Prepared by: Layer8TechGroup · Framework: 10 Technology Fixes — Tier 1 · Documents Ingested: cached collection (previously ingested)
Overall Score
4.7/10
8-domain blend
Valuation Multiple
4.1 – 4.6×
EBITDA · Lower Middle Market
EBITDA
$1,000,000
most recent FY
Vertical
Technology / MSP
technology
Assessment Scores — 8-Domain Profile
Value Recovery RoadmapTotal Recoverable Value: $1,650,000
Prioritized by estimated valuation impact · Score-adjusted: 4.1 – 4.6×EBITDA · Ceiling: 6.0×
Complete remediation plan across all scored domains. The Priority Fixes section below highlights the five ranked starting points.
| Domain | Layer8 Service | Multiple Impact | Value at Risk | Est. Timeline | Typical Investment | Est. ROI |
|---|---|---|---|---|---|---|
CQCustomer Quality✓ Quick Win | Contract Audit & CRM Implementation | +0.3x | $346,500 | ⏱ 8–10 wks | $5,000 – $9,000 | 20x+ |
DRDiligence Risk✓ Quick Win | Security Hardening & Data Room Preparation | +0.3x | $297,000 | ⏱ 4–6 wks | $2,500 – $4,500 | 20x+ |
OROwner Risk✓ Quick Win | Succession Planning & Knowledge Capture Sprint | +0.2x | $247,500 | ⏱ 6–8 wks | $3,500 – $6,000 | 20x+ |
OSOperational Scalability✓ Quick Win | Process Documentation & Systems Audit | +0.2x | $214,500 | ⏱ 8–10 wks | $4,000 – $7,000 | 20x+ |
TMTechnology & Systems Maturity | Technology Infrastructure Audit & Modernization Plan | +0.2x | $165,000 | ⏱ 6–8 wks | $3,000 – $5,500 | |
HCHuman Capital✓ Quick Win | Workforce Retention & Bench Depth Sprint | +0.2x | $165,000 | ⏱ 10+ wks | $5,000 – $8,000 | 20x+ |
FRFinancial Readiness✓ Quick Win | Books Cleanup & Add-Back Schedule | +0.1x | $115,500 | ⏱ 4–6 wks | $2,000 – $4,000 | 20x+ |
LCLegal & Regulatory Compliance | Legal Compliance Audit & Contract Review | +0.1x | $99,000 | ⏱ 6–8 wks | $3,500 – $6,500 | |
| TOTAL | — | $1,650,000 | — | $28,500 – $50,500 | 20x+ | |
Quick Win items are flagged ✓ in the table above — these deliver the highest remediation ROI in the shortest timeline and are the recommended starting point for any remediation plan.
Typical investment ranges reflect market-rate remediation costs and are provided for prioritization purposes only. Actual engagement scope and pricing depend on business size, gap severity, and selected service provider. Layer8 Tech Group provides formal engagement proposals following assessment delivery.
Ready to recover this value before you list?
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Layer8 Tech Group delivers these services for businesses preparing for acquisition.Schedule a Discovery Call →
Automation Opportunity AssessmentScored separately — upside signals for post-close value creation, not valuation drivers
▲ Automation Maturity IndexScored separately — excluded from overall score and valuation multiple
0.9/10MANUAL (raw: 1/16)
MSP revenue infrastructure is evaluated on lead-to-contract automation, after-hours responsiveness, and client retention sequences — critical signals for buyers assessing whether ARR growth is system-driven or founder-dependent.
Automation maturity is scored separately from the valuation composite. The gaps below represent operational efficiency opportunities and post-close value creation for a buyer — not valuation discounts.
| # | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| R01 | AI Voice / After-Hours Call Handling PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx · PIS_Demo_UI_Flow.docx No evidence of AI voice agents or automated after-hours call handling is present in any retrieved documents; the company operates a traditional regional services model with no mention of voice automation, chatbots, or 24/7 inbound call systems in the CIM, operations summaries, or technology stack descriptions. | 0/2 | MANUAL | |
| R02 | CRM Presence & Workflow Automation PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_GL_Export_2024Q4.csv Peachtree has implemented HubSpot CRM (evidenced by HubSpot subscription in GL and a CRM pipeline export file referenced in the deal room), but automation maturity is partial and inconsistent—the cybersecurity assessment recommends completing MFA rollout for HubSpot, and the CIM identifies "moderate owner dependence in late-stage sales" and inconsistent documentation practices, indicating manual workflows and workflow gaps rather than full automation across the pipeline. | 1/2 | PARTIAL | |
| R03 | 24/7 Lead Capture PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Customer_Contract_Atlanta_Property_Holdings.docx · PIS_Demo_UI_Flow.docx The retrieved documents contain no evidence of after-hours or 24/7 lead capture capability; there is no mention of contact forms, chatbots, or automated lead routing systems in any of the company's operational or technical documentation. Peachtree Integrated Systems operates as a regional services firm with business hours support, and lead capture processes are not addressed in the available materials. | 0/2 | MANUAL | |
| R04 | SMS Appointment Reminders & Confirmations PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx · PIS_GL_Export_2024Q4.csv The retrieved documents contain no evidence of automated SMS appointment reminders, confirmations, or follow-up workflows; the company's tech stack references Microsoft 365, HubSpot, QuickBooks Online, and ConnectWise, but no SMS automation platform or reminder system is mentioned in any operational or technology documentation. | 0/2 | MANUAL | |
| R05 | Automated Review Solicitation PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx There is no evidence of automated post-service review solicitation in any of the retrieved documents; reviews are organic only with no systematic or manual review request process documented. The CIM identifies standardization of business reviews and lifecycle planning as a growth opportunity, confirming that formal review solicitation workflows do not currently exist. | 0/2 | MANUAL | |
| R06 | Smart Follow-Up Sequences PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx · PIS_Customer_Contract_Atlanta_Property_Holdings.docx The retrieved documents contain no evidence of automated follow-up sequences for leads or dormant clients; instead, the company relies on manual CRM processes and informal sales workflows dependent on individual account owners. The CIM explicitly identifies "moderate owner dependence in late-stage sales" and "key client relationships," indicating that lead nurturing and re-engagement are not systematized or automated. | 0/2 | MANUAL |
Interpretation: Manual — buyer will underwrite operational risk, expect discount
A low Automation Maturity score for an MSP signals that growth is relationship-driven rather than systematic. Buyers will apply a meaningful discount and may require remediation commitments as a condition of close.
📈 Buyer Opportunity: A buyer who systematizes these automation gaps post-close would deploy a proven playbook: AI voice handling, CRM workflows, and follow-up sequences that collectively recover 15–25% of leads currently lost to slow response. This is a predictable, acquirable value-creation lever.
► Operational Automation OpportunitiesVertical-specific — excluded from overall score
1.0/10MANUAL (raw: 1/10)
Vertical-specific operational automation gaps identified in MSP & Technology Operational Automation operations. These gaps represent immediate efficiency opportunities for the current owner and post-close value creation levers for a buyer.
Operational automation gaps identified below are framed as efficiency and revenue recovery opportunities. Dollar estimates reflect operational impact, not valuation multiple adjustment. Layer8 delivers these implementations directly.
| Automation Opportunity | Score | Status | Bar | Layer8 Opportunity |
|---|---|---|---|---|
| Ticket Triage & Auto-Assignment | 0/2 | MANUAL | Ticket automation reduces mean time to first response — the metric buyers use most heavily to benchmark MSP operational maturity and client satisfaction. | |
| Patch Management & Compliance Reporting | 0/2 | MANUAL | Automated patch compliance reporting is a premium tier differentiator — it demonstrates systematic security management and supports cyber insurance requirements. | |
| Client Onboarding & Offboarding | 1/2 | PARTIAL | Onboarding automation is the most visible quality signal to new clients — and the fastest way to surface the gap between an MSP that runs on people and one that runs on systems. | |
| Client Health Scoring & Churn Risk Alerts | 0/2 | MANUAL | Client health automation converts churn prevention from a reactive fire drill to a proactive managed process — directly protecting the MRR base that drives MSP valuation. | |
| QBR Scheduling & Preparation | 0/2 | MANUAL | QBR automation enables consistent executive engagement across the entire client base — not just the accounts that squeaky-wheel their way to attention. |
Ready to build your automation infrastructure before you list?
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 runs 90-day Automation Sprints that close AMI gaps and systematize vertical-specific workflows. The ROI is measurable before you go to market.Schedule a Discovery Call →
Layer8 Service CatalogOne service per Roadmap row — purpose, inputs, deliverables, and success criteria
CQContract Audit & CRM Implementation
Purpose
Protect revenue base transferability by ensuring customer contracts survive a change of control and the pipeline is visible to buyers — two of the most scrutinized items in lower-middle-market diligence.
Client Inputs
All active customer agreements, CRM access or pipeline export, renewal history, list of top 10 accounts by revenue.
Engagement Approach
Contract review for assignment and change-of-control clauses, gap remediation with M&A counsel for missing language, CRM selection or cleanup, pipeline workflow configuration, and renewal tracking implementation.
Deliverables
Contract assignment analysis with remediation recommendations; updated agreements with assignment language; CRM implementation with documented pipeline stages; weighted renewal forecast report.
Success Criteria
All material contracts include assignment language acceptable to buyer counsel; CRM shows a 90-day pipeline with documented renewal rates; top-10 account relationships documented with transition plans.
DRSecurity Hardening & Data Room Preparation
Purpose
Eliminate the most common pre-close diligence findings — security gaps, disorganized documentation, and missing records — so the buyer's team moves efficiently and the seller enters negotiation with a clean record.
Client Inputs
Administrative access to email and file storage systems, current software and SaaS subscription list, contract inventory, data backup and recovery procedures.
Engagement Approach
Security posture assessment against buyer diligence checklists, MFA deployment verification, endpoint protection confirmation, data room folder structure built to standard buyer request formats, incident response procedure documented.
Deliverables
Organized data room with standard diligence folder structure; MFA confirmed across all systems; endpoint protection report; written incident response procedure; data backup and recovery procedure documented.
Success Criteria
Data room passes a sample buyer diligence checklist without gaps; security posture documented to buyer IT diligence standards; no security findings flagged during sale negotiations.
ORSuccession Planning & Knowledge Capture Sprint
Purpose
Convert undocumented succession risk into a written, buyer-acceptable transition plan that reduces Day 1 integration uncertainty and unlocks negotiation leverage on earn-out and escrow terms.
Client Inputs
Owner interview (2–3 hours), key staff interviews (1 hour each), access to current SOPs and operations documentation, current organizational chart.
Engagement Approach
Structured interview series capturing operational and relationship knowledge. Knowledge capture workshops with key staff. Drafting of formal succession plan with phased transition timeline and relationship handoff schedule.
Deliverables
Written succession plan (10–15 pages); phased 90-day transition timeline; key relationship introduction schedule; operational protocol handoff checklist; retention recommendations for critical staff.
Success Criteria
Plan reviewed and accepted by buyer counsel during diligence; transition timeline supports closing without operational disruption; no retention escrow required beyond standard market terms.
OSProcess Documentation & Systems Audit
Purpose
Demonstrate to buyers that the business can operate and grow without the owner — the core test for platform acquisition suitability and a prerequisite for earn-out terms that don't require owner involvement.
Client Inputs
Existing process documentation (any format), list of core operational workflows, technology stack inventory, vendor contracts, org chart and current role descriptions.
Engagement Approach
Process mapping interviews with key staff, SOP drafting for undocumented workflows, technology stack documentation and gap assessment, vendor contract review, financial controls walkthrough and documentation.
Deliverables
Core SOP library covering sales, delivery, billing, and support; technology stack documentation; vendor contract summary with renewal calendar; financial controls memo; org chart with documented decision authority.
Success Criteria
A buyer's operations team can assess day-to-day execution from documentation alone; no single staff member is required to explain how the business runs; operations continue during a 30-day owner absence.
TMTechnology Infrastructure Audit & Modernization Plan
Purpose
Produce the technology documentation and remediation roadmap buyers need to underwrite the business's systems without applying a 'black box' discount — demonstrating the tech stack is an asset, not a liability.
Client Inputs
List of all software, SaaS subscriptions, and hardware; IT vendor contracts; current cybersecurity policies; network or system architecture documentation; access to primary business applications for documentation.
Engagement Approach
Systems inventory and entity-ownership documentation, cybersecurity posture assessment, data integrity review, vendor rationalization, technical debt assessment, modernization roadmap drafting aligned to buyer integration requirements.
Deliverables
Complete systems inventory with entity-owned credential confirmation; cybersecurity findings report; data integrity assessment; vendor rationalization recommendations; written 18-month technology roadmap; technical debt disclosure memo.
Success Criteria
Buyer's IT diligence team can assess all systems from documentation alone; no critical vulnerabilities undisclosed; all material systems confirmed entity-owned and transferable; technical debt quantified and roadmap accepted by buyer's IT lead.
HCWorkforce Retention & Bench Depth Sprint
Purpose
Demonstrate that key staff will remain post-close and that the business has the organizational depth to operate without the owner — reducing the escrow holdback and earn-out provisions buyers use to hedge staff attrition risk.
Client Inputs
Employee roster with tenure and compensation, org chart with reporting lines, existing employment or retention agreements, list of key non-owner roles, comp benchmarking data if available.
Engagement Approach
Compensation benchmarking against vertical market rates, retention risk assessment per key role, training playbook documentation, succession identification for critical non-owner positions, comp and benefits structure review for post-close transferability.
Deliverables
Compensation benchmarking report by role; retention risk matrix with recommended retention bonus structures; written succession plans for key non-owner roles; training playbook for top-3 operational roles; comp and benefits transferability memo.
Success Criteria
Buyer's HR diligence confirms comp is at or near market for all revenue-generating roles; retention agreements in place for staff with >20% of revenue exposure; succession paths documented for all roles where departure would disrupt operations within 90 days.
FRBooks Cleanup & Add-Back Schedule
Purpose
Ensure the company's financial statements survive a Quality of Earnings review without re-trading — the single most common source of post-LOI price reductions in SMB transactions.
Client Inputs
3 years of P&L statements and balance sheets, accounting system access, list of all owner add-backs with supporting documentation, CPA contact.
Engagement Approach
Bookkeeping normalization review for consistency and GAAP alignment, add-back identification and documentation with evidentiary support, CPA coordination for reviewed or audited presentation, QofE preparation briefing.
Deliverables
Normalized 3-year P&L with documented add-backs; add-back schedule with supporting documentation for each item; buyer-defensible adjusted EBITDA calculation; QofE-ready financial package.
Success Criteria
Add-backs are documented with receipts or third-party statements that a buyer's QofE accountant will accept without pushback; EBITDA figure matches seller's stated number; no surprises in financial diligence.
LCLegal Compliance Audit & Contract Review
Purpose
Surface and remediate the legal and compliance gaps that most commonly trigger post-LOI price reductions — license transferability, IP ownership, employment compliance, and undisclosed contingent liabilities.
Client Inputs
Business licenses and permits, material vendor and customer contracts, employment agreements and contractor arrangements, corporate formation documents, prior litigation or regulatory correspondence.
Engagement Approach
Business license review and transferability confirmation with counsel, contract assignment analysis, IP ownership confirmation, employment classification and I-9 review, litigation disclosure review and representation letter preparation.
Deliverables
Legal compliance memo covering all identified gaps and remediation actions; license transferability confirmation; contract assignment analysis; IP schedule; employment compliance findings; attorney representation letter.
Success Criteria
No open legal items triggering a material adverse change clause; licenses confirmed transferable by buyer's counsel; no IP ownership gaps; employment practices reviewed; litigation disclosure complete and documented.
Ready to start a remediation sprint?
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Layer8 Tech Group delivers each of these services for businesses preparing for acquisition. Engagements are scoped to your timeline and deal target.Schedule a Discovery Call →
Valuation Impact Analysis
Lower Middle Market · EBITDA
Technology / MSP businesses in this size range typically trade at
4.0–6.0× EBITDA
— MSPs with high Monthly Recurring Revenue, documented contracts, and system-driven growth command premium multiples. PE-backed roll-ups are active acquirers paying 6–9× for platform-quality businesses.
Score-adjusted range
(Exit Readiness 4.7/10 — Lower Middle Market — lower range)
EBITDA (most recent FY): $1,000,000 (AI-extracted)
4.1–4.6× EBITDA
$4,100,000 – $4,600,000
| Scenario | Score-Adjusted Range | Implied Value (EBITDA) |
|---|---|---|
| Current (as-is) | 4.1×–4.6× EBITDA | $4,100,000 – $4,600,000 |
| Post-Remediation (6.7/10 est.) | 4.7×–5.2× EBITDA | $4,700,000 – $5,200,000 |
Implementing the recommended priority fixes over 90 days could add an estimated $100,000–$1,100,000 to the transaction value — a potential 14% lift on the same underlying business.
↑ What drives higher multiples
- High MRR percentage >70%
- Documented service contracts
- NOC/helpdesk not owner-dependent
- Stack standardization across clients
↓ What suppresses multiples
- Break-fix revenue dominant
- No formal service agreements
- Owner is primary engineer
Domain Detail & Findings
Diligence Risk5.2/10 NEEDS WORK (18% blend)
Deal Impact: Documentation gaps will extend diligence and require owner availability — expect timeline and multiple pressure.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fix_01 | Documented Processes & SOPs README.md · PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The company has initiated documentation efforts but exhibits significant gaps and inconsistency across workflows. The CIM explicitly states "Documentation maturity is improving but inconsistent across onboarding and engineering workflows," and while a "PIS_Customer_Onboarding_SOP.docx" exists in the deal room, the Cybersecurity Assessment Report identifies reliance on "informal incident response practices" and notes that backup restore tests "are not always documented." This pattern indicates key processes are partially documented with informal review practices rather than comprehensive, version-controlled SOPs with assigned owners. | 4/10 | NEEDS WORK | |
| fix_02 | Cybersecurity Posture PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated Peachtree's cybersecurity posture is incomplete and falls into the mid-range category due to inconsistent MFA enforcement, partial endpoint protection deployment, and informal incident response practices. The Cybersecurity Assessment Report explicitly identifies "inconsistent MFA enforcement, limited centralized log monitoring, and reliance on informal incident response practices" as material issues, with Defender for Business deployed to most endpoints but CrowdStrike only rolling out to engineering and executive users. The assessment confirms backups are performed nightly with restore tests occurring but "are not always documented," and recommends completing MFA rollout, standing up alert aggregation via SIEM, and documenting an incident response plan—all items currently lacking—resulting in an overall Medium risk rating that will likely lead to buyer value discounting or remediation requirements. | 5/10 | NEEDS WORK | |
| fix_03 | Owner Dependency PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The company exhibits moderate owner dependency with documented management delegation but residual reliance on ownership for late-stage sales and key client relationships. The CIM explicitly states "Moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations," and the CRM pipeline shows multiple large opportunities ($76K–$210K) attributed to a single person, indicating that critical revenue generation remains concentrated rather than distributed across a formal management team. While the company has 22 employees and demonstrates some operational structure, there is no evidence of a formal succession plan or fully documented client relationship backups needed to reach the 7-8 range. | 6/10 | ADEQUATE | |
| fix_04 | Revenue Quality & Concentration README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated Peachtree demonstrates moderate revenue quality with 42% recurring revenue primarily through MSP retainers and support agreements, placing it in the lower-middle range for recurring revenue stability. However, concentration risk is evident with the top three customers representing 29.7% of total revenue, and the largest single customer (Northside Medical Group) comprising 11.4% of total 2024 revenue of $5.42M. While the company shows diversification across four service lines and multiple customer verticals (healthcare, property management, commercial), formal renewal rate documentation is not mentioned in the available excerpts, and contract terms appear mixed across recurring, project, and mixed-type arrangements. | 6/10 | ADEQUATE | |
| fix_05 | Customer Contracts README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The documents reference sample customer contracts ("PIS_Customer_Contract_*.docx/pdf") in the deal-room artifact list, but no actual contract content, standardization details, assignment clauses, or change-of-control language is provided in any retrieved excerpts. The CIM explicitly states that "documentation maturity is improving but inconsistent across onboarding and engineering workflows," and there is no evidence of centralized contract repository, renewal tracking systems, or renewal rate data—only a forward-looking pipeline with renewal stages ("Q3 Service Agreement Renewal, Other SMB Accounts, 210000, Renewal Review, 0.75") that provides no historical renewal performance metrics. | 4/10 | NEEDS WORK | |
| fix_06 | IT Infrastructure & Asset Documentation PIS_CIM.docx · README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_Financials_And_Operations.xlsx · PIS_GL_Export_2024Q4.csv — High confidence — multiple documents corroborated Peachtree maintains a basic IT asset inventory documented in the Financials_And_Operations.xlsx workbook, listing specific systems including servers (PIS-SRV-001/002/003), network equipment (firewalls, switches, wireless APs), and mobile devices with location and status tracked. However, the cybersecurity assessment explicitly notes that "documentation maturity is improving but inconsistent across onboarding and engineering workflows," and backup restore tests occur but "are not always documented," indicating gaps in maintenance record-keeping and lifecycle tracking. The company lacks a fully mature disaster recovery program and has no formal SIEM or centralized log monitoring despite serving healthcare-adjacent customers, placing it in the basic-to-inconsistent maintenance category. | 5/10 | NEEDS WORK | |
| fix_07 | CRM & Pipeline Documentation PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx · PIS_Demo_UI_Flow.docx — High confidence — multiple documents corroborated Peachtree uses a CRM system (HubSpot is mentioned in the cybersecurity assessment and a "PIS_CRM_Pipeline_2025Q2.csv" file is referenced in the deal room contents), and a pipeline export exists with documented opportunities across multiple stages (Discovery, Proposal, Qualified, Negotiation, Verbal Commit, Renewal Review). However, the CIM explicitly identifies "moderate owner dependence in late-stage sales" and notes that "Documentation maturity is improving but inconsistent across onboarding and engineering workflows," indicating the pipeline is not uniformly owned or maintained across the team, and forecast validation against actuals is not evident in the provided documents. | 5/10 | NEEDS WORK | |
| fix_08 | Key Employee Risks PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_GL_Export_2024Q4.csv · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The company exhibits multiple single points of failure beyond the owner, with the CIM explicitly noting "moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations." The CRM pipeline data shows that individual salespeople (identified by [PERSON] tags) own large deals, and there is no evidence of documented backups, retention agreements, or succession plans for critical roles. While a 22-person employee roster exists, the documents contain no mention of SOPs for key positions, institutional knowledge capture for non-owner roles, or formal cross-training—only a reference to "inconsistent" documentation across onboarding and engineering workflows in the cybersecurity assessment. | 3/10 | CRITICAL RISK | |
| fix_09 | Financial Trajectory & EBITDA Quality README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated Peachtree Integrated Systems demonstrates 3 years of consistent revenue growth ($4.1M in 2022 → $5.42M in 2024) with improving EBITDA margins (14.6% → 18.4%), and the CIM indicates $1.00M EBITDA on 2024 revenue of $5.42M. However, the documents do not explicitly state that financials are audited or reviewed by a third party; the README references a "QuickBooks-style general ledger export" and compiled worksheets, suggesting internally-managed accounting rather than external audit certification. The company shows reasonable add-backs and documentation discipline (recurring revenue at 42%, identifiable top customers, reconciled financial data across multiple sheets), placing it solidly in the 7-8 range despite the absence of third-party financial review evidence. | 7/10 | ADEQUATE | |
| fix_10 | Data Room Readiness README.md · PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · PIS_GL_Export_2024Q4.csv · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The company has established a well-organized data room structure with core financial documents (general ledger export, AR aging, master financials workbook), operational records (employee roster, IT asset inventory, CRM pipeline), and key narrative documents (CIM, cybersecurity assessment, SOPs) all present and catalogued in the README. However, the CIM explicitly notes that "documentation maturity is improving but inconsistent across onboarding and engineering workflows," and the cybersecurity assessment identifies material gaps in incident response documentation, MFA enforcement tracking, and backup restore test records that buyers will require before close. | 7/10 | ADEQUATE |
Owner Risk4.2/10 NEEDS WORK (15% blend)
Deal Impact: Owner dependency creates integration risk — expect R&W scrutiny and potential purchase-price adjustment.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| owr_01 | Succession Readiness README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_Demo_UI_Flow.docx — High confidence — multiple documents corroborated No formal succession plan is documented in the retrieved materials, and the CIM explicitly identifies "moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations" as a risk factor. The CRM pipeline shows that deal ownership is concentrated with specific individuals (indicated by the "[PERSON]" owner field across major opportunities), with no evidence of secondary contacts, documented handoff protocols, or an identified successor actively transitioning into leadership roles. | 3/10 | CRITICAL RISK | |
| owr_02 | Institutional Knowledge Capture README.md · PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The company has partially documented core processes, with a Customer Onboarding SOP referenced in the deal room inventory, but the CIM explicitly states that "documentation maturity is improving but inconsistent across onboarding and engineering workflows," indicating significant gaps remain. The Cybersecurity Assessment Report identifies reliance on "informal incident response practices" and notes that critical processes like backup restore tests are "not always documented," suggesting that substantial institutional knowledge—particularly in technical and operational areas—remains undocumented and potentially dependent on key individuals rather than accessible to all relevant staff. | 5/10 | NEEDS WORK | |
| owr_03 | Management Team Depth PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The CIM explicitly identifies "moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations" as a risk factor, and the cybersecurity assessment notes that "reliance on informal incident response practices" exists across the 22-employee organization. While the company has a functional delivery team and some senior leadership (engineering and executive users have administrative access), there is no evidence of a formal management layer with documented decision authority, clearly defined escalation paths, or a demonstrated track record of independent operation during extended owner absence—placing the company in the "some senior employees with informal authority" band where owner input remains required for key decisions. | 5/10 | NEEDS WORK | |
| owr_04 | Key Person Concentration Beyond Owner PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_Employee_Roster_2025.csv · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The CIM explicitly identifies "Moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations," and the CRM pipeline shows concentrated deal ownership with specific named individuals assigned to major opportunities (e.g., $130K+ deals), indicating multiple employees hold exclusive client relationships. While the employee roster shows 22 staff across defined departments, the documents provide no evidence of cross-training programs, documented knowledge transfer, or backup coverage for critical sales, engineering, or operations roles—creating material risk if key non-owner personnel in sales engineering, project management, or network engineering depart. | 4/10 | NEEDS WORK |
Customer Quality5.2/10 NEEDS WORK (21% blend)
Deal Impact: Customer concentration or churn risk will compress the multiple — expect sensitivity analysis and possible escrow.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| cq_01 | Top Customer Concentration PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · README.md · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The largest customer (Northside Medical Group) represents 11.4% of total revenue, and the top 5 customers combined represent approximately 38.5% of revenue, placing the company in the moderate diversification range. The CIM explicitly notes that "Top three customers represented 29.7% of total revenue, which is manageable but still visible in buyer diligence," and the company demonstrates a diversified service mix across cabling, access control, CCTV, and MSP with 42% recurring revenue, indicating deliberate effort to reduce project-based concentration risk. | 7/10 | ADEQUATE | |
| cq_02 | Revenue Predictability & Recurring Mix README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_GL_Export_2024Q4.csv — High confidence — multiple documents corroborated Peachtree Integrated Systems generates approximately 42% recurring revenue primarily through MSP retainers, network management, and support agreements, with an estimated MRR of ~$190K against $5.42M total [DATE_TIME] revenue. The customer revenue profile shows a mix of recurring contracts (Northside Medical Group at 11.4%, PeachState Clinics at 8.9%, SouthCare Health at 5.5%, and others), alongside significant project-based and mixed revenue streams, indicating moderate revenue predictability with room for improvement through converting project-only accounts to recurring managed support contracts. | 6/10 | ADEQUATE | |
| cq_03 | Contract Transferability PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Customer_Contract_Atlanta_Property_Holdings.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_GL_Export_2024Q4.csv — High confidence — multiple documents corroborated The Atlanta Property Holdings managed services agreement includes standard renewal and termination language but lacks explicit assignment or change-of-control clauses; while the contract permits termination for convenience with notice, there is no language addressing automatic transfer or buyer assumption rights in an M&A event. The CIM notes "Moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations," suggesting that customer relationships may be personality-dependent rather than fully contractually portable, and the document set provides only one sample contract, making it impossible to assess whether assignment language is present across the broader customer portfolio. | 5/10 | NEEDS WORK | |
| cq_04 | Churn Rate & Retention Metrics README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_Customer_Onboarding_SOP.docx — High confidence — multiple documents corroborated The documents contain no measurement, tracking, or documentation of customer churn rate, retention metrics, or retention programs. While the CIM notes that "recurring revenue represented approximately 42% of [DATE_TIME] revenue" and identifies a growth opportunity to "convert mixed and project-only accounts to recurring managed support contracts," there is no evidence of formal churn analysis, root-cause tracking, or proactive retention initiatives. The Customer Onboarding SOP describes initial account setup but lacks any post-implementation retention monitoring, business review cadence metrics, or documented customer success processes. | 3/10 | CRITICAL RISK |
Operational Scalability5.0/10 NEEDS WORK (13% blend)
Deal Impact: Technology or process gaps require post-close investment — buyers will model remediation cost into their offer.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| ops_01 | Process Documentation & Repeatability README.md · PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The company has initiated process documentation efforts, as evidenced by the existence of a "PIS_Customer_Onboarding_SOP.docx" file, but the CIM explicitly states that "Documentation maturity is improving but inconsistent across onboarding and engineering workflows." The cybersecurity assessment reinforces this gap, noting that "incident response practices" are informal and "restore tests occur [DATE_TIME] but are not always documented," indicating significant reliance on individual knowledge rather than standardized, repeatable procedures. With 22 employees and moderate owner dependence in key functions, the company has not yet achieved the documentation consistency and independence required for seamless operational continuity. | 4/10 | NEEDS WORK | |
| ops_02 | Technology & Systems Scalability README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The company's technology stack demonstrates moderate maturity with cloud-based backup and endpoint security (Defender for Business, CrowdStrike rollout in progress), but scalability is constrained by incomplete infrastructure modernization and significant technical debt. The Cybersecurity Assessment Report identifies "inconsistent MFA enforcement, limited centralized log monitoring," incomplete endpoint security consolidation, and lack of a formal SIEM—gaps that would require material investment to remediate before 3x growth. The CIM explicitly notes "Documentation maturity is improving but inconsistent across onboarding and engineering workflows," indicating that architectural scaling would require meaningful modernization beyond current systems. | 5/10 | NEEDS WORK | |
| ops_03 | Vendor & Supplier Concentration PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_Customer_Contract_Atlanta_Property_Holdings.docx — High confidence — multiple documents corroborated Peachtree Integrated Systems relies on multiple vendor platforms including Microsoft 365, HubSpot, QuickBooks Online, ConnectWise, and CrowdStrike, with the cybersecurity assessment recommending consolidation of duplicate endpoint security tooling and completion of MFA rollout across these systems. While the company demonstrates a diversified service mix and no single vendor appears to represent >20% of operating costs, the assessment identifies incomplete vendor rationalization and notes that documented alternatives and formal SLAs are not consistently in place, particularly around critical infrastructure monitoring tools where a SIEM implementation remains outstanding. | 6/10 | ADEQUATE | |
| ops_04 | Financial Controls & Reporting Cadence PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · README.md · PIS_Financials_And_Operations.xlsx · PIS_Demo_UI_Flow.docx — High confidence — multiple documents corroborated The company uses QuickBooks Online for accounting and produces financial reports (P&L, AR aging, GL exports referenced in the README), but there is no evidence of a formal monthly close cadence, documented control procedures, or a dedicated CFO/Controller in place. The cybersecurity assessment mentions QuickBooks Online as a system requiring MFA completion, and financial data exists in normalized form (P&L history 2022-2024, customer revenue detail, AR aging), but the documents provide no documentation of close timelines, budget vs. actual review processes, or formal control frameworks—suggesting a bookkeeper-managed function with basic controls rather than formalized processes typical of 7-8 scoring. | 5/10 | NEEDS WORK |
Financial Readiness4.5/10 NEEDS WORK (7% blend)
Deal Impact: Financial documentation needs work — expect QofE adjustments, timeline extension, and possible valuation impact.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| fr_01 | Books Quality & CPA Relationship README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The retrieved documents provide no evidence of audited, reviewed, or compiled financial statements prepared by a CPA firm. While the README references a "PIS_Financials_And_Operations.xlsx" master workbook and a "PIS_GL_Export_2024Q4.csv" from QuickBooks, there is no mention of any CPA relationship, audit engagement, review, or compilation. The financial data appears to be internally maintained operational extracts (P&L, AR aging, customer revenue) that are not accompanied by professional accounting firm attestation or GAAP compliance documentation, indicating significant rework would be required before diligence readiness. | 3/10 | CRITICAL RISK | |
| fr_02 | Add-Back Documentation PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Customer_Contract_Atlanta_Property_Holdings.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The retrieved documents contain no formal add-back schedules, EBITDA adjustment documentation, or supporting schedules for normalized earnings calculations. While the CIM states $1.00M EBITDA (18.5% margin) for the period reviewed, there is no itemization of owner add-backs, one-time expenses, or personal expenses separated from business operations, and no evidence of CPA verification or independent review of these adjustments. The general ledger export and financial workbook references in the README are not substantively detailed in the excerpts provided, leaving material uncertainty about whether add-backs are documented with sufficient detail for a buyer's accountant to verify. | 3/10 | CRITICAL RISK | |
| fr_03 | Revenue Recognition & Consistency PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Customer_Contract_Atlanta_Property_Holdings.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The documents demonstrate revenue is tracked across multiple systems (P&L, customer revenue table, GL export, and AR aging) with stated reconciliation to $5.42M for 2024, indicating basic consistency; however, revenue recognition policy documentation is absent from the provided excerpts, and there is no evidence of formal GAAP alignment, deferred revenue tracking, or audit verification. The CIM notes that "documentation maturity is improving but inconsistent across onboarding and engineering workflows," suggesting recognition practices may lack uniform application, particularly given the mix of recurring MSP contracts, project work, and one-time retrofit services without clear delineation of recognition timing across service lines. | 5/10 | NEEDS WORK | |
| fr_04 | Three-Year Financial Trend README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated Peachtree Integrated Systems demonstrates solid three-year growth with revenue increasing from $4.1M (2022) to $5.42M (2024), representing approximately 14.9% CAGR, and EBITDA growing from $600K to $1.0M with improving margins (14.6% to 18.4%). While growth is consistent and margins are stable to improving, the CAGR falls slightly below the 15% threshold for a 9-10 score, placing the company in the 7-8 range with demonstrated positive momentum and clean year-over-year comparability across the three-year period. | 7/10 | ADEQUATE |
Legal & Regulatory Compliance4.4/10 NEEDS WORK (6% blend)
Deal Impact: Compliance gaps will surface in diligence — expect buyer requests, timeline extension, and potential price adjustment.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| lc_01 | Business Licenses & Permits PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Customer_Onboarding_SOP.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The retrieved documents contain no evidence that business licenses and permits have been inventoried, documented, or reviewed for current status or transferability. While the CIM identifies Peachtree as providing "structured cabling, access control, CCTV, and managed IT services" across multiple jurisdictions—activities that typically require state/local licensing, contractor permits, and security system certifications—there is no mention of license documentation, renewal schedules, or change-of-control transferability analysis in any of the provided materials. The cybersecurity assessment and onboarding SOP focus on operational controls and process maturity but do not address regulatory licensing requirements, leaving a material compliance gap unaddressed in the deal room. | 3/10 | CRITICAL RISK | |
| lc_02 | Contract Change-of-Control Provisions PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx · PIS_Customer_Contract_Atlanta_Property_Holdings.docx — High confidence — multiple documents corroborated The retrieved documents contain one sample customer contract (Atlanta Property Holdings Managed Services Agreement) that includes standard termination and renewal language, but there is no evidence of systematic legal review of key vendor, customer, or lease agreements for change-of-control provisions. The CIM identifies "Documentation maturity is improving but inconsistent across onboarding and engineering workflows" and notes "Moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations," suggesting contracts have not been comprehensively assessed for assignment or change-of-control risk. No document references counsel review, assignment clause confirmation, or a contract audit inventory spanning the company's material customer base, vendor agreements, or facility leases. | 3/10 | CRITICAL RISK | |
| lc_03 | Employment Law Compliance PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_GL_Export_2024Q4.csv · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Customer_Contract_Atlanta_Property_Holdings.docx — High confidence — multiple documents corroborated The retrieved documents contain no evidence of I-9 compliance verification, non-compete agreements, or compensation benchmarking analysis. While the PIS_Employee_Roster_2025.csv is referenced in the deal room contents, the actual roster data is not provided in the excerpts, making it impossible to verify employment classification, documentation status, or legal compliance. The CIM identifies "moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations" but makes no mention of employment law compliance, EEOC matters, or DOL compliance status, indicating this area has not been formally assessed or documented for exit readiness. | 3/10 | CRITICAL RISK | |
| lc_04 | Intellectual Property Ownership PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The documents provide no evidence of formal IP ownership documentation, assignment agreements, or an IP schedule in the data room. While the CIM describes Peachtree's service offerings (structured cabling, access control, CCTV, managed IT), there is no mention of trademark registration, software ownership assignments, proprietary process documentation, or customer data governance. The cybersecurity assessment identifies "documentation maturity is improving but inconsistent across onboarding and engineering workflows," and the overall exit readiness score of 6.5/10 suggests material gaps remain in IP formalization that would require remediation during buyer diligence. | 5/10 | NEEDS WORK | |
| lc_05 | Litigation & Contingent Liability PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_Customer_Contract_Atlanta_Property_Holdings.docx — High confidence — multiple documents corroborated The documents contain no mention of open litigation, material claims, or undisclosed contingent liabilities against Peachtree Integrated Systems. The CIM and financial records provided identify operational and cybersecurity risk factors requiring remediation (incomplete MFA enforcement, informal incident response practices), but these are disclosed governance and compliance gaps rather than legal exposures. Standard commercial contract language from the Atlanta Property Holdings Managed Services Agreement includes reasonable liability limitations and confidentiality provisions typical for mid-market service businesses. | 8/10 | STRONG |
Technology & Systems Maturity4.6/10 NEEDS WORK (10% blend)
Deal Impact: Technology gaps will require buyer attention — expect technical due diligence deep-dive and possible price adjustment.
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| tm_01 | Core Systems Documentation & Ownership PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · README.md · PIS_Financials_And_Operations.xlsx · PIS_Demo_UI_Flow.docx — High confidence — multiple documents corroborated Core business systems including QuickBooks Online, HubSpot, ConnectWise, and Microsoft 365 are in use and referenced in the cybersecurity assessment, but the assessment explicitly identifies "incomplete controls" and notes that "privileged accounts are not fully separated from day-to-day identities," indicating personal account dependencies remain unresolved. The CIM further states that "documentation maturity is improving but inconsistent across onboarding and engineering workflows," confirming that while systems exist, they lack comprehensive documentation and formalized ownership structures required for a clean transition to a buyer. | 5/10 | NEEDS WORK | |
| tm_02 | Cybersecurity & Data Protection Posture PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_Customer_Onboarding_SOP.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The company has deployed Defender for Business to most endpoints with CrowdStrike rollout underway for engineering and executive users only, but MFA enforcement remains inconsistent across Microsoft 365, HubSpot, QuickBooks Online, ConnectWise, and remote admin tools—key systems still requiring completion. The cybersecurity assessment explicitly identifies the absence of a formal incident response plan, limited centralized log monitoring, and reliance on informal practices, and while nightly backups with cloud retention are in place, restore tests are inconsistently documented; notably, cyber insurance status is not mentioned in any retrieved documents, and no evidence of vendor security reviews is provided. | 5/10 | NEEDS WORK | |
| tm_03 | Data Integrity & Business Intelligence PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · README.md · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Demo_UI_Flow.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated Peachtree has foundational financial and operational data across multiple systems (QuickBooks GL export, AR aging reports, CRM pipeline, employee roster, IT asset inventory) that reconcile to a $5.42M revenue figure, indicating basic data integrity. However, the cybersecurity assessment identifies "limited centralized log monitoring" and "inconsistent" documentation maturity across onboarding and engineering workflows, and the CIM explicitly notes "Documentation maturity is improving but inconsistent across onboarding and engineering workflows," suggesting data accessibility and completeness gaps that require manual reconciliation and lack systematic BI reporting infrastructure. | 5/10 | NEEDS WORK | |
| tm_04 | Technology Vendor & Subscription Management PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_Financials_And_Operations.xlsx · PIS_Demo_UI_Flow.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The documents reveal minimal formal documentation of technology vendor relationships and significant transferability risk. The Cybersecurity Assessment Report references multiple vendor tools (Microsoft 365, HubSpot, QuickBooks Online, ConnectWise, Defender for Business, CrowdStrike) but provides no evidence of centralized contract documentation, renewal tracking, or entity ownership verification. The CIM explicitly notes "Documentation maturity is improving but inconsistent across onboarding and engineering workflows," and the assessment recommends completing MFA rollout across these platforms without confirming whether subscriptions are entity-owned or tied to personal accounts, indicating unresolved vendor dependency risk typical of mid-market services firms preparing for exit. | 3/10 | CRITICAL RISK | |
| tm_05 | Technical Debt & Modernization Risk PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · README.md · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Customer_Onboarding_SOP.docx — High confidence — multiple documents corroborated Peachtree's technology stack exhibits mixed modernization status with material gaps that will require post-close buyer investment. The Cybersecurity Assessment Report identifies incomplete MFA enforcement, reliance on partially deployed endpoint security (Defender for Business and in-progress CrowdStrike rollout), absence of centralized log monitoring, and lack of documented incident response procedures—all flagged as medium-risk issues requiring remediation before buyer expectations are met. Additionally, the CIM explicitly notes "No formal SIEM or fully mature cybersecurity program despite healthcare-adjacent customer base," and the assessment recommends standing up alert aggregation and retiring duplicate tooling, indicating the current infrastructure does not meet modern security and supportability standards for the company's healthcare client segment. | 5/10 | NEEDS WORK |
▲ Layer8's primary practice area. Technology & Systems Maturity is where Layer8 delivers directly — not just identifies gaps. Where this domain shows deficiencies, remediation is available immediately through Layer8 engagements.
Human Capital3.4/10 CRITICAL RISK (10% blend)
| ID | Criterion & Finding | Score | Rating | Bar |
|---|---|---|---|---|
| hc_01 | Workforce Retention & Tenure README.md · PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · PIS_Financials_And_Operations.xlsx · PIS_Customer_Onboarding_SOP.docx · MASTER_PROMPT_Synthetic_Artifact_Generator.md — High confidence — multiple documents corroborated The company employs 22 staff members with an established regional delivery team, indicating a foundational workforce, but the documents provide no explicit retention rate, tenure data, or 24-month turnover trends necessary to assess stability. The CIM notes "moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations," suggesting concentration risk in revenue-generating roles, and the onboarding SOP identifies that "Owner approval is still required for discounts, nonstandard SLAs, and large remediation scopes," indicating key-person risk that could materially impact retention post-acquisition. | 5/10 | NEEDS WORK | |
| hc_02 | Compensation Competitiveness PIS_Cybersecurity_Assessment_Report.docx · README.md · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx · PIS_GL_Export_2024Q4.csv — High confidence — multiple documents corroborated The retrieved documents contain no evidence of formal compensation benchmarking, documented pay philosophy, or market-rate analysis for any role at Peachtree Integrated Systems. The employee roster export is referenced in the README but compensation structure, pay levels, and retention provisions are entirely absent from the available excerpts, creating significant risk that current pay may not retain key staff post-acquisition or that the buyer will face unexpected payroll cost exposure. | 2/10 | CRITICAL RISK | |
| hc_03 | Recruiting & Training Capability PIS_CIM.docx · README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Customer_Onboarding_SOP.docx — High confidence — multiple documents corroborated Peachtree has a documented customer onboarding SOP with defined roles (Sales Director, Project Manager, Controller, Engineer, Help Desk Lead) and target timelines, meeting the threshold for a documented hiring process; however, the same SOP explicitly states that "Owner approval is still required for discounts, nonstandard SLAs, and large remediation scopes" and notes that "Discovery quality varies by engineer; documentation depth is not uniform," indicating inconsistent execution and ongoing owner dependence. The CIM also flags "Documentation maturity is improving but inconsistent across onboarding and engineering workflows," suggesting the business lacks the formalized, scalable recruiting and training infrastructure expected of a higher-readiness exit candidate, with no evidence of documented new-hire retention metrics or structured training programs. | 5/10 | NEEDS WORK | |
| hc_04 | Bench Depth & Succession Beyond Owner README.md · PIS_CIM.docx · PIS_Cybersecurity_Assessment_Report.docx · PIS_Financials_And_Operations.xlsx · MASTER_PROMPT_Synthetic_Artifact_Generator.md · PIS_Employee_Roster_2025.csv — High confidence — multiple documents corroborated The company exhibits significant single points of failure in key non-owner roles with no documented succession planning. The CIM explicitly identifies "moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations," and the employee roster shows critical functions managed by single individuals (e.g., one Controller, one Operations Manager, one Sales Director) with no documented backups or cross-training cadence. There is no evidence in any of the provided documents of formal succession plans, cross-training programs, or tested transitions for non-owner positions. | 3/10 | CRITICAL RISK | |
| hc_05 | Compensation/Benefits Structure Transferability README.md · PIS_Cybersecurity_Assessment_Report.docx · PIS_CIM.docx · PIS_Financials_And_Operations.xlsx — High confidence — multiple documents corroborated The documents provide no evidence of a formal, documented compensation and benefits structure, employee handbook, or third-party benefits administration. The employee roster export and financial statements reference 22 employees but contain no compensation details, benefit plan documentation, or payroll structure; combined with the CIM's notation of "moderate owner dependence in late-stage sales, key client relationships, and vendor negotiations," this suggests compensation arrangements are likely informal and owner-centric, requiring substantial cleanup at close. | 2/10 | CRITICAL RISK |
Top 3 Strengths
- Customer Quality at 5.2/10 provides an adequate foundation for buyer confidence in revenue stability and retention post-acquisition. While the score indicates room for optimization, this domain carries the highest blend weight (21%) and suggests that Peachtree has established baseline customer relationships that mitigate immediate churn risk during transition. A buyer can move forward with standard integration planning rather than crisis-level customer remediation.
- Diligence Risk at 5.2/10 demonstrates adequate transparency and documentation maturity that will reduce legal and financial discovery friction in the data room. This equal-weighted second-priority domain signals that Peachtree's records are navigable and that major hidden liabilities are unlikely to emerge mid-diligence, allowing the buyer to allocate fewer resources to investigative deep-dives and accelerate closing timelines.
- Financial Readiness at 4.5/10 reflects adequate accounting controls and reporting discipline sufficient for lower-middle-market underwriting standards. Although not robust, this score indicates that the company's $1,000,000 EBITDA foundation is not obscured by severe documentation gaps, enabling the buyer to rely on the stated multiple range and avoid the steeper valuation haircuts typically imposed on financially opaque targets.
Top 3 Risks
- Human Capital at 3.4/10 (CRITICAL RISK) represents the most material discount driver across Peachtree's profile, with a risk-adjusted weight of 3.4%, and will trigger a buyer discount of 10–15% to the valuation range due to dependency on key personnel, retention gaps, and succession planning deficiencies. Buyer diligence teams will flag organizational fragility, demand key-person retention agreements, and likely apply a holdback or escrow against post-close team attrition and knowledge loss.
- Owner Risk at 4.2/10 (NEEDS WORK), weighted at 15%, creates a material liability around seller knowledge transfer, ongoing operational dependencies, and post-close transition execution that buyers will require significant contractual protection against. Expect earn-out clawbacks, extended seller consulting obligations, and potential seller note subordination to mitigate buyer concern that the business cannot operate independently of current ownership involvement.
- Diligence Risk at 5.2/10 (NEEDS WORK), weighted at 18%, indicates gaps in financial documentation, operational transparency, and contract/compliance clarity that will prolong diligence timelines and create friction around purchase price adjustment mechanisms. Buyers will demand extended working-capital true-ups, indemnification escrows, and detailed management representations, adding cost and time to deal close and potentially narrowing the valuation range by 3–5% due to unresolved contingencies.
Recommended Priority Fixes
The five highest-priority actions for the next 90 days, ranked by deal impact. For the complete domain-by-domain remediation plan and cost estimates, see the Value Recovery Roadmap above.
Fix 1HC
Build Organizational Depth and Retain Key Personnel
Immediately execute retention agreements with critical technical and operational staff, establish a documented succession plan for at least three key roles, and create a 90-day knowledge-transfer protocol. Human Capital at 3.4/10 (CRITICAL RISK) is the largest valuation discount driver—buyers will demand proof that the business survives loss of any single leader. A formal retention package and clear successor documentation reduces buyer concern and can recover 10–15% of valuation discount.
Fix 2OR
Reduce Owner Operational Dependencies and Document Processes
Map all owner-dependent workflows, reassign critical decision rights to documented managers, and prepare a 120-day transition playbook defining owner consulting role boundaries post-close. Owner Risk at 4.2/10 (NEEDS WORK) signals that buyers will view the business as fragile without current ownership—eliminating operational bottlenecks and proving the business runs independently reduces earn-out clawback exposure and seller consulting obligation duration by 25–40%.
Fix 3DR
Centralize and Audit Financial and Contract Documentation
Conduct a comprehensive audit of revenue contracts, customer agreements, SOWs, and financial records; prepare a documented data room index with standardized metadata; and resolve any discrepancies between tax, accounting, and operational records. Diligence Risk at 5.2/10 (NEEDS WORK) indicates buyers will encounter friction and contingencies during due diligence—closing documentation gaps now shortens buyer review timelines by 20–30 days, narrows working-capital true-up exposure, and protects 3–5% of valuation range from adjustment mechanisms.
Fix 4CQ
Segment Customer Base and Prove Retention Economics
Analyze and document customer concentration, churn history, and net revenue retention by cohort; identify and stabilize top 10 customers with renewal plans; and produce a three-year forward customer stability model with assumptions. Customer Quality at 5.2/10 (NEEDS WORK) and 21% weight means buyer concern about revenue durability will suppress multiples—demonstrating low churn, high retention, and diversified revenue reduces buyer risk assessment and supports valuation at the top of the range.
Fix 5TM
Certify IT Infrastructure and Document Technology Roadmap
Commission a third-party technical infrastructure audit covering security, uptime, data recovery, and scalability; produce a written technology roadmap identifying integration touch-points with buyer systems; and document all custom code ownership and third-party dependencies. Technology & Systems Maturity at 4.6/10 (NEEDS WORK) combined with 4.7/10 Automation Maturity Index signals buyer concern about integration cost and post-close technical risk—a credible assessment and roadmap reduces post-close surprise costs and demonstrates operational continuity.
Compliance Notes
No PII was detected in the ingested documents.