Fundraise / Diligence

Fundraise Data Room: Readiness Checklist

CA Nikhil Gupta·May 2026·3 min readFundraise / Diligence

A data room is not a warehouse. It is an indexed proof file for the company’s legal and economic story.

Quick View

Owner

CFO and legal owner

Cadence

Quarterly, and before fundraising

First control

Create an indexed request list.

Core evidence

Certificate and charter documents.

Why It Matters

Investors test whether the company exists as represented, owns the assets it sells, has authority to issue securities and can reconcile revenue, cash, cap table, taxes and contracts.

Documents should be complete, current and internally consistent. The cap table must match statutory records; financial statements should match tax and bank evidence; customer metrics should match contracts and invoices.

Access should be staged. Sensitive source code, employee data, customer information and privileged legal material need limited access, watermarking, confidentiality and a record of who viewed them.

Control Framework

ControlWhat it coversOperating rule
CorporateIncorporation, charter, registers, minutes and filings.Confirm authorised and issued capital.
FinancialStatements, MIS, bank, debt and forecasts.Reconcile historical periods.
CommercialMaterial customers, suppliers, pricing and pipeline.Identify concentration and termination rights.
RiskTax, litigation, privacy, IP and employment.Explain open items and remediation.

Action Checklist

  1. Create an indexed request list.
  2. Assign a document owner for every folder.
  3. Reconcile cap table and statutory records.
  4. Link financial claims to source evidence.
  5. Redact personal and privileged information.
  6. Maintain a questions and exceptions log.

Practical Example

A founder’s pitch shows 100% ownership of software, but several developers worked as contractors without signed IP assignment. The data room should disclose the gap and remediation rather than silently upload invoices.

Evidence to Keep

  • Certificate and charter documents.
  • Statutory registers and cap table.
  • Audited and management financials.
  • Material contracts and IP records.
  • Tax returns and notices.
  • Diligence Q&A and disclosure schedule.

Warning Signs

  • Uploading unsigned agreements.
  • Hiding disputes that will appear later.
  • Using a cap table that differs from filings.
  • Sharing personal data without access control.
  • Backdating board or shareholder approvals.

Management Decision

Run a red-team review before investor access. Ask whether a reviewer can recreate ownership, revenue, cash and liabilities from the documents without relying on founder explanation.

Use a disclosure schedule for exceptions. A clearly explained issue with a remediation plan is usually safer than a false statement that no issue exists.

Document the decision, owner, due date and evidence expected. A verbal explanation should be converted into a board note, approved working, contract amendment, portal acknowledgement or reconciliation before the item is treated as closed.

Rules, forms, thresholds and interpretations can change. The operating team should use the latest official source and the actual company facts instead of copying a control from another entity or prior year.

Monthly Review Test

Ask four questions: Is the obligation or accounting treatment applicable? Has the underlying transaction been completely recorded? Does the evidence agree with the books and portal? Has an independent reviewer challenged the exception?

The review should distinguish a timing difference from an error, a judgement from a missing document, and a control failure from a one-time operational delay. Repeated small exceptions deserve root-cause action because they often become material during audit, fundraising, notice or distress.

Exception Review

The operating record should connect the control stages—corporate, financial, commercial, risk—to the same transaction population. If the source list, accounting ledger, tax return, board record and management dashboard use different populations, the review can appear complete while exceptions remain outside the test.

Management should define an exception threshold, but the threshold must not hide repeated failures. A small error occurring every month can signal weak master data, unclear ownership or a broken interface. The reviewer should record root cause, immediate correction and preventive action separately.

Closure requires evidence. At minimum, the file should show who prepared the work, who reviewed it, which source documents were used, what differences remained and when the next follow-up is due. Screenshots without context or spreadsheets without source references are not a durable control record.

Conflicts and judgement should be visible before approval. A founder, director or business owner with a personal interest should disclose it and follow the appropriate review route rather than approve the transaction informally.

Diligence quality improves when records are maintained during ordinary operations. Reconstructed minutes, unsigned contracts and after-the-fact explanations may answer a question temporarily but weaken trust and can create separate legal risk.

Frequently Asked Questions

When should the data room be built? â–¼
Before fundraising pressure, then maintained as part of monthly governance.
Should every document be shared immediately? â–¼
No. Use staged access based on sensitivity and diligence stage.
Can missing documents be recreated? â–¼
Only through lawful current action and transparent explanation; do not backdate evidence.
Who should control access? â–¼
A named finance, legal or company-secretarial owner with an access log.