high medium likelihood
R-004: Analytics and BI competition may pressure pricing and growth
Sigma competes against bundled incumbents, cloud platforms and modern analytics challengers with overlapping BI, embedded and AI features.
Diligence request: Analyze win/loss, displacement, pricing/discounts, analyst coverage, churn by competitor and customer switching-cost evidence.
high medium likelihood
R-007: AI application and agent features introduce governance risk
Public AI Apps and Agents positioning may increase data leakage, hallucination, model-vendor, privacy, prompt-injection and explainability risks.
Diligence request: Review AI governance policy, model cards, data-flow maps, red-team results, customer controls, model/vendor contracts and privacy assessments.
high unknown likelihood
R-001: Public ARR quality is not independently reconciled
Public ARR milestones are strong but unaudited; revenue recognition, billings bridge, churn, expansion, gross margin and cash conversion were not public.
Diligence request: Obtain audited financials, ARR bridge, billing exports, customer-level ARR, cohort retention and gross-margin detail.
high unknown likelihood
R-002: Capital structure and liquidation preferences are unknown
Public funding announcements and unicorn listings do not disclose ownership, preferences, debt, options, secondaries or investor rights.
Diligence request: Review full cap table, financing documents, charter, investor rights, debt instruments, option plan and 409A history.
high unknown likelihood
R-003: Customer concentration and retention are not public
Customer stories and customer-count announcements do not disclose top-customer exposure, NRR, GRR, churn, renewal timing or contract economics.
Diligence request: Request top-customer schedule, cohort waterfall, churn reasons, renewal pipeline, top contracts and independent customer calls.
high unknown likelihood
R-006: Security and compliance artifacts were not reviewed
Public trust center, VDP and status page are positive but do not reveal SOC exceptions, pentest findings, incidents, vulnerability aging or remediation quality.
Diligence request: Obtain SOC/ISO reports, pentests, incident postmortems, VDP metrics, risk register, subprocessors, privacy materials and cyber insurance.
high unknown likelihood
R-010: Material legal and contract liabilities are unknown
Corporate records, material agreements, litigation, regulatory correspondence, insurance and change-of-control terms are not public.
Diligence request: Conduct counsel-led legal diligence over minute book, contracts, disputes, insurance, regulatory files and customer/vendor side letters.
medium medium likelihood
R-005: Warehouse/cloud dependency can affect resilience and margin
Warehouse-first architecture and partner integrations create dependency on cloud/data platform performance, APIs, security models and cost structures.
Diligence request: Review architecture, integration SLAs, performance benchmarks, cloud spend, data isolation, incident history and partner contracts.