Two Step's Private Company Equity Management Blog

We all know that CFOs and lawyers are not considered the most social bees of the bunch. But we do read the Wall Street Journal quotes that talk about how the CFO or General Counsel is concerned with “what’s in the best interests of the stockholders.” The same is true at venture-backed and other non-public companies.  Investors, board members and senior management want to know how their actions will affect their stockholders, whether they’re thinking about a new round of financing, a merger or acquisition, an IPO, or just granting more employee stock options.

So perhaps in some small way, capitalization tables just might be the perfect social networking, Web 2.0 application for the financial set. While it’s clearly not MySpace, Facebook or Twitter, in a venture-backed or employee-owned company, your “friends” are your fellow stockholders and investors, to a certain degree.  And you can understand who’s who simply by looking at the capitalization table. Because in the cold light of day, if they’re not on the cap table, you’re just not interested. And when there’s a small change, a new face, or an upcoming get-together, you want to be the first to know.

For many years, Two Step Software has been hearing from customers who tell us that creating up-to-date, fully-diluted capitalization tables is a time-consuming and complex challenge, normally done at the last minute before a board meeting or potential transaction. We’ve helped thousands of companies convert that challenge into a couple of clicks, with the ownership and governance information for more than 100,000 companies now tracked in our software applications.

However, over the past 6-12 months, we’ve noticed a trend whereby CFOs are clearly looking for better ways to work with their law firms, auditors and other service providers when it comes to stockholder and option plan management. It’s always the convertible or ownership instruments with some type of vesting that cause the most difficulties. In the past, each person maintained their own copy of the capitalization table on their own set of spreadsheets, hoping to get timely updates from the others and incorporate the changes as needed.  But there’s no question that this method was time-consuming, error-prone, and inefficient.

What seems to drive the new focus on working together more efficiently are the accounting requirements of equity compensation reporting under FAS 123R. Under the new rules, there is no longer a practical way to separate out stock option administration, stockholder tracking and equity compensation reporting, since every change potentially triggers an accounting update. Option grants, vesting events, cancellations, forfeitures, exercises, and terminations all have an effect on expense amortization. Therefore, to a greater degree, administration and expense recognition must be on a record-by-record basis (rather than grouped by grants on a specific date, as in the past). There must be more coordination between stock and option administration and equity compensation reporting. Now more than ever, it matters how and who is tracking the option grants, exercises, and cancellations as well as the stock issuances related to employee exercises.

At a recent Two Step webinar entitled “Making Stock Option Reporting Easier for Lawyers and Their CFO Clients” which was attended by over 100 CFOs and legal professionals, more than 40% of those responding to a poll indicated their law firm does all or some of the stock and option administration. To a follow-up poll, over 65% of the respondents indicated that it’s difficult to coordinate between the law firm and the finance department of the company or that the process is too manual.
   
To illustrate this point, Two Step prepared a case study of one of its Silicon Valley, high-tech customers, Iconix Inc. Iconix indicated that by moving their stock and option administration and accounting to a central location—through the use of our on-demand application, Equity Focus, and by improving the collaboration and coordination process with their law firm—they were able to save $600 per option grant in legal fees, thousands of dollars in audit fees, and numerous hours of CFO time.

The simple lessons we’ve learned from our customers are:

1. Avoid Multiple Copies: Transferring spreadsheets between parties is inefficient, error-prone and frowned upon by auditors and boards of directors.
2. Connect the Data: Equity compensation valuation and expensing must be dynamically connected to stock and option administration.
3. Update In Real Time: All data changes must update reports and capitalization tables in real time to avoid errors or delays in decision making.
4. Make It Easy to Share: The information and documents that support the capitalization tables should be stored in a central location with easy, browser-based access for authorized parties.
5. Document Your Process: The responsibilities of each party in the stock plan administration and equity compensation reporting process must be managed effectively and set forth in a written game plan.

These five lessons are very easy to implement for any company willing to take the time to consider their game plan. Think of all the hours you’ve wasted in the past. By investing a few hours in planning the information management process for stock plan administration, equity compensation reporting and total capitalization management, you can save hours of CFO time and thousands of dollars in legal and audit fees. In the end, capitalization and equity compensation information flows directly into your company’s financial reporting. From a control perspective, getting it right is the smart thing to do—and it’s more important than ever under the new risk assessment audit standards.

Not to mention, with all the time saved, you can get home earlier to work on your Facebook page.

At a recent Two Step webinar, Craig Newfield, Vice President and General Counsel of Gomez, Inc., and Mark Martines, Executive Vice President and General Counsel of Jenzabar, Inc., presented an excellent framework for improving and assessing legal compliance at venture-backed, high-tech companies.

At these types of companies, there is inherently a tension between activities that increase sales and profits and those that improve legal compliance since they each naturally compete for limited resources. The unstated question that tends to exist in some form is something like: “Should we take the time to improve our stock option approval process if that is going to take time away from negotiating a sales contract?” Or, “Should we formalize our development processes to insure that shareware that is used in our code is used in compliance with the specific license agreements?”

Those are the types of real questions that growing technology companies face every day as they grant new options or develop new code and where the problems faced by careless compliance will not be apparent until due diligence begins for the next round of investment or an acquisition. But, if compliance issues are uncovered, they can throw a monkey wrench into a deal just when you were hoping everything would go smoothly and not increase the level of scrutiny by the investor’s team of lawyers, accountants, and technology detectives.

The panel discussed the compliance benefits related to both enterprise risk reduction and value creation:

• Reduced risk of errors and irregularities
• Minimized risk of fraud
• Reduced risk of litigation
• Reduced costs of operational inefficiencies
• Minimized due diligence risks
• Increased regulatory compliance
• Improved contractual relationships
• Improved operational efficiencies
• Increased credibility with stakeholders
• Maximized value of the business

But, where do you start? The presentation quoted Richard Steinberg of Steinberg Governance Advisors and the former corporate governance practice leader at PwC for his recommendation to ask the right questions:

• What are the most significant risks facing the company?
• What are we doing about them?
• Are our senior management and directors apprised of all material risks?

And how to you get the right answers? The panel suggested requiring senior management and those who report to them to sign “Section 302-like” certificates that certify to legal compliance and appropriate internal controls as far as their respective business activities and information that flows up to the financial reports. Guidance can be found in Sarbanes-Oxley and the COSO framework, but it must be used appropriately since neither are a requirement for non-public companies.

The five sections that make up a typical compliance scorecard and were discussed in the webinar with real-life examples from their experience are:

• Corporate Governance
• Fraud Prevention
• Records Management
• Protection of Assets
• Compliance with Laws

While their perspective was based on their own experience at venture-backed, technology companies, certainly the compliance framework that they developed could be used by any company that is not required to comply with Sarbanes-Oxley.

Although compliance remains challenging and can be a complex balancing act, the lessons learned from companies that have been through the investment and acquisition process are that a well thought out framework and an appropriate level of effort as applied to the unique circumstances of each organization will provide an excellent ROI whether measured by risk avoidance or enterprise productivity.

The recorded version of the webinar and the related white papers are available here.

Talking with hundreds of companies over the past year about our stock plan and corporate governance applications, we've seen the "tectonic shift" that some analysts have referred to with regard to the acceptance of SaaS applications in the business application market. Even Bill Gates has referred to it as a "sea change" that has arrived and the Microsoft Chief Software Architect, Ray Ozzie, has been pushing it as inevitable. Perhaps the change in attitude started with Salesforce.com and Google Apps, with a slight nudge from Youtube, Facebook, and Craig's List, but it has clearly arrived. Having watched the change in attitudes and acceptance from real buyers between the beginning of 2007 and today, I wondered what has accounted for the shift in the acceptance of online applications by somewhat conservative business, financial and legal executives who are generally not technology "early adopters."

The primary impetus is that most internal IT executives, the ones that need to make the decision on whether to sign off on a new SaaS application, now are proponents of hosted applications and agree that in most cases SaaS applications have as good or better systems infrastructure as they could provide for their own internally installed applications. But, what is the cause of their shift in attitudes between 2006 and 2007? Infrastructure improvements.

First, the bar has been raised for the standard offerings from the top hosting providers that now offer a level of reliability, redundancy, security, and data backup that is difficult for a single company to match. Second, the bar has been raised for software application providers so that every enterprise level business application must offer an infrastructure that is properly configured, tested and hosted at a leading hosting provider. There is no longer any excuse for downtime from a SaaS provider of mission critical business applications. Whether you are Salesforce.com, RIM Blackberry, or Two Step Software, customers expect the same standard for service level agreements and zero downtime. Not to say it can't happen despite the highest levels of technology diligence, as we have experienced from almost every one of Two Step's SaaS providers, but every step should be taken to reduce the risk.

There are five basic areas to think about when looking at a SaaS provider:

1. Security: Physical on-premise security; personnel selection; user authentication; and preventing unauthorized access
2. Redundancy: power supplies; internet access; hardware, and failover systems
3. Monitoring: 24/7 application, server, network, and user access
4. Data Back Up: Daily and intermittent on-site and off-site backups
5. Getting Your Data: Retrieval of data when service ends

For instance, at Two Step Software, we use one of the nation's leading managed hosting providers that offers a zero downtime guarantee and provides a level of physical, operational, and system security that would be difficult for any business to match. (see: http://www.twostep.com/solutions/install_options.asp) It's like your own systems, on steroids with redundant internet access, back-up power supplies, physical and online access security, redundant hardware as well as back up inventory, 24/7 monitoring, and daily data backups.

We believe that once you find an application that satisfies your business requirements, you shouldn't have to worry about the application hosting infrastructure. Let your SaaS provider focus on the details of delivering a reliable and high performance infrastructure so you can focus on your business needs. Although you can't take a walk through your SaaS vendor's hosting location, look for a SaaS provider with an excellent reputation and one that offers a technical infrastructure that you feel is superior to your own. Then, rest easy.

On September 10, 2007, the IRS issued Notice 2007-78,which permits taxpayers to bring nonqualified deferred compensation plans into documentary compliance with Section 409A of the Internal Revenue Code and the final regulations issued there under. Since the penalties for failing to satisfy Sec. 409A are extremely costly to both employers and employees, we encourage our readers to immediately seek legal counsel and to do their best in the next 90 days to insure their plans satisfy the requirements which are complicated and onerous. Under the final regulations issued April 10, 2007, the effective date for non-qualified deferred compensation plans and arrangements remains January 1, 2008.

Are you struggling with the challenges brought on by Financial Accounting Statement 123(R)?  If you are, you’re not alone.

Ever since the collapse of Enron and the 2002 implementation of Sarbanes-Oxley, auditors and investors are looking at companies' corporate compliance practices with a fine tooth comb.  This has only been heightened by stock option backdating scandals and executive compensation reform.  And, while there have been articles and seminars on corporate compliance ad nauseam, last week, an article in the Boston Business Journal's Corporate Compliance section entitled "For small business, procrastination is a risky option," did an usually good job of highlighting the most important aspects of corporate compliance for privately-held companies by focusing on four basic steps for implementing a fraud prevention program.  Kudos to Nancy G. Brown, an attorney at the Ohio law firm of Taft, Stettinius & Hollister LLP, for clearly articulating these steps that private businesses of any size should take at a minimum to improve their corporate compliance programs.  If you want to start with the highest ROI, why not start with those steps that can help to keep your officers and directors out of jail?

The four fraud prevention steps are:

1. Create a Code of Business Conduct and Ethics;
2. Implement a Whistleblower Protection Program;
3. Adopt a Document Retention Policy; and
4. Develop a Corporate Compliance and Ethics Program (based on the Federal Sentencing Guidelines).

This article is consistent with the online webinars Two Step Software has been offering since 2005 called "Corporate Governance in Three Easy Steps: Using Sarbanes-Lite as a Framework."  The BBJ article focused primarily on what we refer to as the first of three steps, Fraud Prevention.  Since it's the one most likely to land the officers and directors of a privately-held company in jail, it's the right place to start.  The other two steps that we recommend focus on corporate governance and internal controls. 

As Brown points out in the BBJ article, Sarbanes-Oxley applies to all companies when it comes to knowingly destroying documents with the intent to obstruct or interfere with an investigation or retaliating against an employee who provides information to the government about a possible violation of federal law.  Also, she recommends using the seven criteria in the Federal Sentencing Guidelines to create a corporate compliance program that will reduce the likelihood of prosecution and shorten potential sentences.  These guidelines were updated at the end of 2004 to add that a company's officers and directors must create and promote a culture of ethical behavior and knowledgeable compliance with the law. 

This article emphasizes that good corporate governance is not just a high-priced luxury for privately-held companies.  First, it's not as "high priced" as many companies imagine since all of these requirements can be implemented with limited legal counsel or by downloading templates from the internet.  Second, the payoff is always very high when you are trying to prevent fraud and avoid criminal prosecution. 

As Brown summarizes: "If legal compliance sounds burdensome, keep in mind that an effective corporate compliance program's real value is in preventing illegal conduct and creating an ethical culture that will benefit the company over the long term."  Best of all, it reduces the potential liability for your officers and directors, lowers the risks associated with obtaining financing, and increases the value of an enterprise to a potential acquirer.