What is the biggest red flag when buying a small business?

Customer concentration above 20% of revenue from a single customer is consistently cited as the most dangerous red flag because it creates immediate post-close revenue risk with no structural hedge. Owner dependency is a close second, particularly in service businesses where relationships are personal.

How do you verify revenue when buying a small business?

Reconcile every invoice to a bank deposit for at least 12 months. Request read-only access to the accounting system rather than relying on exported reports. Cross-reference reported revenue against tax returns using an IRS Form 4506-C transcript request. Any gap between these sources requires a documented explanation before proceeding.

What are EBITDA add-backs and when are they a red flag?

EBITDA add-backs are adjustments to normalize owner-specific or one-time expenses out of reported earnings. They become a red flag when recurring expenses are labeled one-time, when owner salaries are added back at below-market replacement rates, or when family members on payroll perform no real business function. Rebuild EBITDA independently from verified line items and investigate any gap with the seller's adjusted figure.

What is successor liability and why does it matter in an acquisition?

Successor liability is the legal principle that a buyer inherits unresolved obligations of the business it acquires, even if those obligations predate the transaction. HR violations, unpaid payroll taxes, environmental contamination, and undisclosed litigation are common sources. An asset purchase structure reduces but does not eliminate successor liability; representations, warranties, and indemnification provisions in the purchase agreement are the primary contractual protection.

How do you detect owner dependency during due diligence?

Interview key employees and major customers directly, with the seller's permission. Ask staff whether they could operate the business for 90 days without the owner. Review vendor contracts to determine whether relationships are documented or personal. Request an operations manual and assess how complete and current it is. Require process documentation as a deliverable in the purchase agreement if gaps exist.

What should I do if tax returns don't match the financial statements?

Treat the discrepancy as a material issue, not an administrative one, until fully explained. Request IRS transcript confirmation via Form 4506-C. Identify every line-item difference and require the seller to provide a written reconciliation with supporting documentation. Persistent unexplained gaps between tax filings and internal financials are grounds to retrade price, restructure protections, or walk away.

Red Flags When Buying a Small Business

The most common red flags when buying a small business are customer concentration above 20% of revenue, owner dependency that makes the business unsellable without the founder, unverifiable or declining revenue trends, hidden liabilities off the balance sheet, overstated EBITDA through aggressive add-backs, HR and payroll compliance gaps, missing or inconsistent tax returns, and deteriorating gross margins. Any one of these can kill a deal or destroy post-close value. This guide covers how to identify each one before you sign.

What Is Customer Concentration Risk and Why Does It Matter?

Customer concentration occurs when a single customer accounts for more than 20% of total revenue — a threshold used by most lenders, the International Business Brokers Association, and institutional search fund investors as a hard underwriting limit. When that customer churns, renegotiates terms, or gets acquired by a competitor, the business can lose a fifth of its revenue overnight with no offsetting asset to fall back on.

Detecting it requires more than a quick look at the revenue ledger. Request a customer-by-customer revenue breakdown for the trailing 24 months. Look for any single line that exceeds 15–20%. Then ask: Is there a long-term contract in place? What's the renewal history? Who owns the relationship — the current owner or a salesperson who might leave with the business? A verbal agreement with the founder's golf buddy is not a contract.

The Stanford GSB Search Fund Primer consistently identifies customer concentration as one of the most frequent value-destroyers in small business acquisitions, particularly in B2B services and manufacturing. If more than 40% of revenue is tied to two customers, expect your lender to require additional equity or deal protection covenants.

How Do You Spot Owner Dependency Before It Sinks the Deal?

Owner dependency — sometimes called key-man risk — exists when critical business functions, customer relationships, or institutional knowledge are locked inside a single person's head. In small businesses, that person is almost always the seller. When they walk out on day one of your ownership, so does the business.

Signs to look for during diligence: the owner's personal cell number is the main customer support line, all vendor relationships are person-to-person rather than documented contracts, no employee has ever made a major decision without the owner's approval, and there is no operations manual or documented process for anything. Interview key staff directly. Ask them: 'If the owner was unavailable for 90 days, could you keep things running?' Their answer will tell you everything.

The HBR Guide to Buying a Small Business recommends a transition period with earnout provisions specifically to mitigate key-man risk — but earnouts are imprecise instruments. A cleaner approach is requiring the seller to document every core process as part of the purchase agreement, with holdback funds released only when documentation is delivered and verified.

What Should You Do When Revenue Looks Unverifiable or Is Declining?

Unverifiable revenue is one of the most dangerous red flags in SMB acquisitions because sellers control the narrative right up until close. Revenue should be traceable from source invoices through the accounting system to the bank statement. If any link in that chain is broken — PDFs that can't be cross-referenced, cash transactions with no deposit records, QuickBooks data that doesn't match tax filings — treat it as a fabrication until proven otherwise.

Declining revenue is a separate but equally serious issue. A business with 3 consecutive years of revenue decline is not a turnaround opportunity — it is a failing business, unless you can identify a specific, fixable cause with hard evidence (e.g., a single lost contract that has since been replaced, a pandemic-era dip with documented recovery). The Pepperdine Private Capital Markets Report notes that declining revenue is consistently correlated with higher post-close default rates on SBA 7(a) loans used to fund small business acquisitions.

Verification steps: reconcile every invoice to a bank deposit for at least 12 months. Request read-only access to the accounting system, not just exported reports. If the seller refuses either, walk away.

How Do You Find Hidden Liabilities That Don't Appear on the Balance Sheet?

Off-balance-sheet liabilities are items that create real financial obligations but don't show up in standard financial statements. In small businesses, the most common forms are: personal guarantees the business has issued for a related party's debt, operating leases structured to avoid capitalization, deferred revenue that has been recognized but not yet delivered, pending litigation that has not been disclosed, and environmental cleanup obligations tied to the property.

Legal diligence is the only reliable detection method. Run a UCC lien search in every state where the business operates. Check federal and state court records for any filed or threatened litigation. Request copies of all insurance policies and look for open claims. Ask the seller to represent and warrant in the purchase agreement that no material liabilities exist outside the disclosed financials — and include a meaningful indemnification provision with escrow backing if they hesitate.

What Is EBITDA Add-Back Abuse and How Do You Catch It?

EBITDA normalization is legitimate and necessary in small business transactions. Sellers reasonably add back their own salary above market rate, one-time legal fees, personal vehicle expenses, and other non-recurring items. Add-back abuse is when normalization becomes fabrication: recurring expenses labeled 'one-time,' personal family members on payroll who do no real work, inflated owner salaries added back at below-market replacement cost, or capital expenditures misclassified as operating expenses.

A reliable test: rebuild EBITDA from scratch using only verifiable line items. Start with revenue you have confirmed. Subtract all cash operating expenses you can document. Apply a realistic market-rate manager salary for the role the owner fills. The result is your real EBITDA. Compare it to the seller's adjusted EBITDA figure and investigate every gap greater than 5%.

Tools like DEALPRINT flag EBITDA add-back irregularities automatically by scanning financial statements for recurring expenses that appear in normalized schedules, owner-related payroll patterns, and year-over-year classification shifts that don't match narrative explanations.

Why Are HR and Payroll Compliance Issues a Deal-Breaker?

HR and payroll compliance violations create successor liability — meaning you inherit the problem the moment you take ownership. The most common issues in SMB acquisitions: worker misclassification (1099 contractors who should be W-2 employees), unpaid overtime under FLSA, I-9 documentation failures, unreported wages to state unemployment agencies, and failure to maintain required benefit plan documentation for any ERISA-covered plans.

Detection requires a payroll audit. Request payroll registers for 24 months and cross-reference them with contractor payments. Ask for copies of all 1099s issued. If the business has more than 50 employees, verify ACA compliance reporting. State labor agencies maintain public records of wage claims and investigations — check them. A professional employer organization (PEO) record or third-party payroll processor can simplify verification but should not be treated as a substitute for direct confirmation.

What Do Missing or Inconsistent Tax Returns Tell You About a Business?

Tax returns are the single most reliable independent verification of a business's financial history because they are filed under penalty of perjury and reviewed by the IRS. When tax returns are missing, late-filed, or inconsistent with the financial statements presented in the CIM, it is a serious red flag — not a paperwork issue.

Specific inconsistencies to look for: revenue reported on the business tax return that differs from the seller's adjusted P&L by more than rounding differences; payroll tax filings (941s) that don't align with W-2 totals; state sales tax filings that imply revenue the income statement doesn't reflect; or a business that claims to be a pass-through entity but has K-1s inconsistent with the ownership structure described. Request IRS Form 4506-C and have the seller authorize direct transcript retrieval — this eliminates any possibility of a seller-modified return.

What Do Deteriorating Gross Margins Signal About a Business's Health?

Gross margin compression — where revenue holds steady or grows but the spread between revenue and direct costs narrows — often signals structural problems invisible in top-line numbers. Common causes: pricing power is eroding as competitors undercut, input costs (materials, labor, freight) have risen faster than the business can pass through, a key product line is being discontinued without a replacement, or the business is quietly discounting to maintain revenue while destroying unit economics.

A three-year gross margin trend is required diligence, not optional. Break gross margin down by product line or service category if the business has multiple revenue streams. A blended gross margin can look stable while one core product deteriorates and another grows. Also compare gross margins to industry benchmarks from sources like the IBBA annual survey — a business running 10 points below industry average without a clear structural reason should trigger deep investigation.

Comparison

Red Flag: Customer concentration >20% | What It Signals: Revenue fragility; one departure destroys cash flow | How to Detect It: Customer-by-customer revenue split, trailing 24 months
Red Flag: Owner dependency | What It Signals: Business may not function post-close without the seller | How to Detect It: Staff interviews, process documentation audit, vendor contract review
Red Flag: Unverifiable or declining revenue | What It Signals: Possible fabrication; fundamental business decline | How to Detect It: Invoice-to-bank-deposit reconciliation, read-only accounting access, tax return cross-check
Red Flag: Off-balance-sheet liabilities | What It Signals: Hidden obligations that transfer to buyer at close | How to Detect It: UCC lien search, court record check, full insurance review
Red Flag: EBITDA add-back abuse | What It Signals: Overstated earnings inflating valuation and purchase price | How to Detect It: Rebuild EBITDA from verified line items; audit recurring vs. one-time classification
Red Flag: HR/payroll compliance gaps | What It Signals: Successor liability for unpaid wages, misclassification, or penalties | How to Detect It: Payroll register audit, 1099 cross-reference, state wage claim records
Red Flag: Missing or inconsistent tax returns | What It Signals: Possible revenue manipulation or unreported liability | How to Detect It: IRS Form 4506-C transcript request; cross-reference against P&L
Red Flag: Deteriorating gross margins | What It Signals: Pricing pressure, cost creep, or product line decay | How to Detect It: Three-year gross margin trend by product/service line vs. industry benchmarks

What Sources Do Experienced Buyers Use to Benchmark These Risks?

Practitioners doing serious diligence draw on a consistent set of reference points. The IBBA's annual market survey provides transaction volume and deal structure data segmented by industry and business size. The Pepperdine Private Capital Markets Report is the most rigorous data source on SMB lending standards, default rates, and capital availability — directly relevant to predicting where lenders will push back on a deal. The HBR Guide to Buying a Small Business provides a structured framework for evaluating management quality and transition risk. The Stanford GSB Search Fund Primer is the definitive operational guide for search fund entrepreneurs and contains practical red-flag checklists built from decades of completed transactions.

These sources converge on a consistent set of deal-killers: concentrated revenue, key-man dependency, financial statement inconsistency, and undisclosed liabilities. The specific thresholds vary by industry and deal structure, but the categories remain stable across acquisition types.

DEALPRINT

Running diligence on a deal?

DEALPRINT automates document review, flags red flags, and organises your data room — so you can focus on the conversations that close.

Apply for Limited Release

Frequently Asked Questions

Common Questions

What is the biggest red flag when buying a small business?: Customer concentration above 20% of revenue from a single customer is consistently cited as the most dangerous red flag because it creates immediate post-close revenue risk with no structural hedge. Owner dependency is a close second, particularly in service businesses where relationships are personal.
How do you verify revenue when buying a small business?: Reconcile every invoice to a bank deposit for at least 12 months. Request read-only access to the accounting system rather than relying on exported reports. Cross-reference reported revenue against tax returns using an IRS Form 4506-C transcript request. Any gap between these sources requires a documented explanation before proceeding.
What are EBITDA add-backs and when are they a red flag?: EBITDA add-backs are adjustments to normalize owner-specific or one-time expenses out of reported earnings. They become a red flag when recurring expenses are labeled one-time, when owner salaries are added back at below-market replacement rates, or when family members on payroll perform no real business function. Rebuild EBITDA independently from verified line items and investigate any gap with the seller's adjusted figure.
What is successor liability and why does it matter in an acquisition?: Successor liability is the legal principle that a buyer inherits unresolved obligations of the business it acquires, even if those obligations predate the transaction. HR violations, unpaid payroll taxes, environmental contamination, and undisclosed litigation are common sources. An asset purchase structure reduces but does not eliminate successor liability; representations, warranties, and indemnification provisions in the purchase agreement are the primary contractual protection.
How do you detect owner dependency during due diligence?: Interview key employees and major customers directly, with the seller's permission. Ask staff whether they could operate the business for 90 days without the owner. Review vendor contracts to determine whether relationships are documented or personal. Request an operations manual and assess how complete and current it is. Require process documentation as a deliverable in the purchase agreement if gaps exist.
What should I do if tax returns don't match the financial statements?: Treat the discrepancy as a material issue, not an administrative one, until fully explained. Request IRS transcript confirmation via Form 4506-C. Identify every line-item difference and require the seller to provide a written reconciliation with supporting documentation. Persistent unexplained gaps between tax filings and internal financials are grounds to retrade price, restructure protections, or walk away.

Sebastian Krappe

CEO

Sebastian is the CEO and co-founder of DEALPRINT. He is a former investment banker and private equity investor who conducted far too many manual, painful diligence processes. He is passionate about making sure no investors, advisors, or brokers have to struggle with due diligence again. Sebastian holds a B.A. from Columbia University and is an MBA Candidate at the UC Berkeley Haas School of Business.

LinkedInMore articles

Back to blog

Monday, April 27, 2026

The Most Common Red Flags When Buying a Small Business