April 19, 2019
VIA EDGAR AND FEDEX
Securities and Exchange Commission
Division of Corporation Finance
100 F Street, N.E.
Washington, D.C. 20549-7010
Attention: Kathleen Collins, Accounting Branch Chief, Office of Information
Technologies and Services
| Re: | Symantec Corporation |
Form10-K for the Fiscal Year Ended March 30, 2018 |
Filed October 26, 2018 |
Form10-Q for the Fiscal Period Ended December 28, 2018 |
Filed February 4, 2019 |
FileNo. 000-17781 |
Ladies and Gentlemen:
This letter responds to the comments of the Staff (the “Staff”) of the Securities and Exchange Commission (the “Commission”) set forth in the letter dated April 8, 2019, from Ms. Kathleen Collins to Mr. Gregory S. Clark of Symantec Corporation (the “Company,” “we,” “our” and “us”). For your convenience, we have set forth below each of the Staff’s comments in italicized text in the same numbered order in which they appear in your letter. The Company’s response to each Staff comment follows immediately after the text of the corresponding comment.
The Company is requesting confidential treatment of the responses set forth in Attachment A to this letter (as detailed in the Company’s written confidential treatment request accompanying Attachment A, which has been submitted under separate cover), pursuant to Regulation 200.83 of the Commission (17 C.F.R. §200.83).
Form10-K for the Fiscal Year Ended March 30, 2018
Management’s Discussion and Analysis of Financial Condition and Results of Operations General, page 36
| 1. | We note from your response to prior comment 1 that management periodically monitors customer retention and renewal rates for significant changes in each of your segments. Please clarify for us what you mean by “periodically monitors.” Also, you state the comparability of your renewal and retention rates for your Enterprise Security segment are limited due to a divestiture in fiscal 2016 and an acquisition in early fiscal 2017. Please explain further why transactions from two years ago continue to impact the usefulness of these metrics. Also describe further the changes made to the way you sell your Enterprise Security arrangements and how such |
Symantec Corporation 350 Ellis Street, Mountain View, CA 94043 Telephone (650) 527-8000 www.symantec.com
Securities and Exchange Commission
April 19, 2019
Page 2
| changes impacted the usefulness of such measures. In addition, please provide us with the renewal and retention rates for each of the Enterprise Security and Consumer Digital Security segments for each quarter during the last three fiscal years. To the extent there have been significant fluctuations in such measures, particularly for the Consumer Digital Security segment, please explain further why a quantified discussion would not be useful to investors. Refer to Section III.B.1 of SEC Release33-8350. |
Response:
We respectfully advise the Staff that, like all businesses of our size and scale, we have access to large volumes of data. While we believe this information can provide insight into trends and thus can be directionally meaningful, it is often too imprecise or incomplete to report on a regular basis in our public filings. It was along these lines that we made the statement in response to prior comment 1 regarding our periodic monitoring of customer retention and renewal rates.
In our Enterprise Security segment, our management may look at imprecise or incomplete data from time to time to provide limited insights, but in the past, we did not review the same data on a consistent basis. We do not have a formal definition or method of computing renewal and retention rates for the Enterprise Security segment due to a number of factors including significant changes in our enterprise resource planning (“ERP”) systems as a result of our Blue Coat acquisition and our Veritas divestiture, as well as legacy systems from prior acquisitions and systems upgrades, and a lack of consistent customer data that has been sufficiently analyzed to rely on as the basis for metrics that are suitable for reporting to the executive management team or investors. Additionally, we believe that generalized retention and renewal rates would not be meaningful to investors due to the composition and trends in the nature of our contractual arrangements. Our Enterprise offerings are sold under a wide variety of multiple-element arrangements that may include sales of appliances, perpetual software licenses, support contracts, term-based license subscriptions and cloud-based SaaS products. In addition, over the past few years, our business model in the Enterprise Security segment has been evolving such that fewer arrangements are taking the form of appliance and perpetual license sales, and our arrangements are shifting more towards term-based license subscriptions and cloud-based products. As a result of the factors described above, we are unable to provide customer retention and renewal information for our Enterprise Security segment for the past three years ended fiscal year 2018 that would be meaningful to investors and is measurable with sufficient precision to report in our public filings.
Symantec Corporation 350 Ellis Street, Mountain View, CA 94043 Telephone (650) 527-8000 www.symantec.com
Securities and Exchange Commission
April 19, 2019
Page 3
As requested, the table below sets forth our historical customer retention rates, which we define as the percentage of customers that are retained at the end of 12 months for each period, for our Consumer Digital Safety segment by quarter for fiscal years 2016, 2017, 2018 and 2019.
| FY 2019 | FY 2018 | |||||||||||||||||||||||||||||||
| Q4 | Q3 | Q2 | Q1 | Q4 | Q3 | Q2 | Q1 | |||||||||||||||||||||||||
Retention rate | 84.3 | % | 84.2 | % | 83.9 | % | 83.6 | % | 83.1 | % | 81.9 | % | 81.4 | % | 80.4 | % | ||||||||||||||||
| FY 2017 | FY 2016 | |||||||||||||||||||||||||||||||
| Q4 | Q3 | Q2 | Q1 | Q4 | Q3 | Q2 | Q1 | |||||||||||||||||||||||||
Retention rate | 79.8 | % | 79.2 | % | 78.5 | % | 77.9 | % | 77.3 | % | 76.4 | % | 76.3 | % | 76.2 | % | ||||||||||||||||
In light of the Staff’s comment, we will include customer retention rates for our Consumer Digital Safety segment in our fiscal year 2019 Form10-K.
Item 9A. Disclosure Controls and Procedures, page 52
| 2. | We note your response to prior comment 2. In order for us to better understand the control deficiency identified and how you considered the potential magnitude of the control deficiency, please address the following as it relates to the transaction that was initially recorded as revenue rather than the majority of the transaction being recorded as deferred revenue: |
| • | Explain further how the revenue misstatement was discovered during the Audit Committee investigation. |
| • | Describe the transaction that resulted in this misstatement, clarify why the accounting changed and cite the specific accounting guidance applied. |
| • | Describe the standard sales process and the individuals involved in the process, from negotiating to reviewing, closing, and recording a transaction, and how segregation of duties is considered. If the standard process differed for this particular transaction, please explain why. Please also explain if there were other circumstances in which the standard process was not followed and whether the Audit Committee reviewed and considered those transactions as a part of its investigation. |
| • | Explain in more detail how the control identified in your response works, including the level of precision related to this control. For example, explain the nature of the revenue training and representations, and tell us why you believe if the sales personnel had been involved this control would have detected the misstatement on a timely basis. |
| • | Explain in more detail the nature of the control deficiency. For example, clarify whether it is a design or operating effectiveness control deficiency. Also, explain in detail how the change in controls as described in your response would have prevented or detected a misstatement on a timely basis. |
Symantec Corporation 350 Ellis Street, Mountain View, CA 94043 Telephone (650) 527-8000 www.symantec.com
Securities and Exchange Commission
April 19, 2019
Page 4
| • | With regards to the maximum amount or total number of transactions exposed to the deficiency, please explain in more detail how you determined the criteria for this additional population. Explain the characteristics that were unique to these additional transactions and the transaction resulting in the misstatement, and describe any differences related to the nature of these transactions. Tell us what percentage of your new 2018 sales contracts these additional contracts represented. Additionally, tell us why you did not consider any new sales contracts prior to fiscal 2018 in your analysis. Lastly, to the extent such population was limited to a certain product line or class of revenue, please explain why. |
| • | Clarify whether the number of potential transactions exposed to the control deficiency in fiscal 2018 is indicative of what you might identify in a typical year. |
| • | Provide an analysis of the potential magnitude of additional transactions, which includes the identified misstatement. In this regard, your response indicates you excluded the misstatement in the analysis provided. In addition, your analysis should consider the potential impact to income from continuing operations before taxes, income from continuing operations, and net income, and how that impacts your consideration of whether the identified adjustment rose to the level of a material weakness. As part of this analysis, please explain whether the additional potential magnitude determined was based on the full amount of revenue from those transactions being deferred, or part of the amount being deferred. If the latter, please explain the rationale. |
Response:
The entirety of the Company’s response to the Staff’s comment 2 is set forth in Section 1 of Attachment A, which has been provided to the Staff under separate cover. Confidential treatment has been requested for Attachment A pursuant to Regulation 200.83 of the Commission (17 C.F.R. §200.83).
| 3. | You state on page 69 that the Audit Committee noted relatively weak and informal processes with respect to some aspects of review, approval and tracking of transition and transformation expenses. Also, in the Form 8-K furnished on November 1, 2018 you refer to adjustments to stock-based compensation, certain other operating expenses and income taxes. Tell us whether any adjustments related to each of these matters relate to the revenue misstatement or to the related control deficiency. To the extent these adjustments were separate from the revenue misstatement, please describe any control deficiencies related to these adjustments, and tell us how you considered these control deficiencies in aggregation with the other control deficiencies identified, including the control deficiency related to the revenue misstatement. Lastly, tell us whether these adjustments arose from control deficiencies impacting any of the COSO components outside of control activities, including consideration related to aggregation of the control deficiencies. |
Symantec Corporation 350 Ellis Street, Mountain View, CA 94043 Telephone (650) 527-8000 www.symantec.com
Securities and Exchange Commission
April 19, 2019
Page 5
Response:
The entirety of the Company’s response to the Staff’s comment 3 is set forth in Section 2 of Attachment A, which has been provided to the Staff under separate cover. Confidential treatment has been requested for Attachment A pursuant to Regulation 200.83 of the Commission (17 C.F.R. §200.83).
| 4. | Your disclosures on page 69 also indicate that the Audit Committee identified certain behavior inconsistent with the company’s Code of Conduct and related policies. Please address the following related to that disclosure: |
| • | Further describe the behaviors identified and the roles of the individuals involved. |
| • | Tell us whether any of those involved had financial reporting responsibilities. If so, explain whether you identified any control deficiencies, including with regards to the COSO components outside of control activities. |
| • | Tell us whether the recent resignations of the Chief Operating Officer and Chief Financial Officer were related to the Code of Conduct issues and/or any other issues identified in the Audit Committee Investigation. If so, tell us how that impacted your assessment of whether you identified any control deficiencies, including with regards to the COSO components outside of control activities. |
| • | Describe further the clarifications and enhancements made to the Code of Conduct and related policies. As part of your response, clarify whether other control deficiencies were identified as part of the process of making these enhancements. If so, please explain how these control deficiencies were considered in aggregation with the other existing control deficiencies. |
Response:
The entirety of the Company’s response to the Staff’s comment 4 is set forth in Section 3 of Attachment A, which has been provided to the Staff under separate cover. Confidential treatment has been requested for Attachment A pursuant to Regulation 200.83 of the Commission (17 C.F.R. §200.83).
[Remainder of Page Intentionally Left Blank.]
Symantec Corporation 350 Ellis Street, Mountain View, CA 94043 Telephone (650) 527-8000 www.symantec.com
Securities and Exchange Commission
April 19, 2019
Page 6
Form10-Q for the Fiscal Period Ended December 28, 2018
Note 3. Revenues
Performance Obligations, page 10
| 5. | We note your response to prior comment 6. Considering the majority of the arrangements that include a license and interrelated deliverables are term-based licenses that are recognized over the contract term, please revise the table on page 11 to indicate as such. |
Response:
We acknowledge the Staff’s comment and will revise the table as requested in future filings.
* * *
Please direct any comments or questions regarding this filing to me at650-527-6610.
| Very truly yours, |
/s/ Nicholas R. Noviello |
Nicholas R. Noviello Executive Vice President and Chief Financial Officer Symantec Corporation |
| cc: | V. Paul Unruh, Chair, Audit Committee of the Board of Directors |
Gregory S. Clark, Chief Executive Officer
Scott C. Taylor, Executive Vice President, General Counsel and Secretary
Jana Barsten, Partner, KPMG LLP
William L. Hughes, Orrick, Herrington & Sutcliffe LLP
Exhibit: Attachment A (provided under separate cover)
Symantec Corporation 350 Ellis Street, Mountain View, CA 94043 Telephone (650) 527-8000 www.symantec.com