Two Step's Private Company Equity Management Blog

I'd like to share with our Corporate Focus and Equity Focus users three great resources that I recommend for equity planning, equity transactions, and understanding equity instruments. Our customers have used all of these, and I want to make sure the Two Step community is aware of them. This is Part 2 of a three-part series.

If you're looking to create a virtual deal room for your next equity transaction, you'll want to check out Firmex: www.firmex.com. This is a SaaS deal room application that has been used by many of our law firm customers for transactions of all sizes. Firmex features a unique "all you can eat" pricing model that allows you an unlimited number of deal rooms. If you're a law firm with a lot of clients that do equity or M&A transactions, Firmex can be very attractive - and even better, your ROI increases the more you use it. You can even private-label the application to reflect the branding of your firm's website.

The Firmex website says:

"With its virtual data room solutions, Firmex helps organizations securely share confidential information and collaborate online. Since 2006, Firmex has been licensing its on-demand virtual data room technology for corporate transactions, contract management, litigation, governance and compliance. Firmex focuses on delivering highly secure, reliable, fast and intuitive document-sharing technology with top-tier, 24/7/365 support and security."

When comparing the tool to other options, one Firmex law firm client says: "Firmex allows us to provide a valuable service to our clients at a significantly lower price than other third-party providers. The features, functionality and reliability of Firmex rival or exceed other providers and the customer service is excellent."

If you're doing equity transactions of any type and need a virtual deal room, take a look at Firmex. They'll get you up and running fast - and help you make a winning impression on your clients.

And here's more good news: with the export feature in Corporate Focus, it's easier than ever to move large collections of entity, ownership, governance and compliance documents from Corporate Focus to Firmex and meet the tight deadlines of your next due diligence request.

I recently read an article in Mass High Tech magazine called, "From Know-How to Know-Who." It posed the question of whether knowledge management (KM) is really about the knowledge that resides in a document or file - or if it's more about the knowledge had by the people within an organization who are familiar with a specific matter or transaction.

The article then goes on to consider why so many organizations have not yet implemented knowledge management systems. It cites the opinion of Tom Shoemaker, a Vice President at Parametric Technology Corp., who contends that the main reason a company doesn't have a KM system in place is because it talked itself out of one. Shoemaker says, "I would suggest that sometimes companies have sized themselves out of the market. They may have said, 'We are a small business and the amount of files we are creating doesn't really lend itself to needing some sort of management system.'" But, he insists, "There is no reason not to have knowledge management in place, no matter your size."

The Mass High Tech piece also quotes Brian Hill, a senior analyst with Forrester Research, Inc., who agrees that size shouldn't matter when it comes to knowledge management: "Most organizations should have a system in place, not only to mitigate legal risk ... but most importantly, to capture real business benefit." Hill says that if more information can be made available at a moment's notice to an employee, the better the chance that a truly informed decision can be made, or even a serendipitous connection discovered.

A similar point is made by one of our Corporate Focus customers, Christopher Howard, head of the business practice group at Pierce Atwood, LLP, when he talks about the "art of practicing good corporate hygiene." He says, "I call it 'corporate hygiene' because it's like brushing your teeth or having an annual physical. The reason you keep corporate records to begin with is that every entity is going to need to access them at some point. At the end of the day, if you accept the responsibility of keeping client records, then why wouldn't you keep them in the best, most efficient manner possible? It's a function of good corporate hygiene and it's a function of risk management."

Howard explains that the compelling benefits are not just for the firm, but extend to the firm's clients as well: "It's worked out really well for a number of our clients who have direct, self-service access to the information on a read-only basis. The return to them is it increases their internal productivity and gives them a sense of confidence that they have record-keeping under control. For our clients, ultimately, their costs are lower and the efficiency with which they can close transactions is higher. A) They get it done, which is most important. B) They get it done less expensively. That's real value."

In the end, I've drawn my own conclusion: it doesn't really matter whether knowledge is based on documents and information or the people who understand the documents and information. The key is making this knowledge readily available to those who need it, when they need it. Regardless of its size, a business and its clients can draw significant benefits from a centralized, online knowledge management system - not the least of which are greater productivity, better decision-making, and improved risk management.

Imagine having a single source for fast, accurate answers to your entity management, ownership administration, and corporate compliance questions, 24/7. Then take a look at Corporate Focus to learn more about this and other benefits an entity life-cycle knowledge management system could bring to your organization.

I'm often asked this question by lawyers interested in using Corporate Focus to improve equity management and corporate compliance tracking for their clients: When is the right time to start? Are we too early? Are we too late? Are we right on time?

To help answer these questions, I'd like to tell you about three very different law firms I met with just this past week.

The Small Firm: The first one is a sole practitioner who just left the largest law firm in the world a few months ago; he had used Corporate Focus for his client tracking for several years. This lawyer only has 5-10 clients to put in the system, but these clients represent the vast majority of his revenues. He wants to give them outstanding value for every dollar billed. And he knows that direct access to their data will impress them--and make them feel like they're still getting the same top-notch service they enjoyed at the mega-firm where he previously worked.

The Big Firm: The second is the largest law firm in one Northeastern state where they have over 1,000 corporate minute books they've been tracking for their clients for years. This firm would love to be more efficient when they do their client work--and they'd like to provide clients with direct access to their information. However, with so many minute books (and about 5-10 people that would be forced to change the way they track their clients' data), the project seems a bit overwhelming. They're not quite sure how to get started. They had looked at getting Corporate Focus a few years ago, but decided to postpone it until a "better time" rolled around. At the same time, this prestigious firm wouldn't like their clients to know that their paralegal goes through a mad scramble to calculate ownership information and even to locate minute book documents.

The Medium Firm: The third firm has about 50 attorneys, is the leading business law firm in an exciting region of the West coast, and tracks about 200 client minute books. One of the paralegals present at my meeting was working on a closing recently and the paralegal on the other side of the table asked her colleague how she printed the 45 stock certificates. After hearing the groan from the first paralegal, the other recommended Corporate Focus and said she can print 45 stock certificates in less than 15 minutes without any errors. The first paralegal brightened instantly and she got approval to get started with Corporate Focus in the next few weeks.

Should You Standardize Now?

Imagine if you were an attorney at any one of these law firms. Do you think you should get Corporate Focus now--or later? What if you were a paralegal working for one of these firms? Or a client?

I frequently talk with lawyers who clearly see the value of Corporate Focus for their work and their clients, but they're just not sure if it's the "right time" to get it up and running. There's no question that moving to a consolidated online system for equity management and corporate compliance tracking will change the way you currently work. But change is often a good thing. Efficiency is critical when you are providing high-value services at high billing rates--and you don't want to waste any time on low-value work.

Take a look at the real-life examples above. Maybe they will help you decide if it makes sense for your firm to use a streamlined, centralized online system to better manage your clients' critical information.

If you're still not sure, ask yourself the question:

What would our clients and staff want us to do?

Over the past 15 years, we've helped hundreds of law firms make the move to a more efficient, accurate and collaborative way of working. We'd love to help yours get there, too.

How Corporate Focus Can Make Your Life Easier: Check out this list of 10 key problems that are quickly solved by Corporate Focus:

http://www.twostep.com/CFsolveproblems

We all know that CFOs and lawyers are not considered the most social bees of the bunch. But we do read the Wall Street Journal quotes that talk about how the CFO or General Counsel is concerned with “what’s in the best interests of the stockholders.” The same is true at venture-backed and other non-public companies.  Investors, board members and senior management want to know how their actions will affect their stockholders, whether they’re thinking about a new round of financing, a merger or acquisition, an IPO, or just granting more employee stock options.

So perhaps in some small way, capitalization tables just might be the perfect social networking, Web 2.0 application for the financial set. While it’s clearly not MySpace, Facebook or Twitter, in a venture-backed or employee-owned company, your “friends” are your fellow stockholders and investors, to a certain degree.  And you can understand who’s who simply by looking at the capitalization table. Because in the cold light of day, if they’re not on the cap table, you’re just not interested. And when there’s a small change, a new face, or an upcoming get-together, you want to be the first to know.

For many years, Two Step Software has been hearing from customers who tell us that creating up-to-date, fully-diluted capitalization tables is a time-consuming and complex challenge, normally done at the last minute before a board meeting or potential transaction. We’ve helped thousands of companies convert that challenge into a couple of clicks, with the ownership and governance information for more than 100,000 companies now tracked in our software applications.

However, over the past 6-12 months, we’ve noticed a trend whereby CFOs are clearly looking for better ways to work with their law firms, auditors and other service providers when it comes to stockholder and option plan management. It’s always the convertible or ownership instruments with some type of vesting that cause the most difficulties. In the past, each person maintained their own copy of the capitalization table on their own set of spreadsheets, hoping to get timely updates from the others and incorporate the changes as needed.  But there’s no question that this method was time-consuming, error-prone, and inefficient.

What seems to drive the new focus on working together more efficiently are the accounting requirements of equity compensation reporting under FAS 123R. Under the new rules, there is no longer a practical way to separate out stock option administration, stockholder tracking and equity compensation reporting, since every change potentially triggers an accounting update. Option grants, vesting events, cancellations, forfeitures, exercises, and terminations all have an effect on expense amortization. Therefore, to a greater degree, administration and expense recognition must be on a record-by-record basis (rather than grouped by grants on a specific date, as in the past). There must be more coordination between stock and option administration and equity compensation reporting. Now more than ever, it matters how and who is tracking the option grants, exercises, and cancellations as well as the stock issuances related to employee exercises.

At a recent Two Step webinar entitled “Making Stock Option Reporting Easier for Lawyers and Their CFO Clients” which was attended by over 100 CFOs and legal professionals, more than 40% of those responding to a poll indicated their law firm does all or some of the stock and option administration. To a follow-up poll, over 65% of the respondents indicated that it’s difficult to coordinate between the law firm and the finance department of the company or that the process is too manual.
   
To illustrate this point, Two Step prepared a case study of one of its Silicon Valley, high-tech customers, Iconix Inc. Iconix indicated that by moving their stock and option administration and accounting to a central location—through the use of our on-demand application, Equity Focus, and by improving the collaboration and coordination process with their law firm—they were able to save $600 per option grant in legal fees, thousands of dollars in audit fees, and numerous hours of CFO time.

The simple lessons we’ve learned from our customers are:

1. Avoid Multiple Copies: Transferring spreadsheets between parties is inefficient, error-prone and frowned upon by auditors and boards of directors.
2. Connect the Data: Equity compensation valuation and expensing must be dynamically connected to stock and option administration.
3. Update In Real Time: All data changes must update reports and capitalization tables in real time to avoid errors or delays in decision making.
4. Make It Easy to Share: The information and documents that support the capitalization tables should be stored in a central location with easy, browser-based access for authorized parties.
5. Document Your Process: The responsibilities of each party in the stock plan administration and equity compensation reporting process must be managed effectively and set forth in a written game plan.

These five lessons are very easy to implement for any company willing to take the time to consider their game plan. Think of all the hours you’ve wasted in the past. By investing a few hours in planning the information management process for stock plan administration, equity compensation reporting and total capitalization management, you can save hours of CFO time and thousands of dollars in legal and audit fees. In the end, capitalization and equity compensation information flows directly into your company’s financial reporting. From a control perspective, getting it right is the smart thing to do—and it’s more important than ever under the new risk assessment audit standards.

Not to mention, with all the time saved, you can get home earlier to work on your Facebook page.

At a recent Two Step webinar, Craig Newfield, Vice President and General Counsel of Gomez, Inc., and Mark Martines, Executive Vice President and General Counsel of Jenzabar, Inc., presented an excellent framework for improving and assessing legal compliance at venture-backed, high-tech companies.

At these types of companies, there is inherently a tension between activities that increase sales and profits and those that improve legal compliance since they each naturally compete for limited resources. The unstated question that tends to exist in some form is something like: “Should we take the time to improve our stock option approval process if that is going to take time away from negotiating a sales contract?” Or, “Should we formalize our development processes to insure that shareware that is used in our code is used in compliance with the specific license agreements?”

Those are the types of real questions that growing technology companies face every day as they grant new options or develop new code and where the problems faced by careless compliance will not be apparent until due diligence begins for the next round of investment or an acquisition. But, if compliance issues are uncovered, they can throw a monkey wrench into a deal just when you were hoping everything would go smoothly and not increase the level of scrutiny by the investor’s team of lawyers, accountants, and technology detectives.

The panel discussed the compliance benefits related to both enterprise risk reduction and value creation:

• Reduced risk of errors and irregularities
• Minimized risk of fraud
• Reduced risk of litigation
• Reduced costs of operational inefficiencies
• Minimized due diligence risks
• Increased regulatory compliance
• Improved contractual relationships
• Improved operational efficiencies
• Increased credibility with stakeholders
• Maximized value of the business

But, where do you start? The presentation quoted Richard Steinberg of Steinberg Governance Advisors and the former corporate governance practice leader at PwC for his recommendation to ask the right questions:

• What are the most significant risks facing the company?
• What are we doing about them?
• Are our senior management and directors apprised of all material risks?

And how to you get the right answers? The panel suggested requiring senior management and those who report to them to sign “Section 302-like” certificates that certify to legal compliance and appropriate internal controls as far as their respective business activities and information that flows up to the financial reports. Guidance can be found in Sarbanes-Oxley and the COSO framework, but it must be used appropriately since neither are a requirement for non-public companies.

The five sections that make up a typical compliance scorecard and were discussed in the webinar with real-life examples from their experience are:

• Corporate Governance
• Fraud Prevention
• Records Management
• Protection of Assets
• Compliance with Laws

While their perspective was based on their own experience at venture-backed, technology companies, certainly the compliance framework that they developed could be used by any company that is not required to comply with Sarbanes-Oxley.

Although compliance remains challenging and can be a complex balancing act, the lessons learned from companies that have been through the investment and acquisition process are that a well thought out framework and an appropriate level of effort as applied to the unique circumstances of each organization will provide an excellent ROI whether measured by risk avoidance or enterprise productivity.

The recorded version of the webinar and the related white papers are available here.

Talking with hundreds of companies over the past year about our stock plan and corporate governance applications, we've seen the "tectonic shift" that some analysts have referred to with regard to the acceptance of SaaS applications in the business application market. Even Bill Gates has referred to it as a "sea change" that has arrived and the Microsoft Chief Software Architect, Ray Ozzie, has been pushing it as inevitable. Perhaps the change in attitude started with Salesforce.com and Google Apps, with a slight nudge from Youtube, Facebook, and Craig's List, but it has clearly arrived. Having watched the change in attitudes and acceptance from real buyers between the beginning of 2007 and today, I wondered what has accounted for the shift in the acceptance of online applications by somewhat conservative business, financial and legal executives who are generally not technology "early adopters."

The primary impetus is that most internal IT executives, the ones that need to make the decision on whether to sign off on a new SaaS application, now are proponents of hosted applications and agree that in most cases SaaS applications have as good or better systems infrastructure as they could provide for their own internally installed applications. But, what is the cause of their shift in attitudes between 2006 and 2007? Infrastructure improvements.

First, the bar has been raised for the standard offerings from the top hosting providers that now offer a level of reliability, redundancy, security, and data backup that is difficult for a single company to match. Second, the bar has been raised for software application providers so that every enterprise level business application must offer an infrastructure that is properly configured, tested and hosted at a leading hosting provider. There is no longer any excuse for downtime from a SaaS provider of mission critical business applications. Whether you are Salesforce.com, RIM Blackberry, or Two Step Software, customers expect the same standard for service level agreements and zero downtime. Not to say it can't happen despite the highest levels of technology diligence, as we have experienced from almost every one of Two Step's SaaS providers, but every step should be taken to reduce the risk.

There are five basic areas to think about when looking at a SaaS provider:

1. Security: Physical on-premise security; personnel selection; user authentication; and preventing unauthorized access
2. Redundancy: power supplies; internet access; hardware, and failover systems
3. Monitoring: 24/7 application, server, network, and user access
4. Data Back Up: Daily and intermittent on-site and off-site backups
5. Getting Your Data: Retrieval of data when service ends

For instance, at Two Step Software, we use one of the nation's leading managed hosting providers that offers a zero downtime guarantee and provides a level of physical, operational, and system security that would be difficult for any business to match. (see: http://www.twostep.com/solutions/install_options.asp) It's like your own systems, on steroids with redundant internet access, back-up power supplies, physical and online access security, redundant hardware as well as back up inventory, 24/7 monitoring, and daily data backups.

We believe that once you find an application that satisfies your business requirements, you shouldn't have to worry about the application hosting infrastructure. Let your SaaS provider focus on the details of delivering a reliable and high performance infrastructure so you can focus on your business needs. Although you can't take a walk through your SaaS vendor's hosting location, look for a SaaS provider with an excellent reputation and one that offers a technical infrastructure that you feel is superior to your own. Then, rest easy.

On September 10, 2007, the IRS issued Notice 2007-78,which permits taxpayers to bring nonqualified deferred compensation plans into documentary compliance with Section 409A of the Internal Revenue Code and the final regulations issued there under. Since the penalties for failing to satisfy Sec. 409A are extremely costly to both employers and employees, we encourage our readers to immediately seek legal counsel and to do their best in the next 90 days to insure their plans satisfy the requirements which are complicated and onerous. Under the final regulations issued April 10, 2007, the effective date for non-qualified deferred compensation plans and arrangements remains January 1, 2008.

Are you struggling with the challenges brought on by Financial Accounting Statement 123(R)?  If you are, you’re not alone.

Ever since the collapse of Enron and the 2002 implementation of Sarbanes-Oxley, auditors and investors are looking at companies' corporate compliance practices with a fine tooth comb.  This has only been heightened by stock option backdating scandals and executive compensation reform.  And, while there have been articles and seminars on corporate compliance ad nauseam, last week, an article in the Boston Business Journal's Corporate Compliance section entitled "For small business, procrastination is a risky option," did an usually good job of highlighting the most important aspects of corporate compliance for privately-held companies by focusing on four basic steps for implementing a fraud prevention program.  Kudos to Nancy G. Brown, an attorney at the Ohio law firm of Taft, Stettinius & Hollister LLP, for clearly articulating these steps that private businesses of any size should take at a minimum to improve their corporate compliance programs.  If you want to start with the highest ROI, why not start with those steps that can help to keep your officers and directors out of jail?

The four fraud prevention steps are:

1. Create a Code of Business Conduct and Ethics;
2. Implement a Whistleblower Protection Program;
3. Adopt a Document Retention Policy; and
4. Develop a Corporate Compliance and Ethics Program (based on the Federal Sentencing Guidelines).

This article is consistent with the online webinars Two Step Software has been offering since 2005 called "Corporate Governance in Three Easy Steps: Using Sarbanes-Lite as a Framework."  The BBJ article focused primarily on what we refer to as the first of three steps, Fraud Prevention.  Since it's the one most likely to land the officers and directors of a privately-held company in jail, it's the right place to start.  The other two steps that we recommend focus on corporate governance and internal controls. 

As Brown points out in the BBJ article, Sarbanes-Oxley applies to all companies when it comes to knowingly destroying documents with the intent to obstruct or interfere with an investigation or retaliating against an employee who provides information to the government about a possible violation of federal law.  Also, she recommends using the seven criteria in the Federal Sentencing Guidelines to create a corporate compliance program that will reduce the likelihood of prosecution and shorten potential sentences.  These guidelines were updated at the end of 2004 to add that a company's officers and directors must create and promote a culture of ethical behavior and knowledgeable compliance with the law. 

This article emphasizes that good corporate governance is not just a high-priced luxury for privately-held companies.  First, it's not as "high priced" as many companies imagine since all of these requirements can be implemented with limited legal counsel or by downloading templates from the internet.  Second, the payoff is always very high when you are trying to prevent fraud and avoid criminal prosecution. 

As Brown summarizes: "If legal compliance sounds burdensome, keep in mind that an effective corporate compliance program's real value is in preventing illegal conduct and creating an ethical culture that will benefit the company over the long term."  Best of all, it reduces the potential liability for your officers and directors, lowers the risks associated with obtaining financing, and increases the value of an enterprise to a potential acquirer.