The Structural Flaw

Most tech diligence firms are built to produce reports. The report is the deliverable. Post-close execution falls to a different team.

PE deal volume demands speed, and the market has industrialized accordingly: large advisory firms, teams of consultants, proprietary scoring frameworks, and as many concurrent engagements as the bench allows. The largest firms handle 500 or more transactions a year. They are themselves PE-backed—CrossLake by Falfurrias, Cuesta Partners by Riveron (backed by Kohlberg)—which means their investors want the same thing any PE investor wants: volume and margin. Quality becomes secondary to throughput.

Blackmere is, to my knowledge, the only tech diligence practice where the principal who leads the assessment stays to lead the execution. The same person who reviews the codebase, sits in the management presentation, and identifies the infrastructure risk also writes the remediation plan and executes the work. Prior to founding Blackmere, I was the principal executive leading Alpine Investors’ largest software roll-up and scaled engineering through VC-backed hypergrowth to a $1B+ valuation. Across those experiences, checklist-driven diligence consistently failed to surface the technical risks that materially affected post-close outcomes.

This piece examines both models—their strengths, limitations, and where each is the better fit.

What Volume Optimizes For

1. The Continuity Gap

The diligence team identifies risks, documents them in a report, and moves on to the next engagement. A different team—sometimes internal, sometimes a separate advisory firm—then translates the findings into an execution plan.

This handoff loses critical context. Diligence operates top-down: assess architecture, benchmark metrics, score risk categories. Implementation happens bottom-up: negotiate with the existing engineering team, sequence work against a product roadmap, make tradeoffs the report did not anticipate. The institutional knowledge developed during the assessment—management dynamics, undocumented dependencies, single points of failure—does not transfer to the execution team.

West Monroe’s own research found that over 60% of PE firms say diligence outputs are incorporated into value creation plans only “rarely” or “some of the time.” They compare the current model to a “hectic home inspection”—teams assess different risk areas but fail to connect findings into cohesive execution strategies.

Source: West Monroe, “The Value Creation Missing Link in PE Due Diligence”

In the platform model, the firm that performs the assessment is structurally separate from whoever executes on the findings.

2. The Throughput Incentive

When the diligence provider is itself a PE portfolio company, the business model is volume—more transactions per quarter, more consultants on the bench, more acquisitions to expand capability coverage. The incentive is to maximize utilization.

A firm running 500 or more transactions a year is not spending discretionary hours on any single engagement. The deliverable is calibrated to the economics: thorough enough to meet the standard of care, efficient enough to maintain margins across a high-volume practice. The reports identify risks. They are less effective at producing actionable remediation plans tailored to the portfolio company’s actual operating environment.

3. The Report Problem

A report is a snapshot. It identifies risk at a moment in time and formats it for a decision: invest or pass, price the risk, negotiate an escrow. The engagement typically concludes at delivery.

If the deal closes, the PE firm needs someone to act on the findings—typically someone without the context of how those findings were developed, the management dynamics observed during diligence, or the undocumented risks identified through direct technical review.

83% of PE leaders say their diligence approach has substantial room for improvement. 40% cite discovering unexpected capability gaps post-close as a top challenge.

Sources: Bain Global PE Report 2026; EY PE Trends 2026

Standardized frameworks are designed for speed and comparability, not diagnostic depth. They reliably surface the categories of risk they were built to assess, but not risks outside that scope.

What Happens When the Same Person Stays

Diligence through execution, one principal. I lead the assessment and I lead the remediation. The same person who reviewed the codebase, sat in the management presentation, and identified the infrastructure risk also writes the remediation plan, negotiates sequencing with the engineering team, and executes the work. No context is lost because there is no handoff.

Depth that standardized frameworks miss. During a recent buy-side engagement, I identified that CloudFront—a CDN service—was the target’s number-one AWS cost. CDN is rarely the dominant cost driver, which indicated a configuration or architectural issue. A scoring framework would have flagged “infrastructure costs: above benchmark” without diagnosing the cause. Because I stayed through post-close, I identified the root cause and reduced that cost by 60%, directly expanding EBITDA.

Security remediation without delay. I have identified catastrophic security vulnerabilities during diligence on multiple engagements. In the platform model, these are documented in the report as “critical risk” and the PE firm sources a separate team to remediate, often weeks or months later. In the operator model, remediation begins on day one of post-close because the person who found the vulnerability is already engaged.

Capacity-constrained by design. Three concurrent mandates, maximum. The depth required to move from assessment to execution on a single engagement is incompatible with high-volume utilization. The tradeoff is fewer engagements in exchange for higher density of attention per deal.

Post-close retention as a signal. I do not upsell post-close execution during diligence. To date, every diligence client has elected to retain the engagement through post-close—including in cases where the diligence conclusion was that no material remediation was required. They retained because the same principal who assessed the risks was best positioned to act on the opportunities identified during that process.

Platform Model — Continuity

Diligence team delivers a report. A different team—internal or external—translates findings into a 100-day plan. Context is lost in the transition.

Operator Model — Continuity

The operator delivers findings, then stays to execute them. The 100-day plan is written by the person who will own it.

Platform Model — Value Capture

A scoring framework flags “infrastructure costs: above benchmark.” The report documents the risk. Root cause analysis and remediation fall to a separate team.

Operator Model — Value Capture

The operator diagnoses the root cause during diligence and eliminates it post-close. Root cause analysis and remediation are handled within a single engagement.

When the Platform Model Is the Right Choice

For the majority of PE transactions, the platform model is well-calibrated. It is the right choice when:

  • You need a diligence report for your lenders. A standardized assessment that benchmarks the target against industry peers and clears the investment committee. When the goal is confirmation—validating the deal thesis rather than stress-testing it—the platform model is efficient and well-priced.
  • High-volume deal screening. When a PE firm is evaluating 15 or 20 targets in a sector and needs standardized scoring to compare them, a benchmarking database built on thousands of prior transactions is the right tool. An operator-led model doesn’t produce that.
  • Cross-functional diligence under one roof. When the deal requires technical, financial, and commercial diligence coordinated through a single provider—quality of earnings alongside architecture review alongside market assessment—a large firm can staff the full team. A technical operator covers software, infrastructure, cybersecurity, and product strategy. Financial and commercial diligence are different disciplines.
  • Calendar availability. Capacity-constrained by design means you might not get on the calendar when the deal timeline demands it. A firm with a deep bench can staff an engagement on short notice. A single operator cannot always do that.

When the Operator Model Is the Right Choice

  • When the deal thesis depends on technical transformation. If the investment case requires platform modernization, cloud migration, or AI integration post-close, the person who assesses the current state should be the person who designs and executes the target state. The CloudFront engagement is an example: the cost anomaly was visible during diligence, but only actionable because the same person stayed to fix it.
  • When post-close execution is the risk. In some transactions, the primary risk is not that diligence missed something but that the transition from assessment to action introduces months of delay. Security vulnerabilities remain in production, cost optimization stalls, and the value creation timeline compresses.
  • When you need accountability for outcomes, not deliverables. A report is a deliverable. A 60% reduction in cloud costs, a production-ready authentication system, and an enterprise-grade WAF deployed in weeks are outcomes. The operator model aligns incentives with the latter.

The operator model has one real limitation: capacity. Three concurrent mandates is a hard ceiling, and engagements that fall outside that availability cannot be accommodated.

Choosing the Right Model

The tech diligence market scaled by separating assessment from execution. That separation is efficient for the provider but not always for the buyer. The relevant question for any given deal is whether the engagement requires only a pre-close risk assessment, or whether it requires the same practitioner to carry findings through post-close execution.