Diligence questions that actually matter

Most technical diligence checklists ask the same surface-level questions: stack, headcount, deploy frequency, test coverage. They're easy to answer and tell you almost nothing.

The questions that consistently uncover real risk are softer and harder to fake.

"What's the last thing that broke in production, and what did you do about it?" A team that can't recall is either lucky or not paying attention. A team that walks you through the incident — including what they'd do differently — is one that learns.

"Who would you not want to lose?" Concentration risk lives in people, not architecture. The answer also reveals how the team thinks about itself.

"What part of the codebase do you avoid?" Every codebase has one. The interesting question is whether the team knows about it and has a plan, or has stopped looking at it.

None of these can be answered with a slide. That's the point.