PE Due Diligence Scorecard

Liability 1 of 10

Rank #1

Unmanaged Technical Debt

Accumulated shortcuts, legacy code, and architectural compromises that consume up to 40% of IT budgets and prevent scalability.

🚩 Red Flags:

Manual code patches required
Frequent system failures
Can't support new features

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 2 of 10

Rank #2

Cybersecurity Vulnerabilities

Weak security posture including inadequate policies, lack of penetration testing, poor access controls, and undisclosed breach history.

🚩 Red Flags:

No annual penetration tests
Weak password policies
Past incidents undisclosed

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 3 of 10

Rank #3

Non-Scalable Architecture

Infrastructure unable to handle growth projections without fundamental redesign. Includes monolithic systems and poor database design.

🚩 Red Flags:

System outages under load
Cannot support user growth
Architecture needs rebuild

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 4 of 10

Rank #4

Outdated Legacy Systems

Critical systems running on unsupported platforms with no vendor support, creating security gaps and compliance risks.

🚩 Red Flags:

Software vendor support expired
No migration roadmap
Mission-critical systems at risk

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 5 of 10

Rank #5

Cloud Cost Unpredictability

Unoptimized cloud spending reaching 50%+ of total revenue cost, poor resource utilization, and lack of FinOps practices.

🚩 Red Flags:

Unpredictable monthly costs
No cost monitoring tools
Resource utilization <40%

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 6 of 10

Rank #6

Insufficient Disaster Recovery

No documented disaster recovery plan, inadequate backup procedures, untested failover systems, and unclear recovery time objectives.

🚩 Red Flags:

No DR plan documented
Backups never tested
No defined RTO/RPO

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 7 of 10

Rank #7

Data Architecture Chaos

Fragmented data silos, inconsistent formats, poor data governance, and inability to extract analytics.

🚩 Red Flags:

Data in multiple inconsistent formats
No single source of truth
Poor data quality

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 8 of 10

Rank #8

Key Personnel Dependency

Tribal knowledge concentrated in 1-2 individuals, undocumented systems, lack of succession planning.

🚩 Red Flags:

Only one person understands core systems
No documentation
Key person departure risk

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 9 of 10

Rank #9

Regulatory Non-Compliance

Failure to comply with industry regulations (SOC 2, ISO 27001, HIPAA, GDPR). Creates legal liability and delays deal closing.

🚩 Red Flags:

No compliance certifications
Failed recent audits
Regulatory fines pending

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer

Liability 10 of 10

Rank #10

Inadequate Vendor Management

Lack of software license tracking, shadow IT proliferation, vendor contracts with unfavorable terms.

🚩 Red Flags:

Unknown number of SaaS subscriptions
No vendor risk assessments
Change of control clauses

No Risk Exceeds industry standards

Low Risk Minor issues, manageable

Moderate Risk Needs improvement

High Risk Serious concerns

Critical Risk Deal killer