Table of Contents
| QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
| TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
| (State or other jurisdiction of incorporation or organization) |
(I.R.S. Employer Identification No.) |
| Title of each class |
Trading Symbol(s) |
Name of each exchange on which registered | ||
| ☒ | Accelerated filer | ☐ | ||||
Non-accelerated filer |
☐ | Smaller reporting company | ||||
| Emerging growth company | ||||||
| • | To amend Part I - Item 4. Controls and Procedures related to the effectiveness of our disclosure controls and procedures and internal control over financial reporting. |
| • | To amend Part II - Item 1A. Risk Factors to add an additional risk factor regarding the potential adverse impact that the failure to remediate the material weaknesses could have on our timely and accurate reporting of financial results and to amend a risk factor in the original filing regarding the potential adverse impacts of cybersecurity incidents and vulnerabilities. |
| • | To amend Part II - Item 6. Exhibits to include currently dated certifications from the company’s Principal Executive Officer and Principal Financial Officer as required by Sections 302 and 906 of the Sarbanes Oxley Act of 2002, which certifications are filed herewith as Exhibits 31.1, 31.2, 32.1 and 32.2. |
Table of Contents
UNISYS CORPORATION
TABLE OF CONTENTS
| PART I - FINANCIAL INFORMATION | Page Number |
|||||
| Item 4. | 1 | |||||
| Item 1A. | 2 | |||||
| Item 6. | 5 | |||||
| 6 | ||||||
Table of Contents
Part I - FINANCIAL INFORMATION
Item 4. Controls and Procedures
Disclosure Controls and Procedures
As of the end of the period covered by this Quarterly Report, management performed, with the participation of the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO), an evaluation of the effectiveness of the company’s disclosure controls and procedures as defined in Rules 13a-15(e) and 15d-15(e) of the Securities Exchange Act of 1934 (the Exchange Act). At the time the company filed the original filing, the CEO and the CFO concluded that the company’s disclosure controls and procedures were effective as of June 30, 2022.
The company has reevaluated the effectiveness of the company’s disclosure controls and procedures and identified material weaknesses in the company’s disclosure controls and procedures and internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis.
Specifically, subsequent to the original filing, the CEO and CFO concluded that our disclosure controls and procedures were not effective as of June 30, 2022 as the company did not design and maintain effective formal policies and procedures over information being communicated by the IT function and the legal and compliance function to those responsible for governance, including the CEO and CFO, to allow timely decisions related to both financial reporting, as further described below, and other non-financial reporting in the reports that the company files or submits under the Exchange Act.
The company did not design and maintain effective formal policies and procedures to ensure appropriate information is communicated from the IT function and the legal and compliance function to the accounting function and those responsible for governance on a timely basis so as to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. These material weaknesses did not result in a misstatement of the company’s financial statements, however, they could have resulted in misstatements of interim or annual consolidated financial statements and disclosures that would result in a material misstatement that would not be prevented or detected.
Notwithstanding such material weaknesses, the CEO and CFO have concluded that the company’s consolidated financial statements included in the Quarterly Report were fairly stated in all material respects in accordance with generally accepted accounting principles in the United States of America for each of the periods presented.
Plan for Remediation of Material Weaknesses
Management is actively engaged in the planning for, and implementation of, remediation efforts to address the material weaknesses in the company’s disclosure controls and procedures and internal control over financial reporting identified above. Management intends to implement remediation steps, including the following:
| • | The company will enhance its written policy regarding information escalation for cyber-incidents. In addition, the company completed an assessment of staffing within the company’s incident response team. |
| • | The company will enhance its disclosure committee (the Disclosure Committee) and the disclosure working group that supports the Disclosure Committee. |
| • | The company will require all direct reports to the CEO to confirm that they have made the Disclosure Committee aware of any matters under their purview that the Disclosure Committee should be considering in advance of applicable SEC filings. |
| • | The company will provide training and policies (including any policy revisions) to non-finance executives regarding escalation of significant matters related to SEC reporting requirements. |
| • | Procedures will be drafted to address the proper handling of information so that the Security & Risk Committee and Audit Committee are properly informed. |
| • | Management has revised its Speak Up Policy to make all associates aware that they have direct access to, and may approach, company executives and the Board of Directors, and that they have access to the company’s whistleblower hotline. |
Management believes the measures described above and others that have been, or may be, implemented will remediate the material weaknesses that we have identified. As management continues to evaluate and improve our disclosure controls and procedures and internal control over financial reporting, the company may decide to take additional measures to address control deficiencies or determine to modify, or in appropriate circumstances not to complete, certain of the remediation measures identified.
Changes in Internal Control Over Financial Reporting
No change in our internal control over financial reporting occurred during the quarter ended June 30, 2022, that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.
1
Table of Contents
Part II - OTHER INFORMATION
Item 1A. Risk Factors
There have been no significant changes to the “Risk Factors” in Part I, Item 1A of the company’s 2021 Form 10-K filed with the SEC on February 22, 2022, except for the following:
We have identified material weaknesses in our disclosure controls and procedures and internal control over financial reporting. Failure to remediate the material weaknesses or any other material weaknesses that we identify in the future could result in material misstatements in our financial statements.
Pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, as amended, our management is required to report on, and our independent registered public accounting firm is required to attest to, the effectiveness of our internal control over financial reporting. The rules governing the standards that must be met for management to assess our internal control over financial reporting are complex and require significant documentation, testing and possible remediation. Annually, we perform activities that include reviewing, documenting and testing our internal control over financial reporting. In addition, if we fail to maintain the adequacy of our internal control over financial reporting, we will not be able to conclude on an ongoing basis that we have effective internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act of 2002. If we fail to achieve and maintain an effective internal control environment, we could suffer misstatements in our financial statements and fail to meet our reporting obligations, which would likely cause investors to lose confidence in our reported financial information. This could result in significant expenses to remediate any internal control deficiencies and lead to a decline in our stock price.
Subsequent to the original filing, following an investigation by the company’s Audit & Finance Committee (Audit Committee) into the company’s internal control environment, the company has reevaluated the effectiveness of the company’s disclosure controls and procedures and internal control over financial reporting and identified material weaknesses in the company’s disclosure controls and procedures and internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis. Our management may be unable to conclude in future periods that our disclosure controls and procedures are effective due to the effects of various factors, which may, in part, include unremediated material weaknesses in internal control over financial reporting. For further discussion of the material weaknesses, see Item 4, Controls and Procedures.
Management is committed to maintaining a strong internal control environment and believes its remediation efforts will represent an improvement in existing controls. Management anticipates that the new controls, as implemented and when tested for a sufficient period of time, will remediate the material weaknesses. We may not be successful in promptly remediating the material weaknesses identified by management, or be able to identify and remediate additional control deficiencies, including material weaknesses, in the future. If not remediated, our failure to establish and maintain effective disclosure controls and procedures and internal control over financial reporting could result in material misstatements in our financial statements and a failure to meet our reporting and financial obligations, each of which could have a material adverse effect on our financial condition and the trading price of our common stock.
The company has received, and may receive in the future, regulatory, investigative and enforcement inquiries, subpoenas or demands arising from, related to, or in connection with these matters. Professional costs resulting from the investigation that resulted in the identification of the material weaknesses have been significant and are expected to continue to be significant, in particular if litigation costs relating to these regulatory, investigative and enforcement inquiries, subpoenas and demands grow. Although we believe that no significant business has been lost to date, it is possible that a change in the perceptions of our business partners could occur as a result of the investigation and the material weaknesses. In addition, as a result of the investigation and remediation efforts, certain operational changes have occurred and may continue to occur in the future. Any or all of these impacts based on the findings of the investigation and related matters and the surrounding circumstances could exacerbate the other risks described herein and directly or indirectly have a material adverse effect on our operations and/or financial performance.
Cybersecurity incidents could result in the company incurring significant costs and could harm the company’s business and reputation.
The company’s business includes managing, processing, storing and transmitting proprietary and confidential data, including personal information, intellectual property and proprietary business information, within the company’s own IT systems and those that the company designs, develops, hosts or manages for clients. These systems are critical to the company’s business activities, and shutdowns or disruptions of, and cybersecurity attacks on, these systems pose increasing risks. Cybersecurity incidents and network security incidents may include, but are not limited to, attempts to access or unauthorized access of information, exploitation of vulnerabilities (including those of third-party software or systems), computer viruses, ransomware, denial of service and other electronic security incidents. Attacks also include social engineering and cyber extortion to induce customers, contractors, business partners, vendors, employees and other third parties to disclose information, transfer funds, or unwittingly provide access to systems or data. Cyberattacks from computer hackers and cyber criminals and other malicious internet-based activity continue to increase generally, and the company’s services and systems, including the systems of the company’s outsourced service providers, have been and may in the future continue to be the target of various forms of cybersecurity incidents such as DNS attacks, wireless network attacks, viruses and worms, malicious software, ransomware, cyber extortion, misconfigurations, supply chain attacks, application centric attacks, peer-to-peer attacks, phishing attempts, backdoor trojans and distributed denial of service attacks.
2
Table of Contents
The techniques used by computer hackers and cyber criminals to obtain unauthorized access to data or to sabotage computer systems change frequently and are growing in sophistication, and these new techniques generally are not detected until after an incident has occurred. Cybersecurity incidents involving the company’s systems, despite established security controls, could result in disruption of the company’s services, misappropriation, misuse, alteration, theft, loss, corruption, leakage, falsification, and accidental or premature release or improper disclosure or misuse of confidential or other information, including intellectual property and personal information (of the company, third parties, employees, clients or others). The company could be exposed to liability, litigation, and regulatory or other government action, as well as the loss of existing or potential customers, damage to the company’s brand and reputation, damage to the company’s competitive position, and other financial loss, any of which could have a material adverse effect on the company’s business, financial condition and results of operations. In addition, the cost and operational consequences of responding to cybersecurity incidents and implementing remediation measures could be significant. In the company’s industry, security vulnerabilities are increasingly discovered, publicized and exploited across a broad range of hardware, software or other infrastructure, elevating the risk of attacks and the potential cost of response and remediation for the company.
Although the company continuously takes significant steps to mitigate cybersecurity risk across a range of functions, such measures can never eliminate the risk entirely or provide absolute security, and the company has experienced and expects to continue to experience cyberattacks on its information systems. While there have not been cybersecurity incidents or vulnerabilities that have had a material adverse effect on the company, there is no assurance that there will not be cybersecurity incidents or vulnerabilities that will have a material adverse effect in the future.
CAUTIONARY STATEMENT PURSUANT TO THE U.S. PRIVATE SECURITIES LITIGATION REFORM ACT OF 1995
Risks and uncertainties that could cause the company’s future results to differ materially from those expressed in “forward-looking” statements include:
Implementation of Business Strategy in Information Technology Market
| • | our ability to attract and retain experienced personnel in key positions; |
| • | our ability to grow revenue and expand margin in our Digital Workplace Solutions and Cloud, Applications & Infrastructure Solutions businesses; |
| • | our ability to maintain our installed base and sell new solutions and related services; |
| • | the business and financial risk in implementing acquisitions or dispositions; |
| • | the potential adverse effects of aggressive competition in the information services and technology market; |
| • | our ability to effectively anticipate and respond to rapid technological innovation in our industry; |
| • | our ability to retain significant clients and attract new clients; |
| • | our contracts may not be as profitable as expected or provide the expected level of revenues; |
| • | our ability to develop or acquire the capabilities to enhance the company’s solutions; |
Defined Benefit Pension Plans
| • | we have significant underfunded pension obligations; |
General Business Risks
| • | the impact of the Audit & Finance Committee’s investigation; |
| • | the impact of management’s conclusion, in consultation with the Audit & Finance Committee, that material weaknesses existed in our disclosure controls and procedures and internal control over financial reporting; |
| • | the evaluation and implementation of remediation efforts designed and implemented to enhance our control environment; |
| • | the potential identification of one or more additional material weaknesses in our internal control over financial reporting of which we are not currently aware or that have not been detected; |
| • | the impact of COVID-19 on our business, growth, reputation, projections, financial condition, operations, cash flows and liquidity; |
| • | the performance and capabilities of third parties with whom we have commercial relationships; |
| • | cybersecurity incidents could result in incurring significant costs and could harm our business and reputation; |
| • | a failure to meet standards or expectations with respect to the company’s environmental, social and governance practices; |
| • | the risks of doing business internationally when a significant portion of our revenue is derived from international operations; |
| • | our ability to access financing markets; |
| • | a reduction in our credit rating; |
3
Table of Contents
| • | the adverse effects of global economic conditions, acts of war, terrorism, natural disasters or the widespread outbreak of infectious diseases; |
| • | a significant disruption in our IT systems could adversely affect our business and reputation; |
| • | we may face damage to our reputation or legal liability if our clients are not satisfied with our services or products; |
| • | the potential for intellectual property infringement claims to be asserted against us or our clients; |
| • | the possibility that legal proceedings could affect our results of operations or cash flow or may adversely affect our business or reputation; and |
Tax Assets
| • | our ability to use our net operating loss carryforwards and certain other tax attributes may be limited. |
Other factors discussed in this report, although not listed here, also could materially affect our future results.
4
Table of Contents
Item 6. Exhibits
See Exhibit Index
EXHIBIT INDEX
5
Table of Contents
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
| UNISYS CORPORATION | ||||||
| Date: November 23, 2022 | By: | /s/ Peter A. Altabef | ||||
| Peter A. Altabef | ||||||
| Chair and Chief Executive Officer | ||||||
| (principal executive officer) | ||||||
6
Exhibit 31.1
CERTIFICATION
I, Peter A. Altabef, certify that:
1. I have reviewed this quarterly report on Form 10-Q/A of Unisys Corporation;
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4. The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
c. Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d. Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and
5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and
b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting.
Date: November 23, 2022
|
|
/s/ Peter A. Altabef | |
| Name: | Peter A. Altabef | |
| Title: | Chair and Chief Executive Officer |
Exhibit 31.2
CERTIFICATION
I, Debra McCann, certify that:
1. I have reviewed this quarterly report on Form 10-Q/A of Unisys Corporation;
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4. The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
c. Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d. Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and
5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and
b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting.
Date: November 23, 2022
|
|
/s/ Debra McCann | |
| Name: | Debra McCann | |
| Title: | Executive Vice President and Chief Financial Officer |
Exhibit 32.1
CERTIFICATION OF PERIODIC REPORT
I, Peter A. Altabef, Chair and Chief Executive Officer of Unisys Corporation (the “Company”), certify, pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, 18 U.S.C. Section 1350, that:
(1) the Quarterly Report on Form 10-Q/A of the Company for the quarterly period ended June 30, 2022 (the “Report”) fully complies with the requirements of Section 13(a) -or Section 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m); and
(2) the information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
Date: November 23, 2022
| /s/ Peter A. Altabef |
| Peter A. Altabef |
| Chair and Chief Executive Officer |
A signed original of this written statement required by Section 906 has been provided to the Company and will be retained by the Company and furnished to the Securities and Exchange Commission or its staff upon request.
Exhibit 32.2
CERTIFICATION OF PERIODIC REPORT
I, Debra McCann, Executive Vice President and Chief Financial Officer of Unisys Corporation (the “Company”), certify, pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, 18 U.S.C. Section 1350, that:
(1) the Quarterly Report on Form 10-Q/A of the Company for the quarterly period ended June 30, 2022 (the “Report”) fully complies with the requirements of Section 13(a) -or Section 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m); and
(2) the information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
Date: November 23, 2022
| /s/ Debra McCann |
| Debra McCann |
| Executive Vice President and Chief Financial Officer |
A signed original of this written statement required by Section 906 has been provided to the Company and will be retained by the Company and furnished to the Securities and Exchange Commission or its staff upon request.