| UNITED STATES | ||
| SECURITIES AND EXCHANGE COMMISSION | ||
| WASHINGTON, D.C. 20549 | ||
FORM 10-K
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) THE SECURITIES EXCHANGE ACT OF 1934 | |||||
For the fiscal year ended December 31 , 2022
or
| TRANSITION REPORT PURSUANT TO SECTION 13 OR 15 (d) THE SECURITIES EXCHANGE ACT OF 1934 | |||||
Commission file number: 001-08443
(Exact name of registrant as specified in its charter)
| (State or other jurisdiction of incorporation or organization) | (I.R.S. Employer Identification No.) | ||||
| (Address of principal executive offices) | (Zip Code) | ||||
Registrant's telephone number, including area code: (703 ) 724-3800
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class | Trading symbol | Name of each exchange on which registered | ||||||
Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company or an emerging growth company. See the definitions of "large accelerated filer," "accelerated filer," "smaller reporting company" and "emerging growth company" in Rule 12b-2 of the Exchange Act.
| Large accelerated filer | ☐ | ☒ | ||||||||||||
| Non-accelerated filer | ☐ | Smaller reporting company | ||||||||||||
| Emerging growth company | ||||||||||||||
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management's assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report Yes ☒ No ☐
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant's executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒
The aggregate market value of the registrant’s common stock held by non-affiliates of the registrant as of June 30, 2022 was approximately $428.7 million based upon the last reported sale price of the registrant's common stock on The Nasdaq Stock Market LLC as of the close of business on that day.
As of March 10, 2023, the registrant had outstanding 68,559,383 shares of common stock.
DOCUMENTS INCORPORATED BY REFERENCE:
1
Table of Contents to 2022 Form 10-K
| Page | ||||||||
Report of Independent Registered Public Accounting Firm (PCAOB ID No. | ||||||||
Report of Independent Registered Public Accounting Firm (PCAOB ID No. | ||||||||
2
3
Special Note Regarding Forward-Looking Statements
This annual report contains statements that constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. In addition, in the future the Company, and others on its behalf, may make statements that constitute forward-looking statements. Such forward-looking statements may include, without limitation, statements relating to the Company's plans, objectives or goals; future economic performance or prospects; the potential effect on the Company's future performance of certain contingencies; and assumptions underlying any such statements. You are cautioned not to place undue reliance on the Company's forward-looking statements.
Words such as "believes," "anticipates," "expects," "intends" and "plans" and similar expressions are intended to identify forward-looking statements but are not the exclusive means of identifying such statements. The forward-looking statements are and will be based upon management's then current views and assumptions regarding future events and operating performance and are only applicable as of the dates of such statements. The Company does not intend to update these forward-looking statements except as may be required by applicable laws.
By their very nature, forward-looking statements involve inherent risks and uncertainties, both general and specific, and risks exist that predictions, forecasts, projections and other outcomes described or implied in forward-looking statements will not be achieved. The Company cautions you that these important factors could cause results to differ materially from the plans, objectives, expectations, estimates and intentions expressed in such forward-looking statements, including the risks described under the caption "Risk Factors" in this Annual Report on Form 10-K.
Although we base these forward-looking statements on assumptions that we believe are reasonable when made, we caution you that forward-looking statements are not guarantees of future performance. Given these risks, uncertainties and other factors, many of which are beyond our control, we caution you not to place undue reliance on these forward-looking statements. We undertake no obligation to publicly update any forward-looking statement, whether written or oral, that may be made from time to time, whether as a result of new information, future developments, or otherwise.
4
PART I
Item 1. Business
General
Telos Corporation is a Maryland corporation headquartered in Ashburn, Virginia. Telos Corporation, together with its subsidiaries (the "Company" or "Telos" or "We"), offers technologically advanced, software-based security solutions that empower and protect the world's most security-conscious organizations against rapidly evolving, sophisticated and pervasive threats. Our portfolio of security products, services and expertise empowers our customers with capabilities to reach new markets, serve their stakeholders more effectively, and successfully defend the nation or their enterprise. We protect our customers' people, information, and digital assets so they can pursue their corporate goals and conduct their global missions with confidence in their security and privacy.
We completed our initial public offering ("IPO") on November 19, 2020, and a follow-on offering on April 6, 2021. In addition, on July 30, 2021, we acquired the assets of Diamond Fortress Technologies ("DFT") and its wholly-owned subsidiaries.
Our Mission
Our mission is to protect our customers' people, systems, and vital information assets with offerings for cybersecurity, cloud security, and enterprise security. In the current global environment, our mission is more critical than ever. The emergence of each new information and communications technology ("ICT") introduces new vulnerabilities, as security is still too often overlooked in solution development. Networks and applications meant to enhance productivity and profitability often jeopardize an organization due to poor planning, misconfiguration, or an unknown gap in security. Ransomware, insider threats, cybercrime, and advanced persistent threats continue to menace public and private enterprises across all industries.
Cybersecurity, cloud security, and enterprise security of the modern organization share much in common, yet also call for a diverse range of skills, capabilities, and experience in order to meet the requirements of security-conscious customers. Decades of experience in developing, orchestrating, and delivering solutions across these three domains give us the vision and the confidence to provide solutions that empower and protect the enterprise at an integrated, holistic level. Our experience in addressing challenges in one area of an enterprise helps us meet requirements in others. We understand that a range of complementary capabilities may be needed to solve a single challenge, and we also recognize when a single solution might address multiple challenges. Our security solutions span across these three domains: Cybersecurity, Cloud Security and Enterprise Security.
Business Segments
We conduct our business through two reportable and operating segments: Security Solutions and Secure Networks. These segments enable the alignment of our strategies and objectives and provide a framework for the timely and rational allocation of resources within the line of business.
Additional information regarding our segments is presented in Note 21 - Segment Information to the consolidated financial statements at Item 8 of this Form 10-K.
Security Solutions Segment:
The Security Solutions segment focuses on cybersecurity, cloud, and identity solutions. Cybersecurity solutions help our customers ensure the ongoing security, integrity and compliance of their on-premises and related cloud-based systems by reducing threats and vulnerabilities to foil cyber adversaries before they can attack. Our security engineers and subject matter experts assess our customers' cybersecurity environments and design, engineer, and operate systems needed to strengthen their cybersecurity postures. Our cloud solutions leverage the specialized skills and experience needed to help our customers plan, engineer, execute, and accelerate secure cloud migrations while assuring ongoing management and security of enterprise cloud technology environments. Our identity solutions deliver digital identity, biometric, and nationwide enrollment services and address Know Your Customer and identity management challenges for enterprises working within regulated and critical infrastructure environments. Security Solutions represented 55.5%, 51.0% and 65.2% of total revenues for fiscal years 2022, 2021, and 2020, respectively.
5
•Information Assurance:
◦Xacta®: a premier platform for enterprise cyber risk management and security compliance automation, delivering security awareness for systems in the cloud, on-premises, and in hybrid and multi-cloud environments. Xacta delivers automated cyber risk and compliance management solutions to large commercial and government enterprises. Across the United States ("U.S.") federal government, Xacta is the de facto commercial cyber risk and compliance management solution. With use cases including cyber risk management, risk remediation management, security authorization, compliance management, audit management, inventory management, vulnerability management, continuous compliance monitoring, and vendor and supply chain risk management, Xacta administers the key elements of more than 100 leading regulations and policies for IT security compliance, including the National Institute of Standards and Technology ("NIST") Risk Management Framework ("RMF"), RMF for Department of Defense ("DoD") IT, Committee of National Security Systems 1253, NIST Cybersecurity Framework, the Federal Risk and Authorization Management Program ("FedRAMP") and the DoD's Cybersecurity Maturity Model Certification ("CMMC") program.
◦Cybersecurity services: proven solutions and services for the full cybersecurity lifecycle, including consulting services, assessment and compliance, engineering and evaluation, operations, and penetration testing. With a pedigree in information and cybersecurity that spans three decades, our certified personnel provide services and solutions that deliver continuous security assurance for business, government, and critical infrastructure.
•Secure Communications:
◦Telos Ghost®: a virtual obfuscation network-as-a-service with encryption and managed attribution capabilities to ensure the safety and privacy of people, information, and resources on the network. Telos Ghost seeks to eliminate cyberattack surfaces by obfuscating and encrypting data, masking user identity and location, and hiding network resources. It provides the additional layers of security and privacy needed for intelligence gathering, cyber threat protection, securing critical infrastructure, and protecting communications and applications when a single error in security can jeopardize operations, property, and even lives. Telos Ghost is currently used by DoD, the Intelligence Community ("IC") and commercial organizations for a variety of highly sensitive applications, including cyber threat research, open-source intelligence, supply chain security vulnerability assessment, worldwide investigative and recovery services, and hiding critical assets.
◦Telos Automated Message Handling System ("AMHS"): web-based organizational message distribution and management for mission-critical communications; the recognized gold standard for organizational messaging in the U.S. government. Telos AMHS is used by military field operatives for critical communications on the battlefield using the Defense Information System Agency's Organizational Messaging Service and its specialized communications protocols. Telos AMHS is also used by the intelligence community for timely situational awareness and assessment reporting utilizing the Director of National Intelligence's Information Transport Service, Organizational Messaging data standards and computing infrastructure. Because Telos AMHS supports timely and reliable delivery for authoritative communications, its uses include terrorist warnings, "eyes-only" messages, military execution orders, intelligence information, overflight clearances, and Emergency Action Messages for nuclear command and control. Information exchanged at this level and for these purposes requires operational requirements for time-sensitive, guaranteed delivery, precedence, high availability, and reliability.
◦Telos Advanced Cyber Analytics ("ACA"): a solution-as-a-service that delivers timely, accurate, actionable intelligence at speed and scale to illuminate threats to enterprise assets. It enables organizations to detect malicious activity earlier and to uncover and identify previously unknown attacks and new malicious behavior. Further, it assists in attributing events and provides sophisticated and comprehensive analytics without expensive overhead. With fully automated external data collection and assessment, Telos ACA determines patterns of behavior exhibited by threat actors, and provides the necessary information to reduce vulnerabilities within the IT infrastructure before attackers can exploit them.
6
•Digital Identity Solutions:
◦IDTrust360®: an enterprise-class digital trusted identity risk platform for extending flexible hybrid cloud identity services. This platform is enabled for mobile, enterprise environments and custom digital identity services that mitigate threats by integrating advanced technologies that fuse biometrics, credentials, and other identity-centric data used to continuously monitor trust. IDTrust360 is the only commercially owned and operated platform on the market with direct interfaces to the Federal Bureau of Investigation's ("FBI") criminal records, Department of Homeland Security's ("DHS") terrorist watch list service, U.S. Department of Treasury's pay.gov, other government identity risk management systems, and numerous commercial identity, intelligence, and risk-based data sources. We are actively engaged with federal customers to integrate vital event records, government identification document records, and other fingerprint-based biometric records hosted across multiple agencies. This enables Telos to offer NIST-compliant digital identity services aligned with federal security mandates.
◦ONYX®: the world's first, most widely deployed, and most accurate touchless fingerprint biometric for mobile devices. Powered by state-of-the-art machine learning, ONYX eases deployment in a variety of industries, including financial services and healthcare, and applications, like consumer authentication and physical access and security. Acquired by Telos in 2021, the patented and award-winning ONYX solution delivers touchless fingerprint biometrics that people can submit simply by using their mobile phones. In June 2022, ONYX won first place in the overall competition of the Mobile Fingerprint Information Technology Challenge hosted by the NIST.
We maintain government certifications and designations that distinguish Telos ID, including TSA PreCheck® enrollment provider, Designated Aviation Channeling provider, FBI-approved Channeler, and Financial Industry Regulatory Authority Electronic Fingerprint Submission provider.
Secure Networks Segment:
Secure Networks focuses on enterprise security. The Secure Networks segment provides secure networking architectures and solutions to the U.S. DoD, the federal IC, and other federal governmental agencies. Our net-centric solutions enable collaboration and connectivity to increase efficiency, reduce costs, and improve mission outcomes. Telos provides an extensive range of wired and wireless, fixed and deployable, classified and unclassified voice, data, and video secure network solutions and services to support defense and civilian missions. Capabilities include network design, operations, and sustainment; system integration and engineering; network security and compliance; deployable comms; robotic process automation and other digital transformation capabilities; service desk; defensive cyber operations; and program management. Secure Networks represented 44.5%, 49.0% and 34.8% of total revenues for the years ended December 31, 2022, 2021, and 2020, respectively.
•Secure Mobility: solutions for business and government that enable remote work and minimize operational and security concerns across and beyond the enterprise. Our secure mobility team brings credentials to every engagement, supplying deep expertise and experience, highly desirable clearances and industry-recognized certifications for network engineering, mobility, and security. We also offer secure mobility professional services, such as consulting and deployment services, to deliver integrated communications solutions that meet even the most complex needs of civilian, defense, and commercial customers.
•Network Management and Defense: services for operating, administrating, and defending complex enterprise networks and for defensive cyber operations. Our diverse network management and defense capabilities address common and uncommon requirements in many industries and disciplines, from military to government agencies. Telos network engineers, security specialists, and program managers are experienced with advanced DoD and federal networks and are certified in the leading tools, technologies, and best practices for network management and administration. We ensure the consistency and continuity of network management services required in today's mission-critical network environments.
Key Customers
Our customer base consists of the U.S. federal government, large commercial businesses, state and local governments, and international customers. Our consolidated revenues are largely attributable to prime contracts or to subcontracts with our contractors engaged in work for the U.S. government; with the remaining attributable to state, local and commercial markets.
Our federal government customers include the DoD, the Central Intelligence Agency and multiple other agencies within the IC, Defense Manpower Data Center, and multiple civilian agencies, including the DHS, the U.S. Department of State, the FBI, Department of Health and Human Services, and U.S. Census Bureau ("Census"). These customers have a number of subsidiary agencies that have separate budgets and procurement functions. Our contracts may be with the highest level of these agencies or with the subsidiary agencies of these customers.
Our commercial customers include leading enterprises such as Amazon.com, Inc., Zscaler and Salesforce.com, Inc.
7
Our security solutions are the product of the extensive labor investment in developing our intellectual property and highly sophisticated software technology. These investments helped us expand with commercial customers, and win additional contracts within the military, the IC and civilian government agencies. Once our security solutions are embedded in our customers' technology infrastructure, these customer relationships often expand and lead to us providing additional security solutions.
Our Growth Strategies
We are pursuing multiple strategies in order to grow the Company, in both our commercial and government business end markets. Our key strategies are:
•Broaden reach within the U.S. federal government. We have historically focused on the U.S. federal government and believe that we are an established leader in providing security solutions to federal agencies, including DoD and the IC. Nonetheless, we believe the U.S. federal government represents a significant growth opportunity, and we expect to continue to invest in products to serve additional customers in this vertical. For example, Xacta is included on DHS's Continuous Diagnostics and Mitigation Approved Products List to provide federal agencies with innovative security tools, which we believe presents us with an excellent opportunity to pursue contracts with additional federal agencies. In addition, our platform is available for use in the AWS GovCloud (U.S.), Oracle and Azure Government. The Telos ACA offering is positioned to supply unique data sets to government agencies to allow them to better inform themselves as they defend and protect their networks and assets. Telos ACA is also positioned to provide government customers with specific, actionable and high-fidelity intelligence about malicious cyber activity targeted at their networks.
•Leverage our diverse security solutions to expand our presence in commercial markets. Our offerings are designed to have broad applications and include security risk and compliance, secure messaging, identity vetting, and managed attribution and obfuscation. We believe that we are well-positioned to sell our capabilities into a dynamic and growing commercial opportunity set and to innovate to address emerging and unique requirements. For example, we have leveraged core Xacta functionality to meet the needs of large financial services and customer relationship management firms. We have also leveraged our U.S. federal government identity management qualifications to improve the speed and accuracy of vetting results for more than 100 airports, air carriers, and general aviation across the country. We intend to continue innovating and are developing additional offerings for cloud, mobile, and internet of things ("IoT") devices.
•Grow our revenue and expand margins with robust sales channels. We have formed a sales organization with a vertical sales component functioning as the direct channel to a wider account universe comprised of commercial and government customers. This vertical is focused on quick-turn, transactional sales. We continue expanding our partner program to include a variety of channels, including resellers, integrators, and contract partners to help us gain access to new markets more quickly. For example, both Telos Ghost and Xacta are now available through various AWS and Microsoft Azure marketplaces, serving markets requiring varying levels of security. The growth of our sales team and the accelerated expansion of these channel partner initiatives are anticipated to drive revenue growth and material gross margin expansion over time.
•Target and replace inefficient legacy products. Recognizing the limitations of their legacy systems, organizations are replacing existing systems and processes with Telos solutions. For example, Telos AMHS is a web-centric system that replaced legacy capabilities like communications centers for the purpose of executing operational orders (through organizational messaging) across the U.S. federal government and around the world. Xacta has disrupted the cyber risk and compliance management business across the U.S. federal government, replacing tedious manual activity with automation and delivering that automation to meet our customer's needs flexibly on premises, in hybrid environments, in the cloud, and across multi-cloud infrastructures.
•Pursue strategic acquisition opportunities. We believe that our markets remain fragmented, with many niche players providing limited product solutions targeting narrow customer segments. Given the breadth of our solution set and our customer end markets, we believe that we are well-positioned to opportunistically acquire smaller companies and incorporate their technology or deploy their solutions across a larger customer set. We believe that a targeted and opportunistic acquisition strategy will be a force multiplier for our organic growth opportunity.
Sales and Marketing
As part of the sales and channel program investments, we are also making corporate investments in functional areas such as contracts, solution architects, lead generation tools, and operations to ensure our back-office systems and processes scale for business growth. We are adding commission incentivized, sales personnel aligned to market segments focused on commercial industry and whitespace U.S. federal, IC and DOD market areas. We are concentrated on Xacta and Telos Ghost sales efforts in the financial services, insurance, healthcare, energy, and other highly regulated critical infrastructure markets.
We have expanded our sales capability for markets in which we are well known, such as the U.S. government, certain critical infrastructure sectors, and certain commercial verticals such as healthcare and financial services.
8
We built a dedicated channel team to include the launch of the Telos CyberProtect Partner Program. This ecosystem includes a variety of partner types including distributors (such as DLT, a tech data company), resellers, referral partners, technology integration partners, managed service providers, consulting partners and more. Collectively these partners help us deliver access to verticals such as healthcare, state, local government and education, and commercial enterprises, and bolster our position in the federal, IC and defense market.
We experienced success with the channel as we had several deals transact through the system in 2022 and 2021, allowing us to pressure test the operational side of the channel. Additionally, through our channel partners, Telos was successfully added to contract vehicles that provide access to a broader base of customers in our target markets.
Customer acquisition often involves extensive interaction at all levels of an organizations, from executives, to decision makers, to end users. We seek to forge relationships throughout an organization in an effort to obtain broad consensus as part of the sales process. We leverage the full power of Telos (executives, sales and channel partners) to gain access and build our brand awareness.
Our sales strategy is to establish a customer foothold with one of our solutions and work to achieve rapid success. We then leverage this customer relationship to generate interest in other solutions from the Telos portfolio. We have a variety of upsell opportunities that allow us to expand our presence within a customer account. For example, there are various complementary Xacta features that build on each other and are sold separately.
Much of our business is awarded through the submission of formal competitive bids, however, a significant portion of our revenue is awarded through limited competition or sole-source contracts.
Partner Organizations
Our sales team works with partner organizations like AWS, Microsoft Azure, and Oracle to pursue mutual customers and leverage their marketplace platforms and marketing programs. Last year, Telos announced a collaboration with IBM Security as part of IBM's Active Governance Services, which allows enterprises to operationalize and automate activities and solve challenges in cybersecurity compliance and regulatory risks. The solution combines IBM's world-class expertise in cyber compliance and governance programs with Telos' Xacta IT risk management platform to automate the time-consuming aspects of compliance and audit activities such as control selection, validation, reporting, and monitoring.
Marketing
We build market awareness of Telos and our solutions through a variety of marketing programs, including regular briefings with industry analysts, public relations activities, government relations initiatives, web seminars, trade show exhibitions, speaking engagements, and website marketing. We are making additional investments in these types of activities and targeting additional vertical-specific content creation, targeted advertising and brand awareness campaigns, social media campaigns, and search engine marketing.
Our sales team works hand in hand with our marketing team and various subject matter experts to develop targeted awareness campaigns for our various solutions that generate valuable leads and contacts.
Human Capital Resources
As of December 31, 2022, we had 738 employees, of whom approximately 90.4% are located in the United States. Approximately 413 of our U.S.-based employees held U.S. security clearances, and 23% self-identify as veterans of U.S. military service. None of our employees are represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages, and we consider relations with our employees to be good.
Our people are proficient in many fields, such as computer science, information security and vulnerability testing, networking technologies, physics, engineering, operations research, mathematics, economics, and business administration. We place a high value on our people. As a result, we seek to remain competitive in terms of salary structures, incentive compensation programs, fringe benefits, opportunities for growth, and individual recognition and award programs.
Our management team is committed to maintaining a corporate culture that fosters mutual respect and job satisfaction for our people while delivering innovation and value to customers and shareholders. This commitment is reflected in our core values:
Always with integrity, at Telos we:
Build trusted relationships,
Work hard together,
Design and deliver superior solutions, and
Have fun doing it.
9
These values are woven throughout the fabric of Telos. They are reflected in our hiring practices, reinforced regularly, and reviewed during appraisals. Employees are encouraged to challenge themselves and each other to exhibit the core values in all activities.
Our employees are given avenues of communication and interaction should they observe activities inconsistent with our core values. While employees are encouraged first to speak openly about any issues, a 24/7 hotline provides an opportunity to express concerns anonymously.
We consider the foundational value of integrity to be a non-negotiable requirement of employment, and an expectation of suppliers, partners, and our customers. We guard our reputation and will take action to protect it. An essential part of our brand promise is to always to engage employees, customers, partners, suppliers, and investors with integrity.
Diversity and Inclusion
We value diversity and inclusion and are committed to providing a work environment that is free of discrimination and harassment, where our employees can do their best work, bring their whole self to work, feel supported and in turn support others. We strive to create a working environment where everyone feels included and respected and has an equal opportunity to contribute. We believe that diverse teams maximize their potential and bring with them varied views, experiences, and perspectives. While we believe that our employee population is gender and ethnically diverse for our industry and operating markets, with approximately 27% of our global population self-identifying as female and approximately 29% self-identifying as underrepresented minorities, our objective is to continue to improve our hiring, development, training, advancement, and retention of diverse talent and to foster an inclusive environment at Telos.
Seasonality
We generally experience seasonality due to the fiscal year ends and procurement cycles of our key customers. We derive a substantial portion of our revenue from the U.S. government whose fiscal year ends on September 30 of each year, which may favorably impact our third fiscal quarter. In addition, our quarterly results may be impacted by the number of working days in a given quarter. See "Risk Factors — We are subject to the seasonality of U.S. government spending."
Research and Development
We developed proprietary software-based solutions in various platforms related to security and cyber risk management. We invest substantial resources in research and development to innovate new solutions, enhance our offerings and grow opportunities by developing new features and modules for our existing platforms. We are committed to and view our continued investment in research and development as a key factor to our long-term business success.
Government Contracts and Regulation
Our business is heavily regulated and we must comply with and are affected by laws and regulations relating to the formation, administration and performance of U.S. government and other contracts. U.S. government contracts generally are subject to the Federal Acquisition Regulation ("FAR"), which sets forth policies, procedures and requirements for acquiring goods and services by the U.S. government, and agency-specific regulations that implement or supplement the FAR. These regulations impose a broad range of requirements, many of which are unique to government contracting, including various procurement, security, contract pricing and cost, contract termination, and adjustments and audit requirements. These laws and regulations, among other things:
•Impose specific and unique cost accounting practices that may differ from Generally Accepted Accounting Principles in the United States of America ("U.S. GAAP" or "GAAP") and therefore require reconciliation;
•Define allowable and unallowable costs and otherwise govern our right to reimbursement under various cost-type U.S. government contracts;
•Require compliance with U.S. government Cost Accounting Standards;
•Require reviews by the Defense Contract Audit Agency ("DCAA"), Defense Contract Management Agency and other U.S. government agencies for compliance with government requirements for a contractor's business system;
•Restrict the use and dissemination of and require the protection of unclassified contract-related information and information classified for national security purposes and the export of certain products and technical data;
•Impose acquisition regulations that define reimbursable and non-reimbursable costs; and
•Restrict the use and dissemination of information classified for national security purposes and the export of certain products and technical data.
10
U.S. government customers employ several contracting methods to purchase services and products. Budgetary pressures and reforms in the procurement process have caused many U.S. government customers to increasingly purchase services and products using contracting methods that allow them to select multiple contract winners or pre-qualify certain contractors to provide services or products on established general terms and conditions rather than through single-award contracts. The predominant contracting methods through which U.S. government agencies procure services and products include definitive award contracts, indefinite delivery / indefinite quantity ("IDIQ") contracts, U.S. General Service Administration ("GSA") schedule contracts and other transactional agreements ("OTA").
Government contracts are subject to congressional funding. Consequently, at the outset of a program, a contract is usually partially funded, and Congress annually determines if additional funds are to be appropriated to the contract. All of our government customers have the right to terminate their contract with us at their convenience or in the event that we default. Most of our contracts have cancellation terms that would permit us to recover all or a portion of our incurred costs and fees for work performed where the U.S. government issues a termination for convenience.
A portion of our business is classified by the U.S. government and cannot be specifically described. The operating results of these classified programs are included in our consolidated financial statements.
These regulations and risks are described in more detail below under "Risk Factors" in this Annual Report on Form 10-K.
COVID-19 Pandemic
We continue to monitor and address the coronavirus pandemic ("COVID-19") closely, including the impact on us, our employees, our customers, our suppliers and our communities. We continue to consider guidance from the Centers for Disease Control ("CDC"), other health organizations, federal, state and local governmental authorities, and our customers, among others. We have taken, and continue to take, robust actions to help protect our employees' health, safety and well-being, support our suppliers and local communities, and to continue to serve our customers. Our goals have been to lessen the immediate potential adverse impacts, both health and economic, and to continue to position the Company for long-term success. Like the communities we serve, our actions have varied depending on the spread of COVID-19 and local health requirements and guidance from the CDC, the needs of our employees and the needs of our business.
With much of the business of government still being conducted by federal employees working remotely through the use of information technology systems, we believe there will continue to be a need on the part of the government for the types of solutions and services provided by Telos.
Our employees, suppliers and customers, the Company and our global community are facing tremendous challenges as a result of the pandemic and its resulting economic impacts, and we cannot predict how this dynamic situation will evolve or the impact it will have on the Company. See Item 1A, "Risk Factors" for discussion of risk related to our business and operations.
Environmental, Social and Governance Matters
We are subject to a variety of federal, state, local and foreign environmental laws and regulations. In addition, our operations may become subject to future laws and regulations, including those related to climate change and environmental sustainability. Although we do not currently anticipate that the costs of complying with, or the liabilities associated with, environmental laws will materially and adversely affect us, we cannot ensure that we will not incur material costs or liabilities in the future. The Company publicly reports certain climate change-related information via CDP and formed an Environmental, Social and Governance ("ESG") task force to address ESG matters. The Board of Directors authorized the Nominating and Corporate Governance Committee to oversee the Company's ESG efforts, which includes climate-related risks and opportunities.
See Item 1A, "Risk Factors", for discussion of risks related to our global climate-related risks and ESG matters.
Company Website and Available Information
Our corporate headquarters is located at 19886 Ashburn Road, Ashburn, Virginia 20147, and our telephone number is (703) 724-3800. Our website can be accessed at www.telos.com, which contains information about our Company and operations. Through a link on the Investor Relations section of our website, copies of each of our filings with the U.S. Securities and Exchange Commission ("SEC") can be viewed and downloaded free of charge as soon as reasonably practicable after the reports and amendments are electronically filed with or furnished to the SEC. The information on our website is not incorporated by reference into and is not part of this Annual Report on Form 10-K.
The SEC also maintains a website (www.sec.gov) that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC, including Telos.
11
Item 1A. Risk Factors
In your evaluation of the Company and business, you should carefully consider the risks and uncertainties as described below, together with the information included elsewhere in this Annual Report on Form 10-K and other documents we file with the SEC. These factors, as well as additional risks and uncertainties not currently known to us or that we currently believe are immaterial, may currently have, or may have, a significant impact on our business, operating results or financial condition. Actual results could differ materially from those projected in the forward-looking statements contained in this Form 10-K as a result of the risk factors discussed below and elsewhere in this Form 10-K.
Business and Operational Risks
If our security measures or those of our third-party data center hosting facilities, cloud computing platform providers or third-party service partners are inadequate, or if the underlying infrastructure of the internet is breached, or if unauthorized access to a customer's data or our data or our IT systems is obtained, or if authorized access to our customer's data or our data or our IT systems is blocked or disabled, our services may be perceived as not being secure, customers may curtail or stop using our services, and we may incur significant reputational harm, legal exposure and liabilities, or a negative financial impact.
Our services sometimes involve the storage and transmission of our customers' and our customers' customers' proprietary and other sensitive data, including financial information and personally identifiable information. While we have security measures in place to protect our customers and our customers' customers' data, our services and underlying infrastructure may in the future be materially breached or compromised as a result of the following:
•Third-party attempts to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords or other information to gain access to our customers' data, our data or our IT systems;
•Efforts by individuals or groups of hackers and sophisticated organizations, including state-sponsored organizations or nation-states;
•Cyberattacks on our internally built infrastructure;
•Vulnerabilities resulting from enhancements and updates to our existing solutions;
•Vulnerabilities in the products or components across the broad ecosystem that our services operate in or are dependent on;
•Vulnerabilities existing within newly acquired or integrated technologies and infrastructures;
•Attacks on, or vulnerabilities in, the many different underlying networks and services that power the internet that our products depend on, most of which are not under our control or the control of our vendors, partners, or customers; and
•Employee or contractor errors or intentional acts that compromise our security systems.
These risks are mitigated, to the extent possible, by our ability to maintain and improve business and data governance policies, enhanced processes and internal security controls, including our ability to escalate and respond to known and potential risks. Although we have developed systems and processes designed to protect our customers' and our customers' customers' sensitive data, as well as our data, we can provide no assurances that such measures will provide absolute security. In the normal course of business, we are the target of malicious cyberattack attempts. To date, any such attempts have not been material or significant to us, including to our reputation or business operations, or had a material financial impact, but there can be no assurance that future cyberattacks will not be material or significant.
A security breach or incident could result in unauthorized parties obtaining access to, or the denial of authorized access to, our IT systems or data, or our customers' systems or data, including intellectual property, proprietary, sensitive, or other confidential information. A security breach could also result in a loss of confidence in the security of our services, damage our reputation, negatively impact our future sales, disrupt our business and lead to increases in insurance premiums and legal and financial exposure and liability. Finally, the detection, prevention and remediation of known or potential security vulnerabilities, including those arising from third-party hardware or software, may result in additional financial burdens due to additional direct and indirect costs, such as additional infrastructure capacity spending to mitigate any system degradation.
12
Our business could be negatively affected by cyber or other security threats or other disruptions.
As a cybersecurity company and a U.S. defense contractor, we face cyber threats, threats to the physical security of our facilities and employees, and terrorist acts. We are also exposed to the potential for business disruptions associated with information technology failures, natural disasters, or public health or economic crises, such as that created by the COVID-19 pandemic. We routinely experience cybersecurity threats, threats to our information technology infrastructure and attempts to gain access to our sensitive information, as do our customers, suppliers, subcontractors and joint venture partners. We may experience similar security threats at customer sites that we operate and manage as a contractual requirement. The threats we face vary from attacks common to most industries to more advanced and persistent, highly organized adversaries who target us because we protect national security information. If we are unable to protect sensitive information, our customers or governmental authorities could question the adequacy of our threat mitigation and detection processes and procedures. Due to the evolving nature of these security threats, however, the impact of any future incident cannot be predicted. The occurrence of any of these events could adversely affect our internal operations, the services we provide to our customers, loss of competitive advantages derived from our research and development efforts or other intellectual property, early obsolescence of our products and services, our future financial results, or our reputation.
If our customers do not renew their subscriptions or contracts for our solutions and services and expand our relationship with them, our revenue could decline and our results of operations would be adversely impacted.
It is important that our existing customers renew their subscriptions or contracts for our solutions and services when existing contract terms expire, in order for us to maintain or improve our results of operations. Our customers have no obligation to renew or extend their subscriptions or contracts for our solutions or services after the expiration of the contractual periods, which vary in length, and in the normal course of business, some customers have elected not to renew or extend. It is difficult to predict attrition rates given the varying needs of our customer base. Our attrition rates may increase or fluctuate as a result of a number of factors, including customer dissatisfaction with our services, customers' spending levels, mix of customer base, decreases in the number of users at our customers, competition, pricing increases or changes, and deteriorating general economic conditions or budgetary constraints.
Our future success also depends in part on our ability to expand our relationship with our current customers by selling additional features and services, more subscriptions or enhanced editions of our services. This may also require increasingly sophisticated and costly sales efforts that are targeted at senior leaders. Similarly, the rate at which our customers purchase new or enhanced services depends on a number of factors, some of which are beyond our control.
If customers do not renew or extend their subscriptions or contracts, do not purchase additional features or enhanced solutions, or if attrition rates increase, our business could be harmed.
We are dependent on a few key customer contracts for a significant portion of our future revenue, and a significant reduction in services or delay in implementation to one or more of these contracts would reduce or delay our future revenue and could materially affect our anticipated operating results.
A small number of our large customer contracts are expected to comprise a significant portion of our future revenue. Our business will likely be harmed if any of our key customer contracts generate less revenue than we forecast, and the termination or delay of a large contract or multiple contracts could have a material adverse effect on our revenue and profitability. Adverse events affecting the programs subject to these contracts could also negatively affect our ability to process transactions under those contracts, which could adversely affect our revenue and the results of operations.
Some of our security solutions have lengthy sales and implementation cycles, which could significantly impact our results of operations if projected orders are not realized.
We market the majority of our security solutions directly to U.S. government customers. The sale and implementation of our services to these entities typically involves a lengthy education process and a significant technical evaluation and commitment of capital and other resources. This process is also subject to the risk of delays associated with customers' internal budgeting and other procedures for approving large capital expenditures, deploying new technologies within their networks and testing and accepting new technologies that affect key operations. As a result, the sales and implementation cycles associated with certain of our services can be lengthy. Our quarterly and annual operating results could be materially harmed if orders forecasted for a specific customer for a particular period of time are not realized.
13
Failure to deliver high-quality technical support services may adversely affect our relationships with our customers and our financial results.
Our customers depend on our support organization to resolve technical issues relating to our solutions and offerings. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. In addition, our sales process is highly dependent on the reputation of our solutions and business reputation and on positive recommendations from our existing customers. Failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality support, could adversely affect our reputation, our ability to sell our offerings to existing and prospective customers, and our business, operating results and financial position.
Failure to effectively develop and execute our sales and business development capabilities will impair our ability to grow.
Our ability to increase our customer base and achieve broader market acceptance of our solutions and services will depend, to a significant extent, on our ability to perform at a high level in our sales and marketing operations and activities. We believe that selling and marketing our security solutions requires advanced sales skills, customer relationships and technical knowledge to generate interest and effectively communicate our solutions or services to new markets.
We may not achieve anticipated revenue growth from our sales force if we are unable to hire and develop talented sales personnel, if our new sales personnel are unable to achieve desired productivity levels in a reasonable period of time or if we are unable to retain our existing sales force. In addition, we are also dependent on the effectiveness of our channel partners and our ability to attract and retain additional motivated channel partners to successfully market, resell, implement or support our solutions for their customers.
A failure to attract, train, retain and motivate key and skilled employees, including key members of our management team, would adversely affect our ability to execute our strategy and may disrupt our operations.
Our success depends upon the continued services of our highly qualified and experienced executive officers and other key members of management. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives. Such changes in our executive management team may be disruptive to our business.
We are also substantially dependent on the continued service of our existing highly trained and skilled personnel, particularly our business development and operations group, because of the complexity of our services and technologies. The technology industry is subject to substantial and continuous competition for engineers and other subject matter experts with high levels of experience in designing, developing and managing software, cybersecurity, and internet-related services, as well as competition for sales executives, data scientists and operations personnel. Competition for skilled personnel is intense and many U.S. government programs also require contractors to have security clearances, certain of which can be difficult and time-consuming to obtain.
We may not be successful in attracting and retaining qualified personnel. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring, developing, integrating and retaining highly skilled employees with appropriate qualifications. These difficulties may be amplified by evolving restrictions on immigration, travel, or the availability of visas for skilled technology workers. These difficulties could be further amplified by the high cost of living in the Washington D.C. metropolitan area, where our headquarters and one of our other offices are located. If we fail to attract new personnel or fail to retain and motivate our current key employees or group, our business and future growth prospects could be severely harmed.
We depend on computing infrastructure operated by third parties to support some of our solutions and customers, and any errors, disruption, performance problems, or failure in their or our operational infrastructure could adversely affect our business, financial condition, and results of operations.
We rely on the technology, infrastructure, and software applications of certain third parties in order to host or operate some of certain key platform features or functions of our business. Additionally, we rely on third-party computer hardware and cloud capabilities in order to deliver our solutions and services. We do not have control over the operations of the facilities of the third parties that we use. If any of these third-party services experience errors, disruptions, security issues, or other performance deficiencies; if they are updated such that our solutions become incompatible; if these services, software, or hardware fails or becomes unavailable due to extended outages, interruptions, defects, or otherwise; or if they are no longer available on commercially reasonable terms or prices (or at all), these issues could result in errors or defects in our solutions, failure of our solutions to perform, decline in our revenue and margins, damage to our reputation and brand, exposure to legal or contractual liability, increase in our expenses, and interruption in our ability to manage our operations. In addition, our processes for managing our sales and servicing our customers could be impaired until equivalent services or technology, if available, are identified, procured, and implemented, all of which may take significant time and resources, increase our costs, and could adversely affect our business. Many of these third-party providers attempt to impose limitations on their liability for such errors, disruptions, defects, performance deficiencies, or failures, and if enforceable, we may have additional liability to our customers or third-party providers.
14
In the future, we may experience disruptions, failures, data loss, outages, and other performance problems with our infrastructure and cloud-based offerings due to a variety of factors, including infrastructure changes, introductions of new functionality, human or software errors, employee misconduct, capacity constraints, denial of service attacks, phishing attacks, computer viruses, malicious or destructive code, or other security-related incidents, and our disaster recovery planning may not be sufficient for all situations. If we experience disruptions, failures, data loss, outages, or other performance problems, our business, financial condition, and results of operations could be adversely affected.
Our systems and the third-party systems upon which we and our customers rely are also vulnerable to damage or interruption from catastrophic occurrences such as earthquakes, floods, fires, power loss, telecommunication failures, cybersecurity threats, terrorist attacks, social unrest, natural disasters, public health crises, geopolitical and similar events, or acts of misconduct. Despite any precautions we may take, the occurrence of a catastrophic disaster or other unanticipated problems at our or our third-party vendors' hosting facilities, or within our systems or the systems of third parties upon which we rely, could result in interruptions, performance problems, or failure of our infrastructure, technology, or solutions, which may adversely impact our business. In addition, our ability to conduct normal business operations could be severely affected. In the event of significant physical damage to one of these facilities, it may take a significant period of time to achieve full resumption of our services, and our disaster recovery planning may not account for all eventualities. In addition, any negative publicity arising from these disruptions could harm our reputation and brand and adversely affect our business.
Furthermore, our solutions are, in many cases, important or essential to our customers' operations, including in some cases, their cybersecurity or oversight and compliance programs, and subject to service level agreements. Any interruption in our service, whether as a result of an internal or third-party issue, could damage our brand and reputation, cause our customers to terminate or not renew their contracts with us or decrease the use of our solutions and services, require us to indemnify our customers against certain losses, result in our issuing credit or paying penalties or fines, subject us to other losses or liabilities, cause our solutions to be perceived as unreliable or unsecure, and prevent us from gaining new or additional business from current or future customers, any of which could harm our business, financial condition, and results of operations.
Moreover, to the extent that we do not effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business, financial condition, and results of operations could be adversely affected. The provisioning of additional cloud hosting capacity requires lead time. These third parties have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If these third parties increase pricing terms, terminate or seek to terminate our contractual relationship, establish more favorable relationships with our competitors, or change or interpret their terms of service or policies in a manner that is unfavorable with respect to us, we may be required to transfer to other cloud providers or invest in a private cloud. In that case, we could incur significant costs and experience possible service interruption in connection with doing so, or risk loss of customer contracts if they are unwilling to accept such a change.
A failure to maintain our relationships with our third-party providers (or obtain adequate replacements), and to receive services from such providers that do not contain any material errors or defects, could adversely affect our ability to deliver effective products and solutions to our customers and adversely affect our business and results of operations.
If we are unable to protect our intellectual property or have insufficient proprietary rights, our business may be adversely impacted.
Our success depends on our internally developed technologies, patents and other intellectual property. Despite our precautions, it may be possible for a third party to copy or otherwise obtain and use our trade secrets or other forms of intellectual property without authorization. Furthermore, the laws of foreign countries may not protect our proprietary rights in those countries to the same extent U.S. law protects these rights in the United States. In addition, it is possible that others may independently develop substantially equivalent intellectual property. If we do not effectively protect our intellectual property, our business could suffer. In the future, we may have to resort to litigation to enforce our intellectual property rights, protect our trade secrets, or determine the validity and scope of the proprietary rights of others. Regardless of outcome, this type of litigation could result in substantial costs and diversion of management and technical resources.
Our future profitability depends, in part, on our ability to develop new technologies.
Virtually all of the products we produce and sell are highly engineered and require sophisticated manufacturing and system integration techniques and capabilities. The government market in which we primarily operate is characterized by rapidly changing technologies. The product and program needs of our government and commercial customers change and evolve regularly. Accordingly, our future performance in part depends on our ability to identify emerging technological trends, develop and manufacture competitive products, and bring those products to market quickly at cost-effective prices. If we are unable to develop new products that meet customers' changing needs, future sales and earnings may be adversely affected.
15
We enter into fixed-price and other contracts that could adversely impact our earnings and profitability if we fail to estimate and manage costs, time, and resources accurately.
Generally, our customer contracts are either fixed-priced or cost-reimbursable. Under fixed-price contracts, which represented approximately 82.9% of our 2022 revenues, we receive a fixed price irrespective of the actual costs we incur and, consequently, we carry the burden of any cost overruns. Due to their nature, fixed-price contracts inherently have more risk than cost-reimbursable contracts, particularly fixed-price development contracts where the costs to complete the development stage of the program can be highly variable, uncertain and difficult to estimate. Under cost-reimbursable contracts, subject to a contract-ceiling amount in certain cases, we are reimbursed for allowable costs and paid a fee, which may be fixed or performance-based. If our costs exceed the contract ceiling and are not authorized by the customer or are not allowable under the contract or applicable regulations, we may not be able to obtain reimbursement for all such costs and our fees may be reduced or eliminated. Because many of our contracts involve advanced designs and innovative technologies, we may experience unforeseen technological difficulties and cost overruns. Under both types of contracts, if we are unable to control costs or if our initial cost estimates are incorrect, we can lose money on these contracts. In addition, some of our contracts have provisions relating to cost controls and audit rights, and if we fail to meet the terms specified in those contracts, we may not realize their full benefits. Lower earnings caused by cost overruns or poor cost controls would have a negative impact on our results of operations.
We will face risks associated with the growth of our business in new commercial markets and with new customer verticals, and we may neither be able to continue our organic growth nor have the necessary resources to dedicate to the overall growth of our business.
We plan to expand our operations in new commercial markets, including those where we may have limited operating experience, and may be subject to increased business, technology and economic risks that could affect our financial results. In recent periods, we have increased our focus on commercial customers. In the future, we may increasingly focus on such customers, including in the banking, financial services, healthcare, manufacturing, telecommunication, airlines and aerospace, insurance, retail, transportation, shipping and logistics, and energy industries, as well as other critical infrastructure industries. Entering new verticals and expanding in the verticals in which we are already operating will continue to require significant resources and there is no guarantee that such efforts will be successful or beneficial to us.
Historically, sales to a new customer have often led to additional sales to the same customer or similarly situated customers. As we expand into and within new and emerging markets and heavily regulated industry verticals, we will likely face additional regulatory scrutiny, risks, and burdens from the governments and agencies which regulate those markets and industries. While this approach to expansion within new commercial markets and verticals has proven successful in the past, it is uncertain we will achieve the same penetration and organic growth in the future, and our reputation, business, financial condition, and results of operations could be negatively impacted.
Our growth depends, in part, on the success of our strategic relationship with our partner organizations or channel partners.
To grow our business, we will continue to build, grow and maintain relationships with third parties, such as partner organizations or channel partners, that provide complementary cybersecurity offerings. Identifying partners, and negotiating relationships with them, requires significant time and resources. The relationship we have with our partners, and that our partners have with our customers, provides our customers with enhanced value for our solutions and services.
Our agreements with our partners are generally non-exclusive; therefore, our partners may offer customer solutions from several companies, including solutions and services that compete with ours. If our partners do not effectively market and sell our solutions or services, or use greater efforts to market and sell their solutions or those of our competitors, or fail to meet the needs of our customers, or if we are unsuccessful in establishing or maintaining our relationships with our partners, our ability to compete in the marketplace or to grow our revenue could be impaired, and our results of operations could be adversely affected.
If we are unable to license third-party technology that is used in our products and services to perform key functions, the loss could have an adverse effect on our revenues.
The third-party technology licenses used by us may not continue to be available on commercially reasonable terms or at all. Our business could suffer if we lost the right to use these technologies. A third party could claim that the licensed software infringes a patent or other proprietary right. Litigation between the licensor and a third party or between a third party and us could lead to royalty obligations for which we are not indemnified or for which indemnification is insufficient, or we may not be able to obtain any additional license on commercially reasonable terms or at all. The loss of, or our inability to obtain or maintain, any of these technology licenses could delay the introduction of new products or services until equivalent technology, if available, is identified, licensed and integrated. This could harm our business.
16
We depend on third parties for certain operational services and components of our products in order to fully perform under our contracts, and the failure or disruption of a third party to perform these services could have an adverse impact on our business.
We rely on subcontractors and other suppliers to provide raw materials, major components and subsystems for our products or to perform a portion of the services that we provide to our customers. Occasionally, we rely on only one or two sources of supply, which, if disrupted, could have an adverse effect on our ability to meet our commitments to customers. We depend on these subcontractors and suppliers to fulfill their contractual obligations in a timely and satisfactory manner in full compliance with customer requirements. If one or more of our subcontractors or suppliers is unable to satisfactorily provide on a timely basis the agreed-upon supplies or perform the agreed-upon services, our ability to perform our obligations as a prime contractor may be adversely affected.
Our pricing structures for our solutions and services may change from time to time, which could adversely impact our business, financial condition and results of operations.
We expect that we may change our pricing model from time to time, including as a result of competition, global economic conditions, and general reductions in our customers' spending levels, pricing studies, or changes in how our solutions are broadly consumed. Similarly, as we introduce new products and services, or as a result of the evolution of our existing solutions and services, we may have difficulty determining the appropriate price structure for our products and services. In addition, as new and existing competitors introduce new products or services that compete with ours, or revise their pricing structures, we may be unable to attract new customers at the same price or based on the same pricing model as we have used historically. Moreover, as we continue to target selling our solutions and services to larger organizations, these larger organizations may demand substantial price concessions. In addition, we may need to change pricing policies to accommodate government pricing guidelines for our contracts with federal, state, local, and foreign governments and government agencies. If we are unable to modify or develop pricing models and strategies that are attractive to existing and prospective customers, while enabling us to significantly grow our sales and revenue relative to our associated costs and expenses in a reasonable period of time, our business, financial condition, and results of operations may be adversely impacted.
Sales to customers outside the United States expose us to risks inherent in international operations.
We sell our services outside the U.S. and are subject to risks and challenges associated with international business. The risks and challenges associated with sales to customers outside the U.S. or those that can affect international operations generally, include:
•Localization of our services, including translation into foreign languages and associated expenses;
•Regulatory frameworks or business practices favoring local competitors;
•Pressure on the creditworthiness of sovereign nations;
•Evolving domestic and international tax environments;
•Liquidity issues or political actions by sovereign nations, including nations with a controlled currency environment, which could result in decreased values of foreign-denominated balances or potential difficulties protecting our foreign assets or satisfying local obligations;
•Foreign currency fluctuations and controls, which may make our services more expensive for international customers and could add volatility to our operating results;
•Compliance with multiple, conflicting, ambiguous or evolving governmental laws and regulations, including employment, tax, privacy, anti-corruption, import/export, antitrust, data transfer, storage and protection, and industry-specific laws and regulations, including rules related to compliance by our third-party resellers and our ability to identify and respond timely to compliance issues when they occur;
•Vetting and monitoring our third-party resellers in new and evolving markets to confirm they maintain standards consistent with our brand and reputation;
•Changes in the public perception of governments in the regions where we operate or plan to operate;
•Treatment of revenue from international sources, intellectual property considerations and changes to tax codes, including being subject to foreign tax laws and being liable for paying withholding income or other taxes in foreign jurisdictions;
•Different pricing environments;
•Difficulties in staffing and managing foreign operations;
•Different or lesser protection of our intellectual property;
17
•Longer accounts receivable payment cycles and other collection difficulties;
•Natural disasters, acts of war, terrorism, pandemics or security breaches; and
•Regional economic and political conditions.
Any of these factors could negatively impact our business and results of operations. The above factors may also negatively impact our ability to successfully expand into emerging market countries, where we have little or no operating experience, where it can be costly and challenging to establish and maintain operations, including hiring and managing required personnel, and difficult to promote our brand, and where we may not benefit from any first-to-market advantage or otherwise succeed.
We are involved in a number of legal proceedings. We cannot predict the outcome of litigation and other contingencies with certainty.
Our business may be adversely affected by the outcome of legal proceedings and other contingencies that cannot be predicted with certainty. As required by the U.S. GAAP, we estimate loss contingencies and establish reserves based on our assessment of contingencies where liability is deemed probable and reasonably estimable in light of the facts and circumstances known to us at a particular point in time. Subsequent developments in legal proceedings may affect our assessment and estimates of the loss contingency recorded as a liability or as a reserve against assets in our financial statements. For a description of our current legal proceedings, see Note 22 – Commitments and Contingencies to the consolidated financial statements.
Potential future acquisitions, strategic investments, partnerships, divestitures, mergers or joint ventures may subject us to significant risks, any of which could harm our business.
Our long-term strategy may include identifying and acquiring, partnering with, investing in or merging with suitable candidates on acceptable terms, or divesting of certain business lines or activities. In particular, over time, we may acquire, make investments in, partner or merge with providers of product offerings that complement our business or may terminate such activities. Partnerships, mergers, joint ventures, acquisitions, and divestitures include a number of risks and present financial, managerial and operational challenges, including but not limited to:
•Diversion of management attention from running our existing business;
•Possible material weaknesses in internal control over financial reporting;
•Increased expenses, including legal, administrative and compensation expenses related to newly hired or terminated employees;
•Increased costs to integrate the technology, personnel, customer base and business practices of the acquired company with us;
•Potential exposure to material liabilities not discovered in the due diligence process;
•Potential adverse effects on reported operating results due to possible write-down of goodwill and other intangible assets associated with acquisitions; and
•Unavailability of acquisition financing or unavailability of such financing on reasonable terms.
Any acquired business, technology, service or product could significantly underperform relative to our expectations and may not achieve the benefits we expect from possible acquisitions. For all these reasons, our pursuit of an acquisition, partnership, investment, divestiture, merger, or joint venture could cause its actual results to differ materially from those anticipated.
Industry and Economic Risk
The business environment in which we operate is highly competitive, and we may not be able to compete successfully against existing or future competitors.
We operate in diverse industry segments. Based on our current market analysis, there is no single company or small group of companies in a dominant competitive position. Some large competitors offer capabilities in a number of markets that overlap many of the same areas in which we offer services, while certain companies are focused upon only one or a few of such markets. Some of the firms that compete with us in multiple areas include Northrop Grumman, Lockheed Martin, General Dynamics, Perspecta and Idemia. In addition, we compete with smaller specialty companies, including risk and compliance management companies, organizational messaging companies, and security consulting organizations, and companies that provide secure network offerings. If we do not compete effectively, we may suffer price reductions, reduced gross margins, and loss of market share.
18
Due to the competitive bidding process to obtain U.S. government contracts, both upon initial issuance and re-competition, and the likelihood of bid protest, we may be unable to achieve or sustain revenue growth and profitability.
Many of our U.S. government contracts are awarded through a competitive bidding process upon initial award and renewal, and we expect this will continue. There is often significant competition and pricing pressure as a result of this process. The competitive bidding process presents a number of risks, including the following:
•We may expend substantial funds and time to prepare bids and proposals for contracts that may ultimately be awarded to one of our competitors;
•We may be unable to accurately estimate the resources and costs that will be required to perform any contract we are awarded, which could result in substantial cost overruns and decreased margins;
•We may encounter expense and delay if our competitors protest or challenge awards of contracts, and any such protest or challenge could result in a requirement to resubmit bids on modified specifications or in the termination, reduction or modification of the awarded contract;
•The protest of contracts awarded to us may result in the delay of program performance and the generation of revenue while the protest is pending; and
•If we are not given the opportunity to re-compete for U.S. government contracts previously awarded to us, we may incur expenses to protest such a decision and ultimately may not succeed in competing for or winning such contract renewal.
The U.S. government contracts for which we compete typically have multiple option periods, and if we fail to win a contract or a task order, we generally will be unable to compete again for that contract for several years. If we fail to win new contracts or to receive renewal contracts upon re-competition, it may result in additional costs and expenses and possible loss of revenue, and we will not have an opportunity to compete for these contract opportunities again until such contracts expire.
We depend, in part, on sales to the U.S. government, and changes in spending or budgetary priorities or delays in contract awards may significantly affect our future revenue and adversely impact our financial condition and results of operations.
Our sales are highly concentrated with the U.S. government. The customer relationship with the U.S. government involves certain unique risks. The programs we participate in must compete with other programs and policy imperatives during the budget and appropriations process. In each of the past three years, a substantial portion of our sales was to the U.S. government, particularly the DoD. The U.S. government's defense spending has historically been cyclical. Defense budgets have received their strongest support when perceived threats to national security raise the level of concern over the country's safety. As these threats subside, spending on the military tends to decrease. Rising budget deficits, increasing national debt, the cost of the global war on terrorism, increasing costs for entitlement programs, cost of new domestic initiatives, and the large and continued costs of combating the pandemic and addressing the health concerns and economic dislocation caused by COVID-19, continue to put pressure on all areas of discretionary spending.
If government funding relating to our contracts with the U.S. government becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contracts or subcontracts may be terminated or adjusted by the U.S. government or the prime contractor. Our operating results could also be adversely affected by spending caps or changes in the budgetary priorities of the U.S. government, as well as delays in program starts or the award of contracts or task orders under contracts.
U.S. government may terminate, cancel, modify or curtail our contracts at any time prior to completion and, if we do not replace them, this may adversely affect our future revenues and could adversely impact our earnings.
Many of the U.S. government programs in which we participate, both as a contractor or subcontractor, extend for several years and include one or more base years and one or more option years. These programs are typically funded on an annual basis. Under these contracts, the U.S. government generally has the right not to exercise options to extend or expand our contracts and may otherwise terminate, cancel, modify or curtail our contracts at its convenience.
First, the process may be delayed or disrupted. Changes in congressional schedules, negotiations for program funding levels or unforeseen world events can interrupt the funding for a program or contract. Second, funds for multi-year contracts can be changed in subsequent years in the appropriations process. In addition, the U.S. government has increasingly relied on IDIQ contracts and other procurement vehicles that are subject to a competitive bidding and funding process even after the award of the basic contract, adding an element of uncertainty to future funding levels. Delays in the funding process or changes in funding or funding priorities can impact the timing of available funds or can lead to changes in program content or termination at the government's convenience.
Any decisions by the U.S. government to not exercise contract options or to terminate, cancel, modify or curtail our major programs or contracts would adversely affect our revenues, revenue growth and profitability.
19
We are subject to the seasonality of U.S. government spending.
We derive a substantial portion of our revenues from U.S. government contracting, and as a result, we are subject to the annual seasonality of U.S. government purchasing. Because the U.S. government fiscal year ends on September 30, it is common for U.S. government agencies to award extra tasks in the weeks immediately prior to the end of its fiscal year in order to avoid the loss of unexpended fiscal year funds. As a result of this seasonality, we have historically experienced higher revenues in our third and fourth fiscal quarters, ending September 30 and December 31, respectively, with the pace of orders typically substantially reduced during our first and second fiscal quarters ending March 31 and June 30, respectively.
Legal and Regulatory Risks
Our business is subject to complex and evolving U.S. and non-U.S. laws and regulations regarding privacy, data protection and security, technology protection, and other matters. Many of these laws and regulations are subject to change and uncertain interpretation, and could result in claims, changes to our business practices, monetary penalties, increased cost of operations, or otherwise harm our business.
We are subject to a variety of local, state, national, and international laws and directives and regulations in the United States and abroad that involve matters central to our business, including privacy and data protection, data security, data storage, retention, transfer and deletion, technology protection, and personal information. Foreign data protection, data security, privacy, and other laws and regulations can impose different obligations or be more restrictive than those in the United States. These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to remain uncertain for the foreseeable future. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices. A number of proposals are pending before U.S. federal, state, and foreign legislative and regulatory bodies that could significantly affect our business.
The overarching complexity of privacy and data protection laws and regulations around the world pose a compliance challenge that could manifest in costs, damages, or liability in other forms as a result of failure to implement proper programmatic controls, failure to adhere to those controls, or the malicious or inadvertent breach of applicable privacy and data protection requirements by us, our employees, our business partners, or our customers.
In addition to government regulation, self-regulatory standards and other industry standards may legally or contractually apply to us, be argued to apply to us, or we may elect to comply with such standards or to facilitate our customers' compliance with such standards. Because privacy, data protection, and information security are critical competitive factors in our industry, we may make statements on our website, in marketing materials, or in other settings about our data security measures and our compliance with, or our ability to facilitate our customers' compliance with, these standards.
We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection, and information security, and we cannot yet determine the impact such future laws, regulations and standards, or amendments to or re-interpretations of existing laws and regulations, industry standards, or other obligations may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, and contractual and other obligations may require us to incur additional costs and restrict our business operations. As these legal regimes relating to privacy, data protection, and information security continue to evolve, they may result in ever-increasing public scrutiny and escalating levels of enforcement and sanctions. Furthermore, because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy, data protection, and information security are uncertain, these laws, standards, and contractual and other obligations may be interpreted and applied in a manner that is, or is alleged to be, inconsistent with our data management practices, our policies or procedures, or the features of our solutions. If so, in addition to the possibility of fines, lawsuits, and other claims, we could be required to fundamentally change our business activities and practices or modify our solutions, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to fulfill existing obligations, make enhancements, or develop new solutions and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our solutions.
20
These existing and proposed laws and regulations can be costly to comply with and can make our solutions and services less effective or valuable, delay or impede the development of new products, result in negative publicity, increase our operating costs, require us to modify our data handling practices, limit our operations, impose substantial fines and penalties, require significant management time and attention, or put our data or technology at risk. Any failure or perceived failure by us or our solutions to comply with U.S. or applicable foreign laws, regulations, directives, policies, industry standards, or legal obligations relating to privacy, data protection, or information security, or any security incident that results in loss of or the unauthorized access to, or acquisition, use, release, or transfer of, personal information, personal data, or other customer or sensitive data or information may result in governmental investigations, inquiries, enforcement actions and prosecutions, private claims and litigation, indemnification or other contractual obligations, other remedies, including fines or demands that we modify or cease existing business practices, or adverse publicity, and related costs and liabilities, which could significantly and adversely affect our business and results of operations.
We are subject to substantial oversight from federal agencies that have the authority to suspend our ability to bid on contracts.
As a U.S. government contractor, we are subject to oversight by many agencies and entities of the U.S. government that may investigate and make inquiries about our business practices and conduct audits of contract performance and cost accounting. Depending on the results of any such audits and investigations, the U.S. government may make claims against us. Under U.S. government procurement regulations and practices, an indictment of a U.S. government contractor could result in that contractor being fined and/or suspended for a period of time from eligibility for bidding on, or for the award of, new U.S. government contracts. A conviction could result in debarment for a specified period of time. To the best of management's knowledge, there are no pending government investigations, inquiries, claims or audits against the Company likely to have a material adverse effect on our business or our consolidated results of operations, cash flows or financial position.
We are subject to governmental export and import controls that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.
Some of our solutions are subject to export and import controls, including, without limitation, the Department of State's Directorate of Defense Trade Controls, the Commerce Department's Export Administration Regulations, U.S. Customs regulations and various economic and trade sanctions regulations established by the Treasury Department's Office of Foreign Assets Control. If we fail to comply with these U.S. export control laws and import laws, we and certain of our employees could be subject to substantial civil or criminal penalties, including the possible loss of export or import privileges; fines, which may be imposed on us and responsible employees or managers; and, in extreme cases, the incarceration of responsible employees or managers. Obtaining the necessary authorizations, including any required license, may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities.
Furthermore, the U.S. export control laws and economic sanctions laws prohibit the shipment of certain products and services to U.S. embargoed or sanctioned countries, governments and persons. Even though we take precautions to prevent our solutions from being provisioned or provided to U.S. sanctions targets in violation of applicable regulations, our solutions could be provisioned to those targets despite such precautions. Any such sales could have negative consequences, including government investigations, penalties and reputational harm. Changes in our solutions or changes in export and import regulations may create delays in the introduction, sale and deployment of our solutions in international markets or prevent the export or import of our solutions to certain countries, governments or persons altogether. Any decreased use of our solutions or limitation on our ability to export or sell our solutions may adversely affect our business, financial condition and results of operations.
Risks Related to Our Financial Reporting and Common Stock
We may fail to meet our publicly announced guidance and other expectations about our business and operating results, which may cause our stock price to decline.
From time to time, we may release guidance in our quarterly earnings conference calls, quarterly earnings releases, or otherwise, regarding our future performance that represents our management's estimates as of the date of release. This guidance, which includes forward-looking statements, is based on projections prepared by our management. Projections are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic and competitive uncertainties and contingencies, many of which are beyond our control and are based upon specific assumptions with respect to future business decisions, some of which will change. Our aim is to state possible outcomes as high and low ranges to provide a sensitivity analysis as variables are changed but are not intended to imply that actual results could not fall outside of the suggested ranges. The principal reason that we release guidance is to provide a basis for our management to discuss our business outlook with analysts and investors. We do not accept any responsibility for any projections or reports published by any such third parties.
21
Guidance is necessarily speculative in nature, and it can be expected that some or all of the assumptions underlying the guidance furnished by us will not materialize or will vary significantly from actual results. Accordingly, our guidance is only an estimate of what management believes is realizable as of the date of release. Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances beyond our control could result in the actual operating results being different from our guidance, and the differences may be adverse and material. In light of the foregoing, investors are urged not to rely upon our guidance in making an investment decision regarding our common stock.
Furthermore, if we make downward revisions to our previously announced guidance, or if our publicly announced guidance of future operating results fails to meet the expectations of securities analysts, investors or other interested parties, the price of our common stock may decline.
Our quarterly operating results fluctuate and may fall short of prior periods, our projections or the expectations of securities analysts or investors, which could adversely affect the trading price of our stock.
Our operating results have fluctuated from quarter to quarter at points in the past, and they may do so in the future. Therefore, the results of any one quarter may not be a reliable indication of results to be expected for any other quarter or for any year. If we fail to increase our results over prior periods, to achieve our projected results or to meet the expectations of securities analysts or investors, our stock price may decline, and the decrease in the stock price may be disproportionate to the shortfall in our financial performance. Results may be affected by various factors, including those described in these risk factors.
We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value.
In May 2022, our Board of Directors approved a stock repurchase program for the repurchase of up to $50.0 million of our outstanding shares of our common stock. As of December 31, 2022, approximately $38.7 million remained available under the stock repurchase program. The repurchase program has no termination date and may be suspended for periods, amended or discontinued at any time. We are not obligated to repurchase a specified number or dollar value of shares. Share repurchases under the program will be made from time to time in private transactions or open market purchases, as permitted by securities laws and other legal requirements. There can be no guarantee about the timing of our share repurchases, or that the volume of such repurchases will increase. The stock repurchase program could affect the price of our common stock, increase volatility, diminish our cash reserves, and even if fully implemented may not enhance long-term stockholder value.
If we are unable to successfully remediate any material weakness in our internal control over financial reporting, or identify any additional material weaknesses, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
As a public company, we are required to comply with Section 404 of the Sarbanes-Oxley Act. If we fail to abide by the applicable requirements of Section 404, regulatory authorities, such as the SEC, could subject us to sanctions or investigation, and our independent registered public accounting firm may not be able to certify as to the effectiveness of our internal control over financial reporting pursuant to an audit of our controls. Even effective internal controls can provide only reasonable assurance with respect to the preparation and fair presentation of financial statements. Accordingly, our internal control over financial reporting may not prevent or detect misstatements because of their inherent limitations, including the possibility of human error, the circumvention or overriding of controls, or fraud.
In connection with the audit of our consolidated financial statements as of and for the year ended December 31, 2022, we and our independent registered public accounting firm identified a material weakness in our internal control over financial reporting related to the design and controls over the assessment of the accounting for forfeitures of non-standard equity awards. This control deficiency could have resulted in a misstatement of accounts and disclosures that could have resulted in a material misstatement of our annual or interim consolidated financial statements that would not have been prevented or detected. Accordingly, management has determined that this control deficiency constitutes a material weakness.
As further described in Item 9A – Controls and Procedures under Management's Report on Internal control over Financial Reporting, we executed a plan to remediate the material weakness, including the enhancement of existing processes and controls over the accounting for the forfeiture of non-standard equity awards.
22
While we expect to take the measures necessary to address the underlying causes of this material weakness, we cannot provide assurance of when the material weakness will be remediated, nor can we be certain of whether additional actions will be required or the costs of any such actions. Moreover, we cannot provide assurance that additional material weaknesses will not arise in the future. While the material weakness discussed above did not result in material misstatements of our annual or interim consolidated financial statements, any failure to remediate the material weakness, or the identification of new material weaknesses in our internal control over financial reporting, could result in material misstatements in our financial statements that may continue undetected, negatively impacting the public perception of the Company and our securities and cause us to fail to meet our reporting and financial obligations or incur significant additional costs to remediate the material weaknesses, each of which could negatively affect our stock price, harm our ability to raise capital on favorable terms in the future or otherwise have a negative impact on our financial condition.
General Risk Factors
If our judgments or estimates relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could be adversely affected.
The preparation of our consolidated financial statements in conformity with U.S. GAAP requires management to make judgments, estimates, and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock. Significant judgments, estimates, and assumptions used in preparing our consolidated financial statements include, or may in the future include, those related to revenue recognition, goodwill and other long-lived assets, and income taxes.
Weakened global economic conditions may adversely affect our industry, business, operating results and financial condition.
Our overall performance depends in part on worldwide economic and geopolitical conditions. The United States and other key international economies have experienced cyclical downturns from time to time in which economic activity was impacted by falling demand for a variety of goods and services, restricted credit, poor liquidity, reduced corporate profitability, volatility in credit, equity and foreign exchange markets, bankruptcies and overall uncertainty with respect to the economy. These economic conditions can arise suddenly and the full impact of such conditions can remain uncertain at any point in time. In addition, geopolitical developments, such as the recent invasion of Ukraine by Russia, can increase levels of political and economic unpredictability globally and increase the volatility of global financial markets. Moreover, these conditions can affect the rate of information technology spending and could adversely affect our customers' ability or willingness to purchase our solutions and services, delay prospective customers' purchasing decisions, reduce the value or duration of their subscription contracts, or affect attrition rates, all of which could adversely affect our future sales and operating results.
Our business could be adversely affected by events outside of our control, such as natural disasters, fire, power outages and other catastrophic events, and interruption by man-made problems such as wars or terrorism.
We may be impacted by natural disasters, wars, terrorist attacks, power outages, health epidemics or pandemics, or other events outside of our control. If major disasters such as earthquakes, floods, hurricanes, tornadoes, fires, or other events occur, or our information system or communications network breaks down, operates improperly, or is unusable, our headquarters and other facilities may be seriously damaged, or we may have to stop or delay production and delivery of our solutions and services. Although we maintain crisis management and disaster response plans, such events could make it difficult or impossible for us to deliver our solutions and services to our customers, and could decrease demand for our offerings. We may incur shutdowns, delays, disruptions or expenses relating to such events outside of our control, which could have a material adverse impact on our business, operating results and financial condition. Because we do not carry insurance for all of these possible losses, and significant recovery time could be required to resume operations, our financial condition and operating results could be materially adversely affected by such an event outside of our control.
23
Increased scrutiny of our environmental, social and governance responsibilities may result in additional costs and risks, and may adversely impact our reputation, employee retention, and willingness of customers and suppliers to do business with us.
Investor advocacy groups, institutional investors, investment funds, proxy advisory services, stockholders, and customers are increasingly focused on companies' ESG practices. Additionally, public interest and legislative pressure related to public companies' ESG practices continue to grow. If our ESG practices fail to meet regulatory requirements or investor or other industry stakeholders' evolving expectations and standards for responsible corporate citizenship in areas including environmental stewardship, support for local communities, Board of Director and employee diversity, human capital management, employee health and safety practices, product quality, supply chain management, corporate governance and transparency and employing ESG strategies in our operations, our brand, reputation and employee retention may be negatively impacted and customers and suppliers may be unwilling to do business with us. In addition, as we work to align our ESG practices with industry standards, we will likely continue to expand our disclosures in these areas and doing so may result in additional costs and require additional resources to monitor, report, and comply with our various ESG practices. If we fail to adopt ESG standards or practices as quickly as stakeholders desire, report on our ESG efforts or practices accurately, or satisfy the expectations of stakeholders, our reputation, business, financial performance and growth may be adversely impacted.
Changes in accounting principles or their application to us could result in unfavorable accounting charges or effects, which could adversely affect our results of operations and growth prospects.
We prepare consolidated financial statements in accordance with U.S. GAAP. In particular, we make certain estimates and assumptions related to the adoption and interpretation of these principles, including the recognition of our revenue and the accounting of our stock-based compensation expense with respect to our consolidated financial statements. If these assumptions turn out to be incorrect, our revenue or our stock-based compensation expense could materially differ from our expectations, which could have a material adverse effect on our financial results. A change in any of these principles or guidance, or in their interpretations or application to us, may have a significant effect on our reported results, as well as our processes and related controls, and may retroactively affect previously reported results or our forecasts, which may negatively impact our financial statements. For example, any recent new standards issued by the Financial Accounting Standards Board could materially impact our consolidated financial statements. The adoption of these new standards may potentially require enhancements or changes in our processes or systems and may require significant time and cost on behalf of our financial management. This may, in turn, adversely affect our results of operations and growth prospects.
The impact of the ongoing COVID-19, including the resulting global economic disruptions, remains uncertain at this time, and may adversely affect our future business operations, financial condition and our ability to execute on business or contract opportunities.
The COVID-19 pandemic disrupted the normal operations of many businesses and other organizations, including the temporary closure or scale-back of business operations and the imposition of either quarantine or remote work or meeting requirements for employees, either by government order or on a voluntary basis.
The ongoing pandemic may adversely affect our customers' ability to perform their missions and is, in many cases disrupting their operations. It may also result in a change in spending priorities on the part of our customers, which could precipitate the cancellation, delay or deferral of programs, contracts or business opportunities. It may also impact the ability of our subcontractors, partners, and suppliers to operate and fulfill their contractual obligations, and result in an increase in their costs and cause delays in performance. These supply chain effects, and the direct effect of the virus and the disruption on our operations, may negatively impact both our ability to meet customer demand and our revenue and profit margins. Our employees, in some cases, are working remotely due either to safety concerns or to customer-imposed limitations and using various technologies to perform their functions.
Global climate-related risks could negatively affect our business.
There are inherent climate-related risks wherever business is conducted. Access to clean water and reliable energy in the communities where we conduct our business, whether for our offices, vendors, customers or other stakeholders, is a priority. Any of our primary locations may be vulnerable to the adverse effects of climate change. Climate-related events, including the increasing frequency of extreme weather events and their impact on U.S. critical infrastructure, have the potential to disrupt our business, our third-party suppliers, or the operations and business of our customers, and may cause us to experience higher attrition, losses and additional costs to maintain or resume operations.
Increased public awareness and concern regarding global climate change may result in state, federal or international requirements to reduce or mitigate global warming, such as the imposition of carbon pricing mechanisms or stricter limits on greenhouse gas emissions. If environmental or climate-change laws or regulations are adopted or changed that impose significant new costs, operational restrictions or compliance requirements upon our business or our products, they could increase our capital expenditures, reduce our margins and adversely affect our financial position.
24
In addition, our reputation and client relationships may be damaged as a result of our practices related to climate change, including our involvement, or our clients' involvement, in certain industries or projects associated with causing or exacerbating climate change, as well as any decisions we make to continue to conduct or change our activities in response to considerations relating to climate change.
Item 1B. Unresolved Staff Comments
None.
Item 2. Properties
We lease approximately 191,700 square feet of space for our corporate headquarters, integration facility, and primary service depot in Ashburn, Virginia. The lease expires in May 2029.
We lease additional office space in facilities located in Maryland, Virginia, Florida, Alabama and Nevada under various leases expiring through January 2024.
We believe that the current space is substantially adequate to meet our operating requirements.
Item 3. Legal Proceedings
Information regarding legal proceedings may be found in Note 22 - Commitments and Contingencies to the Consolidated Financial Statements.
Item 4. Mine Safety Disclosures
Not applicable.
25
PART II
Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Our common stock is traded on the Nasdaq Global Market under the symbol "TLS." As of March 10, 2023, there were approximately 148 holders of record of Telos common stock. The number of shareholders of record of our common stock may not be representative of the number of beneficial owners due to shares that may be held by depositories, brokers or nominees.
We did not sell any equity securities during the 12 months ended December 31, 2022, that were not registered under the Securities Act and were not previously disclosed on a Quarterly Report on Form 10-Q or a Current Report on Form 8-K.
| Common Stock Purchase Activity During the Three Months Ended December 31, 2022 | |||||||||||||||||||||||
| Period | Total Number of Shares Purchased (1) (2) | Average Price Paid per Share (1) | Total Number of Shares Purchased as Part of Publicly Announced Repurchases Plans (1) | Maximum Dollar Value of Shares that May Yet Be Purchased Under the Plans (1) | |||||||||||||||||||
| October 1, 2022 - October 31, 2022 | 91,106 | $ | 9.22 | 91,106 | $ | 41,477,041 | |||||||||||||||||
| November 1, 2022 - November 30, 2022 | 282,198 | 4.57 | 282,198 | $ | 40,187,217 | ||||||||||||||||||
| December 1, 2022 - December 31, 2022 | 910,380 | 4.63 | 317,688 | $ | 38,715,568 | ||||||||||||||||||
| Total | 1,283,684 | $ | 5.21 | 690,992 | |||||||||||||||||||
(1) On May 24, 2022, the Board of Directors authorized a Share Repurchase Program, pursuant to which the Company can repurchase up to $50.0 million of issued and outstanding common stock. The repurchase program has no expiration date and may be modified, suspended, or terminated at any time. For the fourth quarter of 2022, the Company repurchased 690,992 shares of common stock under the program for an aggregate price of $3.6 million in open market.
(2) The Total Number of Shares Purchased includes shares withheld by the Company upon the vesting of restricted stock units to satisfy tax withholding obligations of the holders of those restricted stock units.
For information regarding securities authorized for issuance under our stock-based compensation plan, see Note 16 - Stock-Based Compensation to the Consolidated Financial Statements contained in Item 8.
26
Stock Performance Graph
This performance graph shall not be deemed to be "soliciting material" or to be "filed" with the SEC, and this performance graph shall not be incorporated by reference into any of Telos filings under the Securities Act or the Securities Exchange Act of 1934 and related regulations, or any other document, whether made before or after the date of this report and despite any general incorporation language contained in a filing or document (except to the extent Telos specifically incorporates this section by reference into a filing or document).
The following graph compares the total cumulative return to stockholders on our common stock since our IPO price of $17.00 on November 19, 2020 (the date our common stock commenced trading on the NASDAQ National Market) to two indices: (i) the Standard & Poor's 500 Index, and (ii) the Russell 2000 Index. An investment of $100 (with reinvestment of all dividends) is assumed to have been made in our common stock and in each index at the market close on November 18, 2020, and its relative performance is tracked quarterly through December 31, 2022. The comparisons in the graph are required by the U.S. Securities and Exchange Commission, based on historical data and are not intended to forecast or be indicative of possible future performance of our common stock.
Item 6. [Reserved]
27
Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations
Forward-Looking Information
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and the related notes to consolidated financial statements included in Part II, Item 8 of this Annual Report on Form 10-K ("10-K"). In addition to historical financial information, the following discussion and analysis contains forward-looking statements that involve risks, uncertainties and assumptions. Our actual results and timing of selected events in future periods may differ materially from those anticipated or implied in these forward-looking statements as a result of many factors, including those discussed under Item 1A, "Risk Factors," and elsewhere in this 10-K. See also "Special Note Regarding Forward-Looking Statements" at the beginning of this 10-K.
Management's Discussion and Analysis for the Year Ended December 31, 2020
Management's discussion and analysis of the financial condition and results of operations for the year December 31, 2020, including a comparison of our results for the years ended December 31, 2021 and 2020, is included in Item 7 of our Annual Report on Form 10-K for the year ended December 31, 2021, which was filed with the Securities and Exchange Commission on March 28, 2022.
Overview
We offer technologically advanced, software-based security solutions that empower and protect the world's most security-conscious organizations against rapidly evolving, sophisticated and pervasive threats. Our portfolio of security products, services and expertise empowers our customers with capabilities to reach new markets, serve their stakeholders more effectively, and successfully defend the nation or their enterprise. We protect our customers' people, information, and digital assets so they can pursue their corporate goals and conduct their global missions with confidence in their security and privacy.
Information regarding our segments is presented in Note 21 - Segment Information to the consolidated financial statements at Item 8 of this Form 10-K.
Business Environment
Our business performance continues to be heavily affected by the overall level of U.S. government spending and the alignment of our solutions with the priorities of the U.S. government. U.S. government spending and contracts continue to be affected by the federal budget, and appropriations process and related legislation.
Congress could not agree on fiscal year ("FY") 2023 appropriations legislation before the start of the fiscal year on October 1, 2022. As a result, the entire federal government operated for nearly three months under the terms of a continuing resolution ("CR"), which only permitted agencies to spend at FY 2022 appropriations levels without any adjustments for the dramatic increase in inflation we have seen over the past year. Moreover, federal departments and agencies were generally precluded from moving forward on new contract starts or accelerating current projects while they were funded by a CR. Congress finally reached an agreement and completed action in late December on an omnibus appropriations package to fund the entire federal government through the remainder of FY 2023.
This final appropriations legislation provided an increase in total defense spending for FY 2023 of $44 billion above the budget proposed last spring by the White House, and represents a $76 billion increase above last year's funding level. It also included significant increases in federal civilian agency (non-defense) cybersecurity funding, including a 15 percent increase from last year for the Cybersecurity and Infrastructure Security Agency for various program enhancements and new initiatives.
The Office of Management and Budget has already given federal departments and agencies guidance for cybersecurity priorities to include in their FY 2024 proposed budgets, including accelerated adoption of the cloud, IT modernization, further private sector collaboration for sector risk management responsibilities and ensuring adequate cyber threat information sharing, and supply chain risk management. We look forward to the President's budget and subsequent congressional action reflecting these priorities, which align with the solutions Telos has been developing and bringing to market for the past several years. For example, Xacta, our flagship offering, continues to set the standard for innovative capabilities in managing cyber risk and automating continuous compliance in on-premises, cloud, and hybrid environments. Our cloud practice area includes cloud migration, CloudSecOps, and cloud security compliance to accelerate IT modernization for business and government. Our Telos ACA platform combines decades of information security experience with an extensive background in cyber intelligence to defend enterprises against advanced cyber threats.
28
Cybersecurity Landscape
In recent years, continuing and increasingly damaging ransomware and other cyberattacks against federal, state and local governments, K-12 and higher education, and private sector enterprises have resulted in intensified efforts to better defend against such attacks. The growing demand for these solutions continues to provide Telos with the privilege of offering our expertise to protect these vitally important organizations.
Ransomware remains arguably the most severe cyber threat to enterprises in the commercial, state, and local government and education sectors. Our Xacta offering empowers these organizations and institutions to maintain a strong cyber risk posture to minimize the risk of ransomware gaining a foothold in their IT environment. Our Telos ACA offering provides real- and near-real-time intelligence into known and unknown threats to give organizations advance warning of ransomware and other threats. Should ransomware get loose in the enterprise network, Telos Ghost, our virtual obfuscation network offering, can hide vital resources from view to prevent the payload from reaching them.
The Nation's Critical Systems Are Still at Risk
Critical infrastructure and industrial IoT are among the categories at greatest risk of cyberattacks. Energy, utilities, financial services, and healthcare were among the critical infrastructure sectors that experienced high-profile breaches or ransomware attacks over the past year. Telos Ghost can hide critical IoT and industrial control systems from the public internet to keep them from being compromised. Telos Ghost can also cordon off financial data, medical records, intellectual property, and other crown-jewel assets from visibility or accessibility by adversaries.
These capabilities are increasingly important, as threat actors continue to breach enterprise networks in spite of access management systems such as virtual private networks and multi-factor authentication. Telos Ghost creates an additional layer of defense against intruders by hiding critical records, information, and applications as well as their users in an anonymous undiscoverable network. Adversaries cannot see them, so they cannot hack them. This also makes Telos Ghost a robust component in a Secure Access Service Edge or Zero Trust Network Access security architecture.
The Challenging Complexity of Regulatory Compliance
Government mandates and initiatives to assure stronger security in highly regulated industries, as noted above, also lead to opportunities for Telos solutions and services. An update to the research study Telos conducted last year reveals that audit fatigue continues to burden these organizations, with automation solutions being recognized as the most effective remedy for the many repetitive and redundant tasks that security compliance requires. Xacta streamlines, harmonizes, and automates the security controls and processes that comprise the leading cybersecurity standards and frameworks, in on-premises, cloud, hybrid, and multi-cloud environments.
For example, Xacta supports FedRAMP authorization, allowing all process participants to collaborate within the same Xacta application to attain a FedRAMP Authority to Operate. Xacta is also a trailblazer in deploying the Open Security Controls Assessment Language, a multi-format framework adopted by FedRAMP to allow security professionals to automate security assessment, auditing, and continuous monitoring processes.
The DoD's emerging CMMC program is intended to ensure that members of the defense supply chain are applying sound cybersecurity practices in order to protect sensitive unclassified information. Because CMMC 2.0 is still an evolving standard, the flexible Xacta for CMMC offering enables Defense Industrial Base customers to conduct preliminary CMMC compliance audits that assess the maturity level required today as well as build a roadmap to future maturity level requirements. Telos is also a Cyber AB Registered Provider Organization™, authorized by The Cyber AB to provide consulting services to government contractors and other companies in preparation for their CMMC assessments.
Finally, CISOs with today's cost-conscious enterprises are also under increasing pressure to provide evidence that their security strategies yield a return on investment. Xacta's latest cyber risk quantification capabilities meet this need, allowing our customers to calculate inherent risk likelihood, impact, and criticality, shown in a graphic display that illustrates real-time risk posture and visualizes progress over time. In addition, customers can also define their own financial loss formula for customer-specific risk analysis in dollar amounts.
Identity Assurance and Privacy Protection are Essential for Today's Enterprises
Identity and access management continues to be a major cybersecurity concern for organizations and individuals that need to ensure their security and protect their privacy. Trusted identities are essential to confidence in IT and physical security strategies and to the success of Zero Trust security models and architectures. Telos is a longstanding leader in solutions that assure identity trust, mitigate risk to critical infrastructure, and reduce the threat of sensitive information exposure.
29
Our IDTrust360® digital identity management platform integrates the full spectrum of identity and access management technologies in a cloud-based system that's quickly scalable to enterprise requirements. Our ONYX® touchless mobile fingerprinting solution captures fingerprints using the rear-facing camera on most off-the-shelf smartphones, replacing expensive physical hardware infrastructure for capturing fingerprints and streamlining customer identification and background checks in financial services, law enforcement, healthcare, and enterprise identity and authentication.
We also maintain government certifications and designations that distinguish Telos in the identity and access field, including TSA PreCheck enrollment provider, Designated Aviation Channeling provider, FBI-approved Channeler, and Financial Industry Regulatory Authority Electronic Fingerprint Submission provider.
Global Networks and Worldwide Communications Need Baked-in Security
Today's enterprises are also in need of resilient cyber and information security capabilities to protect and defend critical infrastructure to ensure mission success. Telos Secure Networks offers secure mobility solutions, network architecting, planning and installation, security compliance, and network management expertise to defend against cyber threats and vulnerabilities. Telos Secure Networks offers these capabilities and more — on-premises, deployed, and in the cloud — to transform and empower military, government, and commercial enterprises to meet their critical and operational needs.
Telos is a certified IT company offering technical expertise, global reach, and strategic partnerships to meet our customers' most challenging issues. We have also built a culture of innovation focused on digital transformation — taking complex technology solutions and making them actionable and secure with advanced capabilities such as RPA, multi-cloud migration, and risk management.
Telos serves the U.S. Air Force, U.S. Army, and other organizations in locations around the globe with base-level network support, deployable communications, modernized voice over IP solutions, infrastructure relocation and realignment, and other capabilities for secure enterprise communications. Our experience has prepared us for the unique responsibility of ensuring that the government's most critical information systems in the most sensitive locations are protected from threats in both the physical and virtual worlds.
Opportunities, Challenges and Risks
We derive a substantial portion of our revenues from contracts and subcontracts with the U.S. government. Our revenues are generated from a number of contract vehicles and task orders. Over the past several years we have sought to diversify and improve our operating margins through an evolution of our business from an emphasis on product reselling to that of an advanced solutions technologies provider. To that end, although we continue to offer resold products through our contract vehicles, we have focused on selling solutions and outsourcing product sales, as well as designing and delivering Telos manufactured and branded technologies. We believe our contract portfolio is characterized as having low to moderate financial risk due to the limited number of long-term fixed-price development contracts.
Our firm-fixed-price activities consist principally of contracts for products and services at established contract prices. Our time-and-material contracts generally allow the pass-through of allowable costs plus a profit margin. For 2022, 2021, and 2020, the Company's revenue derived from firm-fixed-price contracts was 82.9%, 87.6%, and 84.3%, respectively; cost-plus contracts revenue was 11.1%, 7.3%, and 8.2%, respectively; and time-and-material contracts was 6.0%, 5.1%, and 7.5%, respectively.
Our business performance is affected by the overall level of U.S. government spending and the alignment of our offerings and capabilities with the budget priorities of the U.S. government. Adverse changes in fiscal and economic conditions could materially impact our business. Some changes that could adversely impact our business include the implementation of future spending reductions and government shutdown. Despite the budget and competitive pressure affecting the industry, we believe we are well-positioned to expand existing customer relationships and benefit from opportunities that we have not previously pursued.
U.S. government has increasingly relied on contracts that are subject to a competitive bidding process (including indefinite delivery, IDIQ, GSA schedules, OTA, and other multi-award contracts), which has resulted in greater competition and increased pricing pressure. We expect that a majority of the business that we seek in the foreseeable future will be awarded through a competitive bidding process.
30
Backlog
Backlog is a useful measure in developing our annual budgeted revenue by estimating for the upcoming year our continuing business from existing customers and active contracts. We consider backlog, both funded and unfunded (as explained below), other expected annual renewals, and expansion planned by our current customers.
Total backlog consists of the aggregate contract revenues remaining to be earned by us at a given time over the life of our contracts, whether funded or unfunded. Funded backlog consists of the aggregate contract revenues remaining to be earned at a given time, which, in the case of U.S. government contracts, means that they have been funded by the procuring agency. Unfunded backlog is the difference between total backlog and funded backlog and includes potential revenues that may be earned if customers exercise delivery orders and/or renewal options to continue these contracts. Based on historical experience, we generally assume option year renewals to be exercised. Most of our customers fund contracts on the basis of one year or less, and, as a result, funded backlog is generally expected to be earned within one year from any point in time, whereas unfunded backlog is expected to be earned over a longer period.
| Table MD&A 1: Backlog by Segment | ||||||||||||||
| As of December 31, | ||||||||||||||
| 2022 | 2021 | |||||||||||||
| (in thousands) | ||||||||||||||
| Security Solutions | ||||||||||||||
| Funded backlog | $ | 33,784 | $ | 35,382 | ||||||||||
| Unfunded backlog | 47,509 | 54,198 | ||||||||||||
| Total Security Solutions backlog | 81,292 | 89,580 | ||||||||||||
| Secure Networks | ||||||||||||||
| Funded backlog | 48,454 | 88,097 | ||||||||||||
| Unfunded backlog | 82,296 | 68,730 | ||||||||||||
| Total Secure Networks backlog | 130,750 | 156,827 | ||||||||||||
| Total | ||||||||||||||
| Funded backlog | 82,238 | 123,479 | ||||||||||||
| Unfunded backlog | 129,805 | 122,928 | ||||||||||||
| Total backlog | $ | 212,043 | $ | 246,407 | ||||||||||
Financial Overview
A number of factors have affected our current and future financial growth, the most significant of which are described below. More details on these changes are presented below within our "Results of Operations" section.
•On October 18, 2022, TSA issued an authority to operate to Telos ID for Telos' PreCheck® System. With TSA approval, Telos is providing its TSA PreCheck® enrollment services for a trial period to a limited population of applicants in order to validate systems and processes in advance of its full implementation as an authorized TSA PreCheck® enrollment provider. Once Telos successfully completes its trial period to the satisfaction of TSA, Telos will launch its services to the public more widely. Telos anticipates this launch will occur in calendar year 2023.
•On December 30, 2022, we entered into a new credit agreement with JPMorgan Chase N.A., which provides for a $30.0 million senior secured revolving facility with a maturity date of December 30, 2025, the option of issuing letters of credit and with an uncommitted expansion feature of up to $30.0 million of additional revolver facility. The revolving credit facility will be used for working capital and general corporate purposes. While there are no drawn funds from the revolving credit facility as of December 31, 2022, the cost of servicing any debt for a full year, as well as increasing interest rates, may have an impact on future interest expense.
•The winding down of certain projects, completion of several large programs in fiscal years 2021 and 2022, and new business wins below expectations resulted in a decline in current year revenue.
•In the fourth quarter of 2022, we committed to a restructuring plan resulting in a reduction of the Company's workforce, with a majority of the affected employees separating from the business in early 2023. The costs associated with the restructuring plan include employee severance–related benefit costs (including outplacement services and continuing health insurance coverage).
31
Key Performance Measures
The primary financial performance measures we use to manage our business and monitor results of operations are revenue, gross profit, and Adjusted EBITDA. We evaluate our results of operations by considering the drivers causing changes in these measures. We evaluate significant trends and fluctuations in our contract portfolio over time due to contract awards and completions, changes in customer requirements and changes in the volume of product and software sales. Changes in costs of revenue as a percentage of revenue other than from revenue volume or cost mix are driven by changes in the compensation expense and other allocated costs and/or cumulative revenue adjustments due to changes in estimates. Changes in operating cash flows are driven by changes in cash generated through delivery of products and services, fluctuations in current assets and liabilities and the impact of changes in the timing of cash receipts or disbursements.
Results of Operations
Consolidated Results
| Table MD&A 2: Consolidated Financial Results Comparison | |||||||||||||||||
| For the Year Ended December 31, | |||||||||||||||||
| 2022 | 2021 | Change ($) | |||||||||||||||
| (dollars in thousands) | |||||||||||||||||
| Revenue | $ | 216,887 | $ | 242,433 | $ | (25,546) | |||||||||||
| Cost of sales | 137,844 | 156,404 | (18,560) | ||||||||||||||
| Gross profit | 79,043 | 86,029 | (6,986) | ||||||||||||||
| Gross margin | 36.4 | % | 35.5 | % | |||||||||||||
| Selling, general and administrative expenses | 132,893 | 127,493 | 5,400 | ||||||||||||||
| Selling, general and administrative expense as percentage of revenue | 61.3 | % | 52.6 | % | |||||||||||||
| Operating loss | (53,850) | (41,464) | (12,386) | ||||||||||||||
| Other income/(expense) | 1,350 | (921) | 2,271 | ||||||||||||||
| Interest expense | (874) | (777) | (97) | ||||||||||||||
| Loss before income taxes | (53,374) | (43,162) | (10,212) | ||||||||||||||
| (Provision for)/benefit from income taxes | (54) | 28 | (82) | ||||||||||||||
| Net loss | $ | (53,428) | $ | (43,134) | $ | (10,294) | |||||||||||
Our business segments have different factors driving revenue fluctuations and profitability. The discussion of the changes in our net revenue and profitability are covered in greater detail under the section that follows "Segment Results." We generate revenue from the delivery of products and services to our customers. Cost of sales, for both products and services, consists of labor, materials, subcontracting costs and an allocation of indirect costs.
Selling, general, and administrative ("SG&A") expenses increased by $5.4 million or 4.2% in 2022 compared to 2021. This is primarily due to increases in stock-based compensation by $3.6 million and labor costs by $3.0 million, offset by a decrease in outside services of $1.3 million. In 2022, labor costs include termination benefits related to the restructuring plan aggregating to $2.2 million, with no similar cost in 2021.
Other income/(expense) increased by $2.3 million due to dividend income from money market placements amounting to $1.0 million earned in 2022 without similar income in 2021, and other expenses of $0.9 million for the settlement of outstanding litigation in 2021, with no similar cost in 2022. There was no significant change in interest expense between comparable periods.
The increase in the income tax provision in 2022 compared to 2021 is primarily due to an increase in state income taxes.
32
Segment Results
The accounting policies of each business segment are the same as those followed by the Company as a whole. Management evaluates business segment performance based on gross profit.
| Table MD&A 3: Security Solutions Segment - Financial Results Comparison | |||||||||||||||||
| For the Year Ended December 31, | |||||||||||||||||
| 2022 | 2021 | Change ($) | |||||||||||||||
| (dollars in thousands) | |||||||||||||||||
| Revenues | $ | 120,454 | $ | 123,534 | $ | (3,080) | |||||||||||
| Gross profit | 61,948 | 64,904 | (2,956) | ||||||||||||||
| Gross margin | 51.4 | % | 52.5 | % | (1.1) | % | |||||||||||
Our Security Solutions segment revenue decreased by $3.1 million or 2.5% in fiscal year 2022 compared to fiscal year 2021, primarily as a result of the Census program ending in 2021.
Likewise, the segment gross profit decreased by $3.0 million or 4.6% in 2022 compared to 2021 and segment gross margin also decreased from 52.5% in 2021 to 51.4% in 2022. The decrease in gross margin is the result of changes in the mix of programs within the portfolio and lower margin of certain projects within the segment.
| Table MD&A 4: Secure Networks Segment - Financial Results Comparison | |||||||||||||||||
| For the Year Ended December 31, | |||||||||||||||||
| 2022 | 2021 | Change ($) | |||||||||||||||
| (dollars in thousands) | |||||||||||||||||
| Revenues | $ | 96,433 | $ | 118,899 | $ | (22,466) | |||||||||||
| Gross profit | 17,095 | 21,125 | (4,030) | ||||||||||||||
| Gross margin | 17.7 | % | 17.8 | % | (0.1) | % | |||||||||||
Our Secure Networks segment revenue decreased by $22.5 million or 18.9% in 2022 compared to 2021, primarily due to the expected wind-down in 2022 and completion of large programs in the second half of 2022.
Segment gross profit decreased by $4.0 million or 19.1% in 2022 compared to 2021, primarily as a result of the decline in year-to-date segment revenue. Segment gross margin slightly decreased from 17.8% in 2021 to 17.7% in 2022.
Non-GAAP Measures
In addition to our results determined in accordance with U.S. GAAP, we believe the non-GAAP financial measures of EBITDA, Adjusted EBITDA, Adjusted EBITDA Margin, Adjusted Net Income (Loss), Adjusted Earnings Per Share ("EPS") and Free Cash Flow are useful in evaluating our operating performance. We believe that this non-GAAP financial information, when taken collectively with our GAAP results, may be helpful to readers of our financial statements because it provides consistency and comparability with past financial performance and assists in comparisons with other companies, some of which use similar non-GAAP financial information to supplement their GAAP results. The non-GAAP financial information is presented for supplemental informational purposes only, should not be considered a substitute for financial information presented in accordance with GAAP, and may be different from similarly-titled non-GAAP measures used by other companies. A reconciliation is provided below for each of these non-GAAP financial measures to the most directly comparable financial measure stated in accordance with GAAP.
We use the following non-GAAP financial measures to understand and evaluate our core operating performance and trends, to prepare and approve our annual budget, to develop short-term and long-term operating plans, and to evaluate the performance of certain management personnel when determining incentive compensation. We believe these non-GAAP financial measures facilitate comparison of our operating performance on a consistent basis between periods by excluding certain items that may, or could, have a disproportionate positive or negative impact on our results of operations in any particular period. When viewed in combination with our results prepared in accordance with GAAP, these non-GAAP financial measures help provide a broader picture of factors and trends affecting our results of operations.
33
EBITDA, Adjusted EBITDA and Adjusted EBITDA Margin
EBITDA, Adjusted EBITDA and Adjusted EBITDA Margin are supplemental measures of operating performance that are not made under GAAP and do not represent, and should not be considered as, an alternative to net loss as determined by GAAP. We define EBITDA as net (loss)/income, adjusted for non-operating expense/(income), interest expense, provision for/(benefit from) income taxes, and depreciation and amortization. We define Adjusted EBITDA as EBITDA, adjusted for restructuring expenses and stock-based compensation expense. We define Adjusted EBITDA Margin as Adjusted EBITDA as a percentage of total revenue.
| Table MD&A 5: Reconciliation of Net Loss to EBITDA, Adjusted EBITDA and Adjusted EBITDA Margin | |||||||||||||||||||||||
| For the Year Ended December 31, | |||||||||||||||||||||||
| 2022 | 2021 | ||||||||||||||||||||||
| Amount | Margin | Amount | Margin | ||||||||||||||||||||
| (dollars in thousands) | |||||||||||||||||||||||
| Net loss | $ | (53,428) | (24.6) | % | $ | (43,134) | (17.8) | % | |||||||||||||||
| Other (income)/expense | (1,350) | (0.6) | % | 921 | 0.4 | % | |||||||||||||||||
| Interest expense | 874 | 0.4 | % | 777 | 0.3 | % | |||||||||||||||||
| Provision for/(benefit from) income taxes | 54 | — | % | (28) | — | % | |||||||||||||||||
| Depreciation and amortization | 5,890 | 2.7 | % | 5,624 | 2.4 | % | |||||||||||||||||
| EBITDA | (47,960) | (22.1) | % | (35,840) | (14.7) | % | |||||||||||||||||
Restructuring expenses (1) | 2,767 | 1.3 | % | — | — | % | |||||||||||||||||
Stock-based compensation expense (2) | 64,660 | 29.8 | % | 60,231 | 24.8 | % | |||||||||||||||||
| Adjusted EBITDA | $ | 19,467 | 9.0 | % | $ | 24,391 | 10.1 | % | |||||||||||||||
(1) The restructuring expenses adjustment to EBITDA includes severance and other related benefit costs (including outplacement services and continuing health insurance coverage) associated with a reduction in workforce.
(2) The stock-based compensation adjustment to EBITDA for fiscal year 2022 is made up of $62.5 million of stock-based compensation expenses for the awarded service-based restricted stock units ("RSUs") and performance-based restricted stock units ("PRSUs"), and $2.1 million of other sources of stock-based compensation expense. The other source of stock-based compensation consists of accrued compensation, which the Company intends to settle in shares of the Company's common stock. However, it is the Company's discretion whether this compensation will ultimately be paid in stock or cash. The Company has the right to dictate the form of these payments up until the date at which they are paid. Any change to the expected payment form would result in a change in estimate that would add back to Adjusted EBITDA.
Adjusted Net Income and Adjusted EPS - Non-GAAP
Adjusted Net Income and Adjusted EPS are supplemental measures of operating performance that are not made under GAAP and do not represent, and should not be considered as, alternatives to net (loss)/income as determined by GAAP. We define Adjusted Net Income as net loss, adjusted for non-operating expense/(income), restructuring expenses and stock-based compensation expense. We define Adjusted EPS as Adjusted Net Income divided by the weighted-average number of common shares outstanding for the period.
| Table MD&A 6: Reconciliation of Net Loss to Non-GAAP Adjusted Net Income and Adjusted EPS | |||||||||||||||||||||||
| For the Year Ended December 31, | |||||||||||||||||||||||
| 2022 | 2021 | ||||||||||||||||||||||
| Adjusted Net Income/(Loss) | Adjusted Earnings Per Share | Adjusted Net Income/(Loss) | Adjusted Earnings Per Share | ||||||||||||||||||||
| (in thousands, except per share data) | |||||||||||||||||||||||
| Reported GAAP measure | $ | (53,428) | $ | (0.79) | $ | (43,134) | $ | (0.65) | |||||||||||||||
| Adjustments: | |||||||||||||||||||||||
| Other (income)/expense | (1,350) | (0.02) | 921 | 0.01 | |||||||||||||||||||
Restructuring expenses (1) | 2,767 | 0.04 | — | — | |||||||||||||||||||
Stock-based compensation expense (2) | 64,660 | 0.96 | 60,231 | 0.91 | |||||||||||||||||||
| Adjusted non-GAAP measure | $ | 12,649 | $ | 0.19 | $ | 18,018 | $ | 0.27 | |||||||||||||||
| Weighted-average shares of common stock outstanding, basic | 67,559 | 66,374 | |||||||||||||||||||||
(1) The restructuring expenses adjustment to net loss includes severance and other related benefit costs (including outplacement services and continuing health insurance coverage) associated with a reduction in workforce.
(2) The stock-based compensation adjustment to net loss for fiscal year 2022 is made up of $62.5 million of stock-based compensation expenses for the awarded RSUs and PRSUs, and $2.1 million of other sources of stock-based compensation expense. The other source of stock-based compensation consists of accrued compensation, which the Company intends to settle in shares of the Company's common stock. However, it is the Company's discretion whether this compensation will ultimately be paid in stock or cash. The Company has the right to dictate the form of these payments up until the date at which they are paid. Any change to the expected payment form would result in a change in estimate that would add back to Adjusted Net Income/(Loss).
34
Free Cash Flow
Free cash flow, as reconciled in the table below, is a non-GAAP financial measure defined as net cash provided by or used in operating activities less purchases of property and equipment and capitalized software development costs plus net cash proceeds from resale of software under other financing obligations. This non-GAAP financial measure may be a useful measure for investors and other users of our financial statements as a supplemental measure of our cash performance and to assess the quality of our earnings as a key performance measure in evaluating management.
| Table MD&A 7: Free Cash Flow | |||||||||||
| For the Year Ended December 31, | |||||||||||
| 2022 | 2021 | ||||||||||
| (in thousands) | |||||||||||
| Net cash flows provided by operating activities | $ | 16,508 | $ | 7,262 | |||||||
| Adjustments: | |||||||||||
| Purchases of property and equipment | (1,009) | (3,201) | |||||||||
| Capitalized software development costs | (12,708) | (9,968) | |||||||||
| Net cash proceeds from resale of software | 8,457 | — | |||||||||
| Free cash flow | $ | 11,248 | $ | (5,907) | |||||||
Each of EBITDA, Adjusted EBITDA, Adjusted EBITDA Margin, Adjusted Net Income/(Loss), Adjusted EPS and Free Cash Flow has limitations as an analytical tool, and you should not consider any of them in isolation, or as a substitute for analysis of our results as reported under GAAP. Among other limitations, each of EBITDA, Adjusted EBITDA, Adjusted EBITDA Margin, Adjusted Net Income/(Loss), Adjusted EPS and Free Cash Flow does not reflect our future requirements for capital expenditures or contractual commitments, does not reflect the impact of certain cash charges resulting from matters we consider not to be indicative of our ongoing operations, and does not reflect income tax expense or benefit. Other companies in our industry may calculate Adjusted EBITDA, Adjusted EBITDA Margin, Adjusted Net Income/(Loss), Adjusted EPS and Free Cash Flow differently than we do, which limits their usefulness as comparative measures. Because of these limitations, neither EBITDA, Adjusted EBITDA, Adjusted EBITDA Margin, Adjusted Net Income/(Loss), Adjusted EPS nor Free Cash Flow should be considered as a replacement for net (loss)/income, earnings per share or net cash flows provided by operating activities, as determined by GAAP, or as a measure of our profitability. We compensate for these limitations by relying primarily on our GAAP results and using non-GAAP measures only for supplemental purposes.
Liquidity and Capital Resources
Our primary sources of liquidity are cash on hand, cash flow from operations, and availability under our revolving credit facility. While a variety of factors related to sources and uses of cash, such as timeliness of accounts receivable collections, vendor credit terms, or significant collateral requirements, ultimately impact our liquidity, such factors may or may not have a direct impact on our liquidity.
Upon the closing of the IPO in November 2020, we issued 17.2 million shares of our common stock at a price of $17.00 per share, generating net proceeds of approximately $272.8 million. We used approximately $108.9 million of the net proceeds in connection with the exchangeable redeemable preferred stock conversion (see Note 13 – Exchangeable Redeemable Preferred Stock Conversion), $30.0 million to fund our acquisition of the outstanding Class B Units of Telos ID (see Note 11 – Purchase of Telos ID Non-controlling Interests), and $21.0 million to repay our outstanding senior term loan and subordinated debt (see Note 12 – Debt and Other Obligations). On April 6, 2021, we completed our follow-on offering of 9.1 million shares of our common stock at a price of $33.00 per share, including 7.0 million shares of common stock by certain existing stockholders of Telos. The offering generated approximately $64.3 million of net proceeds to Telos. We did not receive any proceeds from the shares of common stock sold by the selling stockholders. On April 19, 2021, we used approximately $1.3 million of the net proceeds to repurchase 39,682 shares of our common stock and $26.9 million to repurchase warrants to purchase 900,970 shares of our common stock owned by EnCap (see Note 12 - Debt and Other Obligations). Further, on July 30, 2021, we used approximately $5.9 million of the net proceeds to acquire the assets of DFT (see Note 10 – Acquisition). We intend to use the remaining net proceeds of the IPO and the follow-on offering for general corporate purposes.
As of December 31, 2022, we had cash and cash equivalents of $119.3 million and our working capital was $122.5 million. In addition, on December 30, 2022, we entered into a $30.0 million senior secured revolving credit facility, with an expansion feature of up to $30.0 million of additional revolver capacity.
35
We place a strong emphasis on cash flow generation. This focus gives us the flexibility for capital deployment while preserving a strong balance sheet to position us for future opportunities. We believe we have adequate funds on hand to execute our financial and operating strategy. Our overall financial position and liquidity are strong. Although no assurances can be given, we believe that funds generated from operations, available cash balances and access to our revolving credit facility are sufficient to maintain the liquidity we require to meet our operating, investing and financing needs for the next 12 months.
Senior Credit Facility
On December 30, 2022, Telos (as borrower) and its subsidiaries (as guarantors) entered into a Credit Agreement with JPMorgan Chase Bank, N.A. that provides for a $30.0 million senior secured revolving credit facility, with the option of issuing letters of credits thereunder and with an uncommitted expansion feature of up to $30.0 million of additional revolver capacity (the "Loan"). The Loan will mature on December 30, 2025 and is subject to acceleration in the event of customary events of default.
Borrowings under the Credit Agreement will accrue interest and we may elect to borrow (at our option) at (i) the Alternative Base Rate, plus 0.9%; (ii) Adjusted Daily Simple Secured Overnight Financing Rate ("SOFR"), plus 1.9%; and (iii) Adjusted Term SOFR, plus 1.9%. After the occurrence and during the continuance of any event of default, the interest rate may increase by an additional 2.0%. We are also paying costs and customary fees, including a closing fee, commitment fees and letter of credit participation fee, if any, payable to the Agent and Lenders, as applicable, in connection with the Loan.
The Credit Agreement contains representations, warranties, covenants, terms and conditions customary for transactions of this type and includes a maximum senior leverage ratio financial covenant. In connection with the Credit Agreement, the Agent has been granted, for the benefit of the Lenders, a security interest in and general lien upon various property of the Company and the Guarantors, subject to certain permitted liens and encumbrances. The occurrence of an event of default under the Credit Agreement could result in the Loan and other obligations becoming immediately due and payable and allow the Lenders to exercise all rights and remedies available to them under the Credit Agreement.
As of December 31, 2022, there were no outstanding balances under the revolving credit facility and we were in compliance with all covenants contained in the Credit Agreement.
Other Financing Obligations
Telos entered into a Master Purchase Agreement ("MPA") with a third-party buyer ("Buyer") for $9.1 million ("Assignment Price") relating to software licenses under a specific delivery order ("DO") with our customer resulting in proceeds from other financing obligations of $9.1 million in November 2022. Under the MPA, we sold, assigned and transferred all of our rights, title and interest in (i) the DO payments from the customer and (ii) the underlying licenses. The DO covers a base period with an option for the customer to exercise three (3) additional 12-month periods through January 2026. The DO payments assigned to the Buyer are billable to the customer at the beginning of the base period and for each option year exercised. The underlying licenses were acquired for resale, see Note 8, Intangible Assets, net for further details.
On February 9, 2023, the customer notified Telos that it would not exercise the first option period under the DO. The MPA provides that, if the customer terminates the DO for non-renewal and the Buyer reasonably concludes that the customer's actions constitute grounds for filing a claim with the customer's contracting officer, Buyer and Telos will cooperate in preparing such a claim, which would be filed in Telos' name. Buyer has notified Telos of its intent to pursue a claim against the customer.
Cash Flow
| Table MD&A 8: Cash Flows Information | |||||||||||
| For the Year Ended December 31, | |||||||||||
| 2022 | 2021 | ||||||||||
| (in thousands) | |||||||||||
| Net cash provided by operating activities | $ | 16,508 | $ | 7,262 | |||||||
| Net cash used in investing activities | (13,717) | (19,094) | |||||||||
| Net cash (used in)/provided by financing activities | (9,915) | 32,349 | |||||||||
| Net change in cash, cash equivalents, and restricted cash | $ | (7,124) | $ | 20,517 | |||||||
Net cash provided by operating activities for the years ended December 31, 2022 and 2021 was $16.5 million and $7.3 million, respectively. The cash flow from operating activities is primarily driven by the Company's operating losses, the timing of receipts of customer payments, the timing of payments to vendors and employees, and the timing of inventory turnover, adjusted for certain non-cash items that do not impact cash flows from operating activities. The $9.2 million increase is due to favorable changes in certain operating assets and liabilities, particularly on receivables.
36
Net cash used in investing activities for the years ended December 31, 2022 and 2021 was $13.7 million and $19.1 million, respectively. Our investing activities include cash paid for capital expenditure and business acquisition. Capital expenditures for the year ended December 31, 2022 and 2021, consisted of the capitalization of software development costs of $12.7 million and $10.0 million, respectively, and the purchases of property and equipment of $1.0 million, and $3.2 million, respectively. In 2021, we paid $5.9 million of cash for the acquisition completed in July 2021.
For the year ended December 31, 2022, net cash used in financing activities was $9.9 million compared to net cash provided by financing activities of $32.3 million in 2021. This is primarily attributable to payments under finance leases for both periods, payments of tax withholding related to the net share settlement of equity awards of $5.7 million in 2022, and the repurchase of common stock of $11.1 million in 2022 under the Share Repurchase Program, partially offset by the proceeds from the other financing obligations of $9.1 million. By contrast, in 2021, there was a cash inflow from the follow-on offering that generated $64.3 million of net proceeds, reduced by $2.4 million of final distributions to the Class B members of Telos ID in the first quarter, $26.9 million to repurchase the outstanding warrants and $1.3 million to repurchase the common stock held by EnCap fund holders.
Commitments
The Company does not have any other contractual obligations at December 31, 2022, except for the commitments on the existing lease obligations on various office space and equipment under non-cancelable operating and finance leases. We reported current and long term lease liabilities.
| Table MD&A 9: Contractual Obligations | |||||||||||||||||||||||||||||
| Payments due by Period | |||||||||||||||||||||||||||||
| Total | 2023 | 2024 - 2026 | 2027 - 2029 | Thereafter | |||||||||||||||||||||||||
| (in thousands) | |||||||||||||||||||||||||||||
| Other financing obligations | $ | 8,458 | $ | 1,247 | $ | 7,211 | $ | — | $ | — | |||||||||||||||||||
Finance lease obligations (1) | 15,118 | 2,203 | 6,944 | 5,971 | — | ||||||||||||||||||||||||
Operating lease obligations (1) (2) | 400 | 373 | 27 | — | — | ||||||||||||||||||||||||
| Total contract obligations | $ | 23,976 | $ | 3,823 | $ | 14,182 | $ | 5,971 | $ | — | |||||||||||||||||||
(1) Includes interest expense | $ | 2,278 | $ | 611 | $ | 1,303 | $ | 364 | $ | — | |||||||||||||||||||
(2) Includes operating lease right-of-use obligations and short-term leases with terms of 12 months or less. We have various lease agreements pursuant to ASC 842, "Leases" that require us to record the present value of the minimum lease payments for such lease properties. | |||||||||||||||||||||||||||||
On December 30, 2022, we entered into a revolving credit facility with JPMorgan Chase Bank, N.A. We had no outstanding balances under the facility as of December 31, 2022 with $30 million of available capacity. See Note 12 - Debt and Other Obligations, to the Consolidated Financial Statements for information regarding the terms of the facility.
In addition, there were no outstanding commitments that were considered material for capital expenditures on December 31, 2022.
See Note 22 - Commitment and Contingencies, to the Consolidated Financial Statements for further discussion of other commitment and contingencies.
Critical Accounting Policies and Estimates
The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported. In preparing these financial statements, management has made its best estimates and judgments of certain amounts included in the consolidated financial statements, giving due consideration to materiality. Management evaluates these estimates and assumptions on an ongoing basis. Our estimates and assumptions have been prepared on the basis of the most current reasonably available information, and may change in the future as more current information is available.
Management believes that our critical accounting policies are those that are both material to the presentation of our financial condition and results of operations and require management's most difficult, subjective and complex judgments. Typically, the circumstances that make these judgments difficult, subjective and complex have to do with making estimates about the effect of matters that are inherently uncertain; as a result, actual results could differ from those estimates.
The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements in fiscal year 2022 are described below. It is not intended to be a comprehensive list of all significant accounting policies that are more fully described in the notes to consolidated financial statements contained within this report.
37
Revenue Recognition
Although most of our revenue is recognized concurrently with billing or with the passage of time, some of our revenue requires us to make estimates. The timing of the satisfaction of performance obligations varies across our businesses due to our diverse product and service mix, customer base, and contractual terms. Significant judgment can be required in determining certain performance obligations, and these determinations could change the amount of revenue and profit recorded in a given period. Our contracts may have a single performance obligation or multiple performance obligations. When there are multiple performance obligations within a contract, we allocate the transaction price, net of any discounts, to each performance obligation based on the standalone selling price of the product or service underlying each performance obligation. The standalone selling price is either based on estimated or actual costs plus a reasonable profit margin or the observable price of a good or service when Telos sells that good or service separately in similar circumstances and to similar customers. The transaction price for our contracts represents our best estimate of the consideration we will receive and includes assumptions regarding variable consideration, as applicable. The transaction price is allocated to each distinct performance obligation within the contract and recognized as revenue when, or as, the performance obligation is satisfied.
Our contracts may also include various types of variable considerations such as claims (i.e., indirect rate or other equitable adjustments) or incentive fees and we include estimated amounts in the transaction price to the extent it is probable that a significant reversal of cumulative revenue recognized will not occur. The estimated amounts are based on an assessment of our anticipated performance and all other information that is reasonably available to us.
For contracts where revenue is recognized over time, we recognized revenue based on progress towards completion of the performance obligation, using costs incurred to date relative to total estimated cost at completion to measure progress on a proportional performance basis for our contracts. Due to the nature of the work required to be performed on certain contracts, the estimation of total revenue and cost at completion is complex, subject to many variables and requires significant judgment. Contract estimates are based on various assumptions, including labor and subcontractor costs, materials and other direct costs and the complexity of the work to be performed. A significant change in one or more of these estimates could affect the profitability of our contracts. We review and update our contract-related estimates regularly and recognize adjustments in estimated profit on contracts on a cumulative catch-up basis, which may result in an adjustment increasing or decreasing revenue to date on a contract in a particular period that the adjustment is identified. Revenue and profit in future periods of contract performance are recognized using the adjusted estimate. During the year ended December 31, 2022, there is no catch-up revenue recognized as a result of changes in contract estimates noted.
Goodwill and Other Long-Lived Assets
We evaluate the impairment of goodwill and other long-lived assets in accordance with Accounting Standards Codification ("ASC") 350, "Intangibles – Goodwill and Other." Management annually reviews goodwill and other long-lived assets for impairment or whenever events or changes in circumstances indicate the carrying amount may not be recoverable. If we determine that the carrying value of the goodwill and other long-lived assets may not be recoverable, we will record an impairment charge for the amount by which the carrying value of the goodwill and other long-lived assets exceeds its fair value.
Goodwill is not amortized, but rather tested for potential impairment as of December 31 each year. The goodwill impairment test is performed at the reporting unit level. Accounting requirements provide that a reporting entity may perform an optional qualitative assessment on an annual basis to determine whether events occurred or circumstances changed that would more likely than not reduce the fair value of a reporting unit below its carrying amount. If an initial qualitative assessment identifies that it is more likely than not that the fair value of a reporting unit is less than its carrying amount, or the optional qualitative assessment is not performed, a quantitative analysis is performed. The Company performs the quantitative goodwill impairment test by calculating the fair value of the reporting unit and comparing it to its respective carrying value including goodwill. If the fair value is less than the carrying value, the amount of impairment expense is equal to the difference between the reporting unit's fair value and the reporting unit's carrying value.
We measure fair value based on a discounted cash flow method, which requires management's judgment with respect to forecasted revenue, operating margins, capital expenditures, and selection and use of an appropriate discount rate commensurate with the risk inherent in each of our reporting units' current business models. We utilize the weighted average cost of capital as derived by certain assumptions specific to our facts and circumstances as the discount rate. Our estimate of cash flows and discount rate are subject to change due to the economic environment. In addition, the estimate of the total fair value of our reporting units is compared to the market capitalization of the Company.
We amortized intangible assets over their respective estimated useful lives, and reviewed them for impairment whenever events or changes in business circumstances indicate the carrying value may not be recoverable. We completed the required annual impairment test of goodwill for all reporting units and other long-lived assets as of December 31, 2022, resulting in no impairments. Based on our qualitative assessment, we concluded that it was more-likely-than-not that the estimated fair value of the reporting units exceeded their carrying value and thus, we did not proceed to the two-step goodwill impairment test.
38
Income Taxes
We account for income taxes in accordance with ASC 740, "Income Taxes." Our income tax expense, deferred tax assets and liabilities, and liabilities for unrecognized tax benefits reflect our best estimate of current and future taxes to be paid. We record net deferred assets to the extent we believe these assets will more likely than not be realized. The realizability of net deferred tax assets is based on all available evidence, including future taxable income projections, tax planning strategies, and reversal of taxable temporary differences. We regularly review our deferred tax assets for recoverability and establish a valuation allowance when management believes it is more likely than not such asset will not be recovered, taking into consideration historical operating results, expectations of future earnings, tax planning strategies and the expected timing of the reversals of existing temporary differences.
Recent Accounting Pronouncements
See Note 2 - Significant Accounting Policies of the Consolidated Financial Statements for a discussion of recently issued accounting pronouncements.
Item 7A. Quantitative and Qualitative Disclosures about Market Risk
None.
39
Item 8. Consolidated Financial Statements and Supplementary Data
Report of Independent Registered Public Accounting Firm
To the Board of Directors and Stockholders of Telos Corporation
Opinions on the Financial Statements and Internal Control over Financial Reporting
We have audited the accompanying consolidated balance sheet of Telos Corporation (the "Company") as of December 31, 2022, and the related consolidated statements of operations, comprehensive (loss)/income, changes in stockholders' equity/(deficit) and cash flows for the year ended December 31, 2022, including the related notes (collectively referred to as the "consolidated financial statements"). We also have audited the Company's internal control over financial reporting as of December 31, 2022, based on criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Company as of December 31, 2022, and the results of its operations and its cash flows for the year ended December 31, 2022 in conformity with accounting principles generally accepted in the United States of America. Also in our opinion, the Company did not maintain, in all material respects, effective internal control over financial reporting as of December 31, 2022, based on criteria established in Internal Control - Integrated Framework (2013) issued by the COSO because a material weakness in internal control over financial reporting existed as of that date as the Company did not design and maintain effective controls over the assessment of the accounting for forfeitures of non-standard equity awards.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis. The material weakness referred to above is described in Management's Report on Internal Control over Financial Reporting appearing under Item 9A. We considered this material weakness in determining the nature, timing, and extent of audit tests applied in our audit of the 2022 consolidated financial statements, and our opinion regarding the effectiveness of the Company's internal control over financial reporting does not affect our opinion on those consolidated financial statements.
Basis for Opinions
The Company's management is responsible for these consolidated financial statements, for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting included in management's report referred to above. Our responsibility is to express opinions on the Company's consolidated financial statements and on the Company's internal control over financial reporting based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud, and whether effective internal control over financial reporting was maintained in all material respects.
Our audit of the consolidated financial statements included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audit also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinions.
Definition and Limitations of Internal Control over Financial Reporting
A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
40
Critical Audit Matters
The critical audit matter communicated below is a matter arising from the current period audit of the consolidated financial statements that was communicated or required to be communicated to the audit committee and that (i) relates to accounts or disclosures that are material to the consolidated financial statements and (ii) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.
Revenue Recognition – Estimated Costs to Complete Long-term Contracts
As discussed in Note 3 to the consolidated financial statements, a portion of the Company's revenues of $216.9 million for the year ended December 31, 2022 were generated from long-term contracts. For the Company's long-term contracts, due to the transfer of control over time, revenue is recognized based on progress towards completion of the performance obligation. Management generally uses the cost-to-cost measure of progress on a proportional performance basis for its long-term contracts because management believes that measure best depicts the transfer of control to the customer, which occurs as the Company incurs costs on the contracts. Under the cost-to-cost measure of progress, the extent of progress towards completion is measured based on the ratio of costs incurred to date to the total estimated costs at completion of the performance obligation, which includes both the actual costs already incurred and the estimated costs to complete. Revenues are recorded proportionately as costs are incurred. Due to the nature of the work required to be performed on certain of the performance obligations, management's estimation of costs at completion is complex, subject to many variables and requires significant judgment. Contract estimates are based on various assumptions, including labor and subcontractor costs, materials and other direct costs, and the complexity of the work to be performed.
The principal considerations for our determination that performing procedures relating to revenue recognition - estimated costs to complete long-term contracts is a critical audit matter are (i) the significant judgment by management when estimating costs at completion and (ii) a high degree of auditor judgment, subjectivity and effort in performing procedures and evaluating management's significant assumptions related to labor and subcontractor costs and materials and other direct costs. As previously disclosed by management, a material weakness existed during the year related to this matter.
Addressing the matter involved performing procedures and evaluating audit evidence in connection with forming our overall opinion on the consolidated financial statements. These procedures included, among others, (i) testing management's process for estimating costs at completion for a sample of contracts (ii) evaluating the appropriateness of the cost-to-cost measure of progress, (iii) testing the completeness and accuracy of data used by management, and (iv) evaluating the reasonableness of management's significant assumptions related to labor and subcontractor costs and materials and other direct costs. Evaluating management's significant assumptions involved assessing whether the assumptions were reasonable by (i) performing a comparison of the originally estimated and actual costs incurred on a sample of similar completed contracts; (ii) assessing the reasonableness of estimated costs to complete on a sample of in-process contracts, including the timing of costs incurred and the related impacts on revenue; and (iii) performing retrospective reviews of a sample of contracts to understand and corroborate management's estimation process and budget-to-actual variances, if any.
/s/ PricewaterhouseCoopers LLP
March 16, 2023
We have served as the Company's auditor since 2022.
41
Report of Independent Registered Public Accounting Firm
Shareholders and Board of Directors
Telos Corporation
Ashburn, Virginia
Opinion on the Consolidated Financial Statements
We have audited the accompanying consolidated balance sheet of Telos Corporation (the "Company") and subsidiaries as of December 31, 2021, the related consolidated statements of operations, comprehensive income (loss), changes in stockholders' equity (deficit), and cash flows for each of the two years in the period ended December 31, 2021, and the related notes (collectively referred to as the "consolidated financial statements"). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company and subsidiaries at December 31, 2021, and the results of its operations and its cash flows for each of the two years in the period ended December 31, 2021, in conformity with accounting principles generally accepted in the United States of America.
Basis for Opinion
These consolidated financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company's consolidated financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) ("PCAOB") and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud.
Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion.
/s/ BDO USA, LLP
We have served as the Company's auditor from 2007 to 2022.
March 28, 2022
42
TELOS CORPORATION
CONSOLIDATED STATEMENTS OF OPERATIONS
| For the Year Ended December 31, | |||||||||||||||||
| 2022 | 2021 | 2020 | |||||||||||||||
| (in thousands, except per share amounts) | |||||||||||||||||
| Revenue – services | |||||||||||||||||
| Revenue – products | |||||||||||||||||
| Total revenue | |||||||||||||||||
| Cost of sales – services | |||||||||||||||||
| Cost of sales – products | |||||||||||||||||
| Total cost of sales | |||||||||||||||||
| Gross profit | |||||||||||||||||
| Selling, general and administrative expenses: | |||||||||||||||||
| Sales and marketing | |||||||||||||||||
| Research and development | |||||||||||||||||
| General and administrative | |||||||||||||||||
| Total selling, general and administrative expenses | |||||||||||||||||
| Operating (loss)/income | ( | ( | |||||||||||||||
| Other income/(expense) | ( | ( | |||||||||||||||
| Interest expense | ( | ( | ( | ||||||||||||||
| Gain on redemption of public preferred stock | |||||||||||||||||
| (Loss)/income before income taxes | ( | ( | |||||||||||||||
| (Provision for)/benefit from income taxes | ( | ||||||||||||||||
| Net (loss)/income | ( | ( | |||||||||||||||
| Less: Net income attributable to non-controlling interest | ( | ||||||||||||||||
| Net (loss)/income attributable to Telos Corporation | $ | ( | $ | ( | $ | ||||||||||||
| Net (loss)/earnings per share: | |||||||||||||||||
| Basic | $ | ( | $ | ( | $ | ||||||||||||
| Diluted | $ | ( | $ | ( | $ | ||||||||||||
| Weighted-average share outstanding: | |||||||||||||||||
| Basic | |||||||||||||||||
| Diluted | |||||||||||||||||
See accompanying notes to consolidated financial statements.
43
TELOS CORPORATION
CONSOLIDATED STATEMENTS OF COMPREHENSIVE (LOSS)/INCOME
| For the Year Ended December 31, | |||||||||||||||||
| 2022 | 2021 | 2020 | |||||||||||||||
| (in thousands) | |||||||||||||||||
| Net (loss)/income | $ | ( | $ | ( | $ | ||||||||||||
| Other comprehensive (loss)/income, net of tax: | |||||||||||||||||
| Foreign currency translation adjustments | ( | ( | |||||||||||||||
| Less: Comprehensive income attributable to non-controlling interest | ( | ||||||||||||||||
| Comprehensive (loss)/income attributable to Telos Corporation | $ | ( | $ | ( | $ | ||||||||||||
See accompanying notes to consolidated financial statements.
44
TELOS CORPORATION
CONSOLIDATED BALANCE SHEETS
| As of December 31, | |||||||||||
| 2022 | 2021 | ||||||||||
| (in thousands, except per share and share data) | |||||||||||
| Assets: | |||||||||||
| Cash and cash equivalents | $ | $ | |||||||||
| Accounts receivable, net | |||||||||||
| Inventories, net | |||||||||||
| Prepaid expenses | |||||||||||
| Other current assets | |||||||||||
| Total current assets | |||||||||||
| Property and equipment, net | |||||||||||
| Finance lease right-of-use assets, net | |||||||||||
| Operating lease right-of-use assets | |||||||||||
| Goodwill | |||||||||||
| Intangible assets, net | |||||||||||
| Other assets | |||||||||||
| Total assets | $ | $ | |||||||||
| Liabilities and Stockholders' Equity: | |||||||||||
| Liabilities: | |||||||||||
| Accounts payable and other accrued liabilities | $ | $ | |||||||||
| Accrued compensation and benefits | |||||||||||
| Contract liabilities | |||||||||||
| Finance lease obligations – current portion | |||||||||||
| Operating lease obligations – current portion | |||||||||||
| Other financing obligations – current portion | |||||||||||
| Other current liabilities | |||||||||||
| Total current liabilities | |||||||||||
| Finance lease obligations – non-current portion | |||||||||||
| Operating lease obligations – non-current portion | |||||||||||
| Other financing obligations – non-current portion | |||||||||||
| Deferred income taxes | |||||||||||
| Other liabilities | |||||||||||
| Total liabilities | |||||||||||
| Commitments and contingencies | |||||||||||
| Stockholders' equity: | |||||||||||
Common stock, $ | |||||||||||
| Additional paid-in capital | |||||||||||
| Accumulated other comprehensive loss | ( | ( | |||||||||
| Accumulated deficit | ( | ( | |||||||||
| Total stockholders' equity | |||||||||||
| Total liabilities and stockholders' equity | $ | $ | |||||||||
See accompanying notes to consolidated financial statements.
45
TELOS CORPORATION
CONSOLIDATED STATEMENTS OF CASH FLOWS
| For the Year Ended December 31, | |||||||||||||||||
| 2022 | 2021 | 2020 | |||||||||||||||
| (in thousands) | |||||||||||||||||
| Cash flows from operating activities: | |||||||||||||||||
| Net (loss)/income | $ | ( | $ | ( | $ | ||||||||||||
| Adjustments to reconcile net (loss)/income to cash provided by/(used in) operating activities: | |||||||||||||||||
| Stock-based compensation | |||||||||||||||||
| Depreciation and amortization | |||||||||||||||||
| Provision for/(benefit from) doubtful accounts | ( | ||||||||||||||||
| Provision for doubtful non-trade receivables | |||||||||||||||||
| Provision for deferred income tax | |||||||||||||||||
| Loss on disposal of fixed assets | |||||||||||||||||
| Accretion of discount on acquisition holdback | |||||||||||||||||
| Amortization of debt issuance costs | |||||||||||||||||
| Dividends from preferred stock recorded as interest expense | |||||||||||||||||
| Gain on redemption of public preferred stock | ( | ||||||||||||||||
| Net loss on early extinguishment of debt and other transactions | |||||||||||||||||
| Changes in other operating assets and liabilities: | |||||||||||||||||
| Accounts receivable | ( | ( | |||||||||||||||
| Inventories | ( | ( | |||||||||||||||
| Intangible assets – software held for resale | ( | ||||||||||||||||
| Prepaid expenses, other current assets and other assets | ( | ( | ( | ||||||||||||||
| Accounts payable and other accrued payables | ( | ||||||||||||||||
| Accrued compensation and benefits | ( | ( | ( | ||||||||||||||
| Contract liabilities | ( | ||||||||||||||||
| Other current liabilities and other liabilities | ( | ||||||||||||||||
| Net cash provided by/(used in) operating activities | ( | ||||||||||||||||
| Cash flows from investing activities: | |||||||||||||||||
| Capitalized software development costs | ( | ( | ( | ||||||||||||||
| Purchases of property and equipment | ( | ( | ( | ||||||||||||||
| Cash paid for acquisition | ( | ||||||||||||||||
| Net cash used in investing activities | ( | ( | ( | ||||||||||||||
| Cash flows from financing activities: | |||||||||||||||||
| Payments under finance lease obligations | ( | ( | ( | ||||||||||||||
| Repurchase of common stock | ( | ( | |||||||||||||||
| Payment of tax withholding related to net share settlement of equity awards | ( | ||||||||||||||||
| Payments for debt issuance costs | ( | ||||||||||||||||
| Proceeds from other financing obligations | |||||||||||||||||
| Payments of other financing obligations | ( | ||||||||||||||||
| Proceeds from issuance of common stock, net of issuance costs | |||||||||||||||||
| Repurchase of outstanding warrants | ( | ||||||||||||||||
| Redemption of public preferred stock | ( | ||||||||||||||||
| Purchase of Telos ID membership interest | ( | ||||||||||||||||
| Payment of senior term loan | ( | ||||||||||||||||
| Payment of subordinated debt | ( | ||||||||||||||||
| Amendment fee paid to lender | ( | ||||||||||||||||
| Distributions to Telos ID Class B member – non-controlling interest | ( | ( | |||||||||||||||
| Net cash (used in)/provided by financing activities | ( | ||||||||||||||||
| Net change in cash, cash equivalents, and restricted cash | ( | ||||||||||||||||
| Cash, cash equivalents and restricted cash, beginning of period | |||||||||||||||||
| Cash, cash equivalents and restricted cash, end of period | $ | $ | $ | ||||||||||||||
See accompanying notes to consolidated financial statements.
46
TELOS CORPORATION
CONSOLIDATED STATEMENTS OF CHANGES IN STOCKHOLDERS' EQUITY/(DEFICIT)
| Common Stock | Class A Common Stock | Class B Common Stock | Additional Paid–in Capital | AOCI(1) | Accumulated Deficit | Non-Controlling Interest | Total Stockholders' Equity/ (Deficit) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Shares | Amount | Shares | Amount | Shares | Amount | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| (in thousands) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Balance December 31, 2019 | $ | $ | $ | $ | $ | $ | ( | $ | ( | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Net income | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||