Prepared by: Layer8TechGroup · Framework: 10 Technology Fixes — Tier 1 · Documents Ingested: 12
Overall Score
3.6/10
8-domain blend
Valuation Multiple
2.5 – 2.8×
SDE · Main Street
EBITDA
$378,000
most recent FY
Vertical
Technology / MSP
technology
Assessment Scores — 8-Domain Profile
Value Recovery RoadmapTotal Recoverable Value: $321,300
Prioritized by estimated valuation impact · Score-adjusted: 2.5 – 2.8×SDE · Ceiling: 3.5×
Complete remediation plan across all scored domains. The Priority Fixes section below highlights the five ranked starting points.
| Domain | Layer8 Service | Multiple Impact | Value at Risk | Est. Timeline | Typical Investment | Est. ROI |
|---|---|---|---|---|---|---|
CQCustomer Quality✓ Quick Win | Contract Audit & CRM Implementation | +0.2x | $67,473 | ⏱ 10+ wks | $8,000 – $14,000 | ~6x |
DRDiligence Risk✓ Quick Win | Security Hardening & Data Room Preparation | +0.2x | $57,834 | ⏱ 4–6 wks | $2,500 – $4,500 | ~16.5x |
OROwner Risk✓ Quick Win | Succession Planning & Knowledge Capture Sprint | +0.1x | $48,195 | ⏱ 8–10 wks | $6,000 – $10,000 | ~6x |
OSOperational Scalability | Process Documentation & Systems Audit | +0.1x | $41,769 | ⏱ 10+ wks | $6,500 – $11,000 | ~5x |
TMTechnology & Systems Maturity | Technology Infrastructure Audit & Modernization Plan | +0.1x | $32,130 | ⏱ 6–8 wks | $3,000 – $5,500 | |
HCHuman Capital | Workforce Retention & Bench Depth Sprint | +0.1x | $32,130 | ⏱ 10+ wks | $5,000 – $8,000 | ~5x |
FRFinancial Readiness | Books Cleanup & Add-Back Schedule | +0.1x | $22,491 | ⏱ 6–8 wks | $4,000 – $7,000 | ~4x |
LCLegal & Regulatory Compliance | Legal Compliance Audit & Contract Review | +0.1x | $19,278 | ⏱ 8–10 wks | $6,000 – $10,000 | |
| TOTAL | — | $321,300 | — | $41,000 – $70,000 | ~6x | |
Quick Win items are flagged ✓ in the table above — these deliver the highest remediation ROI in the shortest timeline and are the recommended starting point for any remediation plan.
Typical investment ranges reflect market-rate remediation costs and are provided for prioritization purposes only. Actual engagement scope and pricing depend on business size, gap severity, and selected service provider. Layer8 Tech Group provides formal engagement proposals following assessment delivery.
Ready to recover this value before you list?
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Automation Opportunity AssessmentScored separately — upside signals for post-close value creation, not valuation drivers
▲ Automation Maturity IndexScored separately — excluded from overall score and valuation multiple
0.9/10MANUAL (raw: 1/16)
MSP revenue infrastructure is evaluated on lead-to-contract automation, after-hours responsiveness, and client retention sequences — critical signals for buyers assessing whether ARR growth is system-driven or founder-dependent.
Automation maturity is scored separately from the valuation composite. The gaps below represent operational efficiency opportunities and post-close value creation for a buyer — not valuation discounts.
| # | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| R01 | AI Voice / After-Hours Call Handling AMS_CIM.txt · AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt There is no evidence of AI voice agents or automated after-hours call handling in any of the retrieved documents. The company operates a remote-first service delivery model using ConnectWise Manage and standard helpdesk staffing, with no mention of call automation, AI voice systems, or 24/7 inbound call handling capabilities. | 0/2 | MANUAL | |
| R02 | CRM Presence & Workflow Automation AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_HC_Profile.txt Apex uses ConnectWise Manage as its CRM system with an active pipeline tracked ($380K with $195K weighted value), but the documents provide no evidence of automated workflows—sales follow-up, lead nurturing, and pipeline management appear to rely on manual processes rather than system-driven automation. The CRM presence is functional but incomplete in automation maturity. | 1/2 | PARTIAL | |
| R03 | 24/7 Lead Capture AMS_CIM.txt · AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt The retrieved documents contain no evidence of after-hours or 24/7 lead capture capabilities; there is no mention of contact forms, chatbots, automated routing systems, or any lead capture infrastructure beyond traditional business operations. The company's operational model appears entirely manual and business-hours dependent, with no documented automation for prospect inquiries outside standard working hours. | 0/2 | MANUAL | |
| R04 | SMS Appointment Reminders & Confirmations AMS_CIM.txt · AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt There is no evidence in the retrieved documents that Apex Managed Solutions has implemented automated SMS appointment reminders and confirmations; the company's technology stack (ConnectWise Manage, IT Glue, Huntress EDR) and operational processes documented do not reference SMS automation capabilities, indicating manual or absent appointment reminder workflows. | 0/2 | MANUAL | |
| R05 | Automated Review Solicitation AMS_CIM.txt · AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt There is no evidence of automated post-service review solicitation in any of the provided documents; the company operates without systematic review request processes, relying entirely on organic reviews from its 34 managed services clients. The business management systems mentioned (ConnectWise Manage, IT Glue, Huntress EDR) show no configured automation for review collection or client feedback solicitation. | 0/2 | MANUAL | |
| R06 | Smart Follow-Up Sequences AMS_CIM.txt · AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt There is no evidence of automated follow-up sequences in the retrieved documents; the company's sales and client engagement processes are entirely manual and owner-dependent, with no mention of drip campaigns, marketing automation, or systematic re-engagement workflows for unconverted leads or dormant clients. | 0/2 | MANUAL |
Interpretation: Manual — buyer will underwrite operational risk, expect discount
A low Automation Maturity score for an MSP signals that growth is relationship-driven rather than systematic. Buyers will apply a meaningful discount and may require remediation commitments as a condition of close.
📈 Buyer Opportunity: A buyer who systematizes these automation gaps post-close would deploy a proven playbook: AI voice handling, CRM workflows, and follow-up sequences that collectively recover 15–25% of leads currently lost to slow response. This is a predictable, acquirable value-creation lever.
► Operational Automation OpportunitiesVertical-specific — excluded from overall score
1.0/10MANUAL (raw: 1/10)
Vertical-specific operational automation gaps identified in MSP & Technology Operational Automation operations. These gaps represent immediate efficiency opportunities for the current owner and post-close value creation levers for a buyer.
Operational automation gaps identified below are framed as efficiency and revenue recovery opportunities. Dollar estimates reflect operational impact, not valuation multiple adjustment. Layer8 delivers these implementations directly.
| Automation Opportunity | Score | Status | Bar | Layer8 Opportunity |
|---|---|---|---|---|
| Ticket Triage & Auto-Assignment | 0/2 | MANUAL | Ticket automation reduces mean time to first response — the metric buyers use most heavily to benchmark MSP operational maturity and client satisfaction. | |
| Patch Management & Compliance Reporting | 0/2 | MANUAL | Automated patch compliance reporting is a premium tier differentiator — it demonstrates systematic security management and supports cyber insurance requirements. | |
| Client Onboarding & Offboarding | 1/2 | PARTIAL | Onboarding automation is the most visible quality signal to new clients — and the fastest way to surface the gap between an MSP that runs on people and one that runs on systems. | |
| Client Health Scoring & Churn Risk Alerts | 0/2 | MANUAL | Client health automation converts churn prevention from a reactive fire drill to a proactive managed process — directly protecting the MRR base that drives MSP valuation. | |
| QBR Scheduling & Preparation | 0/2 | MANUAL | QBR automation enables consistent executive engagement across the entire client base — not just the accounts that squeaky-wheel their way to attention. |
Ready to build your automation infrastructure before you list?
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 Service CatalogOne service per Roadmap row — purpose, inputs, deliverables, and success criteria
CQContract Audit & CRM Implementation
Purpose
Protect revenue base transferability by ensuring customer contracts survive a change of control and the pipeline is visible to buyers — two of the most scrutinized items in lower-middle-market diligence.
Client Inputs
All active customer agreements, CRM access or pipeline export, renewal history, list of top 10 accounts by revenue.
Engagement Approach
Contract review for assignment and change-of-control clauses, gap remediation with M&A counsel for missing language, CRM selection or cleanup, pipeline workflow configuration, and renewal tracking implementation.
Deliverables
Contract assignment analysis with remediation recommendations; updated agreements with assignment language; CRM implementation with documented pipeline stages; weighted renewal forecast report.
Success Criteria
All material contracts include assignment language acceptable to buyer counsel; CRM shows a 90-day pipeline with documented renewal rates; top-10 account relationships documented with transition plans.
DRSecurity Hardening & Data Room Preparation
Purpose
Eliminate the most common pre-close diligence findings — security gaps, disorganized documentation, and missing records — so the buyer's team moves efficiently and the seller enters negotiation with a clean record.
Client Inputs
Administrative access to email and file storage systems, current software and SaaS subscription list, contract inventory, data backup and recovery procedures.
Engagement Approach
Security posture assessment against buyer diligence checklists, MFA deployment verification, endpoint protection confirmation, data room folder structure built to standard buyer request formats, incident response procedure documented.
Deliverables
Organized data room with standard diligence folder structure; MFA confirmed across all systems; endpoint protection report; written incident response procedure; data backup and recovery procedure documented.
Success Criteria
Data room passes a sample buyer diligence checklist without gaps; security posture documented to buyer IT diligence standards; no security findings flagged during sale negotiations.
ORSuccession Planning & Knowledge Capture Sprint
Purpose
Convert undocumented succession risk into a written, buyer-acceptable transition plan that reduces Day 1 integration uncertainty and unlocks negotiation leverage on earn-out and escrow terms.
Client Inputs
Owner interview (2–3 hours), key staff interviews (1 hour each), access to current SOPs and operations documentation, current organizational chart.
Engagement Approach
Structured interview series capturing operational and relationship knowledge. Knowledge capture workshops with key staff. Drafting of formal succession plan with phased transition timeline and relationship handoff schedule.
Deliverables
Written succession plan (10–15 pages); phased 90-day transition timeline; key relationship introduction schedule; operational protocol handoff checklist; retention recommendations for critical staff.
Success Criteria
Plan reviewed and accepted by buyer counsel during diligence; transition timeline supports closing without operational disruption; no retention escrow required beyond standard market terms.
OSProcess Documentation & Systems Audit
Purpose
Demonstrate to buyers that the business can operate and grow without the owner — the core test for platform acquisition suitability and a prerequisite for earn-out terms that don't require owner involvement.
Client Inputs
Existing process documentation (any format), list of core operational workflows, technology stack inventory, vendor contracts, org chart and current role descriptions.
Engagement Approach
Process mapping interviews with key staff, SOP drafting for undocumented workflows, technology stack documentation and gap assessment, vendor contract review, financial controls walkthrough and documentation.
Deliverables
Core SOP library covering sales, delivery, billing, and support; technology stack documentation; vendor contract summary with renewal calendar; financial controls memo; org chart with documented decision authority.
Success Criteria
A buyer's operations team can assess day-to-day execution from documentation alone; no single staff member is required to explain how the business runs; operations continue during a 30-day owner absence.
TMTechnology Infrastructure Audit & Modernization Plan
Purpose
Produce the technology documentation and remediation roadmap buyers need to underwrite the business's systems without applying a 'black box' discount — demonstrating the tech stack is an asset, not a liability.
Client Inputs
List of all software, SaaS subscriptions, and hardware; IT vendor contracts; current cybersecurity policies; network or system architecture documentation; access to primary business applications for documentation.
Engagement Approach
Systems inventory and entity-ownership documentation, cybersecurity posture assessment, data integrity review, vendor rationalization, technical debt assessment, modernization roadmap drafting aligned to buyer integration requirements.
Deliverables
Complete systems inventory with entity-owned credential confirmation; cybersecurity findings report; data integrity assessment; vendor rationalization recommendations; written 18-month technology roadmap; technical debt disclosure memo.
Success Criteria
Buyer's IT diligence team can assess all systems from documentation alone; no critical vulnerabilities undisclosed; all material systems confirmed entity-owned and transferable; technical debt quantified and roadmap accepted by buyer's IT lead.
HCWorkforce Retention & Bench Depth Sprint
Purpose
Demonstrate that key staff will remain post-close and that the business has the organizational depth to operate without the owner — reducing the escrow holdback and earn-out provisions buyers use to hedge staff attrition risk.
Client Inputs
Employee roster with tenure and compensation, org chart with reporting lines, existing employment or retention agreements, list of key non-owner roles, comp benchmarking data if available.
Engagement Approach
Compensation benchmarking against vertical market rates, retention risk assessment per key role, training playbook documentation, succession identification for critical non-owner positions, comp and benefits structure review for post-close transferability.
Deliverables
Compensation benchmarking report by role; retention risk matrix with recommended retention bonus structures; written succession plans for key non-owner roles; training playbook for top-3 operational roles; comp and benefits transferability memo.
Success Criteria
Buyer's HR diligence confirms comp is at or near market for all revenue-generating roles; retention agreements in place for staff with >20% of revenue exposure; succession paths documented for all roles where departure would disrupt operations within 90 days.
FRBooks Cleanup & Add-Back Schedule
Purpose
Ensure the company's financial statements survive a Quality of Earnings review without re-trading — the single most common source of post-LOI price reductions in SMB transactions.
Client Inputs
3 years of P&L statements and balance sheets, accounting system access, list of all owner add-backs with supporting documentation, CPA contact.
Engagement Approach
Bookkeeping normalization review for consistency and GAAP alignment, add-back identification and documentation with evidentiary support, CPA coordination for reviewed or audited presentation, QofE preparation briefing.
Deliverables
Normalized 3-year P&L with documented add-backs; add-back schedule with supporting documentation for each item; buyer-defensible adjusted EBITDA calculation; QofE-ready financial package.
Success Criteria
Add-backs are documented with receipts or third-party statements that a buyer's QofE accountant will accept without pushback; EBITDA figure matches seller's stated number; no surprises in financial diligence.
LCLegal Compliance Audit & Contract Review
Purpose
Surface and remediate the legal and compliance gaps that most commonly trigger post-LOI price reductions — license transferability, IP ownership, employment compliance, and undisclosed contingent liabilities.
Client Inputs
Business licenses and permits, material vendor and customer contracts, employment agreements and contractor arrangements, corporate formation documents, prior litigation or regulatory correspondence.
Engagement Approach
Business license review and transferability confirmation with counsel, contract assignment analysis, IP ownership confirmation, employment classification and I-9 review, litigation disclosure review and representation letter preparation.
Deliverables
Legal compliance memo covering all identified gaps and remediation actions; license transferability confirmation; contract assignment analysis; IP schedule; employment compliance findings; attorney representation letter.
Success Criteria
No open legal items triggering a material adverse change clause; licenses confirmed transferable by buyer's counsel; no IP ownership gaps; employment practices reviewed; litigation disclosure complete and documented.
Ready to start a remediation sprint?
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Valuation Impact Analysis
Main Street · SDE
Technology / MSP businesses in this size range typically trade at
2.5–3.5× SDE
— MSPs with high Monthly Recurring Revenue, documented contracts, and system-driven growth command premium multiples. PE-backed roll-ups are active acquirers paying 6–9× for platform-quality businesses.
Score-adjusted range
(Exit Readiness 3.6/10 — Main Street — lower range)
EBITDA (most recent FY): $378,000 (AI-extracted)
2.5–2.8× SDE
$945,000 – $1,058,400
| Scenario | Score-Adjusted Range | Implied Value (SDE) |
|---|---|---|
| Current (as-is) | 2.5×–2.8× SDE | $945,000 – $1,058,400 |
| Post-Remediation (5.6/10 est.) | 2.6×–3.1× SDE | $982,800 – $1,171,800 |
Implementing the recommended priority fixes over 90 days could add an estimated ~$75,600 to the transaction value — a potential 8% lift on the same underlying business.
↑ What drives higher multiples
- High MRR percentage >70%
- Documented service contracts
- NOC/helpdesk not owner-dependent
- Stack standardization across clients
↓ What suppresses multiples
- Break-fix revenue dominant
- No formal service agreements
- Owner is primary engineer
Domain Detail & Findings
Diligence Risk4.2/10 NEEDS WORK (18% blend)
Deal Impact: Documentation gaps will extend diligence and require owner availability — expect timeline and multiple pressure.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fix_01 | Documented Processes & SOPs AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_CRM_Pipeline.csv · AMS_Financials.csv · AMS_HC_Profile.txt — High confidence — multiple documents corroborated Apex Managed Solutions has minimal documented processes with significant knowledge concentration in key individuals. The Cybersecurity Assessment identifies "gaps exist that require remediation before a sale process, particularly around documentation formality," and the HC Profile reveals that "no succession plan or cross-training program exists for any role," with the Cisco/Network Architect noted as a "single-point-of-failure" and the owner holding "direct relationships with 11 of 14 managed services clients" with no formal documentation. Critical operational workflows—including client onboarding, network architecture decisions, and account management—exist primarily in people's heads rather than in standardized, documented procedures. | 3/10 | CRITICAL RISK | |
| fix_02 | Cybersecurity Posture AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_HC_Profile.txt — High confidence — multiple documents corroborated Apex maintains a solid baseline cybersecurity posture with MFA enforced across all staff via Azure AD, Huntress EDR deployed on all 11 endpoints, and formal backup/disaster recovery testing documented as of the assessment date. However, critical gaps exist that prevent a higher score: no formal incident response plan is documented (only informal procedures followed), no dedicated privileged access management solution exists for client credentials (stored in IT Glue without separate vaulting), and no external penetration testing has been conducted in the assessment period—significant risks for a cybersecurity MSP serving healthcare-adjacent clients. | 7/10 | ADEQUATE | |
| fix_03 | Owner Dependency AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The owner holds direct relationships with 11 of 14 managed services clients and is the sole approval authority for all hiring, compensation, and onboarding decisions, creating critical single-points-of-failure across operations. The Senior Network Engineer ([PERSON]), the only [LOCATION]-certified engineer and primary engineer for the largest client (18% of revenue), has no documented backup, and the company has experienced 38% technical staff turnover with no formal succession plan or cross-training program in place. Additionally, no employment agreements exist for key technical staff, providing the buyer with zero contractual retention protections for essential personnel. | 3/10 | CRITICAL RISK | |
| fix_04 | Revenue Quality & Concentration AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated Apex Managed Solutions demonstrates solid revenue quality with 62% recurring revenue from managed services and monitoring contracts across 34 active clients averaging $3,200 per month, exceeding the 50-70% threshold for this band. However, concentration risk exists with the owner holding direct relationships with 11 of 14 managed services clients, and while no single client is explicitly stated to exceed 15% of revenue, the heavy owner dependency creates successor risk that could impact renewal predictability post-exit. The pipeline shows diversification across verticals (legal, healthcare-adjacent, accounting, real estate) with documented annual contracts, supporting the 7-8 scoring band. | 7/10 | ADEQUATE | |
| fix_05 | Customer Contracts AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The retrieved documents contain no information regarding customer contracts, their transferability, standardization, change-of-control clauses, centralized repositories, or renewal rate tracking. While the CIM references "34 active managed services clients with average tenure of [DATE_TIME]" and "recurring contracts averaging $3,200 per month per client," there is no evidence of formalized contract documentation, assignment language, or renewal management processes. The complete absence of contract-level documentation in the due diligence materials represents a critical gap for M&A readiness. | 2/10 | CRITICAL RISK | |
| fix_06 | IT Infrastructure & Asset Documentation AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated Apex maintains basic IT infrastructure supporting its MSP operations (ConnectWise Manage, IT Glue, Huntress EDR, Microsoft 365) but exhibits significant documentation and control gaps that expose exit risk. The cybersecurity assessment identifies critical gaps in incident response planning ("No documented incident response plan exists"), privileged access management (credential exposure risk in IT Glue with no dedicated PAM vault), and penetration testing (none performed in recent history), with an overall MEDIUM-LOW risk rating acknowledging that "primary gaps are documentation and PAM." Additionally, key technical staff turnover (two Tier-1 helpdesk departures noted) and single-point-of-failure dependencies (senior network engineer as sole Cisco/network architect with no backup) indicate incomplete asset documentation and maintenance protocols typical of a 3-4 rating category. | 4/10 | NEEDS WORK | |
| fix_07 | CRM & Pipeline Documentation AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The company uses ConnectWise Manage as its CRM system, but documentation reveals significant pipeline management weaknesses typical of owner-dependent operations. The CIM notes an "active pipeline of $380K (Q1 2026) with $195K weighted value," but the HC Profile indicates the owner holds "direct relationships with 11 of 14 managed services clients" with "no succession plan or cross-training program," suggesting key pipeline opportunities remain concentrated with ownership rather than systematically documented and managed through the CRM platform. | 3/10 | CRITICAL RISK | |
| fix_08 | Key Employee Risks AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The company has multiple critical single points of failure with no documented backups or retention agreements. The Senior Network Engineer ([PERSON]) is the only [LOCATION]-certified engineer and his departure would eliminate the company's ability to service network-heavy clients; the Cisco/Network Architecture role is explicitly listed as a "Single-point-of-failure" with no backup identified. Additionally, the owner holds direct relationships with 11 of 14 managed services clients with "no succession plan or cross-training program" in place, and technical staff compensation is 6–10% below market with no formal retention bonuses or equity, creating elevated flight risk particularly for the Senior Network Engineer who has raised compensation concerns twice and is identified as "the highest flight risk given his compensation gap." | 3/10 | CRITICAL RISK | |
| fix_09 | Financial Trajectory & EBITDA Quality AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_HC_Profile.txt — High confidence — multiple documents corroborated The company reported $2.1M in revenue with an 18% EBITDA margin ($378K) and normalized EBITDA of $412K after add-backs, demonstrating reasonable profitability, but the retrieved documents do not include audited or reviewed financial statements, tax returns, or detailed add-back documentation required to assess financial trajectory quality. The CIM presents a single-year snapshot with no evidence of 2-3 years of consistent growth trends, audited financials, or margin progression analysis needed for higher confidence in exit readiness. | 6/10 | ADEQUATE | |
| fix_10 | Data Room Readiness AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_HC_Profile.txt — High confidence — multiple documents corroborated The company has prepared a Confidential Information Memorandum and a Cybersecurity Assessment Report, indicating some data room foundation exists, but critical operational and governance documentation is missing or disorganized. The Cybersecurity Assessment explicitly identifies "documentation formality" as a key gap requiring remediation before sale, and multiple sections note the absence of formal documentation across incident response, hiring processes, onboarding playbooks, and employment agreements—creating significant cleanup work before buyer review. | 4/10 | NEEDS WORK |
Owner Risk2.8/10 CRITICAL RISK (15% blend)
Deal Impact: Critical owner dependency — high probability of deal restructuring, escrow requirement, or significant price reduction.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| owr_01 | Succession Readiness AMS_CRM_Pipeline.csv · AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated No formal succession plan exists; the documents explicitly state "No succession plan or cross-training program exists for any role" and the owner holds direct relationships with 11 of 14 managed services clients with no documented handoff protocols. Key technical positions are single points of failure (the Cisco/Network Architect has "None" listed as backup and is identified as a "Single-point-of-failure"), and the recent departure of a senior systems engineer required the operations manager to cover client calls, demonstrating the business's vulnerability to unplanned leadership transitions. | 2/10 | CRITICAL RISK | |
| owr_02 | Institutional Knowledge Capture AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv · AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The company has minimal institutional knowledge capture with critical processes and expertise concentrated in individual key employees. The onboarding documentation explicitly states "Basic system access setup handled by [PERSON] (not documented)" and "No formal training program; learning is on-the-job," while the bench depth assessment identifies multiple single points of failure including the owner holding "direct relationships with 11 of 14 managed services clients" with "no succession plan or cross-training program exists for any role." Additionally, there is "no documented incident response plan" and formal procedures remain "not written down," creating significant risk to business continuity in an exit scenario. | 3/10 | CRITICAL RISK | |
| owr_03 | Management Team Depth AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The business cannot operate independently for 60+ days without the owner present. The owner holds direct relationships with 11 of 14 managed services clients, approves all hires, and is involved in orientation for all technical hires; the Senior Network Engineer is a single-point-of-failure for Cisco/network architecture with no documented backup, and no formal management team or succession plan exists for any role. Recent departures of key technical staff (including a senior systems engineer with 18% of revenue client responsibility and two Tier-1 helpdesk staff) underscore the organization's inability to sustain operations, with the Operations Manager handling only sourcing and day-to-day tasks while the owner retains all major decision authority. | 3/10 | CRITICAL RISK | |
| owr_04 | Key Person Concentration Beyond Owner AMS_CRM_Pipeline.csv · AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company has multiple critical single points of failure beyond the owner. The Senior Network Engineer ([PERSON]) is the only location-certified engineer and holds exclusive Cisco/Network Architecture knowledge with no backup—his departure would eliminate the company's ability to service network-heavy clients without emergency hiring. Additionally, the owner directly manages relationships with 11 of 14 managed services clients with only partial backup coverage, and no employment agreements exist for technical staff, leaving the buyer with no contractual retention protections for key engineers whose compensation is 6-10% below market and who have already raised concerns about pay. | 3/10 | CRITICAL RISK |
Customer Quality3.8/10 NEEDS WORK (21% blend)
Deal Impact: Customer concentration or churn risk will compress the multiple — expect sensitivity analysis and possible escrow.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| cq_01 | Top Customer Concentration AMS_CIM.txt · AMS_CRM_Pipeline.csv · AMS_Financials.csv · AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated Apex Managed Solutions exhibits significant customer concentration risk, with the largest client (Hendricks Medical Group) representing 18% of revenue according to the Human Capital Profile, and the top 7 named customers accounting for approximately 18.8% of total revenue based on the financial data provided. The departure of the senior systems engineer who was the primary engineer for Hendricks Medical Group in [DATE_TIME] further amplifies this concentration risk, as the client's account was reportedly covered by management post-departure, indicating potential vulnerability to client loss. | 3/10 | CRITICAL RISK | |
| cq_02 | Revenue Predictability & Recurring Mix AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CIM.txt — High confidence — multiple documents corroborated Apex Managed Solutions reports 62% recurring revenue from managed services and monitoring contracts with 34 active clients averaging $3,200/month per client and average tenure of [DATE_TIME], demonstrating a solid recurring base and strong renewal history. However, the company lacks documented renewal rate tracking and formal contract terms visibility—the CIM investment highlights cite the recurring percentage but provide no evidence of multi-year contract terms, renewal rates tracked above 90%, or 12-month revenue predictability documentation that would elevate this to the 9-10 range. | 7/10 | ADEQUATE | |
| cq_03 | Contract Transferability AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The documents provide no evidence of formal customer contracts, assignment clauses, change-of-control provisions, or transfer mechanisms. Instead, the Human Capital Profile explicitly states that "Owner [PERSON] holds direct relationships with 11 of 14 managed services clients" with "no succession plan," indicating that customer relationships are personality-dependent and undocumented rather than contractually portable. The CIM references "34 active managed services clients under [DATE_TIME] recurring contracts" but contains no contract terms, and the absence of any contract repository, assignment language, or transferability documentation in the due diligence materials suggests relationships cannot be transferred without individual customer consent and renegotiation. | 2/10 | CRITICAL RISK | |
| cq_04 | Churn Rate & Retention Metrics AMS_CRM_Pipeline.csv · AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_Financials.csv · AMS_CIM.txt — High confidence — multiple documents corroborated The company does not measure or track customer churn rates or net revenue retention metrics—no churn data is provided in any financial or operational documents. While the company maintains 34 active managed services clients with stated "average tenure" of [DATE_TIME], there is no documented retention program, no proactive churn prevention strategy, and no formal process for monitoring customer attrition. The absence of retention metrics, combined with evidence of reactive (not proactive) business operations, indicates a significant exit-readiness gap in this critical area. | 3/10 | CRITICAL RISK |
Operational Scalability3.8/10 NEEDS WORK (13% blend)
Deal Impact: Technology or process gaps require post-close investment — buyers will model remediation cost into their offer.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| ops_01 | Process Documentation & Repeatability AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The company has minimal process documentation with heavy reliance on individual knowledge and ad-hoc execution. The HC Profile explicitly states "No formal training program; learning is on-the-job" and "Basic system access setup handled by [PERSON] (not documented)," while helpdesk onboarding lacks "a documented playbook." The cybersecurity assessment reinforces this gap, noting "No documented incident response plan exists. Informal procedures are followed but not written down," and the succession plan section reveals critical single points of failure with "Tier-2 Lead (rotating) No formal lead" and no cross-training program for any role, making core workflows heavily dependent on specific individuals like the owner and senior network engineer. | 3/10 | CRITICAL RISK | |
| ops_02 | Technology & Systems Scalability AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv · AMS_CIM.txt — High confidence — multiple documents corroborated The company's technology stack consists of cloud-based MSP tools (ConnectWise Manage, IT Glue, Huntress EDR) appropriate for its current size, but scalability is severely constrained by critical personnel dependencies and undocumented processes. The cybersecurity assessment identifies multiple documentation gaps including no formal incident response plan, no penetration testing capability, and credential management risks via IT Glue compromise—all flagged as requiring remediation before sale. Additionally, the senior network engineer ([PERSON]) is a single point of failure with no backup for Cisco/network architecture work, and onboarding processes are entirely undocumented and owner-dependent, meaning 3x growth would require both material process formalization and immediate key-person retention risk mitigation. | 4/10 | NEEDS WORK | |
| ops_03 | Vendor & Supplier Concentration AMS_Cybersecurity_Assessment.txt · AMS_CRM_Pipeline.csv · AMS_HC_Profile.txt · AMS_CIM.txt — High confidence — multiple documents corroborated Apex Managed Solutions exhibits moderate vendor concentration with several key platform dependencies but documented alternatives identified. The company relies on critical platforms including ConnectWise Manage, IT Glue, and Huntress EDR for service delivery, with IT Glue specifically flagged as a credential exposure risk requiring migration to BeyondTrust/CyberArk at scale; however, the cybersecurity assessment recommends formal alternatives rather than indicating single-source lock-in. The company maintains preferred vendor relationships with Dell Technologies and Datto and holds Microsoft Gold Partner status, suggesting some vendor diversification, though formal SLAs and switching cost analysis are not documented in the provided excerpts. | 6/10 | ADEQUATE | |
| ops_04 | Financial Controls & Reporting Cadence AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The retrieved documents contain no information about financial controls, reporting cadence, monthly close timelines, budget vs. actual reviews, or documented accounting procedures. The excerpts focus exclusively on cybersecurity posture, HR/compensation, recruitment processes, and sales pipeline data, with no evidence of a CFO, Controller, or formal financial reporting infrastructure. Without any documentation addressing the assessment criteria, the company appears to lack established financial controls and reporting processes necessary for exit readiness. | 2/10 | CRITICAL RISK |
Financial Readiness2.2/10 CRITICAL RISK (7% blend)
Deal Impact: Financial readiness is a deal blocker — books must be restructured before any formal sale process can begin.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fr_01 | Books Quality & CPA Relationship AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt · AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated No financial statements, audit reports, CPA relationships, or books quality information are present in any of the retrieved documents. The excerpts provided contain cybersecurity assessments, a CIM with revenue/EBITDA figures, HR profiles, and pipeline data, but zero documentation regarding financial statement preparation, CPA engagement, audit status, or accounting system quality. Without evidence of any CPA relationship or financial statement quality, the company appears to lack basic accounting infrastructure necessary for M&A diligence readiness. | 2/10 | CRITICAL RISK | |
| fr_02 | Add-Back Documentation AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The documents identify specific add-backs requiring cleanup (owner S-corp distributions of $180,000, discretionary tech bonuses paid via owner check, and owner vehicle expense of $680/month), but provide no supporting documentation, verification schedules, or CPA review to substantiate these adjustments. The CIM references "Normalized EBITDA of $412K after add-backs" but contains no detailed add-back schedule, no separation of personal versus business expenses, and no evidence that a buyer's accountant could independently verify the $34K adjustment from reported $378K EBITDA, making material rework likely during due diligence. | 3/10 | CRITICAL RISK | |
| fr_03 | Revenue Recognition & Consistency AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The retrieved documents contain no information regarding revenue recognition policies, deferred revenue tracking, GAAP compliance, or revenue consistency practices. The excerpts focus exclusively on cybersecurity posture, human capital profile, and investment highlights, with no financial accounting documentation provided to assess this critical due diligence area. Without access to revenue recognition policies, general ledger entries, or audited financial statements, a comprehensive evaluation of revenue recognition consistency cannot be performed. | 1/10 | CRITICAL RISK | |
| fr_04 | Three-Year Financial Trend AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The retrieved documents do not contain three-year financial statements, revenue figures by year, or EBITDA trend data necessary to assess growth consistency or margin stability. While the CIM references "$2.1M in [DATE_TIME] Revenue | 18% EBITDA Margin | ~$378K EBITDA," this appears to be a single-year snapshot without prior-year comparisons, and critical financial detail is redacted or missing. Without multi-year P&L data, year-over-year growth rates, or margin analysis, the financial trend cannot be evaluated against the rubric criteria. | 3/10 | CRITICAL RISK |
Legal & Regulatory Compliance3.1/10 CRITICAL RISK (6% blend)
Deal Impact: Unresolved legal gaps are the #1 cause of post-LOI price reductions — immediate remediation required before listing.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| lc_01 | Business Licenses & Permits AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_Financials.csv · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The retrieved documents contain no information regarding business licenses, permits, their currency, documentation, or transferability in a change-of-control scenario. The excerpts focus on organizational structure, compensation, cybersecurity posture, and financial data, but do not address the licensing and permitting requirements necessary for an MSP operating in a regulated environment, creating a material gap in exit readiness assessment. | 1/10 | CRITICAL RISK | |
| lc_02 | Contract Change-of-Control Provisions AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The retrieved documents contain no evidence that key vendor, customer, or lease agreements have been reviewed for change-of-control provisions or assignment clauses. The documents focus on internal HR, cybersecurity posture, and sales pipeline but do not address contract assignment language, legal review of material agreements, or change-of-control risk mitigation. Additionally, the HC Profile indicates the owner holds direct relationships with 11 of 14 managed services clients with "no succession plan," suggesting significant contract-level continuity risk upon ownership transfer. | 2/10 | CRITICAL RISK | |
| lc_03 | Employment Law Compliance AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The documents reveal material employment compliance gaps across multiple dimensions. No employment agreements exist for technical staff, providing the buyer "no contractual retention protections for [PERSON] or other key engineers"; compensation is set ad-hoc with no formal benchmarking process, leaving technical staff 6-10% below market rates; and critical informal practices such as "discretionary tech bonuses (paid via owner check, not payroll)" and undocumented onboarding procedures require formalization. The documents contain no evidence of I-9 verification, non-compete documentation, EEOC/DOL matter disclosure, or formal employment classification review. | 3/10 | CRITICAL RISK | |
| lc_04 | Intellectual Property Ownership AMS_HC_Profile.txt · AMS_CIM.txt · AMS_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The documents provide no evidence of formal IP ownership documentation, assignment agreements, or an IP schedule. While the company holds a Microsoft Gold Partner designation and operates proprietary tools (ConnectWise Manage, IT Glue, Huntress EDR), there is no mention of trademark registration, software ownership assignments, or formal documentation of IP ownership by the entity. The absence of any IP-related discussion in the CIM, cybersecurity assessment, or HR profile—combined with the owner's direct involvement in all hiring and system access decisions—indicates that IP ownership and documentation practices have not been formalized for due diligence purposes. | 3/10 | CRITICAL RISK | |
| lc_05 | Litigation & Contingent Liability AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CIM.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The documents contain no evidence of material open litigation, undisclosed claims, or active legal disputes against the company. However, the cybersecurity assessment identifies several documented compliance and security gaps (missing incident response plan, no recent penetration testing, credential exposure risks, email archiving deficiencies) that create potential regulatory and liability exposure, particularly given the company's service to "healthcare-adjacent clients" and legal industry verticals where these gaps could trigger future claims. These are disclosed operational risks rather than hidden liabilities, placing the company in the "minor disclosed but not resolved" category requiring remediation before exit. | 7/10 | ADEQUATE |
Technology & Systems Maturity4.7/10 NEEDS WORK (10% blend)
Deal Impact: Technology gaps will require buyer attention — expect technical due diligence deep-dive and possible price adjustment.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| tm_01 | Core Systems Documentation & Ownership AMS_Cybersecurity_Assessment.txt · AMS_CRM_Pipeline.csv · AMS_HC_Profile.txt — High confidence — multiple documents corroborated Core business systems are partially documented but face significant personal account and ownership dependencies that create exit risk. The cybersecurity assessment identifies that "shared administrative credentials for client environments stored in IT Glue without dedicated vaulting" and notes "credential exposure on staff departure or IT Glue compromise" as a HIGH gap requiring remediation before sale. Additionally, the HC Profile reveals critical single points of failure where the owner holds "direct relationships with 11 of 14 managed services clients" and a specific engineer ([PERSON]) is "the only [LOCATION]-certified engineer" whose departure would eliminate the company's ability to service network-heavy clients, indicating systems are not adequately documented or transferable independent of key individuals. | 4/10 | NEEDS WORK | |
| tm_02 | Cybersecurity & Data Protection Posture AMS_CRM_Pipeline.csv · AMS_Cybersecurity_Assessment.txt · AMS_Financials.csv · AMS_Customer_Contract_Hendricks.txt · AMS_Customer_Onboarding_SOP.txt — High confidence — multiple documents corroborated Apex has deployed EDR (Huntress) across endpoints and maintains basic endpoint protection through RMM monitoring and patch management, as evidenced by customer contracts and the assessment report. However, critical gaps prevent a higher score: no formal documented incident response plan exists (only "informal procedures"), no external penetration testing has been performed, and no mention of data classification, cyber insurance, or vendor security review processes appears in the provided documents. The assessment rates overall risk as "MEDIUM-LOW" with primary gaps in documentation and privileged access management requiring remediation before exit readiness. | 6/10 | ADEQUATE | |
| tm_03 | Data Integrity & Business Intelligence AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CIM.txt — High confidence — multiple documents corroborated The company lacks reliable, accessible operational data and exhibits significant individual dependencies across critical functions. The Human Capital Profile notes that "basic system access setup handled by [PERSON] (not documented)" and "No formal training program; learning is on-the-job," indicating undocumented processes and no institutional knowledge capture. Additionally, the Cybersecurity Assessment identifies credential exposure risks and notes that "informal procedures are followed but not written down" with "no documented incident response plan," revealing that operational data and processes exist primarily in individual heads rather than accessible, auditable systems. | 3/10 | CRITICAL RISK | |
| tm_04 | Technology Vendor & Subscription Management AMS_Cybersecurity_Assessment.txt · AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The company has documented some core vendor relationships (Microsoft 365, Datto BCDR, Huntress EDR, Fortinet FortiGate) that appear to be entity-owned, but critical documentation gaps exist around formal vendor contracts, renewal tracking, and transferability. Most significantly, the cybersecurity assessment identifies that "shared administrative credentials for client environments [are] stored in IT Glue without dedicated vaulting" and recommends implementation of a dedicated PAM solution, indicating vendor access dependencies that are not properly managed or easily transferable. Additionally, the lack of formal employment agreements for technical staff and the concentration of client relationships with the owner create subscription and access control vulnerabilities that would impede a smooth transition to a buyer. | 4/10 | NEEDS WORK | |
| tm_05 | Technical Debt & Modernization Risk AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv · AMS_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company operates a mixed technology stack with modern cloud components (Microsoft 365 with Azure AD, Huntress EDR, Datto BCDR) but carries material technical debt in privileged access management and documentation. Specific gaps include shared administrative credentials stored in IT Glue without dedicated vaulting, no formal incident response plan, no external penetration testing in the assessed period, and email archiving limitations—all flagged as requiring remediation before sale, with estimated costs of $8,000-12,000 for pen testing alone and modest additional investment for PAM implementation within the assessed timeframe. | 6/10 | ADEQUATE |
▲ Layer8's primary practice area. Technology & Systems Maturity is where Layer8 delivers directly — not just identifies gaps. Where this domain shows deficiencies, remediation is available immediately through Layer8 engagements.
Human Capital3.3/10 CRITICAL RISK (10% blend)
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| hc_01 | Workforce Retention & Tenure AMS_CRM_Pipeline.csv · AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_Financials.csv — High confidence — multiple documents corroborated The company exhibits a 31% voluntary turnover rate over the rolling 24-month period, with technical staff turnover at 38% including the departure of a senior systems engineer who was the primary engineer for the largest client (18% of revenue). Average tenure across all staff is 2.6 years, with technical staff averaging even shorter tenure, and the document notes "high early turnover driven by compensation mismatch discovered after hire" with new-hire retention at only 71%, indicating significant workforce instability and buyer retention risk concentrated in revenue-generating roles. | 3/10 | CRITICAL RISK | |
| hc_02 | Compensation Competitiveness AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated Apex has no formal benchmarking process with ad-hoc compensation set by the owner, and technical staff compensation is 6–10% below Atlanta MSP market benchmarks, with the Senior Network Engineer specifically 7% below CompTIA median and having raised concerns twice. The company lacks employment agreements, retention bonuses, or equity provisions for key technical staff, creating high flight risk for the CCNP-certified engineer who is a single point of failure for network-heavy clients, and recent turnover (38% technical staff turnover, 71% new-hire retention) is directly driven by compensation mismatches discovered post-hire. | 3/10 | CRITICAL RISK | |
| hc_03 | Recruiting & Training Capability AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_CRM_Pipeline.csv — High confidence — multiple documents corroborated The company lacks scalable hiring infrastructure, with the owner required to approve all hires and no structured interview process or documented onboarding playbook in place. New-hire retention stands at only 71% with high early turnover driven by compensation mismatches discovered after hire, and onboarding is entirely ad-hoc with basic system access setup handled informally by the owner and helpdesk training consisting only of ticket shadowing with no documented playbook. | 3/10 | CRITICAL RISK | |
| hc_04 | Bench Depth & Succession Beyond Owner AMS_CRM_Pipeline.csv · AMS_HC_Profile.txt · AMS_Cybersecurity_Assessment.txt · AMS_Financials.csv — High confidence — multiple documents corroborated The company has multiple critical single-points-of-failure beyond the owner with no documented succession planning or cross-training. Specifically, the Cisco/Network Architect role is explicitly flagged as a "Single-point-of-failure" with no backup identified, the only [LOCATION]-certified engineer whose departure would "eliminate the practice's ability to service network-heavy clients without emergency hiring," and the Owner holds direct relationships with 11 of 14 managed services clients with "no succession plan or cross-training program exists for any role." Additionally, there are no employment agreements for technical staff, providing the buyer with no contractual retention protections for key engineers. | 2/10 | CRITICAL RISK | |
| hc_05 | Compensation/Benefits Structure Transferability AMS_HC_Profile.txt · AMS_CRM_Pipeline.csv · AMS_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The compensation structure is partially portable with significant owner-specific cleanup required at close. Core benefits (Cigna health/dental/vision, Fidelity Simple IRA, documented PTO with $18,000 liability) are entity-owned and portable, but the documents identify three material owner arrangements requiring restructuring: $180,000 in S-corp distributions must convert to an employment agreement, discretionary tech bonuses are paid informally via owner check rather than through payroll, and the owner's $680/month vehicle is a standard add-back. Additionally, no employment agreements exist for technical staff, eliminating contractual retention protections for key personnel, and technical compensation is 6-10% below market with a demonstrated history of turnover driven by compensation mismatch. | 5/10 | NEEDS WORK |
Top 3 Strengths
- Technology & Systems Maturity at 4.7/10 demonstrates adequate foundational infrastructure, which reduces buyer uncertainty around legacy technical debt and system replacement costs during integration. While there remains room for modernization, the baseline systems quality is sufficient to support operational continuity through close and early post-acquisition phases without requiring immediate emergency remediation.
- Diligence Risk at 4.2/10 indicates manageable exposure to hidden liabilities and documentation gaps, positioning Apex as a company where a buyer can conduct a focused, time-efficient due diligence process without uncovering catastrophic structural issues. This moderate risk profile supports faster deal progression and reduces the likelihood of post-signing surprises that typically trigger earn-out clawbacks or deal repricing.
- Operational Scalability at 3.8/10 shows that while current processes require optimization, the business has not locked itself into a purely owner-dependent model and retains sufficient operational structure to absorb acquired revenue or support bolt-on growth. A buyer can view these nascent systems as a platform for improvement rather than a complete operational rebuild, which supports negotiation of a fair entry multiple without the steep discount typically applied to entirely manual, founder-centric shops.
Top 3 Risks
- Financial Readiness at 2.2/10 (CRITICAL RISK) creates a material liability that will trigger a buyer discount during diligence. Buyers will require extensive restatement of historical financials, tax reconciliation, and working capital adjustments—adding weeks to the underwriting process and likely resulting in a 10–15% haircut to the valuation range. This critical gap represents the highest risk-adjusted impact to deal value given its 7% weight combined with the lowest absolute score in the assessment.
- Owner Risk at 2.8/10 (CRITICAL RISK) poses a deal-completion risk if ownership concentration, founder dependency, or key-person dynamics are not clearly documented and transitioned. Buyers will require detailed organizational charts, client concentration audits, and earn-out or retention agreements to mitigate post-close revenue leakage. This critical posture will apply a structural discount unless the owner demonstrates a credible transition plan before listing.
- Human Capital at 3.3/10 (CRITICAL RISK) represents a deal-risk factor that buyers will immediately surface during diligence, particularly around retention, skill gaps, and management bench strength. Absent documented org structure, training programs, and employee retention agreements, a buyer will assume material post-close turnover and apply a haircut to offset integration and replacement costs. This critical gap will require remediation or risk acceptance before the deal can be competitively marketed.
Recommended Priority Fixes
The five highest-priority actions for the next 90 days, ranked by deal impact. For the complete domain-by-domain remediation plan and cost estimates, see the Value Recovery Roadmap above.
Fix 1FR
Restate financials and document working capital adjustments
Engage a CPA to audit and restate the last three years of financials (P&L, balance sheet, cash flow) to GAAP standards, document all add-backs and adjustments, and produce a detailed working capital schedule. This directly addresses Risk 1 (Financial Readiness at 2.2/10), which is currently the highest risk-adjusted impact to deal value; buyers will require this before underwriting and its absence triggers a 10–15% valuation haircut. A clean, audited financial package removes weeks of diligence friction and demonstrates control and rigor to the buyer.
Fix 2OR
Document ownership structure and transition plan
Prepare a formal organizational chart, shareholder registry, and written transition plan that detail how the owner will remain engaged post-close (e.g., earnout targets, retention period, key responsibilities). This directly addresses Risk 2 (Owner Risk at 2.8/10) and removes the deal-completion risk tied to founder dependency and undocumented ownership concentration. Buyers will immediately ask for this during initial diligence, and its absence signals integration risk and post-close revenue leakage concerns.
Fix 3HC
Establish employee retention agreements and org documentation
Draft and execute retention agreements for all critical staff (technical leads, account managers, operations), document the full organizational structure with role descriptions and reporting lines, and formalize a 90-day onboarding and training playbook. This directly addresses Risk 3 (Human Capital at 3.3/10), which buyers will flag immediately during diligence; without documented org structure and retention commitments, buyers assume material post-close turnover and apply a haircut for replacement costs. Signed retention agreements and clear skill-mapping reduce integration risk and improve buyer confidence in revenue stability.
Fix 4CQ
Conduct customer concentration audit and health review
Perform a detailed analysis of customer revenue concentration (top 10, top 25), contract terms, renewal history, and churn trends for the past 18 months; segment customers by health (stable, at-risk, growth) and document any concentration risk or contracts requiring renewal in the next 12 months. This addresses Customer Quality (3.8/10), the highest-weight domain at 21%, and is critical input for buyer underwriting; lack of transparent customer health data will trigger buyer skepticism around revenue quality and force a conservative valuation multiple. A clean, segmented customer analysis reduces buyer uncertainty and supports the midmarket valuation range.
Fix 5DR
Commission third-party diligence readiness assessment
Engage an external advisor to conduct a mock buyer diligence process (legal, tax, IT, compliance review) and produce a written gap report with remediation priorities and estimated time-to-close impact. This addresses Diligence Risk (4.2/10, 18% weight) and reduces surprises during formal buyer underwriting by surfacing hidden liabilities (contracts, IP, compliance, tax exposure) before the deal goes to market. A proactive readiness assessment demonstrates rigor, accelerates real diligence cycles, and prevents deal delays or last-minute valuation adjustments.
Compliance Notes
PII was detected and redacted in 12 document(s) prior to ingestion:
AMS_AR_Aging.csv: DATE_TIMEAMS_CIM.txt: DATE_TIME, LOCATION, PERSONAMS_CRM_Pipeline.csv: DATE_TIME, PERSONAMS_Customer_Contract_Hendricks.txt: DATE_TIME, LOCATION, PERSONAMS_Customer_Onboarding_SOP.txt: DATE_TIME, PERSONAMS_Cybersecurity_Assessment.txt: DATE_TIME, LOCATION, PERSONAMS_Employee_Roster.csv: DATE_TIME, PERSONAMS_Financials.csv: DATE_TIMEAMS_GL_Export.csv: DATE_TIME, LOCATION, PERSONAMS_HC_Profile.txt: DATE_TIME, LOCATION, PERSONAMS_IT_Asset_Inventory.csv: DATE_TIME, LOCATION, PERSONAMS_Sales_Marketing_Report.txt: DATE_TIME, PERSON