lender requirements | Also workable, but diligence may expand |
Regardless of structure, ensure the definitive agreement forces clarity on IP, customer data handling, and security disclosures.
30/60/90-day execution plan
First 30 days (pre-LOI or immediately after LOI)
- Define your “retention thesis” (why customers stay; why employees stay)
- Identify the top retention risks (customer concentration, founder dependence, key engineering)
- Build your diligence workplan and assign owners (finance, legal, technical, security)
- Draft LOI terms that directly mitigate retention risk (holdback/earnout triggers tied to renewals, not vanity metrics)
Days 31–60 (diligence period)
- Run a targeted QoE and validate revenue recognition assumptions
- Interview key leaders (delivery, support, product, sales) and pressure-test transferability
- Do IP chain-of-title verification and open-source/license review
- Complete lien checks and confirm you can obtain clean title
- Translate findings into definitive agreement protections (reps & warranties, indemnities, transition requirements)
Days 61–90 (close + transition ramp)
- Execute the customer communication plan (who calls whom, when, and with what script)
- Conduct stay interviews with key employees and implement retention incentives
- Establish operating cadence: weekly customer health review, support metrics, roadmap cadence
- Confirm access control hygiene (least privilege, MFA, offboarding, vendor access)
- Track early warning signals: renewals, ticket volume spikes, churn, and delivery delays
Next steps on BizTrader
If you’re actively sourcing, build your pipeline with categories that match your operating strength:
- Start with IT & Software Companies for sale and filter for the revenue model you understand best (services vs SaaS vs hybrid).
- Broaden your search to all businesses for sale once you’ve defined your acquisition criteria and minimum retention profile.
- If you want help structuring a retention-safe LOI or navigating diligence, consider connecting with experienced intermediaries in the Business Brokers directory.
- To keep deal flow warm, monitor active listings and revisit your “retention thesis” as new opportunities appear.
This article is for educational purposes only and does not constitute legal, financial, tax, or business brokerage advice. Always consult qualified professionals before making decisions, and verify all requirements with the appropriate authorities and counterparties.
