Table of Contents
☒ | QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
☐ | TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
Delaware | 38-0387840 | |
(State or other jurisdiction of incorporation or organization) | (I.R.S. Employer Identification No.) |
Title of each class | Trading Symbol(s) | Name of each exchange on which registered | ||
Common Stock, par value $.01 | UIS | New York Stock Exchange |
Large accelerated filer | ☒ | Accelerated filer | ☐ | |||
Non-accelerated filer | ☐ | Smaller reporting company | ☐ | |||
Emerging growth company | ☐ |
• | To amend Part I - Item 4. Controls and Procedures related to the effectiveness of our disclosure controls and procedures and internal control over financial reporting. |
• | To amend Part II - Item 1A. Risk Factors to add an additional risk factor regarding the potential adverse impact that the failure to remediate the material weaknesses could have on our timely and accurate reporting of financial results and to amend a risk factor in the original filing regarding the potential adverse impacts of cybersecurity incidents and vulnerabilities. |
• | To amend Part II - Item 6. Exhibits to include currently dated certifications from the company’s Principal Executive Officer and Principal Financial Officer as required by Sections 302 and 906 of the Sarbanes Oxley Act of 2002, which certifications are filed herewith as Exhibits 31.1, 31.2, 32.1 and 32.2. |
Table of Contents
UNISYS CORPORATION
TABLE OF CONTENTS
PART I - FINANCIAL INFORMATION | Page Number | |||||
Item 4. | 1 | |||||
Item 1A. | 2 | |||||
Item 6. | 5 | |||||
6 |
Table of Contents
Part I - FINANCIAL INFORMATION
Item 4. Controls and Procedures
Disclosure Controls and Procedures
As of the end of the period covered by this Quarterly Report, management performed, with the participation of the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO), an evaluation of the effectiveness of the company’s disclosure controls and procedures as defined in Rules 13a-15(e) and 15d-15(e) of the Securities Exchange Act of 1934 (the Exchange Act). At the time the company filed the original filing, the CEO and the CFO concluded that the company’s disclosure controls and procedures were effective as of June 30, 2022.
The company has reevaluated the effectiveness of the company’s disclosure controls and procedures and identified material weaknesses in the company’s disclosure controls and procedures and internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis.
Specifically, subsequent to the original filing, the CEO and CFO concluded that our disclosure controls and procedures were not effective as of June 30, 2022 as the company did not design and maintain effective formal policies and procedures over information being communicated by the IT function and the legal and compliance function to those responsible for governance, including the CEO and CFO, to allow timely decisions related to both financial reporting, as further described below, and other non-financial reporting in the reports that the company files or submits under the Exchange Act.
The company did not design and maintain effective formal policies and procedures to ensure appropriate information is communicated from the IT function and the legal and compliance function to the accounting function and those responsible for governance on a timely basis so as to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. These material weaknesses did not result in a misstatement of the company’s financial statements, however, they could have resulted in misstatements of interim or annual consolidated financial statements and disclosures that would result in a material misstatement that would not be prevented or detected.
Notwithstanding such material weaknesses, the CEO and CFO have concluded that the company’s consolidated financial statements included in the Quarterly Report were fairly stated in all material respects in accordance with generally accepted accounting principles in the United States of America for each of the periods presented.
Plan for Remediation of Material Weaknesses
Management is actively engaged in the planning for, and implementation of, remediation efforts to address the material weaknesses in the company’s disclosure controls and procedures and internal control over financial reporting identified above. Management intends to implement remediation steps, including the following:
• | The company will enhance its written policy regarding information escalation for cyber-incidents. In addition, the company completed an assessment of staffing within the company’s incident response team. |
• | The company will enhance its disclosure committee (the Disclosure Committee) and the disclosure working group that supports the Disclosure Committee. |
• | The company will require all direct reports to the CEO to confirm that they have made the Disclosure Committee aware of any matters under their purview that the Disclosure Committee should be considering in advance of applicable SEC filings. |
• | The company will provide training and policies (including any policy revisions) to non-finance executives regarding escalation of significant matters related to SEC reporting requirements. |
• | Procedures will be drafted to address the proper handling of information so that the Security & Risk Committee and Audit Committee are properly informed. |
• | Management has revised its Speak Up Policy to make all associates aware that they have direct access to, and may approach, company executives and the Board of Directors, and that they have access to the company’s whistleblower hotline. |
Management believes the measures described above and others that have been, or may be, implemented will remediate the material weaknesses that we have identified. As management continues to evaluate and improve our disclosure controls and procedures and internal control over financial reporting, the company may decide to take additional measures to address control deficiencies or determine to modify, or in appropriate circumstances not to complete, certain of the remediation measures identified.
Changes in Internal Control Over Financial Reporting
No change in our internal control over financial reporting occurred during the quarter ended June 30, 2022, that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.
1
Table of Contents
Part II - OTHER INFORMATION
Item 1A. Risk Factors
There have been no significant changes to the “Risk Factors” in Part I, Item 1A of the company’s 2021 Form 10-K filed with the SEC on February 22, 2022, except for the following:
We have identified material weaknesses in our disclosure controls and procedures and internal control over financial reporting. Failure to remediate the material weaknesses or any other material weaknesses that we identify in the future could result in material misstatements in our financial statements.
Pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, as amended, our management is required to report on, and our independent registered public accounting firm is required to attest to, the effectiveness of our internal control over financial reporting. The rules governing the standards that must be met for management to assess our internal control over financial reporting are complex and require significant documentation, testing and possible remediation. Annually, we perform activities that include reviewing, documenting and testing our internal control over financial reporting. In addition, if we fail to maintain the adequacy of our internal control over financial reporting, we will not be able to conclude on an ongoing basis that we have effective internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act of 2002. If we fail to achieve and maintain an effective internal control environment, we could suffer misstatements in our financial statements and fail to meet our reporting obligations, which would likely cause investors to lose confidence in our reported financial information. This could result in significant expenses to remediate any internal control deficiencies and lead to a decline in our stock price.
Subsequent to the original filing, following an investigation by the company’s Audit & Finance Committee (Audit Committee) into the company’s internal control environment, the company has reevaluated the effectiveness of the company’s disclosure controls and procedures and internal control over financial reporting and identified material weaknesses in the company’s disclosure controls and procedures and internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis. Our management may be unable to conclude in future periods that our disclosure controls and procedures are effective due to the effects of various factors, which may, in part, include unremediated material weaknesses in internal control over financial reporting. For further discussion of the material weaknesses, see Item 4, Controls and Procedures.
Management is committed to maintaining a strong internal control environment and believes its remediation efforts will represent an improvement in existing controls. Management anticipates that the new controls, as implemented and when tested for a sufficient period of time, will remediate the material weaknesses. We may not be successful in promptly remediating the material weaknesses identified by management, or be able to identify and remediate additional control deficiencies, including material weaknesses, in the future. If not remediated, our failure to establish and maintain effective disclosure controls and procedures and internal control over financial reporting could result in material misstatements in our financial statements and a failure to meet our reporting and financial obligations, each of which could have a material adverse effect on our financial condition and the trading price of our common stock.
The company has received, and may receive in the future, regulatory, investigative and enforcement inquiries, subpoenas or demands arising from, related to, or in connection with these matters. Professional costs resulting from the investigation that resulted in the identification of the material weaknesses have been significant and are expected to continue to be significant, in particular if litigation costs relating to these regulatory, investigative and enforcement inquiries, subpoenas and demands grow. Although we believe that no significant business has been lost to date, it is possible that a change in the perceptions of our business partners could occur as a result of the investigation and the material weaknesses. In addition, as a result of the investigation and remediation efforts, certain operational changes have occurred and may continue to occur in the future. Any or all of these impacts based on the findings of the investigation and related matters and the surrounding circumstances could exacerbate the other risks described herein and directly or indirectly have a material adverse effect on our operations and/or financial performance.
Cybersecurity incidents could result in the company incurring significant costs and could harm the company’s business and reputation.
The company’s business includes managing, processing, storing and transmitting proprietary and confidential data, including personal information, intellectual property and proprietary business information, within the company’s own IT systems and those that the company designs, develops, hosts or manages for clients. These systems are critical to the company’s business activities, and shutdowns or disruptions of, and cybersecurity attacks on, these systems pose increasing risks. Cybersecurity incidents and network security incidents may include, but are not limited to, attempts to access or unauthorized access of information, exploitation of vulnerabilities (including those of third-party software or systems), computer viruses, ransomware, denial of service and other electronic security incidents. Attacks also include social engineering and cyber extortion to induce customers, contractors, business partners, vendors, employees and other third parties to disclose information, transfer funds, or unwittingly provide access to systems or data. Cyberattacks from computer hackers and cyber criminals and other malicious internet-based activity continue to increase generally, and the company’s services and systems, including the systems of the company’s outsourced service providers, have been and may in the future continue to be the target of various forms of cybersecurity incidents such as DNS attacks, wireless network attacks, viruses and worms, malicious software, ransomware, cyber extortion, misconfigurations, supply chain attacks, application centric attacks, peer-to-peer attacks, phishing attempts, backdoor trojans and distributed denial of service attacks.
2
Table of Contents
The techniques used by computer hackers and cyber criminals to obtain unauthorized access to data or to sabotage computer systems change frequently and are growing in sophistication, and these new techniques generally are not detected until after an incident has occurred. Cybersecurity incidents involving the company’s systems, despite established security controls, could result in disruption of the company’s services, misappropriation, misuse, alteration, theft, loss, corruption, leakage, falsification, and accidental or premature release or improper disclosure or misuse of confidential or other information, including intellectual property and personal information (of the company, third parties, employees, clients or others). The company could be exposed to liability, litigation, and regulatory or other government action, as well as the loss of existing or potential customers, damage to the company’s brand and reputation, damage to the company’s competitive position, and other financial loss, any of which could have a material adverse effect on the company’s business, financial condition and results of operations. In addition, the cost and operational consequences of responding to cybersecurity incidents and implementing remediation measures could be significant. In the company’s industry, security vulnerabilities are increasingly discovered, publicized and exploited across a broad range of hardware, software or other infrastructure, elevating the risk of attacks and the potential cost of response and remediation for the company.
Although the company continuously takes significant steps to mitigate cybersecurity risk across a range of functions, such measures can never eliminate the risk entirely or provide absolute security, and the company has experienced and expects to continue to experience cyberattacks on its information systems. While there have not been cybersecurity incidents or vulnerabilities that have had a material adverse effect on the company, there is no assurance that there will not be cybersecurity incidents or vulnerabilities that will have a material adverse effect in the future.
CAUTIONARY STATEMENT PURSUANT TO THE U.S. PRIVATE SECURITIES LITIGATION REFORM ACT OF 1995
Risks and uncertainties that could cause the company’s future results to differ materially from those expressed in “forward-looking” statements include:
Implementation of Business Strategy in Information Technology Market
• | our ability to attract and retain experienced personnel in key positions; |
• | our ability to grow revenue and expand margin in our Digital Workplace Solutions and Cloud, Applications & Infrastructure Solutions businesses; |
• | our ability to maintain our installed base and sell new solutions and related services; |
• | the business and financial risk in implementing acquisitions or dispositions; |
• | the potential adverse effects of aggressive competition in the information services and technology market; |
• | our ability to effectively anticipate and respond to rapid technological innovation in our industry; |
• | our ability to retain significant clients and attract new clients; |
• | our contracts may not be as profitable as expected or provide the expected level of revenues; |
• | our ability to develop or acquire the capabilities to enhance the company’s solutions; |
Defined Benefit Pension Plans
• | we have significant underfunded pension obligations; |
General Business Risks
• | the impact of the Audit & Finance Committee’s investigation; |
• | the impact of management’s conclusion, in consultation with the Audit & Finance Committee, that material weaknesses existed in our disclosure controls and procedures and internal control over financial reporting; |
• | the evaluation and implementation of remediation efforts designed and implemented to enhance our control environment; |
• | the potential identification of one or more additional material weaknesses in our internal control over financial reporting of which we are not currently aware or that have not been detected; |
• | the impact of COVID-19 on our business, growth, reputation, projections, financial condition, operations, cash flows and liquidity; |
• | the performance and capabilities of third parties with whom we have commercial relationships; |
• | cybersecurity incidents could result in incurring significant costs and could harm our business and reputation; |
• | a failure to meet standards or expectations with respect to the company’s environmental, social and governance practices; |
• | the risks of doing business internationally when a significant portion of our revenue is derived from international operations; |
• | our ability to access financing markets; |
• | a reduction in our credit rating; |
3
Table of Contents
• | the adverse effects of global economic conditions, acts of war, terrorism, natural disasters or the widespread outbreak of infectious diseases; |
• | a significant disruption in our IT systems could adversely affect our business and reputation; |
• | we may face damage to our reputation or legal liability if our clients are not satisfied with our services or products; |
• | the potential for intellectual property infringement claims to be asserted against us or our clients; |
• | the possibility that legal proceedings could affect our results of operations or cash flow or may adversely affect our business or reputation; and |
Tax Assets
• | our ability to use our net operating loss carryforwards and certain other tax attributes may be limited. |
Other factors discussed in this report, although not listed here, also could materially affect our future results.
4
Table of Contents
Item 6. Exhibits
See Exhibit Index
EXHIBIT INDEX
5
Table of Contents
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
UNISYS CORPORATION | ||||||
Date: November 23, 2022 | By: | /s/ Peter A. Altabef | ||||
Peter A. Altabef | ||||||
Chair and Chief Executive Officer | ||||||
(principal executive officer) |
6