Protect your investment by auditing MRR quality, key man dependency, cybersecurity exposure, and contract transferability before closing on any managed services acquisition.
Find IT Services Acquisition TargetsAcquiring an IT services firm or MSP requires scrutiny beyond standard financials. Recurring revenue quality, technical staff retention, cybersecurity liability, and PSA/RMM stack compatibility all directly affect post-close value. This guide walks buyers through three structured phases covering the most critical risks in lower middle market IT services transactions.
Validate the true recurring revenue base, assess customer concentration risk, and confirm contract transferability before proceeding to deeper diligence.
Request trailing 24-month MRR schedules broken out by client. Verify that recurring revenue represents 60%+ of total revenue and annual churn stays below 5%.
Identify revenue by client and flag any single customer exceeding 15–20% of total revenue. Concentrated books dramatically increase post-close risk.
Confirm all managed services agreements are written, current, and contain assignment clauses allowing transfer to a new entity without client consent requirements.
Evaluate service delivery infrastructure, staff dependency, and cybersecurity posture to identify operational risks that could impair value immediately after closing.
Map which technical staff handle critical client relationships and escalations. Assess flight risk and develop retention strategies — stay bonuses or equity — before close.
Review the target's own security controls, any past breaches or ransomware incidents, and client-facing indemnification clauses that could create undisclosed liability.
Document all PSA, RMM, billing, and monitoring platforms in use. Assess integration complexity and licensing transferability, especially if acquiring into an existing MSP platform.
Confirm financial representations, validate EBITDA normalization, and review legal agreements to ensure the deal structure accurately reflects business fundamentals.
Distinguish true recurring-revenue EBITDA from one-time hardware sales or project windfalls. Validate owner compensation add-backs against actual replacement cost for management.
Audit all software, vendor partnership, and reseller agreements. Confirm assignability and flag any Microsoft, Cisco, or distributor agreements requiring re-certification post-close.
Cross-reference three years of tax returns against P&Ls and bank statements to identify unreported income, personal expenses, or revenue recognition inconsistencies.
Verify the IT Services acquisition qualifies for SBA financing, the purchase price is supportable by the verified cash flow, and the deal structure protects the buyer's downside.
Confirm the IT Services meets SBA 7(a) eligibility requirements: the business is for-profit, U.S.-based, within SBA size standards, and the buyer meets personal financial requirements. Some industries have specific SBA restrictions — verify before LOI.
Model verified normalized EBITDA against projected SBA loan payments at current rates. A $1M SBA 7(a) loan at 10.5% over 10 years costs approximately $13,000/month. The IT Services must generate at least 1.25x debt service coverage after a market-rate manager salary to pass underwriting.
Confirm the seller note is properly subordinated to the SBA loan and goes on 24-month standby as required by SBA rules. If an earnout is included, define exact measurement metrics, time period, and dispute resolution process before signing the purchase agreement.
Before signing a Letter of Intent, request these documents from the seller. Missing or incomplete items are a red flag — not a reason to proceed without them.
Target at least 60% MRR as a share of total revenue. Higher MRR concentration means more predictable cash flow, lower integration risk, and justifies paying toward the higher end of the 4–7x EBITDA multiple range typical for IT services acquisitions.
Map every client relationship and technical escalation to specific staff. If the owner handles more than 30% of client touchpoints or holds unique technical knowledge, require a 12–24 month consulting agreement and negotiate retention bonuses for critical technical employees as deal conditions.
Yes. IT services businesses with strong MRR and documented financials are well-suited for SBA 7(a) financing. Typical structures include 10–20% buyer equity, an SBA loan covering the majority, and a 5–10% seller note to bridge any valuation gap.
Review the target's internal security stack, any past breach or ransomware incident disclosures, and all client contracts for indemnification clauses. Undisclosed breaches or weak internal controls can create substantial post-close liability with enterprise or regulated-industry clients.
More IT Services Guides
DealFlow OS surfaces targets with seller signals and motivation scores — so you know before you start diligence. Free to join.
Start finding deals — freeNo credit card required
For Buyers
For Sellers