We originally published this report in February 1, 2019 to FactSet. We are now republishing it on our blog since it was referenced and quoted in a securities lawsuit against Symantec, which has since changed its name to NortonLifeLock Inc.
Symantec Announced Earnings: On-time.
For the last three quarters Symantec has been posting non-timely filings with the SEC. On January 31, 2019, as planned, they announced their earnings. We expect they are now on-schedule to make regular SEC filings. And that’s a good thing!
We were called and asked to look at Symantec ahead of its 3rd quarter earnings call January 31. We see a company that had a whistleblower identify a revenue recognition fraud problem. We see a company that the SEC is still investigating with potential for major civil litigation (e.g. fines). We see a company under shareholder class action litigation for securities fraud, but a company that appears to have made no material reserves for either the SEC litigation or class action suits. We see a company with massive intangibles and goodwill on its balance sheet, with no reasonable history of impairments. We heard several analysts’ question inconsistencies related to Symantec’s revenue on its Jan. 31 earnings call. The CFO also just announced his resignation. The next CFO will be the fifth in five years. We also read about new but conflicting officer-level roles including Chief Accounting Officer and Chief Compliance Officer. And most surprising, amidst all these challenges, this company has consistently reported effective disclosure controls and no material weaknesses in their accounting even AFTER they disclosed their revenue recognition breach and after they issued their 10k five months late!
Symantec should remember what every mom and dad teaches their kids about reputation being the most important thing to have. Right now, trust and reputation are the most important things for Symantec and its investors. That trust and reputation took a beating May 10, 2018 when Symantec’s stock plunged 33% in one day based on a whistle blower’s accounting concerns.
Symantec’s accounting breach was announced on May 10, 2018 with this disclosure:
“ …in connection with concerns raised by a former employee regarding the company’s public disclosures, including commentary on historical financial results; its reporting of certain non-GAAP measures…The Audit Committee has retained independent counsel and other advisers to assist in its investigation… It is unlikely that the investigation will be completed in time for the company to file its annual report on Form 10-K…”
While the Audit Committee apparently did its job investigating and disclosing SYMC’s failure in properly accounting for $12 million in wrongly recognized revenue, (Press Release Sept. 24, 2018) we still find fault with Symantec’s Auditor, CEO and CFO, who all failed to acknowledge what are plainly ineffective internal controls and material weaknesses in Symantec’s reporting systems.
Our readers know management must attest to its own internal controls each quarter (302 statements) and the company’s auditor must also attest to the company’s internal controls once a year (404b statements). Each quarter since the May 10, 2018 breach announcement, SYMC’s CEO and CFO have stated they have “effective controls” in place, as they did most recently Nov. 11, 2018:
“Based on such evaluation, our Chief Executive Officer and our Chief Financial Officer have concluded that our disclosure controls and procedures were effective at the reasonable assurance level as of the end of the period covered by this report.”
SYMC filed their annual report five months late on Oct. 26, 2018, after acknowledging a revenue recognition breach, yet its auditor KPMG also gave the company an “effective” controls statement (and did NOT amend or restate it):
“Also in our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of March 30, 2018…”
If reputation matters, and it does, both filing five months late and false revenue recognition are indicators for any CEO, CFO or auditor to admit to glaring failures and weakness with their company’s internal controls. Further regarding the $12 million revenue recognition breach: We note management and the auditor did not require SYMC to file any restatements and they have not announced any out-of-period adjustments regarding the issue. You would expect that a $12 million revenue recognition fraud would be reported at least as an out-of-period adjustment.
Any irregularities in accounting are material because they raise questions about the potential for failure or weakness in the personnel and/or systems used for a company’s accounting. In this case, it might seem a $12 million revenue recognition issue would be immaterial. But that would be false. Symantec reported $49 million in operating income in 2018. If the $49 million was reduced by the $12 million, that still means the $12 million had an impact of 20% on operating income – excluding any millions spent on the investigation!
We are not the only watchdogs concerned about SYMC’s reputation and the false revenue recognition issue. The SEC’s last letters to/from SYMC were chockfull of issues. See [infra].
Moreover, we know from Symantec’s Sept. 24, 2018 announcement concluding their internal investigation, that the SEC IS continuing its own investigation into the revenue recognition breach:
“As previously disclosed in our public filings, the Audit Committee has recently completed its internal investigation. In connection with the Audit Committee Investigation, we voluntarily contacted the SEC in May 2018. The SEC commenced a formal investigation and we continue to cooperate with that investigation. ”
The SEC could level fines or officer suspensions once their investigation concludes. Outside investors have also filed multiple class action and derivative lawsuits against the company. The company disclosed the suits in their 10q’s, but they appear to not have any material reserves set aside for the suits:
“Several securities class action and derivative lawsuits were filed against us following our announcement on May 10, 2018 …If any of the lawsuits related to our Audit Committee Investigation are decided adversely, we may be liable for significant damages … At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible as a result of these lawsuits or estimate the range of any potential loss.”
On May 11, 2018 SYMC lost $4 billion in market cap. Yet it is accruing ZERO for lawsuits. How difficult is it to assume the company should be accruing a significant amount to potentially settle pending lawsuits for an acknowledged issue?
We keep mentioning a management’s reputation for accounting disclosures is vitally important. Symantec’s balance sheet shows why.
Remember those old accounting classes when you first heard about “Goodwill”? You probably learned “Goodwill” was the cost of an acquisition above the book value and beyond the amount attributed to specific intangibles. In essence, ‘Goodwill” is nothing more than a management judgement call. If you are relying on management’s judgement about goodwill and that goodwill is HUGE, you better trust management’s judgement. Symantec’s management assigned $10.8 billion (yes, billion) of their total $16.2 billion in assets to goodwill plus intangibles (67%). More interesting, goodwill and intangibles account for 75% of the total market cap value of Symantec. Can you trust that management got that number right? Could or should they be making adjustments (impairments) to goodwill based on the known weak internal controls and revenue recognition issues?
Consider this: Symantec disclosed one recent $29 million impairment to its Property, Plant and Equipment assets. A $29 million impairment on total PPE of $778 million is 3.7%. Now imagine the reasonable case where SYMC realizes the revenue recognition issue emanated from one of its recent large acquisitions. As such, they would rationally think to make an impairment of goodwill for that company’s goodwill. What if they took a 3.7% impairment on the $4 billion assigned to goodwill for Blue Coat? That would equal a $148 million impairment. Such an impairment would represent 3x their 2018 operating income of $49 million!
In summary, Symantec’s valuation and reputation took a massive hit on May 10, 2018 and it has yet to recover.
It likely will NOT recover and management will not restore its market value until they step-up and take full responsibility for the revenue recognition fraud at the company. That will mean disclosing ineffective financial controls and building a culture that demands rigor and the highest ethics and reliability for their financial controls and reporting.
Retail Investors get free access to our Watchdog Reports. Institutional Investors and those interested in our Gray Swan Event Factor can subscribe, or call our subscription manager, at 239-240-9284.
If you have questions about this blog send John Cheffers, our Director of Research, an email at firstname.lastname@example.org. For press inquiries or general questions about Watchdog Research, Inc., please contact our President, Brian Lawe at email@example.com.