A founder who had spent fourteen years building a 22-person professional services firm was fielding their first serious acquisition approach. The buyer’s advisers asked for management accounts, a CRM export, and a note on how work gets assigned when the founder is away. The accounts arrived eventually, formatted across three different Excel templates. The CRM had never been used consistently. The holiday question drew a long pause and an explanation about how things just generally worked themselves out.
The deal closed. It closed seven months later than expected, at 22% below the initial indication, with an eighteen-month earn-out attached.
That gap between what the founder thought the business was worth and what the buyer would pay had almost nothing to do with revenue. It had everything to do with how the business was run on paper.
What does a buyer actually see when they look at your business?
When a buyer runs due diligence on a services firm, they are testing one central question: can this business produce its revenue reliably without the person selling it? They look at documented systems and processes, financial and sales reporting, and the degree of owner-dependence. The ICAEW notes that strong operational systems are a core driver of “business readiness” and can narrow the gap between what a seller expects and what a buyer will pay.
Documented systems means core processes written down and followable: lead handling, quoting, onboarding, delivery, billing, client support. When a new person can follow the process without constant guidance, the business no longer depends on the founder being present.
Financial reporting means monthly management accounts that are timely, reconciled, and tied to underlying records. KPMG’s analysis of mid-market transactions identifies poor-quality financial information as one of the leading causes of deal delays and price reductions during due diligence. PwC’s UK deals practice flags that buyers routinely use reporting weaknesses to justify renegotiating the price, with an inability to reconcile revenue to contracts being a common example.
Owner-dependence is the valuation question many founders do not see coming. Bizdaq’s 2022 research into UK micro-SME sales found that owner reliance was a key factor in lower sale prices and failed sales. Businesses that could run day-to-day without the owner attracted more interest and higher offers.
Why does owner-dependence cost you on valuation day?
A buyer purchasing a business is really purchasing a revenue stream. If that revenue stream depends on one person’s relationships, judgement, or daily presence, it carries risk the buyer has to price. UK corporate finance advisers report that businesses with heavy owner-dependence regularly receive reduced offers, longer earn-outs, or both, because the transition risk is too significant to absorb into the deal on its own terms. The resilience of the cashflow is the underlying question.
When work only flows because the founder knows the client personally, makes the key call, or approves every significant proposal, a buyer has to model what happens the day after handover. The answer, frequently, is that it gets harder. Clients call the old number, staff wait for the familiar face, and relationships that were never formally transferred begin to fray.
Sharing key client relationships across a small management team, supported by CRM records and documented processes, removes the single-point-of-failure problem. The founder’s role shifts to direction, senior hires, and new relationships. That shift has to be visible before the sale, not merely promised after it.
UK advisers consistently report that businesses with strong systems, reliable reporting, and low owner-dependence can achieve EBITDA multiples one to two turns higher than similar peers: 5x to 6x compared to 3x to 4x. The difference comes from the confidence a buyer has that performance will hold after completion.
Where do the reporting gaps show up in due diligence?
The reporting questions that surface during due diligence are predictable, which makes it more frustrating when founders are caught unprepared by them. Buyers want two to three years of consistently tracked sales and financial KPIs, along with CRM records that match the revenue story the founder tells about pipeline quality and customer concentration. Gaps in either area give the buyer grounds to chip the price or add warranty protections.
A CRM with inconsistent entries, duplicate records, missing pipeline stages, or inaccurate close dates is, from a buyer’s perspective, worse than no CRM at all. It suggests the business runs on personal memory and ad-hoc decisions. Standard sales reporting guidance is clear: effective reporting depends on accurate, timely data entry from everyone who touches the CRM, not just the founder.
Buyers look specifically at conversion rate, win rate, retention rates, average deal size, and forecast-versus-actual over at least 12 months. Having these in consistent formats over 24 to 36 months lets a buyer build a credible revenue model. A founder assembling this data in the week before the due diligence call is already at a disadvantage.
Data security and compliance also surface in due diligence. The ICO fined Studios MG £60,000 in 2020 after a failure to secure a marketing database, and buyers increasingly know that regulatory exposure transfers on acquisition. The NCSC’s Cyber Essentials scheme provides a recognised UK baseline, with guidance that basic controls can protect against around 80% of common cyber attacks. Holding a current certificate gives buyers a verifiable shorthand for the firm’s security posture.
When is it worth investing in systems specifically for saleability?
The honest answer is that the work that makes a business saleable is largely the same work that makes it run better in the meantime. The exception is the smallest firms. A three-to-five-person business that implements enterprise-grade tooling for saleability may create administrative overhead that confuses a buyer rather than reassuring them. For a firm of ten people or more with a two-to-seven year sale horizon, the investment case is straightforward.
There is a mismatch risk worth considering. A local trade buyer who wants the team and client relationships rather than your processes may not change their offer based on system sophistication. A private-equity-backed consolidator, or a corporate looking to integrate your operations, will weight it heavily. Match the level of investment to the likely buyer profile.
The limit case runs the other way too. A CRM installed but not used consistently, a data protection policy on paper with no actual access controls or staff training, or an AI tool processing client data without documented risk assessment: these create liabilities rather than value. Cosmetic compliance rarely survives a competent due diligence process, and buyers who find the gap will price it in.
What does a workable baseline look like for a 5-50 person firm?
You do not need enterprise-grade infrastructure to be saleable. What you need is enough that a competent person could step into the business and follow how it works without asking the founder at every turn. Four areas cover the ground that matters to buyers: process documentation, financial and sales reporting, reduced owner-dependence, and basic security and data governance. Each is achievable without significant cost or complexity.
On processes: core workflows, including lead handling, quoting, onboarding, delivery, billing, and client support, should be written down and accessible. The test is whether a new senior hire could follow them without constant guidance from the founder.
On reporting: monthly management accounts, reconciled and on time. A CRM with clean, consistent records for customers, deals, pipeline stages, and lost reasons. Standard reports on conversion, retention, and average deal size, comparable across at least two years. The ICO’s accountability framework requires organisations to demonstrate how personal data is processed and governed, relevant to any CRM holding client or prospect information.
On reliance: key client relationships and operational decisions shared across a small management team. The founder’s diary should show strategic work, not the operational defaults that drift back because no process or authority covers them.
On security: Cyber Essentials certification as a documented baseline. If AI tools are in use, a brief written record of where client or personal data flows, what the provider’s terms say, and how the tool has been assessed. The EU AI Act imposes documentation and governance requirements on high-risk AI systems, and buyers with EU market exposure will ask about this during due diligence.
Unglamorous work, perhaps. But the difference between a buyer who trusts the numbers and offers a clean exit, and one who prices the uncertainty into the terms, comes down to whether it has been done.
