Prepared by: Layer8TechGroup · Framework: 10 Technology Fixes — Tier 1 · Documents Ingested: 11
Overall Score
3.7/10
8-domain blend
Valuation Multiple
0.5 – 0.8×
Revenue · Main Street
EBITDA
$254,200
most recent FY
Vertical
Accounting
accounting
Assessment Scores — 8-Domain Profile
Value Recovery RoadmapTotal Recoverable Value: $38,130
Prioritized by estimated valuation impact · Score-adjusted: 0.5 – 0.8×EBITDA · Ceiling: 0.8×
Complete remediation plan across all scored domains. The Priority Fixes section below highlights the five ranked starting points.
| Domain | Layer8 Service | Multiple Impact | Value at Risk | Est. Timeline | Typical Investment | Est. ROI |
|---|---|---|---|---|---|---|
CQCustomer Quality | Contract Audit & CRM Implementation | +0.0x | $7,245 | ⏱ 8–10 wks | $5,000 – $9,000 | ~1x |
DRDiligence Risk | Security Hardening & Data Room Preparation | +0.0x | $6,482 | ⏱ 6–8 wks | $4,500 – $7,500 | ~1x |
OROwner Risk | Succession Planning & Knowledge Capture Sprint | +0.0x | $6,482 | ⏱ 8–10 wks | $6,000 – $10,000 | ~1x |
HCHuman Capital | Workforce Retention & Bench Depth Sprint | +0.0x | $5,338 | ⏱ 10+ wks | $5,000 – $8,000 | ~1x |
LCLegal & Regulatory Compliance | Legal Compliance Audit & Contract Review | +0.0x | $4,194 | ⏱ 6–8 wks | $3,500 – $6,500 | |
FRFinancial Readiness | Books Cleanup & Add-Back Schedule | +0.0x | $3,813 | ⏱ 6–8 wks | $4,000 – $7,000 | ~0.5x |
OSOperational Scalability | Process Documentation & Systems Audit | +0.0x | $2,669 | ⏱ 10+ wks | $6,500 – $11,000 | ~0.5x |
TMTechnology & Systems Maturity | Technology Infrastructure Audit & Modernization Plan | +0.0x | $1,907 | ⏱ 8–12 wks | $5,000 – $9,000 | |
| TOTAL | — | $38,130 | — | $39,500 – $68,000 | ~0.5x | |
⚠ Targeted Remediation Only
At this business size and valuation basis, the cost of full-roadmap remediation approaches or exceeds the recoverable valuation uplift. Prioritize Quick Win items and focus on the top 2 domains by value at risk.
Quick Win items only — prioritize the top 2 domains by value at risk.
Quick Win items are flagged ✓ in the table above — these deliver the highest remediation ROI in the shortest timeline and are the recommended starting point for any remediation plan.
Typical investment ranges reflect market-rate remediation costs and are provided for prioritization purposes only. Actual engagement scope and pricing depend on business size, gap severity, and selected service provider. Layer8 Tech Group provides formal engagement proposals following assessment delivery.
Ready to recover this value before you list?
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Automation Opportunity AssessmentScored separately — upside signals for post-close value creation, not valuation drivers
▲ Automation Maturity IndexScored separately — excluded from overall score and valuation multiple
1.7/10MANUAL (raw: 1/9)
Accounting firm revenue infrastructure is driven by client retention, referral network quality, and seasonal workflow management rather than high-velocity lead automation.
Automation maturity is scored separately from the valuation composite. The gaps below represent operational efficiency opportunities and post-close value creation for a buyer — not valuation discounts.
| # | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| R01 | AI Voice / After-Hours Call Handling GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_GL_Export.csv · GPA_HC_Profile.txt · GPA_CIM.txt There is no evidence of AI voice agents or automated after-hours call handling in any of the retrieved documents; the company uses basic cloud-based practice management tools (Canopy, QuickBooks Online) for client intake and communication but makes no mention of call handling automation, suggesting inbound calls after hours go unanswered or to voicemail. | 0/2 | MANUAL | |
| R02 | CRM Presence & Workflow Automation GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_GL_Export.csv · GPA_HC_Profile.txt · GPA_CIM.txt The firm uses Canopy practice management software with individual logins for client onboarding and document exchange, but the system is underutilized with manual, owner-dependent workflows—new client checklists exist only in [PERSON]'s personal notes rather than formalized automated processes, and follow-up tasks rely on manual execution rather than systematic workflow automation. No evidence of automated pipeline tracking, task routing, or workflow triggers exists across the CRM platform. | 1/2 | PARTIAL | |
| R03 | 24/7 Lead Capture GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_CIM.txt The retrieved documents contain no evidence of any lead capture system, contact form, chatbot, or after-hours inquiry mechanism; the company is a service-based CPA firm focused on serving existing clients rather than generating inbound leads. There is no reference to a website lead capture process, automated routing, or any system designed to capture prospects outside business hours. | 0/2 | MANUAL | |
| R04 | SMS Appointment Reminders & Confirmations GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_CIM.txt There is no evidence of any automated SMS appointment reminder or confirmation system in the retrieved documents; the company uses manual email-based onboarding processes and relies on staff-dependent communication without systematic appointment management workflows. | 0/2 | MANUAL | |
| R05 | Automated Review Solicitation GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_GL_Export.csv · GPA_CIM.txt There is no evidence of any systematic or automated review solicitation process in the retrieved documents; the onboarding SOP makes no mention of post-service review requests, and reviews appear to be organic only. The firm's operations are largely manual and informal, as evidenced by reliance on personal checklists rather than formalized procedures. | 0/2 | MANUAL | |
| R06 | Smart Follow-Up Sequences GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt · GPA_HC_Profile.txt There is no evidence of automated follow-up sequences in the retrieved documents; the company relies entirely on manual, ad-hoc processes managed by individual staff members with no formal system for re-engaging unconverted leads or dormant clients. The onboarding SOP shows manual email templates and personal checklists rather than systematized drip campaigns or automated nurture sequences. | 0/2 | MANUAL |
Interpretation: Manual — buyer will underwrite operational risk, expect discount
CPA firm Automation Maturity scores are structurally lower by industry norm. Absence of AI voice, 24/7 capture, and aggressive review solicitation is standard for referral-based practices.
📈 Buyer Opportunity: A buyer who systematizes these automation gaps post-close would deploy a proven playbook: AI voice handling, CRM workflows, and follow-up sequences that collectively recover 15–25% of leads currently lost to slow response. This is a predictable, acquirable value-creation lever.
► Operational Automation OpportunitiesVertical-specific — excluded from overall score
2.0/10MANUAL (raw: 2/10)
Vertical-specific operational automation gaps identified in Accounting Practice Operational Automation operations. These gaps represent immediate efficiency opportunities for the current owner and post-close value creation levers for a buyer.
Operational automation gaps identified below are framed as efficiency and revenue recovery opportunities. Dollar estimates reflect operational impact, not valuation multiple adjustment. Layer8 delivers these implementations directly.
| Automation Opportunity | Score | Status | Bar | Layer8 Opportunity |
|---|---|---|---|---|
| Client Document Collection | 1/2 | PARTIAL | Document collection automation compresses the tax season intake window by 2-3 weeks and eliminates the most common source of extension filing and client frustration. | |
| Engagement Letter & E-Signature | 1/2 | PARTIAL | Engagement letter automation ensures 100% signed engagement coverage — a critical diligence item for buyers assessing client relationship transferability and E&O exposure. | |
| Deadline & Filing Calendar | 0/2 | MANUAL | Deadline automation eliminates the most common source of penalty exposure and provides the workload visibility needed to staff engagements efficiently during peak season. | |
| Recurring Invoice & Billing Automation | 0/2 | MANUAL | Billing automation converts the accounts receivable function from a partner time sink to a self-managing revenue stream — directly improving realization rates. | |
| Client Communication & Seasonal Outreach | 0/2 | MANUAL | Automated seasonal outreach surfaces advisory opportunities the client didn't know to ask about and drives year-round engagement beyond the annual return. |
Ready to build your automation infrastructure before you list?
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 Service CatalogOne service per Roadmap row — purpose, inputs, deliverables, and success criteria
CQContract Audit & CRM Implementation
Purpose
Protect revenue base transferability by ensuring customer contracts survive a change of control and the pipeline is visible to buyers — two of the most scrutinized items in lower-middle-market diligence.
Client Inputs
All active customer agreements, CRM access or pipeline export, renewal history, list of top 10 accounts by revenue.
Engagement Approach
Contract review for assignment and change-of-control clauses, gap remediation with M&A counsel for missing language, CRM selection or cleanup, pipeline workflow configuration, and renewal tracking implementation.
Deliverables
Contract assignment analysis with remediation recommendations; updated agreements with assignment language; CRM implementation with documented pipeline stages; weighted renewal forecast report.
Success Criteria
All material contracts include assignment language acceptable to buyer counsel; CRM shows a 90-day pipeline with documented renewal rates; top-10 account relationships documented with transition plans.
DRSecurity Hardening & Data Room Preparation
Purpose
Eliminate the most common pre-close diligence findings — security gaps, disorganized documentation, and missing records — so the buyer's team moves efficiently and the seller enters negotiation with a clean record.
Client Inputs
Administrative access to email and file storage systems, current software and SaaS subscription list, contract inventory, data backup and recovery procedures.
Engagement Approach
Security posture assessment against buyer diligence checklists, MFA deployment verification, endpoint protection confirmation, data room folder structure built to standard buyer request formats, incident response procedure documented.
Deliverables
Organized data room with standard diligence folder structure; MFA confirmed across all systems; endpoint protection report; written incident response procedure; data backup and recovery procedure documented.
Success Criteria
Data room passes a sample buyer diligence checklist without gaps; security posture documented to buyer IT diligence standards; no security findings flagged during sale negotiations.
ORSuccession Planning & Knowledge Capture Sprint
Purpose
Convert undocumented succession risk into a written, buyer-acceptable transition plan that reduces Day 1 integration uncertainty and unlocks negotiation leverage on earn-out and escrow terms.
Client Inputs
Owner interview (2–3 hours), key staff interviews (1 hour each), access to current SOPs and operations documentation, current organizational chart.
Engagement Approach
Structured interview series capturing operational and relationship knowledge. Knowledge capture workshops with key staff. Drafting of formal succession plan with phased transition timeline and relationship handoff schedule.
Deliverables
Written succession plan (10–15 pages); phased 90-day transition timeline; key relationship introduction schedule; operational protocol handoff checklist; retention recommendations for critical staff.
Success Criteria
Plan reviewed and accepted by buyer counsel during diligence; transition timeline supports closing without operational disruption; no retention escrow required beyond standard market terms.
HCWorkforce Retention & Bench Depth Sprint
Purpose
Demonstrate that key staff will remain post-close and that the business has the organizational depth to operate without the owner — reducing the escrow holdback and earn-out provisions buyers use to hedge staff attrition risk.
Client Inputs
Employee roster with tenure and compensation, org chart with reporting lines, existing employment or retention agreements, list of key non-owner roles, comp benchmarking data if available.
Engagement Approach
Compensation benchmarking against vertical market rates, retention risk assessment per key role, training playbook documentation, succession identification for critical non-owner positions, comp and benefits structure review for post-close transferability.
Deliverables
Compensation benchmarking report by role; retention risk matrix with recommended retention bonus structures; written succession plans for key non-owner roles; training playbook for top-3 operational roles; comp and benefits transferability memo.
Success Criteria
Buyer's HR diligence confirms comp is at or near market for all revenue-generating roles; retention agreements in place for staff with >20% of revenue exposure; succession paths documented for all roles where departure would disrupt operations within 90 days.
LCLegal Compliance Audit & Contract Review
Purpose
Surface and remediate the CPA-firm-specific compliance gaps that most commonly trigger post-LOI price reductions — CPA license and peer review currency, engagement letter assignability and attest independence implications, client list ownership (firm entity vs individual partner), and professional liability tail exposure.
Client Inputs
State accountancy board license documentation for all CPAs; NASBA CPA license status report; PTIN and EFIN documentation; most recent peer review report and acceptance letter; engagement letter templates; client list with partner-relationship mapping; professional liability declarations page; AICPA Ethics or state board disciplinary correspondence if any.
Engagement Approach
CPA license and PTIN/EFIN verification across all states of practice, peer review report assessment (Pass / Pass with Deficiencies / Fail and remediation path), engagement letter review for assignment language and attest independence implications, client list ownership analysis (firm entity vs partner-personal claims), professional liability coverage analysis (claims-made vs occurrence; tail cost estimate), disciplinary history review for all CPA practitioners.
Deliverables
License compliance memo by CPA and state; peer review status assessment and remediation path if applicable; engagement letter assignability analysis; client list ownership findings; professional liability tail coverage estimate and options memo; disciplinary history disclosure document.
Success Criteria
All CPA licenses confirmed current across all states of practice; peer review confirmed Pass with no open remediation requirements; engagement letters reviewed for assignment language; client list confirmed entity-owned; malpractice tail cost budgeted and disclosed; no undisclosed disciplinary proceedings or Circular 230 violations.
FRBooks Cleanup & Add-Back Schedule
Purpose
Ensure the company's financial statements survive a Quality of Earnings review without re-trading — the single most common source of post-LOI price reductions in SMB transactions.
Client Inputs
3 years of P&L statements and balance sheets, accounting system access, list of all owner add-backs with supporting documentation, CPA contact.
Engagement Approach
Bookkeeping normalization review for consistency and GAAP alignment, add-back identification and documentation with evidentiary support, CPA coordination for reviewed or audited presentation, QofE preparation briefing.
Deliverables
Normalized 3-year P&L with documented add-backs; add-back schedule with supporting documentation for each item; buyer-defensible adjusted EBITDA calculation; QofE-ready financial package.
Success Criteria
Add-backs are documented with receipts or third-party statements that a buyer's QofE accountant will accept without pushback; EBITDA figure matches seller's stated number; no surprises in financial diligence.
OSProcess Documentation & Systems Audit
Purpose
Demonstrate to buyers that the business can operate and grow without the owner — the core test for platform acquisition suitability and a prerequisite for earn-out terms that don't require owner involvement.
Client Inputs
Existing process documentation (any format), list of core operational workflows, technology stack inventory, vendor contracts, org chart and current role descriptions.
Engagement Approach
Process mapping interviews with key staff, SOP drafting for undocumented workflows, technology stack documentation and gap assessment, vendor contract review, financial controls walkthrough and documentation.
Deliverables
Core SOP library covering sales, delivery, billing, and support; technology stack documentation; vendor contract summary with renewal calendar; financial controls memo; org chart with documented decision authority.
Success Criteria
A buyer's operations team can assess day-to-day execution from documentation alone; no single staff member is required to explain how the business runs; operations continue during a 30-day owner absence.
TMTechnology Infrastructure Audit & Modernization Plan
Purpose
Produce the technology documentation and remediation roadmap buyers need to underwrite the business's systems without applying a 'black box' discount — demonstrating the tech stack is an asset, not a liability.
Client Inputs
List of all software, SaaS subscriptions, and hardware; IT vendor contracts; current cybersecurity policies; network or system architecture documentation; access to primary business applications for documentation.
Engagement Approach
Systems inventory and entity-ownership documentation, cybersecurity posture assessment, data integrity review, vendor rationalization, technical debt assessment, modernization roadmap drafting aligned to buyer integration requirements.
Deliverables
Complete systems inventory with entity-owned credential confirmation; cybersecurity findings report; data integrity assessment; vendor rationalization recommendations; written 18-month technology roadmap; technical debt disclosure memo.
Success Criteria
Buyer's IT diligence team can assess all systems from documentation alone; no critical vulnerabilities undisclosed; all material systems confirmed entity-owned and transferable; technical debt quantified and roadmap accepted by buyer's IT lead.
Ready to start a remediation sprint?
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Valuation Impact Analysis
Main Street · Revenue
Accounting businesses in this size range typically trade at
0.5–0.8× Revenue
— CPA and accounting firms trade on revenue multiples due to high owner compensation normalization complexity. Client retention and engagement letter transferability are the primary drivers.
Score-adjusted range
(Exit Readiness 3.7/10 — Main Street — lower range)
EBITDA (most recent FY): $254,200 (AI-extracted)
0.5–0.8× Revenue
$127,100 – $203,360
| Scenario | Score-Adjusted Range | Implied Value (Revenue) |
|---|---|---|
| Current (as-is) | 0.5×–0.8× Revenue | $127,100 – $203,360 |
| Post-Remediation (5.7/10 est.) | 0.5×–0.8× Revenue | $127,100 – $203,360 |
Implementing the recommended priority fixes over 90 days could add an estimated ~$0 to the transaction value — a potential 0% lift on the same underlying business.
↑ What drives higher multiples
- High client retention >90%
- Engagement letters assignable
- Staff CPA capacity beyond owner
- Seasonal workflow documented
↓ What suppresses multiples
- Owner performs all technical work
- Client relationships not transferable
- No engagement letter documentation
Domain Detail & Findings
Diligence Risk3.7/10 NEEDS WORK (17% blend)
Deal Impact: Documentation gaps will extend diligence and require owner availability — expect timeline and multiple pressure.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fix_01 | Documented Processes & SOPs GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_Financials.csv — High confidence — multiple documents corroborated The company has minimal formal documentation of core processes, with critical workflows existing primarily in the owner's head or as informal notes. The customer onboarding SOP is explicitly labeled "[PERSON]'s notes — needs to be formalized" and lacks a checklist despite the owner's own note stating "I keep a personal list but nothing formal." Similarly, the onboarding program for new hires is "primarily learning by doing alongside managing partner; no formal program" with "no documented onboarding checklist or milestone review," indicating heavy reliance on the owner for process execution rather than systematic, documented procedures. | 3/10 | CRITICAL RISK | |
| fix_02 | Cybersecurity Posture GPA_Cybersecurity_Assessment.txt · GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_CIM.txt — High confidence — multiple documents corroborated The company exhibits significant cybersecurity gaps that fall below acceptable standards for exit readiness. Critical deficiencies include MFA not enforced for 3 of 5 staff members with access to client financial data, no EDR solution deployed (Windows Defender only), shared QuickBooks credentials across all staff with no audit trail, unencrypted local storage of client tax files containing SSNs and EINs, and no offsite cloud backup—representing a "single point of failure." While the assessment acknowledges these gaps are "fast and cheap to remediate" with an estimated cost under $2,000, the current state presents material risk and lacks formal incident response planning, SOC 2 certification, or SIEM deployment required for a credible exit process. | 4/10 | NEEDS WORK | |
| fix_03 | Owner Dependency GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The owner ([PERSON]) is the primary operator across critical functions, holding direct relationships with 48 of 67 clients (72% of revenue) and serving as the sole approver for all hiring decisions, while the only identified backup ([PERSON]) "could handle routine returns but client relationship continuity would be at risk" if the owner were absent. The onboarding process is entirely owner-dependent, with the owner meeting all new clients, setting up systems, and providing direct guidance—documented only in informal personal notes with "nothing formal" in place—and no formal succession plan exists for any key role. | 3/10 | CRITICAL RISK | |
| fix_04 | Revenue Quality & Concentration GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_CIM.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company demonstrates strong revenue quality with 78% recurring revenue from tax preparation and bookkeeping retainers, 67 active client relationships indicating low concentration, and an average contract value of $12,200 per client across multiple verticals (SMB owners, real estate investors, professional services). However, the Managing Partner holds direct relationships with 72% of revenue and is the primary contact for client relations with no documented succession plan, creating significant key-person risk that could impact revenue predictability and retention in an ownership transition. | 7/10 | ADEQUATE | |
| fix_05 | Customer Contracts GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_Financials.csv — High confidence — multiple documents corroborated Customer contracts lack standardization and formal documentation—engagement letters are sent via email from Outlook drafts rather than through a formal system like DocuSign, and the onboarding process relies on informal personal checklists rather than a centralized repository. There is no evidence of change-of-control or assignment clauses in contracts, no documented renewal tracking process, and no formalized contract management system; the firm maintains only a customer revenue list showing contract types but no renewal dates, terms, or transferability status. The lack of formal contracting infrastructure combined with the owner's direct relationship with 72% of clients by revenue creates significant transfer risk in an M&A transaction. | 3/10 | CRITICAL RISK | |
| fix_06 | IT Infrastructure & Asset Documentation GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt · GPA_HC_Profile.txt · GPA_GL_Export.csv — High confidence — multiple documents corroborated The company lacks formal IT asset inventory and documentation systems. The cybersecurity assessment identifies no EDR solution, no MDM enrollment, no verified disk encryption on staff workstations, and critical security gaps including unencrypted local drives storing client tax files with SSNs and EINs. While basic backups exist (QuickBooks to external drive, Drake Tax to personal iCloud), there is no offsite backup strategy, no cloud backup for tax files, and no formal data retention or destruction policy, indicating incomplete asset lifecycle tracking and maintenance practices. | 3/10 | CRITICAL RISK | |
| fix_07 | CRM & Pipeline Documentation GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt — High confidence — multiple documents corroborated The company does not use a CRM system for sales pipeline management. The retrieved documents reference Canopy as a "Practice Management" tool for client onboarding and document exchange, but there is no evidence of a formal sales pipeline, opportunity tracking, or forecast discipline. The onboarding process notes indicate that [PERSON] holds key client relationships (48 of 67 clients identified as owner-managed), with pipeline and business development activity entirely dependent on the owner and not documented in any systematic way. | 2/10 | CRITICAL RISK | |
| fix_08 | Key Employee Risks GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The firm has critical single points of failure with no formal succession planning or retention agreements in place. The managing partner [PERSON] holds direct relationships with 72% of client relationships by revenue and is the sole contact for client relations, tax preparation oversight, and staff supervision, with no documented backup or cross-training program; the document states "No documented succession plan for any key role" and notes the firm has not operated without [PERSON] for an extended period in the past 3 years. Additionally, institutional knowledge is captured only informally—the onboarding SOP explicitly notes "[PERSON]'s notes — needs to be formalized" and states "I keep a personal list but nothing formal," with training described as "primarily learning by doing" with no documented checklist or milestones. | 3/10 | CRITICAL RISK | |
| fix_09 | Financial Trajectory & EBITDA Quality GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_CIM.txt · GPA_Cybersecurity_Assessment.txt · GPA_Financials.csv — High confidence — multiple documents corroborated The company reports $820K in [DATE_TIME] revenue with a 31% EBITDA margin ($254K) and normalized EBITDA of $298K after add-backs, demonstrating solid profitability with documented add-backs. However, the documents provided do not include audited or reviewed financial statements, multi-year financial performance history, or evidence of consistent growth trajectory required for higher scores. The financial information appears limited to a single-year snapshot in the CIM without supporting historical financials or third-party review documentation. | 6/10 | ADEQUATE | |
| fix_10 | Data Room Readiness GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt · GPA_HC_Profile.txt · GPA_GL_Export.csv — High confidence — multiple documents corroborated The company lacks an organized data room structure and has not prepared key documentation for due diligence. While a CIM exists (source [3]), the retrieved documents reveal critical operational and compliance gaps rather than organized data room contents, including scattered document management practices (engagement letters in "Outlook drafts," notes requiring formalization per source [1]), unencrypted client tax files on local drives (source [2]), and no evidence of version control or formal document organization. Significant cybersecurity and operational remediation would be required before buyer review, with the internal assessment rating the firm's readiness as "MEDIUM" and identifying multiple "HIGH" priority gaps that need resolution before a sale process. | 3/10 | CRITICAL RISK |
Owner Risk2.8/10 CRITICAL RISK (17% blend)
Deal Impact: Critical owner dependency — high probability of deal restructuring, escrow requirement, or significant price reduction.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| owr_01 | Succession Readiness GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt — High confidence — multiple documents corroborated No formal succession plan exists; the owner [PERSON] is the primary contact for 72% of client relationships by revenue and has been the sole decision-maker for all key functions with no documented handoff protocols. While [PERSON] (Senior CPA) holds independent relationships with 19 clients and has onboarded two associates, there is "no formal handoff process documented" and the firm has explicitly stated "no documented succession plan for any key role" and "no cross-training program," creating critical dependency risk in a transition scenario. | 2/10 | CRITICAL RISK | |
| owr_02 | Institutional Knowledge Capture GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company has minimal institutional knowledge documentation with critical processes remaining dependent on key individuals. The client onboarding SOP is explicitly noted as "[PERSON]'s notes — needs to be formalized" with informal checklists kept personally rather than formally documented, and onboarding training is "primarily learning by doing alongside managing partner; no formal program" with "no documented onboarding checklist or milestone review." Most critically, [PERSON] holds direct relationships with 72% of clients by revenue and manages all staff supervision and performance reviews with no documented succession plan or cross-training program in place. | 3/10 | CRITICAL RISK | |
| owr_03 | Management Team Depth GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt — High confidence — multiple documents corroborated The owner ([PERSON]) is the primary contact for 72% of client relationships by revenue, holds all hiring authority, manages all staff performance reviews, and must be involved in all new hire orientations with no formal handoff process documented. The firm has not operated without the owner for an extended period in the past 3 years, and while one Senior CPA ([PERSON]) can handle 19 clients independently (28% of revenue), there is no documented succession plan for any key role, no cross-training program, and the bookkeeper is the sole resource with no identified backup, meaning client relationship continuity and operations would be at significant risk during a 60+ day owner absence. | 3/10 | CRITICAL RISK | |
| owr_04 | Key Person Concentration Beyond Owner GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Financials.csv · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company exhibits significant key person concentration beyond the owner, with [PERSON] (Senior CPA) serving as the sole reviewer of all tax returns before filing and [PERSON] (Bookkeeper/Admin) handling critical client onboarding steps including QuickBooks setup and document collection, yet the onboarding SOP notes indicate informal processes with no formal checklists or documented backup coverage. Additionally, the recruiting and training capability section reveals that the owner provides "direct guidance" with "no formal program" and "no documented onboarding checklist," meaning critical client relationships and technical knowledge remain concentrated with existing staff rather than systematized, and new-hire 62% retention over the assessment period suggests vulnerability to departure of experienced personnel. | 3/10 | CRITICAL RISK |
Customer Quality5.2/10 NEEDS WORK (19% blend)
Deal Impact: Customer concentration or churn risk will compress the multiple — expect sensitivity analysis and possible escrow.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| cq_01 | Top Customer Concentration GPA_Financials.csv · GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_CIM.txt · GPA_GL_Export.csv — High confidence — multiple documents corroborated The company demonstrates excellent customer diversification with 67 active client relationships and no material concentration risk. The largest customer represents only 2.3% of revenue ($19,200), the top 5 customers combined represent approximately 10% of revenue, and the remaining 62 clients average $10,000+ annually, indicating a well-distributed customer base across SMB owners, real estate investors, and professional services verticals with 78% recurring revenue from retainers. | 9/10 | STRONG | |
| cq_02 | Revenue Predictability & Recurring Mix GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt — High confidence — multiple documents corroborated The company reports 78% recurring revenue derived from tax preparation and bookkeeping retainers with 67 active client relationships under engagement letters and retainer agreements averaging $12,200 per client annually, placing it in the 50-70% recurring revenue range with strong structural predictability. However, the CIM does not disclose documented renewal rates, contract lengths, or historical churn data, limiting confidence that the recurring revenue meets the 90%+ renewal rate threshold required for a 9-10 score; the firm's heavy client concentration with the owner managing 72% of relationships by revenue also introduces relationship risk that may impact renewal predictability during transition. | 7/10 | ADEQUATE | |
| cq_03 | Contract Transferability GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company lacks formal customer contracts with assignment or change-of-control language. Customer onboarding relies on informal engagement letters sent via email from Outlook drafts (not standardized templates) and the business is heavily personality-dependent, with the owner identified as the primary contact for 72% of client relationships by revenue and one staff member holding direct relationships with 48 of 67 clients. There is no centralized contract repository, no documented assignment or change-of-control clause language, and customer relationships appear to depend on individual staff retention rather than transferable contractual arrangements. | 2/10 | CRITICAL RISK | |
| cq_04 | Churn Rate & Retention Metrics GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Financials.csv · GPA_Cybersecurity_Assessment.txt · GPA_GL_Export.csv — High confidence — multiple documents corroborated The documents provide no evidence of tracked churn rate, retention metrics, or formal retention programs for customer accounts. While the financial data shows 65 active clients across tax and bookkeeping services, there is no documentation of customer attrition rates, retention analysis, or proactive churn prevention initiatives. The only retention metric present is new-hire employee retention at 62% over the measurement period, which indicates a reactive rather than strategic approach to customer relationship management. | 3/10 | CRITICAL RISK |
Operational Scalability3.5/10 NEEDS WORK (7% blend)
Deal Impact: Technology or process gaps require post-close investment — buyers will model remediation cost into their offer.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| ops_01 | Process Documentation & Repeatability GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt — High confidence — multiple documents corroborated Core operational processes are minimally documented and heavily dependent on specific individuals. The customer onboarding SOP document explicitly states it is "[PERSON]'s notes — needs to be formalized" with reliance on individual staff members for each step (e.g., "[PERSON] meets with them," "[PERSON] sets them up in Canopy"), and notes indicate "I keep a personal list but nothing formal" for onboarding checklists. Additionally, the HC Profile confirms that onboarding is "primarily learning by doing alongside managing partner; no formal program" with "no documented onboarding checklist or milestone review," and new-hire retention at only 62% suggests the informal process creates barriers to staff independence and repeatability. | 3/10 | CRITICAL RISK | |
| ops_02 | Technology & Systems Scalability GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_Financials.csv — High confidence — multiple documents corroborated The company's technology stack relies on a mix of cloud-based and legacy systems with significant undocumented processes and security gaps that would impede 3x growth. Critical systems including Drake Tax files are stored on unencrypted local drives, QuickBooks access is managed through shared credentials with no audit trail, client onboarding is managed through informal personal checklists rather than documented procedures, and training is primarily "learning by doing" with no formal program—all indicating substantial technical debt and process brittleness. While remediation costs are estimated under $2,000, the overall cybersecurity posture is rated MEDIUM risk and "above acceptable threshold for sale process," suggesting the current infrastructure would require meaningful modernization and formalization to support significant growth. | 4/10 | NEEDS WORK | |
| ops_03 | Vendor & Supplier Concentration GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt — High confidence — multiple documents corroborated The firm has significant single-source vendor dependencies, particularly with Canopy (client portal and practice management), Drake Tax (tax file storage), and QuickBooks (all 67 client accounts accessed via shared login with no audit trail). While QuickBooks Online is cloud-hosted and SOC 2 compliant, critical tax data is stored locally on unencrypted drives with no documented alternatives or formal SLAs, and the cybersecurity assessment identifies no backup vendors or switching plans for these essential platforms. | 4/10 | NEEDS WORK | |
| ops_04 | Financial Controls & Reporting Cadence GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_Financials.csv — High confidence — multiple documents corroborated The company lacks formal financial controls and reporting cadence documentation. The retrieved documents contain no evidence of monthly financial close timelines, budget vs. actual reviews, or a designated CFO/Controller—instead showing that the owner manages finances with ad-hoc processes (e.g., raises set "at his discretion" with "no documented formula"). While the firm uses QuickBooks Online for client work, the cybersecurity assessment reveals that client financial data is accessed via shared credentials with "no audit trail of individual staff access," and the firm maintains only local backups without offsite redundancy, indicating immature internal financial controls infrastructure. | 3/10 | CRITICAL RISK |
Financial Readiness3.0/10 CRITICAL RISK (10% blend)
Deal Impact: Financial readiness is a deal blocker — books must be restructured before any formal sale process can begin.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fr_01 | Books Quality & CPA Relationship GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_CIM.txt — High confidence — multiple documents corroborated The company maintains no external CPA relationship for financial statement preparation—Garrison Professional Advisors is itself a CPA firm that prepares tax and bookkeeping services for clients but does not have its own audited, reviewed, or compiled financial statements documented in the provided materials. Additionally, the firm's internal financial controls present significant risks to diligence readiness, including unencrypted client tax files, shared QuickBooks credentials across all staff with no audit trail, and lack of MFA enforcement for 3 of 5 staff members—issues that the cybersecurity assessment rates as HIGH risk and requiring remediation before a sale process. | 3/10 | CRITICAL RISK | |
| fr_02 | Add-Back Documentation GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt — High confidence — multiple documents corroborated The CIM identifies normalized EBITDA of $298K with add-backs totaling approximately $44K ($195K S-corp distributions excluded, plus vehicle lease $850/mo, personal meals/cell ~$3,600, and home office $4,800/yr), but no formal add-back schedule or supporting documentation is provided in the retrieved excerpts. The documents note these are "standard add-backs" requiring owner compensation restructuring at close, yet there is no evidence of CPA-prepared schedules, independent verification, or itemized support that a buyer's accountant could readily audit. The firm's informal financial management practices—including undocumented PTO accruals, commingled owner and business expenses, and lack of formal policies—suggest add-backs are identified but lack the rigorous documentation necessary for M&A normalization. | 3/10 | CRITICAL RISK | |
| fr_03 | Revenue Recognition & Consistency GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The retrieved documents contain no revenue recognition policy, GAAP compliance documentation, or deferred revenue tracking procedures. The customer onboarding SOP (Excerpt [1]) describes operational client intake processes but explicitly notes that procedures "need to be formalized" and lack standardized checklists, with no mention of revenue recognition timing, method, or consistency. The absence of any accounting policy documentation, audit records, or revenue tracking methodology creates significant risk of restatement during due diligence. | 3/10 | CRITICAL RISK | |
| fr_04 | Three-Year Financial Trend GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt — High confidence — multiple documents corroborated The retrieved documents contain only a single-year financial snapshot ($820K revenue, 31% EBITDA margin, $254K EBITDA) from the CIM without comparative prior-year data or a three-year trend analysis. No historical revenue growth rates, EBITDA progression, or margin trends are provided in any of the excerpts, making it impossible to assess consistency of growth or margin stability over a three-year period. | 3/10 | CRITICAL RISK |
Legal & Regulatory Compliance4.0/10 NEEDS WORK (11% blend)
Deal Impact: Compliance gaps will surface in diligence — expect buyer requests, timeline extension, and potential price adjustment.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| lc_01 | Business Licenses & Permits GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Financials.csv · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The retrieved documents contain no evidence of business licenses, permits, or their transferability status. The excerpts focus on employment structure, client onboarding procedures, financial data, cybersecurity gaps, and compensation arrangements, but do not address professional licenses (such as CPA licenses required to operate an accounting firm), business permits, or any legal review of transferability in a change-of-control scenario. This represents a material compliance gap requiring immediate documentation and legal review before exit. | 2/10 | CRITICAL RISK | |
| lc_02 | Contract Change-of-Control Provisions GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The retrieved documents contain no evidence of legal review of vendor, customer, or lease agreements for change-of-control provisions or assignment clauses. While customer engagement letters are mentioned in the onboarding SOP, they are informal templates sent via email without documented legal counsel review of their assignability or change-of-control language. The documents focus on cybersecurity, human capital, and compensation structure issues but entirely lack any contract analysis, legal review protocols, or documented assessment of material agreements' transferability in a transaction. | 3/10 | CRITICAL RISK | |
| lc_03 | Employment Law Compliance GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company employs all staff on standard W-2 employment and has benchmarked compensation against AICPA surveys; however, there are material compliance gaps. The S-corp owner compensation structure requires restructuring, associate compensation is below market (partially explaining 40% turnover), and critically, no formal compensation benchmarking process or documented bonus/raise formula exists—raises are set "at [managing partner's] discretion" with no documented guidelines. The documents contain no evidence of I-9 verification procedures, non-compete agreements, or any open EEOC/DOL matters, leaving significant documentation gaps for due diligence. | 5/10 | NEEDS WORK | |
| lc_04 | Intellectual Property Ownership GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt — High confidence — multiple documents corroborated IP ownership is highly ambiguous and inadequately documented. While the firm is licensed as a Georgia CPA entity and uses standard cloud-based tools (QuickBooks Online, Canopy, Drake Tax), there is no evidence of formal IP assignment agreements, trademark registration, or an IP schedule in the data room. Critical client data security gaps—including unencrypted tax files stored on local drives, shared QuickBooks credentials across 67 client accounts with no audit trail, and Drake Tax files backed up to the owner's personal iCloud—create material ownership and control ambiguities that would likely survive diligence challenge, particularly regarding client data and proprietary processes. | 3/10 | CRITICAL RISK | |
| lc_05 | Litigation & Contingent Liability GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_Customer_Onboarding_SOP.txt · GPA_CIM.txt — High confidence — multiple documents corroborated The company has no disclosed material litigation or active legal claims documented in the reviewed materials, and all staff are on standard W-2 employment with portable benefits at close. However, the cybersecurity assessment identifies multiple HIGH and MEDIUM risk gaps—including unencrypted client tax files containing SSNs/EINs, shared QuickBooks credentials with no audit trail, and MFA not enforced for 3 of 5 staff—which create potential contingent liability exposure for data breaches or regulatory violations, though the assessment notes remediation costs are under $2,000 and considered "fast and cheap to remediate." | 7/10 | ADEQUATE |
Technology & Systems Maturity3.2/10 CRITICAL RISK (5% blend)
Deal Impact: Technology infrastructure is a deal risk — undocumented systems, personal dependencies, or technical debt will trigger buyer discount.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| tm_01 | Core Systems Documentation & Ownership GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_Financials.csv — High confidence — multiple documents corroborated Core business systems (QuickBooks, Drake Tax, Canopy) are in use but lack formal documentation, with the onboarding SOP explicitly noting "[PERSON]'s notes — needs to be formalized" and no documented checklist for new clients. Multiple critical personal account dependencies exist, including shared QuickBooks credentials across all 67 client accounts via a single admin login with no audit trail, Drake Tax files backed up to the owner's personal iCloud, and engagement letter templates stored in the owner's Outlook drafts rather than centralized systems. The cybersecurity assessment identifies this as a "MEDIUM" overall risk rating with "HIGH" priority gaps requiring remediation before sale, indicating significant exit readiness concerns around system transferability. | 3/10 | CRITICAL RISK | |
| tm_02 | Cybersecurity & Data Protection Posture GPA_Customer_Onboarding_SOP.txt · GPA_Financials.csv · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_CRM_Pipeline.csv — High confidence — multiple documents corroborated The firm has only partial MFA deployment (2 of 5 staff members), no EDR solution beyond Windows Defender, no documented incident response plan, no cyber insurance mentioned, and no vendor security review process documented. The cybersecurity assessment identifies multiple HIGH-risk gaps including unencrypted client tax files containing SSNs and EINs, shared QuickBooks credentials with no audit trail, and local-only backups with no offsite copy, though the assessment notes these are "fast and cheap to remediate" with estimated costs under $2,000. | 4/10 | NEEDS WORK | |
| tm_03 | Data Integrity & Business Intelligence GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_CIM.txt — High confidence — multiple documents corroborated Data integrity is severely compromised by security gaps and lack of formalization across critical systems. Client financial data including SSNs and EINs are stored on unencrypted local drives with no audit trail, all 67 QuickBooks client accounts are accessed via a single shared login with no individual user tracking, and tax files are backed up only to the owner's personal iCloud with no offsite protection. Additionally, the client onboarding process relies entirely on informal checklists maintained by one individual, with no formal documentation or systematized operational procedures, creating heavy individual dependencies and vulnerability to data loss or unauthorized access. | 3/10 | CRITICAL RISK | |
| tm_04 | Technology Vendor & Subscription Management GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt — High confidence — multiple documents corroborated Vendor relationships and subscriptions are severely underdocumented and exhibit significant personal dependencies that create transfer risk. The cybersecurity assessment reveals critical tools with problematic ownership structures: Drake Tax data is backed up to "the owner's personal iCloud" rather than entity-controlled storage, the onboarding SOP notes that processes "needs to be formalized" with only informal personal checklists maintained by [PERSON], and QuickBooks Online access is managed through a single shared admin login with no individual accountability. The documents contain no evidence of formalized vendor contracts, renewal date tracking, transferability agreements, or an inventory of subscriptions and licenses necessary for post-acquisition operations. | 3/10 | CRITICAL RISK | |
| tm_05 | Technical Debt & Modernization Risk GPA_Cybersecurity_Assessment.txt · GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Financials.csv — High confidence — multiple documents corroborated The firm operates a mixed technology stack with significant security and modernization gaps that would require material post-close investment. Key issues include unencrypted local storage of sensitive client tax files containing SSNs and EINs, shared QuickBooks credentials across all staff with no audit trail, absence of endpoint detection and response (EDR) protection, and lack of offsite cloud backup—all identified as HIGH or MEDIUM risk in the cybersecurity assessment. While the assessment estimates remediation costs under $2,000, these gaps reflect deferred security modernization in a firm handling sensitive financial data for 67 clients, positioning this firmly in the "significant legacy systems with material deferred upgrades" category. | 4/10 | NEEDS WORK |
▲ Layer8's primary practice area. Technology & Systems Maturity is where Layer8 delivers directly — not just identifies gaps. Where this domain shows deficiencies, remediation is available immediately through Layer8 engagements.
Human Capital3.6/10 NEEDS WORK (14% blend)
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| hc_01 | Workforce Retention & Tenure GPA_HC_Profile.txt · GPA_Financials.csv · GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The firm demonstrates 0% turnover among partner and senior staff (3 FTE with tenure dating back to the founding), providing continuity; however, associate-level turnover is 40% over the rolling 24-month period with 2 departures noted as "normal for tax season cycle," placing overall annual turnover in the 15-25% range typical of small CPA firms. The document explicitly states that "Associate CPA and staff accountant turnover is expected in the accounting industry at this firm size" and attributes associate departures partly to below-market compensation ($68,000 for Associate CPA vs. AICPA lower-quartile, $52,000 for Staff Accountant vs. $56,000 median), with no retention bonuses in place and no formal bonus structure documented. While client files are centralized in Tax Dome mitigating key-person risk, the lack of a documented retention strategy and measurable improvement trajectory over 24 months, combined with acknowledged below-market associate pay, indicates standard but not exceptional retention stability acceptable at close. | 5/10 | NEEDS WORK | |
| hc_02 | Compensation Competitiveness GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The company has benchmarked compensation against AICPA and PASBA surveys, with senior CPA and bookkeeper salaries at or above market rates; however, associate-level roles are positioned below market (Associate CPA at lower-quartile, Staff Accountant at $52,000 vs. $56,000 median), which the documents explicitly link to "typical associate turnover." Raises are set discretionary by the owner with no documented formula or bonus structure, and no retention bonuses are in place for key staff, creating risk of post-acquisition departures among the 40% associate turnover cohort. | 5/10 | NEEDS WORK | |
| hc_03 | Recruiting & Training Capability GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt — High confidence — multiple documents corroborated The firm lacks scalable hiring and training capability, with owner approval required for all hires and onboarding that is primarily "learning by doing alongside managing partner" with no formal program or documented checklist. New-hire one-year retention is 62% (3 of 8 hires left within the period), and while [PERSON] has onboarded two associates, "no formal handoff process is documented," indicating that owner involvement remains essential and the firm cannot hire and develop staff independently. | 3/10 | CRITICAL RISK | |
| hc_04 | Bench Depth & Succession Beyond Owner GPA_Customer_Onboarding_SOP.txt · GPA_HC_Profile.txt · GPA_Cybersecurity_Assessment.txt · GPA_Financials.csv — High confidence — multiple documents corroborated The firm has severe single points of failure across multiple critical non-owner roles with no documented succession planning or cross-training program. The owner ([PERSON]) controls 72% of client relationships by revenue and is the sole resource for staff supervision, bookkeeping administration, and new hire onboarding, with the document explicitly stating "If [PERSON] were absent for an extended period, [PERSON] could handle routine returns but client relationship continuity would be at risk." No backup has been formally identified for bookkeeping administration, and while one senior CPA ([PERSON]) holds independent relationships with 19 clients (28% of revenue), they have "not been formally introduced as backup for Garrison's top accounts" and have not been tested in a transition scenario. | 2/10 | CRITICAL RISK | |
| hc_05 | Compensation/Benefits Structure Transferability GPA_HC_Profile.txt · GPA_Customer_Onboarding_SOP.txt · GPA_Cybersecurity_Assessment.txt · GPA_Financials.csv — High confidence — multiple documents corroborated The company has formal W-2 employment and portable benefits (Blue Cross group plan, standard 401(k)/SEP-IRA structures) for staff, but the owner compensation structure requires significant restructuring at close—the owner draws $195,000 via S-corp distributions rather than employee payroll, and maintains multiple owner-specific add-backs (vehicle lease $850/month, personal cell/meals ~$3,600 annually, home office deduction $4,800/year, and owner health insurance). Additionally, PTO is informal with no documented accrual policy or balance sheet liability tracking, and compensation raises are set at owner discretion with no formula, indicating cleanup will be needed to transition this arrangement to a buyer. | 4/10 | NEEDS WORK |
Top 3 Strengths
- Customer Quality at 5.2/10 represents an adequate foundation that reduces buyer concern over revenue concentration and client attrition risk. While there is room for improvement in retention metrics and account diversification, this adequate standing signals that the client base is neither unstable nor highly fragmented, allowing a buyer to focus diligence resources on operational integration rather than emergency revenue stabilization.
- Legal & Regulatory Compliance at 4.0/10, though needing work, avoids critical risk designation and suggests that Garrison has established baseline compliance infrastructure appropriate to the accounting vertical. This positioning limits regulatory liability exposure during transition and reduces the likelihood of post-close audit surprises or enforcement actions that would otherwise trigger additional escrow holdbacks.
- Operational Scalability at 3.5/10 indicates that while processes are not yet systematized, the company has not yet built rigid, owner-dependent workflows that would be impossible to standardize post-acquisition. This "needs work" profile provides a buyer with a cleaner slate for process redesign and integration planning than would a critically fragmented operation, reducing the risk of operational disruption during the transition period.
Top 3 Risks
- Owner Risk at 2.8/10 (CRITICAL RISK) represents a deal-blocking gap that will trigger a buyer discount and intensive diligence scrutiny. Buyers acquiring Garrison will require detailed transition documentation, earnout structures, and non-compete/non-solicitation protections to mitigate key-person and continuity risks; failure to address owner dependency before listing will compress valuation within the 0.5–0.8× EBITDA range toward the floor.
- Financial Readiness at 3.0/10 (CRITICAL RISK) creates a material liability in diligence and poses a deal-completion risk tied to revenue quality, expense documentation, and cash-flow predictability. A buyer's finance team will flag gaps in accounting controls, tax compliance, or working capital management, all of which will justify a substantial haircut and may require third-party forensic accounting or remediation before closing.
- Technology & Systems Maturity at 3.2/10 (CRITICAL RISK) will surface as a critical operational and integration risk during buyer due diligence, exposing legacy systems, data integrity gaps, and high integration costs post-acquisition. Buyers will apply a significant discount to account for the cost and complexity of platform modernization and data migration, reducing effective valuation and extending the post-close integration timeline.
Recommended Priority Fixes
The five highest-priority actions for the next 90 days, ranked by deal impact. For the complete domain-by-domain remediation plan and cost estimates, see the Value Recovery Roadmap above.
Fix 1OR
Document Owner Transition Plan and Key-Person Mitigation
Address Owner Risk (2.8/10 CRITICAL RISK) by producing a written transition playbook that details the owner's current responsibilities, client relationships, revenue dependencies, and a 12-month handoff schedule to designated management. Buyers will require this documentation to assess continuity risk and structure earnout/retention incentives; without it, valuation will compress toward the 0.5× EBITDA floor due to key-person discount.
Fix 2FR
Engage Big Four Forensic Accounting and Produce Clean Financials
Address Financial Readiness (3.0/10 CRITICAL RISK) by engaging a top-tier accounting firm to audit revenue recognition, expense classification, tax compliance, and working-capital management, then produce three years of restated EBITDA with a detailed bridge memo. A buyer's finance team will demand this defensible financial foundation during diligence; absence of third-party validation will trigger forensic costs on the buyer side and justify a material valuation haircut.
Fix 3TM
Commission Third-Party Tech Stack Assessment and Modernization Roadmap
Address Technology & Systems Maturity (3.2/10 CRITICAL RISK) by hiring an independent systems integrator to audit all legacy platforms, document data integrity gaps, and produce a written 18-month cloud migration and integration roadmap with cost estimates. Buyers will apply a significant integration-risk discount if this gap is discovered in their CTO review; proactive documentation reduces post-close surprises and supports a higher valuation multiple.
Fix 4CQ
Map and Strengthen Customer Retention and Contract Clarity
Address Customer Quality (5.2/10 NEEDS WORK, 19% weight) by conducting a full client census to identify revenue concentration, contract terms, renewal dates, and upsell potential, then document top-20 client relationships and produce a client retention plan with owner sign-off. Buyers will scrutinize revenue quality and churn risk; demonstrating sticky relationships and contractual clarity protects valuation and reduces buyer post-close revenue surprise.
Fix 5LC
Establish Formal Compliance Audit and Regulatory Documentation Pack
Address Legal & Regulatory Compliance (4.0/10 NEEDS WORK, 11% weight) by conducting an external compliance audit covering licensing, insurance, client data protection, and professional standards, then compile a complete regulatory documentation package (licenses, insurance certificates, audit findings, remediation log) for buyer review. Clean compliance documentation reduces diligence friction and eliminates surprise compliance liabilities that could trigger post-close indemnification claims.
Compliance Notes
PII was detected and redacted in 11 document(s) prior to ingestion:
GPA_AR_Aging.csv: DATE_TIMEGPA_CIM.txt: DATE_TIME, LOCATION, PERSONGPA_CRM_Pipeline.csv: DATE_TIME, PERSONGPA_Customer_Contract_Harrington.txt: DATE_TIME, LOCATION, PERSONGPA_Customer_Onboarding_SOP.txt: DATE_TIME, PERSONGPA_Cybersecurity_Assessment.txt: DATE_TIME, PERSONGPA_Employee_Roster.csv: DATE_TIME, PERSONGPA_Financials.csv: DATE_TIMEGPA_GL_Export.csv: DATE_TIME, PERSONGPA_HC_Profile.txt: DATE_TIME, LOCATION, PERSONGPA_IT_Asset_Inventory.csv: DATE_TIME, LOCATION, PERSON