Introduction
Due diligence is the most resource-intensive workstream in the entire IPO process. The bank, the auditors, both sets of counsel, and the issuer's own management spend months walking through the issuer's business, contracts, financials, and market position to ensure the disclosure in the S-1 is complete and accurate. The work serves two purposes: it gives the underwriters a defense against Section 11 liability for misstatements in the registration statement, and it surfaces issues that either need to be disclosed in the prospectus or remediated before the deal launches. This article walks through the four pillars of IPO due diligence (business, legal, financial, industry), what each workstream covers, who owns it, and what bankers actually contribute to each.
The Liability Backdrop: Sections 11 and 12(a)(2)
The legal stakes are what give diligence its intensity. Two parallel Securities Act provisions create the underwriter liability framework that diligence is designed to defend, and the diligence record is what every defense ultimately turns on.
Section 11: Strict Liability on the Registration Statement
Section 11 creates strict liability for material misstatements or omissions in a registration statement, with the underwriters as named defendants. The "due diligence defense" under Section 11(b)(3) is the underwriters' principal protection: a bank that conducted reasonable due diligence and reasonably believed the disclosures were accurate is not liable. The issuer has no due-diligence defense (strict liability applies); directors who sign, the auditors who certified the financials, and the underwriters all do.
Section 12(a)(2): Prospectus Liability
Section 12(a)(2) creates a parallel cause of action for any person who offers or sells a security through a prospectus or oral communication containing a material misstatement or omission. In a firm-commitment underwriting, underwriters purchase shares from the issuer and resell to investors, which makes them "sellers" subject to Section 12(a)(2). The defense parallels Section 11's: an underwriter avoids liability by showing it was unaware of the misstatement and could not have reasonably uncovered it. Damages are limited to the difference between the offering price and the security's value at the time of suit (the rescission measure). Directors typically do not face Section 12(a)(2) liability because they are not direct sellers; the action principally reaches issuers and underwriters.
How the Two Provisions Together Drive Diligence Intensity
The two provisions overlap structurally but cover different documents (Section 11 covers the registration statement; Section 12(a)(2) covers prospectuses and oral offers including roadshow communications) and different defendant sets. Underwriters need diligence work product that defends against both. The same diligence record (data-room review trails, management session notes, comfort letters, 10b-5 letters, officer certifications) supports both defenses.
Business Due Diligence
Business due diligence covers everything an investor would want to know about how the company actually operates. The lead-left bookrunner's coverage team typically owns this workstream, with junior bankers doing most of the documentation work and senior bankers attending the substantive sessions.
Customer and Revenue Diligence
The team reviews customer concentration (which customers contribute what percentage of revenue), customer contract structures (term, renewal rates, churn, pricing power), revenue recognition policies, and the underlying drivers of growth. For SaaS or subscription businesses, the team digs into net revenue retention, gross retention, ACV, ARR cohorts, sales productivity, and CAC payback. For product businesses, the team reviews unit economics, distribution channels, and inventory management. The goal is to validate the equity story's growth claims with actual customer data.
Competitive and Market Position Diligence
The team examines the competitive landscape: who are the closest peers, where does the company differentiate, what threats exist from new entrants, what is the pricing power. Customer reference calls (typically arranged by the issuer with the bank's input) provide independent validation of customer satisfaction and switching costs. Competitive analysis often surfaces issues the management team has glossed over and forces refinement of the equity story.
Operations and Management Diligence
The team meets with operations leaders, technology leaders, sales leaders, and HR leadership to understand how the business runs day to day. Management bench depth is a recurring focus area: investors want to know there is succession planning behind the CEO and CFO, that key technical or commercial leaders are not flight risks, and that the company can scale operationally as a public company.
Legal Due Diligence
Legal due diligence is owned by underwriter's counsel, with parallel work by issuer's counsel. The two firms run separate workstreams that cover the same ground from different vantage points.
Corporate Structure and Capitalization
The legal team reviews the issuer's corporate structure (parent and subsidiaries, jurisdictions of incorporation, governance documents), the capitalization table (every class of stock outstanding, every option pool, every warrant, every convertible instrument), the shareholder agreements, the voting agreements, and any drag-along, tag-along, or registration rights. Pre-IPO sponsor agreements are reviewed in detail because they often need to be amended or terminated at IPO.
Material Contracts
Counsel reviews material contracts: customer agreements (especially anchor customer contracts), supplier agreements, partnership agreements, licenses, and any contracts with change-of-control provisions that the IPO might trigger. Contracts that contain unusual provisions (most-favored-nation clauses, exclusivity, profit-sharing) get flagged for disclosure in the S-1. Material contracts are typically filed as exhibits to the registration statement, so contract review is also a forward-looking exercise in determining what gets publicly disclosed.
Intellectual Property, Litigation, and Regulatory
IP diligence reviews patent portfolios, trademark portfolios, trade secrets, and any IP licensing arrangements, with a particular focus on whether the issuer's freedom to operate is at risk. Litigation diligence covers all pending and threatened lawsuits, with the materiality threshold lower than in M&A diligence because the SEC requires disclosure of material litigation in the prospectus. Regulatory diligence covers industry-specific regulation (FDA, FAA, financial services regulation, environmental, labor) and surfaces issues that need risk-factor disclosure or operational remediation.
- Section 11 Liability
The civil liability under Section 11 of the Securities Act for material misstatements or omissions in a registration statement. Plaintiffs can sue the issuer, the directors who signed the registration statement, the auditors who certified the financial statements, and the underwriters. Strict liability applies to the issuer; the underwriters and other defendants have a "due diligence defense" under Section 11(b)(3), which requires the defendant to have conducted reasonable diligence and to have reasonably believed the disclosures were accurate at the time the registration statement became effective.
Financial Due Diligence
Financial diligence is led by the audit firm, with the underwriter's counsel and the lead-left bookrunner's senior team also active in the workstream. The output is the financial statements that go into the S-1 and the comfort letter the auditors issue at pricing.
Historical Financial Statements
The audit firm sign off on two or three years of audited annual financials and stub-period interim financials, depending on EGC status and the deal calendar. The team scrutinizes revenue recognition policies, expense classifications, working-capital trends, debt and equity transactions, related-party transactions, and any restatements or accounting changes. Issuers that have grown through M&A face additional complexity because acquired-company financials need to be carved out, restated, or pro-forma adjusted to fit the public-company financial statement format.
Internal Controls and ICFR
The audit firm tests the issuer's internal controls over financial reporting to determine whether they meet public-company standards. Material weaknesses identified during this testing have to be either remediated before launch or disclosed in the S-1, and disclosure typically delays the deal because investors discount issuers with weak controls.
Forecasts and Projections
The bank's coverage and ECM teams work with the issuer's finance team to build the forward forecasts that anchor the equity story. The forecasts are not in the S-1 itself (other than implicitly through the MD&A's forward-looking discussion), but they are central to the bake-off pitch, the analyst presentation, and the roadshow. Diligence on forecasts means stress-testing the assumptions, identifying which line items the company has the most control over versus the least, and refining the narrative around growth drivers.
| Diligence pillar | Owner | Key deliverables | Where it surfaces in the S-1 |
|---|---|---|---|
| Business | Lead-left coverage banker | Customer review, competitive analysis, management interviews | Business description, MD&A |
| Legal | Underwriter's counsel | Corporate structure, contracts, IP, litigation, regulatory | Risk factors, legal proceedings, exhibits |
| Financial | Audit firm | Audited financials, ICFR, comfort letter | Financial statements, MD&A, controls |
| Industry | ECM origination team | Market sizing, peer benchmarking, sector trends | Business description, MD&A |
Industry and Market Due Diligence
Industry diligence is the workstream most directly owned by the ECM origination team. While business diligence focuses on the issuer specifically, industry diligence puts the issuer in market context.
Market Sizing and Growth
The team builds a defensible view of the issuer's total addressable market, the growth rate, and the issuer's penetration. Market sizing is a recurring source of S-1 commentary because issuers often want to claim large TAMs to support valuation, while underwriter's counsel and the SEC want the methodology transparent and conservative. The diligence process forces the working group to settle on a sourcing approach (third-party industry reports, customer surveys, bottoms-up modeling) and document the assumptions.
Peer Benchmarking
The team builds the comparable company set that anchors valuation: which public peers, what trading multiples, what growth and margin gaps to adjust for. Peer benchmarking informs the equity story (where the issuer claims premium positioning), the IPO price range (which multiples to apply), and the post-IPO trading expectation (where the stock should sit in the multiple distribution after listing).
Sector Trends and Cyclicality
For cyclical sectors, the team reviews the issuer's exposure to macro indicators and the cycle position at the time of listing. For regulated industries (healthcare, financial services, energy, technology with antitrust exposure), the team reviews the regulatory backdrop and any pending changes that could affect the issuer's prospects. Sector diligence often produces risk-factor disclosure that bridges issuer-specific and industry-wide risks.
Inside the Diligence Calendar
The four pillars describe what gets reviewed; the calendar describes how. Diligence runs through a recurring set of meetings, document reviews, and end-of-process deliverables that produce the institutional record the underwriters' defenses depend on.
Management Diligence Sessions
The working group holds three to six management diligence sessions across the first two months after kickoff, each running half a day to a full day. The CEO, CFO, and selected operating leaders attend; bankers and counsel from both sides attend; the audit firm joins for financial sessions. The sessions are detailed Q&A by design, with bankers asking questions, management answering, counsel taking notes for the official diligence record.
Document Review and the Virtual Data Room
The data room (typically a virtual data room hosted on Datasite, Intralinks, or a comparable platform, run by issuer's counsel) holds thousands of documents that bankers and counsel review systematically. The platform automatically indexes documents as they are added, tracks who has reviewed what, and exports a deal-record index that becomes part of the post-pricing documentary record. Junior bankers spend significant time on document review, producing summary memos for senior bankers and counsel. The data room is where most of the legal and financial diligence actually happens; the sessions surface the issues, but the data room is where the underlying evidence sits.
Customer and Reference Calls
The bank arranges customer reference calls with the issuer's permission, typically with a small number of anchor customers. These calls validate (or contradict) the issuer's story about customer satisfaction, switching costs, and competitive position. Reference call findings flow back into the equity story and the risk-factor disclosure.
The Comfort Letter (SAS 72 / AS 6101) and Bring-Down
At pricing, the auditors deliver a comfort letter to the underwriters that attests to the financial-statement disclosures. The letter is governed by PCAOB Auditing Standard 6101 (the successor to AICPA SAS 72; both names are used interchangeably in market practice and "SAS 72 letter" remains the colloquial reference). The letter provides "negative assurance" rather than positive opinion: the auditors confirm that based on procedures performed (short of a full audit), nothing has come to their attention indicating that the interim financial statements are materially misstated or that specified financial figures in the S-1 fail to agree with the underlying accounting records. The deliverable typically includes a "circle-up" attachment of the offering document with tick marks indicating which numbers received which level of comfort (full audit comfort, negative assurance, or agreed-upon procedure comfort). A bring-down comfort letter (a short-form update referencing the original) is delivered at closing to confirm that nothing has surfaced between pricing and closing that would change the original certifications. Both letters are central to the underwriters' Section 11 and Section 12(a)(2) defenses.
Officer Certifications and 10b-5 Letters
Beyond the comfort letter, two other end-of-process diligence deliverables matter. The CEO and CFO sign officer certifications attesting to the accuracy of the registration statement at filing and at pricing. Underwriter's counsel and issuer's counsel each issue 10b-5 letters at pricing, certifying that based on the diligence conducted, nothing has come to their attention suggesting the registration statement contains a material misstatement or omission. The letters are addressed to the underwriters and form part of the documentary evidence supporting the Section 11 due-diligence defense.
- 10b-5 Letter (Negative Assurance Letter)
A negative-assurance disclosure letter delivered at pricing by issuer's counsel and (typically) underwriter's counsel to the underwriters, confirming that based on the legal team's involvement in the drafting and diligence process, nothing has come to its attention causing it to believe the registration statement contains a material misstatement or omission. The letter is not a legal opinion but a substantive piece of documentary evidence supporting the underwriters' Section 11 due-diligence defense and Rule 10b-5 protection.
The Diligence Memo
The lead-left bookrunner's senior team produces an internal diligence memo at the end of the workstream summarizing the findings, the issues surfaced, and how each was addressed in the disclosure. The memo gets reviewed by the bank's legal and risk committees as part of the internal deal approval process and forms the firm's institutional record of the diligence performed.
Sector-Specific Diligence Variations
The four-pillar framework holds across all IPOs, but the specific emphases change meaningfully by sector. Understanding the sector overlay is what distinguishes a generalist banker from a sector specialist.
Technology and SaaS Diligence
For technology and SaaS issuers, diligence focuses heavily on revenue quality (recurring versus one-time), unit economics (CAC, LTV, payback), customer cohort behavior (net revenue retention, churn), and product roadmap risk (technology obsolescence, competitive disruption). Reference calls with enterprise customers carry particular weight because enterprise sales cycles are long and customer satisfaction directly drives renewal economics. Source-code and IP diligence is also more intensive than in other sectors because software businesses depend on the integrity of their core technology.
Healthcare and Biotech Diligence
Healthcare and biotech diligence carries a regulatory layer that other sectors do not. FDA approval status, clinical trial data, IND and NDA filings, and orphan-drug designations all need extensive review. For commercial-stage healthcare companies, payer-mix analysis and reimbursement risk dominate the diligence agenda. The audit firm's work also gets more complex because healthcare revenue recognition (rebates, gross-to-net adjustments, government contracts) is more judgment-intensive than in most other sectors.
Financial Services Diligence
FIG IPO diligence depends on extensive regulatory engagement (banking regulators, insurance regulators, securities regulators in multiple jurisdictions for global financial firms). Capital adequacy, credit quality, and liquidity are central rather than peripheral. Stress-testing methodology, asset-liability mismatches, and concentration risk all get scrutinized in ways that do not apply to non-financial companies. The S-1 disclosures for FIG issuers are typically among the longest in any sector because of the additional regulatory and risk material.
Industrials and Energy Diligence
Industrials and energy diligence focuses heavily on cyclicality, normalized earnings, customer concentration in industrial value chains, and capex reinvestment requirements. Environmental and safety regulation, particularly for energy companies, generates extensive risk-factor disclosure. Audit complexity is also elevated for energy companies because of reserve accounting, depletion treatment, and commodity-price sensitivity in the financials.
Where Diligence Findings Land in the S-1
Every diligence finding ultimately surfaces in one of four places in the S-1, and tracking which finding lands where is part of the working group's discipline.
Risk Factor Disclosure
The bulk of diligence findings that flag potential issues end up as risk factors in the S-1. The risk-factors section typically runs 30 to 80 pages and covers business risks (customer concentration, competitive pressure, technology disruption), legal and regulatory risks (litigation, regulatory change, IP exposure), financial risks (controls, leverage, liquidity), and broader market risks (cyclical exposure, macro sensitivity). Risk factors are written conservatively; counsel and the underwriters typically want every meaningful risk disclosed even if the issuer's view is more sanguine.
Business Description and MD&A
Findings that frame how the company operates land in the business description and MD&A. The business description covers what the company does, its markets, its customers, its competition. The MD&A covers historical financial performance and management's view of the trends. Both sections need to be consistent with the diligence findings; inconsistencies trigger SEC comments and force amendments.
Financial Statements and Footnotes
Substantive accounting findings (related-party transactions, revenue recognition policies, contingent liabilities, segment reporting decisions) all surface in the financial statements and footnotes. The audit firm signs off on these disclosures, and the underwriters review them through the lens of what investors will scrutinize at the roadshow.
Use of Proceeds and Plan of Distribution
Findings about how the company will deploy IPO proceeds, and how the offering will be structured, surface in those sections. A sponsor secondary-sale component, an unusual lockup arrangement, or a non-standard greenshoe sizing are all examples of structural decisions that flow into the disclosure.
Diligence is the substance behind every line in the S-1. Without it, the disclosures are unverified claims; with it, they are positions the bank can defend if challenged. The same effort produces the document the working group will spend the next several months drafting, which is the subject of the S-1 drafting workflow.
Free Interview PDF Guide