10-K 2017


UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C.20549

FORM 10-K

[X]ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2017.

[  ]TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from _____ to _____

Commission File Number: 000-27507

CYNERGISTEK, INC.

(Exact name of registrant as specified in its charter)

Delaware

37-1867101

(State or other jurisdiction of incorporation or organization)

(I.R.S. Employer
Identification No.)

27271 Las Ramblas, Suite 200, Mission Viejo, California 92691

(Address of principal executive offices) (Zip Code)

(949) 614-0700

(Registrant’s telephone number, including area code)

Securities registered under Section 12(b) of the Act:

Title of Class

Name of each exchange on which registered

Common Stock, $0.001 par value per share

NYSE American

Securities registered under Section 12(g) of the Act: None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes [  ] No [X]

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes [  ] No [X]

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.
Yes [X] No [  ]

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes [X] No [  ]

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  [  ]



Indicate by check mark whether the Registrant is a large accelerated filer, an accelerated filer, or a non-accelerated filer. See definition of “accelerated filer” and “large accelerated filer” in Rule 12b-2 of the Exchange Act.

Large accelerated filer  ¨

Accelerated filer  ¨

Non-accelerated filer  ¨

Smaller reporting company  ý

Emerging growth company  ¨

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act).
Yes [  ] No [X]

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standard provided pursuant to Section 13(a) of the Exchange Act.

The aggregate market value of the registrant’s common stock, $0.001 par value per share (“Common Stock”), held by non-affiliates of the registrant on June 30, 2017, the last business day of the registrant’s most recently completed second fiscal quarter, was approximately $35.0 million (based on the average bid price of the Common Stock on that date). Shares of Common Stock held by each officer and director and each person known to the registrant to own 10% or more of the outstanding voting securities of the registrant were excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not a determination for other purposes. The registrant has one class of securities, its Common Stock.  

As of March 22, 2018, the registrant had 9,576,028 shares of Common Stock outstanding.

DOCUMENTS INCORPORATED BY REFERENCE.

Part III incorporates by reference certain information from the registrant’s definitive proxy statement (the “Proxy Statement”) for the 2018 Annual Meeting of Stockholders to be filed on or before April 6, 2018.



CYNERGISTEK, INC.

ANNUAL REPORT ON FORM 10-K
FOR THE FISCAL YEAR ENDED DECEMBER 31, 2017

TABLE OF CONTENTS

Page

Cautionary Note Regarding Forward-Looking Statements

1

PART I

1

ITEM 1.

BUSINESS

1

ITEM 1A.

RISK FACTORS

4

ITEM 1B.

UNRESOLVED STAFF COMMENTS

12

ITEM 2.

PROPERTIES

12

ITEM 3.

LEGAL PROCEEDINGS

12

ITEM 4.

MINE SAFETY DISCLOSURES

12

PART II

13

ITEM 5.

MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

13

ITEM 6.

SELECTED FINANCIAL DATA

14

ITEM 7.

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

14

ITEM 7A.

QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

22

ITEM 8.

FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

22

ITEM 9.

CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE

22

ITEM 9A.

CONTROLS AND PROCEDURES

22

ITEM 9B.

OTHER INFORMATION

23

PART III

23

ITEM 10.

DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE

23

ITEM 11.

EXECUTIVE COMPENSATION

23

ITEM 12.

SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS

23

ITEM 13.

CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS AND DIRECTOR INDEPENDENCE

23

ITEM 14.

PRINCIPAL ACCOUNTING FEES AND SERVICES

24

PART IV

25

ITEM 15.

EXHIBITS, FINANCIAL STATEMENT SCHEDULES

28


i



Cautionary Note Regarding Forward-Looking Statements

From time to time, we and our representatives may provide information, whether orally or in writing, including certain statements in this Annual Report on Form 10-K (this “Annual Report”), which are deemed to be “forward-looking” within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), that concern matters that involve risks and uncertainties which could cause actual results to differ materially from those projected in the forward-looking statements. These forward-looking statements are intended to qualify for the safe harbor from liability established by the Private Securities Litigation Reform Act of 1995 (the “Litigation Reform Act”) and are based on our beliefs as well as assumptions made by us using information currently available. All statements other than statements of historical fact contained in this Annual Report, including statements regarding future events, our future financial performance, our future business strategy and the plans and objectives of management for future operations, are forward-looking statements. The words “anticipate,” “believe,” “estimate,” “expect,” “intend,” “will,” “should” and similar expressions, as they relate to us, are intended to identify forward-looking statements. Such statements reflect our current views with respect to future events and are subject to certain risks, uncertainties and assumptions. Should one or more of these risks or uncertainties materialize, or should underlying assumptions prove incorrect, actual results may vary materially from those described herein as anticipated, believed, estimated, expected or intended or using other similar expressions. In accordance with the provisions of the Litigation Reform Act, we are making investors aware that such forward-looking statements, because they relate to future events, are by their very nature subject to many important factors that could cause actual results to differ materially from those contemplated by the forward-looking statements contained in this Annual Report, any exhibits to this Annual Report and other public statements we make. Such factors are set forth in the “Business” section, the “Risk Factors” section, the “Legal Proceedings” section, the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” section and other sections of this Annual Report, as well as in our Quarterly Reports on Form 10-Q and Current Reports on Form 8-K. We expressly disclaim any intent or obligation to update any forward-looking statements after the date hereof to conform such statements to actual results or to changes in our opinions or expectations, except as required by applicable law.

PART I

ITEM 1.BUSINESS.

Introduction

CynergisTek, Inc. (including our subsidiaries, CTEK Solutions, Inc., CTEK Security, Inc. and Delphiis, Inc.)(referred to collectively in this Annual Report, as “CynergisTek,” the “Company,” “we,” “our” and “us”) is engaged in the business of providing cybersecurity and information management consulting services dedicated primarily to the healthcare industry and those businesses that support healthcare. Our principal executive offices are located at 27271 Las Ramblas, Suite 200, Mission Viejo, California 92691.

For more information on CynergisTek and our products and services, please see the section entitled “Principal Products or Services” below or visit our website at www.cynergistek.com. The inclusion of our Internet address in this Annual Report does not include or incorporate by reference into this Annual Report any information on our website. Our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, amendments to those reports and other filings with the Securities and Exchange Commission (the “SEC”) are generally available through the EDGAR system maintained by the SEC at www.sec.gov.


1



Background

Auxilio, Inc., a Nevada corporation, was incorporated on August 29, 1995. On April 1, 2004, we acquired Alan Mayo and Associates, Inc. dba The Mayo Group (“TMG”), a managed print company. TMG provided outsourced print management services to healthcare facilities throughout California, which services we provide as the successor-in-interest to TMG. After we acquired TMG, we changed our name to “Auxilio, Inc.” and changed the name of TMG’s former subsidiary to “Auxilio Solutions, Inc.” Effective July 1, 2014, we acquired Delphiis, Inc., a California corporation, which provides IT security consulting services. On April 7, 2015, we acquired certain assets of Redspin, Inc. which provides IT security consulting services. On January 13, 2017, we acquired CynergisTek, Inc., a Texas corporation, which provides IT security consulting services and solutions.  

As described in more detail in our Current Report on Form 8-K filed with the Securities and Exchange Commission on September 8, 2017, Auxilio, Inc., changed its name and state of incorporation from the State of Nevada to the State of Delaware by merging (the “Reincorporation”) with and into its wholly-owned subsidiary, CynergisTek, Inc., a Delaware corporation, which was established for the purpose of the Reincorporation.   As a result of the Reincorporation, Auxilio ceased to exist as a separate entity.  As of the date of the merger, each outstanding share of Auxilio’s common stock was deemed, by operation of law, to represent the same number of shares of our Common Stock.  In accordance with Rule 12g-3 under the Securities Exchange Act of 1934, as amended, the shares of our Common Stock were deemed to be registered under Section 12(b) of the Exchange Act as a successor to Auxilio.  Effective as of September 8, 2017, the Company’s trading symbol changed to “CTEK.”

As part of the Reincorporation, two wholly owned subsidiaries of the Company also changed their corporate names, as follows: (i) Auxilio Solutions, Inc., a California corporation, changed its name to CTEK Solutions, Inc.; and (ii) CynergisTek, Inc., a Texas corporation, changed its name to CTEK Security, Inc. (“CTEK Security”).

Our Common Stock currently trades on the NYSE American under the symbol CTEK.”

Principal Products and Services

With the acquisition of CTEK Security, Auxilio and CynergisTek have become one under the CynergisTek name and is now recognized as a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry. Most recently, as one company, we integrated our managed print solutions, IT security, and cybersecurity operations, and are able to go to market as an integrated cybersecurity and managed print solution company. We believe that offering our current and prospective hospital customers with comprehensive integrated services to address privacy, security and compliance of their IT environment, provides a significant competitive advantage to the Company.  The integrated approach allows us to offer hospitals and health systems comprehensive support for managing print responsibilities that reduces costs, eliminates efficiencies, and improves the security. We provide the only comprehensive vendor neutral managed print program that now integrates in-depth cybersecurity expertise. The Company now has the ability to offer customers solutions that not only avoid cost, but that generate cost savings.

To address growing market needs, CynergisTek recently expanded its professional services by offering several different smart-sourced managed services such as remediation, program development, virtual Chief Information Security Officer (“CISO”) and staffing. We also completed automation of our third-party risk management service (Vendor Security Management) and launched a full suite of incident response services to address the growing ransomware and malware attacks that are plaguing healthcare.


2



Competition

We operate in a highly competitive market. The majority of competition in the healthcare industry market for managed print services comes from the large photocopy and multi-functional digital device manufacturers such as Xerox, Canon, Konica Minolta, Ricoh and Sharp. The competitive landscape also contains a number of regional and local equipment dealers and distributors that exist in the communities in which the hospitals serve. In addition, we compete with in-house departments performing the functions that we are seeking them to outsource to us.

Most of the competition in the healthcare industry market for IT security services comes from large or niche consulting and technology firms and regional companies that offer multiple approaches but within a much smaller geographic footprint.  Examples include companies like Accenture, KPMG, Deloitte, Dell Secureworks, Fire Eye, Coal Fire, Fortified Health Security and Clearwater Consulting.

We believe our analysis of the competitive landscape shows a very strong opportunity for fully-outsourced and managed services to the healthcare industry, and we believe that we have a strong competitive position in the marketplace due to several important factors:

·We are primarily focused on the healthcare industry. We are not aware of any other vendor or service provider which has the majority of its business dedicated to addressing HIPAA compliance, including printed and stored documents and improving efficiency for the healthcare industry. Our expertise and knowledge base is unmatched in the market.

·By focusing on healthcare, we believe we enjoy lower turn-around times for service, greater up-sell opportunities, and a deeper service relationship with the customer.

·We have technology that simplifies how healthcare providers perform annual HIPAA risk analysis, as well as other regulatory and on-going risk assessments, by making it fast, effective, and affordable.

·We believe our offering provides a unique approach to managed security services. To address workforce and expertise shortages, we can deploy knowledgeable resources to perform a predefined security role on-site or virtually for a defined amount of time, which results in our customers receiving staff with expertise they need while controlling their costs.

·We are not restricted to any single supplier, which allows us to bring the best hardware and software solutions to our customers. Our approach is to use the most appropriate technology to provide a superior solution without any prejudice as to manufacturer or developer.

·We maintain a daily connection with our customers, which allows us to provide a detailed strategy and plan for saving the organization time, effort and money in the processes we manage and support.

·We believe our relationship with healthcare providers gives us an advantage when targeting the larger pool of potential clients in the business associate category.

·We have a strong referral base within healthcare as a result of serving more than a thousand hospitals and other healthcare clients under managed services agreements.

Customers

Most of our customers are hospitals and their related off-site facilities. The loss of any key customer could have a material adverse effect upon our financial condition, business, prospects and results of operation. During the year ended December 31, 2017, our two largest customers represented approximately 46% of our revenues.


3



Intellectual Property

We maintain databases that contain the results of our managed services and consulting efforts. This allows us to anticipate our customers’ future needs and to meet those needs. These databases provide us with exclusive insight into the state of cybersecurity and information management of our customers and the healthcare industry. We consider our proprietary RiskSonar application suite an important tool in assessing and organizing the information technology control structure of our customers. We consider our intellectual property an important and valuable asset that enhances our competitive position.

We have not applied for or been granted a patent with respect to any managed print service technology, or processes, as related to document and image management. We have filed a trademark application for the name “CynergisTek” and for the Company’s logo.

Employees

As of December 31, 2017, we had 302 full-time employees and one part-time employee, including 259 employees engaged in providing services, 21 employees engaged in sales and marketing, and 22 employees engaged in general and administrative activities. Our employees are not represented by any collective bargaining agreement, and we have never experienced a work stoppage. We believe our employee relations are good.

ITEM 1A. RISK FACTORS

Before deciding to purchase, hold or sell our Common Stock, you should carefully consider the risks described below in addition to the other information contained in this Annual Report and in our other filings with the SEC, including subsequent reports on Forms 10-Q and 8-K. The risks and uncertainties not presently known to us or that we currently deem immaterial may also affect our business. If any of these known or unknown risks or uncertainties actually occurs with material adverse effects on CynergisTek, our business, financial condition, results of operations and/or liquidity could be seriously harmed. In that event, the market price of our Common Stock will likely decline, and you may lose all or part of your investment.

Risks Related to Our Industry

We face substantial competition from better established companies that may offer similar products and services at a lower cost to our customers, resulting in a reduction in the sale of our products and services.

The market for our products and services is competitive and is likely to become even more competitive in the future. Increased competition could result in pricing pressures, reduced sales, reduced margins or the failure of our products and services to achieve or maintain market acceptance, any of which would have a material adverse effect on our business, results of operations and financial condition. Many of our current and potential competitors enjoy substantial competitive advantages, such as:

·greater name recognition and larger marketing budgets and resources;

·established marketing relationships and access to larger customer bases;

·substantially greater financial, technical and other resources; and

·larger technical and support staffs.

As a result, our competitors may be able to respond more quickly than we can to new or changing opportunities, technologies, standards or customer requirements. For all of the foregoing reasons, we may not be able to compete successfully against our current and future competitors.


4



We are dependent upon our vendors to continue to supply us equipment, parts, supplies, and services at comparable terms and price levels as the business grows.

Our access to equipment, parts, supplies, and services depends upon our relationships with, and our ability to purchase these items on competitive terms from our principal vendors. We rarely enter into long-term supply contracts with these vendors and we have no current plans to change this in the future. These vendors are not required to use us to distribute their equipment and are free to change the prices and other terms at which they sell to us. In addition, we compete with the selling efforts of some of these vendors. Significant deterioration in relationships with, or in the financial condition of, these significant vendors could have an adverse impact on our ability to sell equipment as well as our ability to provide effective service and technical support. If one of these vendors terminates or significantly curtails its relationship with us, or if one of these vendors ceases operations, we would be forced to expand our relationships with our existing vendors or seek out new relationships with previously unused vendors.

Risks Related to Our Business

A substantial portion of our business is dependent on our largest customers.

The loss of any key customer could have a material adverse effect upon our financial condition, business, prospects and results of operation. Our two largest customers represented approximately 46% of our revenues for the year ended December 31, 2017. We anticipate that these customers will represent less than 46% of revenue for 2018; therefore, the loss of one or more of these customers may contribute to our inability to operate as a going concern and may require us to obtain equity funding or debt financing to continue our operations. We cannot be certain that we will be able to obtain such financing on commercially reasonable terms, or at all.

Fluctuations in demand for our products and services are driven by many factors, and a decrease in demand for our products could adversely affect our financial results.

We are subject to fluctuations in demand for our products and services due to a variety of factors, including market transitions, general economic conditions, competition, product obsolescence, technological change, shifts in buying patterns, financial difficulties and budget constraints of our current and potential customers, awareness of security threats to information systems and other factors. While such factors may, in some periods, increase product sales and services, fluctuations in demand can also negatively impact our product sales and services. If demand for our products and solutions declines, whether due to general economic conditions or a shift in buying patterns, our revenues and margins would likely be adversely affected.

We may be subject to data breaches and cyber-attacks which could materially adversely affect our financial condition, our competitive position and operating results.

Data breaches and cyber-attacks could compromise our trade secrets and other sensitive information, be costly to remediate and cause significant damage to our business and reputation. The secure maintenance of this information is critical to our business and reputation. We believe that companies have been increasingly subject to a wide variety of security incidents, cyber-attacks, hacking and phishing attacks, and other attempts to gain unauthorized access. These threats can come from a variety of sources, all ranging in sophistication from an individual hacker to a state-sponsored attack. Cyber threats may be generic, or they may be custom-crafted against our information systems.

Cyber-attacks have become increasingly more prevalent and much harder to detect and defend against. Our network and storage applications, as well as those of our customers, business partners, and third-party providers, may be subject to unauthorized access by hackers or breached due to operator error, malfeasance or other system disruptions. It is often difficult to anticipate or immediately detect such incidents and the damage caused by such incidents. These data breaches and any unauthorized access, misuse or disclosure of our information or intellectual property could compromise our intellectual property and expose sensitive business information. Cyber-attacks on us or our customers, business partners or third-party providers could also cause us to incur significant remediation costs, result in product development delays, disrupt key business operations and divert attention of management and key information technology resources. These incidents could also subject us to liability, expose us to significant expense and cause significant harm to our reputation and business.


5



In addition, we could be subject to claims for damages resulting from loss of data from alleged vulnerabilities in the security of our processors. We also maintain confidential and personally identifiable information about our workers. The integrity and protection of our worker data is critical to our business and our workers have a high expectation that we will adequately protect their personal information.

A breach of data privacy is likely to cause significant disruption of our business operations. Failure to adequately maintain and update our security systems could materially adversely affect our operations and our ability to maintain worker confidence. Failure to prevent unauthorized access to electronic and other confidential information and data breaches could materially adversely affect our financial condition, our competitive position and operating results.

If our customers experience data losses, our brand, reputation and business could be harmed.

A breach of our customers’ network security and systems or other events that cause the loss or public disclosure of, or access by third parties to, our customers’ files or data could have serious negative consequences for our business, including reduced demand for our services, an unwillingness of our customers to use our services, harm to our brand and reputation. The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world. As a result, our customers may be unable to proactively prevent these techniques, implement adequate preventative or reactionary measures, or enforce the laws and regulations that govern such activities. If our customers experience any data loss, or any data corruption or inaccuracies, whether caused by security breaches or otherwise, our brand, reputation and business could be harmed.  We believe our risk here is mitigated by the security we employ and the fact that we do not take possession or control of customer sensitive information.

Our insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our policy may not cover any claim against us for loss of data or other indirect or consequential damages. Defending a suit based on any data loss or system disruption, regardless of its merit, could be costly and divert management’s attention.

Healthcare legislation and regulation.  

We are a cybersecurity and information management consulting firm dedicated to serving the healthcare industry. The healthcare industry is highly regulated.  U.S. government agencies continue to implement the extensive requirements of the Patient Protection and Affordable Care Act (the “ACA”). These have both positive and negative impacts on the U.S. healthcare industry with much remaining uncertain as to how various provisions of the ACA will ultimately affect the industry, including our business.  

The use of electronic medical records does not necessarily mean a hospital’s printing demands will decrease, but we cannot be sure whether this will be the case.  Increased adoption and use of electronic medical records may negatively impact our business.  

New legislation or regulation.

As to prospective legislation and regulation, we cannot determine what effect additional state or federal governmental legislation, regulations, or administrative orders would have on our business in the future. New legislation or regulation may require the reformulation of our business to meet new standards, require us to cease operations, impose stricter qualification and/or registration standards, impose additional record keeping, or require expanded consumer protection measures.  Congressional leaders and the current administration have attempted to repeal or modify the ACA.  At this time the Company is not certain as to the impact of federal health care legislation on its business.


6



We may be unable to recruit and maintain our senior management and other key personnel on whom we are dependent.

We are highly dependent upon senior management and key personnel, and we do not carry any life insurance policies on such persons. The loss of any of our senior management, or our inability to attract, retain and motivate the additional highly-skilled employees and consultants that our business requires, could substantially hurt our business, prospects, financial condition and results of operations. In addition, we rely on the ability of our management team to work together effectively. If our management team fails to work together effectively, our business could be harmed.

The market may not accept our products and services and we may not be able to continue our business operations; or if the market is receptive to our products but not our services, our revenues and profitability will be harmed.

Our products and services are targeted to the healthcare market, a market in which there are many competing service providers. Accordingly, the demand for our products and services is very uncertain. The market may not accept our products and services. Even if our products and services achieve market acceptance, our products and services may fail to adequately address the market’s requirements.

In addition, if we are able to sell our products but are unable to provide ongoing services, our revenues and profitability will be harmed. Our services are integral to the successful deployment of our solutions. If we do not effectively service and support our customers, our revenues and operating results would be harmed.

Our business depends on generating and maintaining ongoing, profitable customer demand for our services and solutions, including through the adaptation and expansion of our services and solutions in response to ongoing changes in technology and offerings, and a significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect our results of operations.

Our revenue and profitability depend on the demand for our services and solutions with favorable margins, which could be negatively affected by numerous factors, many of which are beyond our control and unrelated to our work product. Volatile, negative or uncertain global economic conditions and lower growth in the markets we serve have adversely affected and could in the future adversely affect customer demand for our services and solutions. Our success depends, in part, on our ability to continue to develop and implement services and solutions that anticipate and respond to rapid and continuing changes in technology and offerings to serve the evolving needs of our customers. Technological developments may materially affect the cost and use of technology by our customers. Some technologies may replace some of our services and solutions in the future. This may cause customers to delay spending under existing contracts and engagements and to delay entering into new contracts while they evaluate new technologies. Such delays can negatively impact our results of operations if the pace and level of spending on new technologies is not sufficient to make up any shortfall.

Developments in the industries we serve, which may be rapid, also could shift demand to new services and solutions. If, as a result of new technologies or changes in the industries we serve, our customers demand new services and solutions, we may be less competitive in these new areas or need to make significant investment to meet that demand. Our growth strategy focuses on responding to these types of developments by driving innovation that will enable us to expand our business into new growth areas. We must continually address the challenges of dynamic and accelerating market trends, such as the emergence of advanced persistent threats in the security space, the continued decline in the PC market and the market shift towards mobility and the increasing transition towards cloud-based solutions. If we do not sufficiently invest in new technology and adapt to industry developments, or evolve and expand our business at sufficient speed and scale, or if we do not make the right strategic investments to respond to these developments and successfully drive innovation, our services and solutions, our results of operations, and our ability to develop and maintain a competitive advantage and to execute on our growth strategy could be negatively affected. New product development and introduction involves a significant commitment of time and resources and is subject to a number of risks and challenges including:


7



·Managing the length of the development cycle for new products and product enhancements;

·Adapting to emerging and evolving industry standards and to technological developments by our competitors and customers;

·Extending the operation of our products and services to new and evolving platforms, operating systems and hardware products, such as mobile devices;

·Entering into new or unproven markets with which we have limited experience;

·Managing new product and service strategies for the markets in which we operate; and

·Developing or expanding efficient sales channels.

If we are not successful in managing these risks and challenges, or if our new products, product upgrades and services are not technologically competitive or do not achieve market acceptance, our business and operating results could be adversely affected. We operate in a rapidly evolving environment in which there currently are, and we expect will continue to be, new technology entrants. New services or technologies offered by competitors or new entrants may make our offerings less differentiated or less competitive when compared to other alternatives, which may adversely affect our results of operations. In addition, companies in the industries we serve sometimes seek to achieve economies of scale and other synergies by combining with or acquiring other companies. If one of our current customers merges or consolidates with a company that relies on another provider for the services and solutions we offer, we may lose work from that customer or lose the opportunity to gain additional work if we are not successful in generating new opportunities from the merger or consolidation.

Many of our contracts allow customers to terminate, delay, reduce or eliminate spending on the services and solutions we provide. Additionally, a customer could choose not to retain us for additional stages of a project, try to renegotiate the terms of its contract or cancel or delay additional planned work. When contracts are terminated or not renewed, we lose the anticipated revenues, and it may take significant time to replace the level of revenues lost. Consequently, our results of operations in subsequent periods could be materially lower than expected. The specific business or financial condition of a customer, changes in management and changes in a customer’s strategy are also all factors that can result in terminations, cancellations or delays.

Achieving the desired benefits of recent acquisitions may be subject to a number of challenges and uncertainties which make it hard to predict the future success of each entity.

We have completed several acquisitions in recent years with expected benefits including, among other things, operating efficiencies, procurement savings, innovation, sharing of best practices and increased market share that may allow for future growth.  Achieving the anticipated benefits may be subject to a number of significant challenges and uncertainties, including, without limitation, whether unique corporate cultures will work collaboratively in an efficient and effective manner, the coordination of separate organizations, the possibility of imprecise assumptions underlying expectations regarding potential synergies and the integration process, unforeseen expenses and delays, and competitive factors in the marketplace.  We could also encounter unforeseen transaction and integration-related costs or other circumstances such as unforeseen liabilities or other issues.  Many of these potential circumstances are outside of our control and any of them could result in increased costs, decreased revenue, decreased synergies and the diversion of management time and attention.  If we are unable to achieve our objectives within the anticipated time frame, or at all, the expected benefits may not be realized fully or at all, or may take longer to realize than expected, which could have an adverse effect on our business, financial condition and results of operations.

Our business and operations expose us to numerous legal and regulatory requirements, and any violation of these requirements could harm our business.


8



We are subject to numerous federal and state legal requirements on matters as diverse as data privacy and protection, employment and labor relations, immigration, taxation, anticorruption, import/export controls, trade restrictions, internal and disclosure control obligations, securities regulation and anti-competition. Compliance with diverse and changing legal requirements is costly, time-consuming and requires significant resources. We also conduct business in certain identified growth areas, such as health information technology, which are highly regulated and may expose us to increased compliance risk. Violations of one or more of these diverse legal requirements in the conduct of our business could result in significant fines and other damages, criminal sanctions against us or our officers, prohibitions on doing business and damage to our reputation. Violations of these regulations or contractual obligations related to regulatory compliance in connection with the performance of customer contracts could also result in liability for significant monetary damages, fines and/or criminal prosecution, unfavorable publicity and other reputational damage, restrictions on our ability to compete for certain work and allegations by our customers that we have not performed our contractual obligations.

We may need additional capital in the future and, if such capital is not available on terms acceptable to us or available to us at all, this may impact our ability to continue to grow our business operations.

We may need capital in the future to expand our business operations. If we need capital, we cannot be certain that it will be available on terms acceptable to us or available to us at all. In the event we are unable to raise capital, we may not be able to:

·develop or enhance our service offerings;

·take advantage of future opportunities; or

·respond to customers and competition.

We have a substantial amount of indebtedness, which may adversely affect our financial resources and our ability to operate our business.

We are party with BMO Harris Bank, N.A. (the “Bank”), to, and jointly and severally liable with our subsidiaries for approximately $17.25 million of outstanding debt under term loans issued under our Credit Agreement, with the Bank (the “Credit Agreement”). The maturity date of the term loan is September 12, 2022.  We also have available a revolving line of credit from the Bank of up to $5.0 million.  Further, we are indebted to the former shareholders of CTEK Security, Inc. in the aggregate principal amount of approximately $6.3 million pursuant to promissory notes with maturity dates ranging from January 2019 to March 2023.  Our resulting substantial level of indebtedness and other financial obligations increase the possibility that we may be unable to pay, when due, the principal of, interest on, or other amounts due in respect of, our indebtedness.  Further, under the Credit Agreement, we are subject to certain restrictive covenants that, among other things, may limit our ability to obtain additional financing for working capital requirements, product development activities, debt service requirements, and general corporate or other purposes. These restrictive covenants include, without limitation, restrictions on our ability to: (1) change the nature of our business; (2) incur additional indebtedness; (3) incur liens; (4) make certain investments; (5) make certain dispositions of assets; (6) merge, dissolve, consolidate or sell all or substantially all of our assets; (7) declare or pay dividends, (8) purchase, redeem, acquire or retire any of our capital stock; and (9) enter into certain transactions with affiliates.  If we breach any of these restrictive covenants or are unable to pay our indebtedness under the Credit Agreement when due, this could result in a default under the Credit Agreement. In such event, the Bank may elect (after the expiration of any applicable notice or grace periods) to declare all outstanding borrowings, together with accrued and unpaid interest and other amounts payable under the Credit Agreement, to be immediately due and payable. Any such occurrence would have an immediate and materially adverse impact on our business and results of operations. The Credit Agreement is secured by a security interest in all assets of the Company and its subsidiaries.  


9



Risks Related to the Market for Our Securities

Because the public market for shares of our Common Stock is limited, stockholders may be unable to resell their shares of Common Stock.

Currently, there is only a limited public market for our Common Stock on the NYSE American and our stockholders may be unable to resell their shares of Common Stock. Currently, the average daily trading volume of our Common Stock is not significant, and it may be more difficult for you to sell your shares in the future, if at all.

The development of an active trading market depends upon the existence of willing buyers and sellers who are able to sell shares of our Common Stock as well as market makers willing to create a market in such shares. Under these circumstances, the market bid and ask prices for the shares may be significantly influenced by the decisions of the market makers to buy or sell the shares for their own account. Such decisions of the market makers may be critical for the establishment and maintenance of a liquid public market in our Common Stock. Market makers are not required to maintain a continuous two-sided market and are free to withdraw quotations at any time. We cannot assure our stockholders that an active public trading market for our Common Stock will develop or be sustained.

The price of our Common Stock may be volatile and could decline in value, resulting in loss to our stockholders.

The market for our Common Stock is volatile, having ranged since January 1, 2017 through December 31, 2017 from a low of $2.37 to a high of $6.72. The market price for our Common Stock has been, and is likely to continue to be, volatile. The following factors may cause significant fluctuations in the market price of shares of our Common Stock:

·fluctuations in our quarterly revenues and earnings or those of our competitors;

·variations in our operating results compared to levels expected by the investment community;

·announcements concerning us, our competitors or our customers;

·announcements of technological innovations;

·sale or purchases of shares by traders or other investors;

·market conditions in the industry; and

·the conditions of the securities markets.

The factors discussed above may depress or cause volatility of our share price, regardless of our actual operating results. In addition, the highly volatile nature of our stock price may cause investment losses for our stockholders. In the past, securities class action litigation has often been brought against companies following periods of volatility in the market price of their securities. If securities class action litigation is brought against us, such litigation could result in substantial costs while diverting management’s attention and resources.

There are a large number of shares of Common Stock that may be issued or sold, and if such shares are issued or sold, the market price of our Common Stock may decline.

As of December 31, 2017, we had 9,576,028 shares of our Common Stock outstanding.


10



If all warrants, options and restricted stock grants outstanding as of December 31, 2017 are exercised prior to their expiration, up to approximately 1.3 million additional shares of Common Stock could become freely tradable. Such sales of substantial amounts of Common Stock in the public market could adversely affect the prevailing market price of our Common Stock and could also make it more difficult for us to raise funds through future offerings of Common Stock.

Our stockholders may experience dilution.

We anticipate that we may raise substantial additional capital to achieve our business objectives. We have an effective shelf registration statement under which we have the current ability to raise up to $15 million through the issuance of equity or debt securities.  We cannot assure you that we will be able to sell shares or other securities in any offering at a price per share that is equal to or greater than the price per share paid by investors in previous offerings, and investors purchasing shares or other securities in the future could have rights superior to existing stockholders. The price per share at which we sell additional shares of our Common Stock or other securities convertible into or exchangeable for our Common Stock in future transactions may be higher or lower than the price per share in previous offerings. The future issuance of the Company’s equity securities will further dilute the ownership of our outstanding Common Stock.  The market price of our Common Stock has been, and may continue to be, highly volatile, and such volatility could cause the market price of our Common Stock to decrease and could cause stockholders to lose some or all of their investment in our Common Stock.

We do not intend to pay dividends.

We have never declared or paid any cash dividends on our Common Stock. We do not anticipate paying dividends on our Common Stock in the foreseeable future. We may not have sufficient funds to legally pay dividends. Even if funds are legally available to pay dividends, we may nevertheless decide in our sole discretion not to pay dividends and to retain any future earnings to fund growth.

Other Risks

It may be difficult for a third party to acquire us even if doing so would be beneficial to our stockholders.

Some provisions of our Certificate of Incorporation, as amended, and Bylaws, as amended, as well as some provisions of Delaware or California law, may discourage, delay or prevent third parties from acquiring us, even if doing so would be beneficial to our stockholders.

As a public company, we are subject to complex legal and accounting requirements that will require us to incur significant expenses.

As a public company, we are subject to numerous legal and accounting requirements that do not apply to private companies. The cost of compliance with many of these requirements is material, not only in absolute terms but, more importantly, in relation to the overall scope of the operations of a small company. The cost of such compliance may prove to be a substantial competitive disadvantage vis-à-vis our privately held and larger public competitors.

The impact of any deterioration of the global credit markets, financial services industry and U.S. economy may negatively affect our business and our ability to obtain capital, if needed.


11



A deterioration in the global credit markets, the financial services industry and the U.S. economy could result in a period of substantial turmoil. The impact of these events on our business and the severity of an economic crisis is uncertain. It is possible that a crisis in the global credit markets, the financial services industry or the U.S. economy could adversely affect our business, vendors and prospects as well as our liquidity and financial condition. This could impact our ability to increase our customer base and generate positive cash flows. Although we have been able to raise additional working capital through convertible note agreements and private placement offerings of our Common Stock in the past, we may not be able to continue this practice in the future or we may not be able to obtain additional working capital through other debt or equity financings. In the event that sufficient capital cannot be obtained, we may be forced to minimize growth to a point that would be detrimental to our business development activities. These courses of action may be detrimental to our business prospects and result in material charges to our operations and financial position. In the event that any future financing should take the form of the sale of equity securities, the current equity holders may experience dilution of their investments.

The forward-looking statements contained in this Annual Report may prove incorrect.

This Annual Report contains certain forward-looking statements. These forward-looking statements are based largely on our current expectations and are subject to a number of risks and uncertainties. Actual results could differ materially from these forward-looking statements. In addition to the other risks described elsewhere in this “Risk Factors” discussion, important factors to consider in evaluating such forward-looking statements include: (i) changes to external competitive market factors or in our internal budgeting process which might impact trends in our results of operations; (ii) anticipated working capital or other cash requirements; (iii) changes in our business strategy or an inability to execute our strategy due to unanticipated changes in our industry; and (iv) various competitive factors that may prevent us from competing successfully in the marketplace. In light of these risks and uncertainties, many of which are described in greater detail elsewhere in this “Risk Factors” discussion, there can be no assurance that the events predicted in forward-looking statements contained in this Annual Report will, in fact, transpire.  Any negative change in the factors listed above could adversely affect the financial condition and operating results of the Company and its products and services.  

ITEM 1B. UNRESOLVED STAFF COMMENTS.

None.

ITEM 2. PROPERTIES.

We lease approximately 17,000 square feet of office space at 27271 Las Ramblas, Suite 200, Mission Viejo, California 92691. This lease terminates in April 2021. We also lease approximately 3,600 square feet of office space at 11410 Jollyville Road, Suite 2201, Austin, Texas 78759. This lease terminates in September 2019. We also lease approximately 9,600 square feet of office space at 11940 Jollyville Road, Austin, Texas 78759. This lease terminates in May 31, 2020. We expect that the current leased premises will be satisfactory until the future growth of our business operations necessitates an increase in office space.

ITEM 3. LEGAL PROCEEDINGS.

We are not a party to any material legal proceedings, nor has any material proceeding been terminated during the fiscal year ended December 31, 2017.

ITEM 4. MINE SAFETY DISCLOSURES.

Not applicable.


12



PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES.

Market Information

Since February 14, 2017, our Common Stock has been listed on the NYSE American.  From February 14, 2017 through September 7, 2017, our Common Stock was listed under the symbol “AUXO.”  Since September 8, 2017, our Common Stock has been listed under the symbol “CTEK.”  Prior to February 14, 2017, our Common Stock was listed on the OTCQB under the symbol “AUXO.”

On January 13, 2017, the Company effectuated a reverse stock split of its issued and outstanding shares of common stock at a ratio of 1 for 3 (the “Reverse Stock Split”). As a result of the Reverse Stock Split, the Company’s issued and outstanding stock decreased from 24,557,224 to 8,185,936 shares of common stock, all with a par value of $0.001. All information related to Common Stock, stock options, warrants and share price for prior periods has been retroactively adjusted in this Annual Report to give effect to the Reverse Stock Split.

The following table presents quarterly information on the high and low sales prices of our Common Stock for the fiscal years ended December 31, 2017 and 2016, furnished by the NYSE American and the OTCQB.

High

Low

Fiscal Year Ended December 31, 2017

First Quarter

$ 5.85

$ 2.37

Second Quarter

$6.72

$ 4.20

Third Quarter

$5.08

$3.08

Fourth Quarter

$4.25

$2.70

Fiscal Year Ended December 31, 2016

First Quarter

$ 3.51

$ 2.28

Second Quarter

$2.88

$ 2.28

Third Quarter

$2.82

$2.25

Fourth Quarter

$2.64

$2.28

Holders

On March 22, 2018, we had approximately 73 stockholders of record. Certain of our shares are held in “nominee” or “street” name, and the number of beneficial owners of such shares are approximately 1,800.

Dividends

We have never paid cash dividends on our Common Stock and do not anticipate paying such dividends in the foreseeable future. The future payment of dividends, if any, will be determined by our Board of Directors (the “Board”) in light of conditions then existing, including our financial condition and requirements, future prospects, restrictions in financing agreements, business conditions and other factors deemed relevant by the Board.

Repurchases

During the fiscal year ended December 31, 2017, we did not repurchase any of our securities.

Securities Authorized for Issuance under Equity Compensation Plans

The following table provides certain information as of December 31, 2017 with respect to our existing equity compensation plans under which shares of our Common Stock are authorized for issuance.


13



Plan

Number of Securities to be Issued Upon Exercise of Outstanding Options, Warrants and Rights

Weighted Average Exercise Price of Outstanding Options, Warrants and Rights

Number of Securities Remaining Available for Future Issuances Under Plans (excluding securities reflected in column (a))

(a)

(b)

(c)

Equity compensation plans approved by security holders (1)

1,230,900

$3.09

1,451,713

Equity compensation plans not approved by security holders (2)

77,779

$3.03

Total

1,308,679

1,451,713

(1)These plans consist of the 2001 Stock Option Plan, the 2003 Stock Option Plan, the 2004 Stock Option Plan, the 2007 Stock Option Plan and the 2011 Stock Incentive Plan, each as amended.

(2)From time to time and at the discretion of the Board, we may issue warrants to our key individuals or officers as performance-based compensation

ITEM 6. SELECTED FINANCIAL DATA.

As a smaller reporting company, we are not required to include this information in our Annual Report on Form 10-K.

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS.

The following discussion presents information about our consolidated results of operations, financial condition, liquidity and capital resources and should be read in conjunction with our consolidated financial statements and the notes thereto beginning on page F-1 of this Annual Report.

Overview

We are engaged in the business of providing IT and related consulting services, including cybersecurity, and IT security consulting services and managed print services to the healthcare industry.   Our business is operated throughout the United States.

We provide a large selection of testing services offered on a standalone basis or customized into a package of services to fit our customers’ needs or offered as an industry accepted methodology-based Risk Assessment that meets requirements outlined by HIPAA and Meaningful Use.

The HIPAA Risk Assessment is our flagship stand-alone service and combines several of our individual technical and physical assessment components into a single engagement aimed specifically at addressing the requirement for both a risk assessment as well as ongoing risk management processes for all organizations with a requirement to comply with HIPAA. We also offer an annual Risk Assessment as the base component of an ongoing holistic compliance management program, Compliance Assist Partner Program (CAPP).


14



We understand that health information privacy means more than just meeting an organization’s HIPAA compliance requirements – it is a business imperative. Our team of consultants is comprised of experienced professionals who have learned their craft both in the classroom and through years of experience as policy makers and in the health care industry. This allows us to provide our customers with expert HIPAA privacy consulting services that evaluate the rigor and effectiveness of their privacy program to ensure the confidentiality of their patients’ health information.

We offer a menu of services to measure and strengthen an organization’s compliance with the HIPAA Privacy Rule, HITECH Breach Notification Rule, Federal Trade Commission consumer protection guidelines and state privacy standards. Using state of the art assessment tools and applying industry best practices, our teams identify areas to strengthen our customers privacy program, recommend solutions, and provide tools and training materials to enhance the culture of privacy and compliance within your organization.

A variety of consulting advisory services are also offered, ranging from using cutting-edge technologies to monitor user access to patient health information to producing exercises replicating the HIPAA/HITECH audit experience that help guide organizations on how to respond to state or federal regulatory enforcement investigations. We can also customize any assessment to address specific organizational requirements. Working with us enables customers to have resources and expertise that they need to accelerate the effectiveness of their privacy program.

To help organizations prepare for audits and investigations, CynergisTek offers a series of audit solutions that help organizations verify and validate that privacy and security programs meet compliance and business objectives. CynergisTek understands the regulatory and compliance environment and can help organizations enhance their risk management efforts through various types of audits. Our Compliance and Audit Services are delivered by our industry experts and provide an overall assessment of your organization’s audit readiness.

We provide a Compliance Assist Partner Program (“CAPP”) that is a fully customizable managed security services support agreement.  The CAPP is offered to both providers and business associates and provides the basic building blocks to help an organization build and maintain their cybersecurity program. This multi-year program provides a fully managed support environment.

We offer a Patient Privacy Monitoring Service (“PPMS”) that supports multiple platforms allowing the customer to select the tool of choice and have a fully managed solution.  

Our Vendor Security Management service is a fully automated SAAS solution employing our proprietary Risk Sonar application.  Our program provides a cloud-based solution with a client portal that enables CynergisTek to conduct security reviews of the customers third-party supply chain vendors and provide the results back to the customer.

Our incident response service provides a proactive approach to assess, define, and prepare for a variety of cyber incidents. Our program ensures an organization has the right technologies, people and processes in place to respond to an incident in an efficient and effective manner. The services will help improve your organization’s ability to respond and recover from a cyber incident ranging from an attack or breach, to a system outage. We offer them as one-time engagements or as a part of a bundled, ongoing Incident Response Managed Service.

We have been an industry leader in document solutions for the healthcare industry for many years, offering hospitals and health systems comprehensive services and solutions to support the document life cycle. We provide a vendor neutral program that enhances security of printed, stored data and digital documents while driving out costs and inefficiencies within the patient information logistical chain.

Application of Critical Accounting Policies

The SEC defines critical accounting policies as those that are, in management’s view, most important to the portrayal of our financial condition and results of operations and most demanding of our judgment. The discussion and analysis of our financial condition and results of operations are based upon our financial statements, which were prepared in accordance with accounting principles generally accepted in the U.S., which is referred to as “GAAP.”


15



The preparation of these financial statements requires us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenues and expenses, and related disclosures of contingent assets and liabilities. On an on-going basis, we evaluate these estimates, including those related to stock-based compensation, customer programs and incentives, bad debts, supply inventories, intangible assets, income taxes, contingencies and litigation. We base our estimates on historical experience and on various other assumptions that are believed to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Actual results may differ from these estimates under different assumptions or conditions.

We consider the following accounting policies to be those most important to the portrayal of our financial condition and those that require the most subjective judgment:

Revenue Recognition and Deferred Revenue

The Company derives its revenue from four sources: (1) document solution services; (2) equipment and software resales; (3) software subscription services, which is comprised of subscription fees from customers accessing the Company’s enterprise cloud computing services and customers purchasing additional ongoing managed services beyond the standard support that is included in the basic software subscription fees; and (4) cybersecurity professional services such as penetration testing, cybersecurity risk assessments and security program strategy development.

The Company commences revenue recognition when all of the following conditions are satisfied:

·there is persuasive evidence of an arrangement;

·the service has been or is being provided to the customer;

·the collection of the fees is reasonably assured; and

·the amount of fees to be paid by the customer is fixed or determinable.

·Document Solution Services and Equipment Revenue

Revenue is recognized pursuant to ASC Topic 605, “Revenue Recognition” (ASC 605).  Monthly service and supply revenue is earned monthly during the term of the contract, as services and supplies are provided. Revenues from equipment sales transactions are earned when there is persuasive evidence of an arrangement, delivery and installation have occurred, the sales price has been determined and collectability has been reasonably assured. For equipment that is to be placed at a customer’s location at a future date, revenue is deferred until the placement of such equipment.

We enter into arrangements that include multiple deliverables, which typically consist of the sale of Multi-Function Device (“MFD”) equipment and a support services contract.  We account for each element within an arrangement with multiple deliverables as separate units of accounting.  Revenue is allocated to each unit of accounting under the guidance of ASC Topic 605-25, Multiple-Deliverable Revenue Arrangements, which provides criteria for separating consideration in multiple-deliverable arrangements by establishing a selling price hierarchy for determining the selling price of a deliverable.  The selling price used for each deliverable is based on vendor-specific objective evidence (“VSOE”) if available, third-party evidence if VSOE is not available, or estimated selling price if neither VSOE nor third-party evidence is available.  We are required to determine the best estimate of selling price in a manner that is consistent with that used to determine the price to sell the deliverable on a standalone basis.  We generally do not separately sell MFD equipment or service on a standalone basis.  Therefore, we do not have VSOE for the selling price of these units. As we purchase the equipment, we have third-party evidence of the cost of this element.  We estimate the proceeds from the arrangement to allocate to the service unit based on historical cost experiences.  Based on the relative costs of each unit to the overall cost of the arrangement, we utilize the same relative percentage to allocate the total arrangement proceeds.

The Company’s contracts with customers may include provisions that relate to guaranteed savings amounts and shared savings. Such provisions are considered by management during the Company’s initial proprietary client assessment and are charged and accrued when deemed by management to be probable. The Company’s historical settlement of such amounts has been within management’s estimates.


16



·Software Subscriptions and Managed Services Revenue

Software subscriptions and managed services revenues are recognized ratably over the contract terms beginning on the commencement date of each contract, which is the date the Company’s service is made available to customers.

Amounts that have been invoiced are recorded in accounts receivable and in deferred revenue or revenue, depending on whether the revenue recognition criteria have been met.

The Company’s software subscription service arrangements are non-cancelable and do not contain refund-type provisions.

·Cybersecurity Professional Services Revenue

The majority of the Company’s cybersecurity services contracts are on a time and material basis. When these services are not combined with subscription revenues as a single unit of accounting, these revenues are recognized as the services are rendered for time and material contracts, and when the milestones are achieved and accepted by the customer for fixed price contracts.

In May 2014, the FASB issued guidance which provides a single, comprehensive accounting model for revenue arising from contracts with customers. This guidance supersedes most of the existing revenue recognition guidance, including industry-specific guidance. Under this model, revenue is recognized at an amount that a company expects to be entitled to upon transferring control of goods or services to a customer, as opposed to when risks and rewards transfer to a customer. The new guidance also requires additional disclosures about the nature, timing and uncertainty of revenue and cash flow arising from customer contracts, including significant judgments and changes in judgments. Considering the one-year delay in the required adoption date for the guidance as issued in July 2015, the new guidance is effective for us beginning in 2018 and may be applied retrospectively to all prior periods presented or through a cumulative adjustment to the opening retained earnings balance in the year of adoption. We will adopt this standard beginning January 1, 2018 and expect to use the modified retrospective method of adoption. Under the new guidance, based on the nature of our contracts, we expect to continue to recognize revenue in a similar manner as with the current guidance. Additionally, we expect the unit of accounting, that is, the identification of performance obligations, will be consistent with current revenue guidance. Accordingly, the adoption of this standard is not expected to have an material impact on our revenues.

Accounts Receivable Valuation and Related Reserves

We estimate the losses that may result from that portion of our accounts receivable that may not be collectible as a result of the inability of our customers to make required payments.  Management specifically analyzes customer concentration, customer credit-worthiness, current economic trends and changes in customer payment terms when evaluating the adequacy of the allowance for doubtful accounts.  We review past due accounts on a monthly basis and record an allowance for doubtful accounts where we deem appropriate.

New Customer Implementation Costs

We ordinarily incur additional costs to implement our services for new customers.  These costs are comprised primarily of additional labor and support.  These costs are expensed as incurred, and have a negative impact on our statements of operations and cash flows during the implementation phase.

Impairment Review of Goodwill and Intangible Assets

We periodically evaluate our intangible assets and goodwill relating to acquisitions for impairment. Goodwill is not amortized but is evaluated annually at year end for any impairment in the carrying value. We review our intangible assets for impairment on an annual basis or whenever events or changes in circumstances indicate that the carrying value of such assets may not be recoverable. Factors we consider important which could trigger an impairment review include, but are not limited to, the following: significant underperformance relative to expected historical or projected future operating results; significant changes in the manner of our use of the acquired assets or the strategy for our overall business; and a significant negative industry or economic trend for a sustained period.


17



Goodwill and intangible asset impairment assessments are generally determined based on fair value techniques, including determining the estimated future discounted and undiscounted cash flows over the remaining useful life of the asset. Those models require estimates of future revenue, profits, capital expenditures and working capital for each reporting unit. We estimate these amounts by evaluating historical trends, the current state of the Company’s industries and the economy, current budgets, and operating plans. Determining the fair value of reporting units and goodwill includes significant judgment by management and different judgments could yield different results. Any resulting impairment loss could have a material impact on our financial condition and results of operations.

Stock-Based Compensation

Under the fair value recognition provisions of the authoritative guidance, stock-based compensation cost granted to employees is measured at the grant date based on the fair value of the award and is recognized as expense over the requisite service or performance period, which is the vesting period.  Stock options and warrants issued to consultants and other non-employees as compensation for services to be provided to us are accounted for based upon the fair value of the services provided or the estimated fair value of the option or warrant, whichever can be more clearly determined.  We currently use the Black-Scholes option pricing model to determine the fair value of stock options.  The determination of the fair value of stock-based payment awards on the date of grant using an option-pricing model is affected by our stock price as well as assumptions regarding a number of complex and subjective variables.  These variables include our expected stock price volatility over the term of the awards, the expected term of the award, the risk-free interest rate and any expected dividends.  Compensation cost associated with grants of restricted stock units are also measured at fair value on the date of the grant.  We evaluate the assumptions used to value restricted stock units on a quarterly basis.  When factors change, including the market price of the stock, stock-based compensation expense may differ significantly from what has been recorded in the past.  If there are any modifications or cancellations of the underlying unvested securities, we may be required to accelerate, increase or cancel any remaining unearned stock-based compensation expense.

Income Taxes

Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial reporting requirements and those imposed under federal and state tax laws.  Deferred taxes are provided for timing differences in the recognition of revenue and expenses for income tax and financial reporting purposes and are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled.  The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period that includes the enactment date.  Deferred income tax expense represents the change during the period in the deferred tax assets and liabilities.  Realization of the deferred tax asset is dependent on generating sufficient taxable income in future years.  Deferred tax assets are reduced by a valuation allowance when, in the opinion of management, it is more likely than not that some portion or all the deferred tax assets will not be realized. Use of our net operating loss deferred assets may be limited by changes in our ownership.

The above listing is not intended to be a comprehensive list of all of our accounting policies. In many cases, the accounting treatment of a particular transaction is specifically dictated by GAAP, with no need for management’s judgment in its application. There are also areas in which management’s judgment in selecting any available alternative would not produce a materially different result. Please see our audited financial statements and notes thereto which begin on page F-1 of this Annual Report on Form 10-K, which contain accounting policies and other disclosures required by GAAP and please refer to the disclosures in Note 1 of our financial statements for a summary of our significant accounting policies.


18



Results of Operations

Year Ended December 31, 2017 Compared to the Year Ended December 31, 2016

Net Revenue

Revenue increased by approximately $11,400,000 to $71,638,947 for the year ended December 31, 2017, as compared to the same period in 2016.  This increase is largely attributable to the growth in our cybersecurity professional services as a result of the acquisition of CTEK Security, Inc. (formerly CynergisTek, Inc.) (“CTEK Security”) in January 2017. Revenues from these services increased by approximately $14,300,000. Revenues from document solution services were approximately $49,100,000 in 2017 compared to $53,400,000 in 2016. The reduction in these revenues is a result of terminations as well as volume and negotiated rate reductions at existing customers, offset by new customers and expansion of services at existing customers. These terminations will result in lower managed document services revenue in the next few quarters until we replace this revenue with new customers.  Equipment sales for 2017 were approximately $5,000,000 as compared to approximately $3,600,000 in 2016. Equipment revenues are primarily from copier fleet refresh activities at customers. These fleet refreshes are sporadic since they are typically done every five years at any one customer facility.

Cost of Revenues

Cost of revenue consists of salaries and expenses of direct labor and indirect support staff as well as document imaging equipment, parts and supplies.  Cost of revenue was $50,739,359 for the year ended December 31, 2017, as compared to $47,888,296 for the same period in 2016. We incurred approximately $5,200,000 in additional staffing costs, including contract labor, largely as a result of the acquisition of CTEK Security. Our service and supply costs decreased approximately $3,900,000 as a result of the reduction in document solution services revenue and lower toner supply pricing obtained. Also, equipment costs increased by approximately $1,500,000 in 2017, primarily as a result of the increase in equipment revenues from the copier fleet refresh activities.

Gross margin increased to 29% of revenue for the year ended December 31, 2017 as compared to 20% for the same period in 2016. The increase is attributable to higher gross margins attained from professional services rendered though CTEK Security and the benefit from the maturation of a couple of large managed document services accounts.  Over the next few quarters we expect gross margins to decline due to the recent turnover we experienced in managed document services with partial offset from new customers as we grow professional services.

Sales and Marketing

Sales and marketing expenses include salaries, commissions and expenses for sales and marketing personnel, travel and entertainment, and other selling and marketing costs. Sales and marketing expenses were $5,747,758 for the year ended December 31, 2017, as compared to $2,723,735 for the same period in 2016. The increase is primarily attributable to the addition of the CTEK Security sales and marketing teams. Also in 2017, we incurred a nonrecurring charge of approximately $100,000 in severance pay for a terminated sales executive related to the integration of CTEK Security.

General and Administrative

General and administrative expenses include personnel costs for finance, administration, information systems, and general management, as well as facilities expenses, professional fees, legal expenses and other administrative costs. General and administrative expenses increased by $1,488,403 to $7,662,486 for the year ended December 31, 2017, as compared to $6,174,083 for the same period in 2016. The increase in general and administrative expenses is attributed to 1) approximately $1,300,000 increase in staffing, travel, rent, insurance and office expenses as a result of the acquisition of CTEK Security; 2) approximately $100,000 paid to the NYSE MKT (now NYSE American) to uplist in February 2017; and 3) a bad debt charge we incurred in 2017 of approximately $100,000.


19



Impairment of Goodwill and Intangible Assets

In 2017, we recognized an impairment charge of $180,726 related to the identified intangible assets we acquired with Delphiis, Inc. and Redspin. In 2016, we recognized an impairment charge of $2,633,701 related to the identified intangible assets and goodwill for these same entities.

Depreciation

Depreciation expense increased by $171,765 to $383,419 for the year ended December 31, 2017 compared to the same period in 2016. The increase is due to the additional property and equipment acquired from CTEK Security, Inc. in January 2017.

Amortization

Amortization expense increased by $1,539,079 to $2,080,746 for the year ended December 31, 2017 compared to the $541,667 for same period in 2016. The increase is primarily due to the amortization of the identified intangibles acquired from CTEK Security, Inc. in January 2017.

Other Income (Expense)

Interest expense for the year ended December 31, 2017 was $1,526,653 compared to $91,885 for the same period in 2016.  The increase is due primarily to interest paid on the term loan of $14,000,000 and promissory notes totaling $9,000,000 which were used to finance the acquisition of CTEK Security, Inc.

At December 31, 2017, we revalued the contingent earn-out liability in connection with the acquisition of CTEK Security, Inc. This resulted in an additional expense of $1,394,000. No such activity took place in 2016.

Income Tax Benefit (Expense)

Income tax expense was $2,365,476 for the year ended December 31, 2017 as compared to a tax benefit for the year ended December 31, 2016 of $5,074,439. In 2017, income tax expense is comprised of the charges related to the current year taxable income, as well as a $1.5 million discrete expense resulting from revaluation of deferred taxes due to the recent changes in tax law.

In 2016, the income tax benefit is primarily a result of the reversal of a previously recorded valuation allowance against our deferred tax assets from NOL carryforwards. Management removed the valuation allowance given four consecutive years of earnings and its determination that it is more likely than not that such assets will be realized in future periods.

Liquidity and Capital Resources

At December 31, 2017, our cash and cash equivalents were $4,252,060 and our working capital deficit was $1,034,028. Our principal cash requirements were for operating expenses, including equipment, supplies, employee costs, principal and interest payments on term loans and promissory notes, and capital expenditures. Our primary sources of cash were from service and equipment sale revenues, as well as from our bank facilities and other financing activities.

During the year ended December 31, 2017, cash provided by operating activities was $1,433,713 as compared to cash provided by operating activities of $417,626 for the same period in 2016.  Our cash provided from operating activities in 2017 was higher than in 2016 primarily as a result of the increase in profitability from cybersecurity consulting services with the acquisition of CTEK Security, Inc. in 2017. This is partially offset by an increase in interest payments made on the bank term loan and seller notes we entered into in connection with the acquisition of CTEK Security.


20



In January 2017, we borrowed $14,000,000 under a five-year term loan agreement with a financial institution where we also have in place the availability of a $5,000,000 line of credit, subject to borrowing base limits. The term loan was used to finance the acquisition of CTEK Security. In March 2018, we restructured our debt by entering into a $17,250,000 term loan with another financial institution while repaying the original lender term loan and $6,750,000 of $9,000,000 of previously subordinated sellers notes. At this time we also agreed to pay $3,750,000 in a promissory note in lieu of earn-out payments and another $343,750 in a promissory note for severance to one of the sellers of CTEK Security, Inc. We also arranged to have a $5,000,000 line of credit with the new financial institution, subject to borrowing base limits.

On October 10, 2017, we filed a registration statement on Form S-3 to register an indeterminate number of securities.  On November 22, 2017, we filed an Amendment No. 1 to such registration statement on Form S-3 to update the information in the registration statement.  The registration statement covers such indeterminate principal amount or number of shares of common stock, debt securities, warrants and number of units of the registrant with an aggregate initial offering price not to exceed $15,000,000. The registration statement on Form S-3 was declared effective on November 22, 2017.

The $17.25 million of outstanding debt under term loan with a maturity date of September 12, 2022 and the promissory notes to the former shareholders of CTEK Security, Inc. in the aggregate principal amount of approximately $6.3 million with maturity dates ranging from January 2019 to March 2023 substantially increase our level of indebtedness and increase the possibility that we may be unable to pay our debts when they become due.  

We may seek additional financing or equity raises; however, there can be no assurance that additional financing will be available on acceptable terms, if at all. Any financing or equity raises may result in dilution to existing stockholders and any debt financing may include restrictive covenants.  Management believes that cash generated from debt and/or equity financing arrangements along with future cash flows from operations, together with cash reserves will be sufficient to sustain our business operations over the next twelve months.

Management believes that cash generated from debt and/or equity financing arrangements along with funds from operations will be sufficient to sustain our business operations over the next twelve months. Management believes that cash flows from operations together with cash reserves and our bank line of credit availability will allow us to operate without disruption.

Off-Balance Sheet Arrangements

Our off-balance sheet arrangements consist primarily of conventional operating leases and purchase and other commitments arising in the normal course of business, as further discussed below under the section “Contractual Obligations, Contingent Liabilities and Commitments.” As of December 31, 2017, we did not have any other relationships with unconsolidated entities or financial partners, such as entities often referred to as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.

Contractual Obligations, Contingent Liabilities and Commitments

As of December 31, 2017, expected future cash payments, including interest portion, related to contractual obligations, contingent liabilities, and commitments were as follows:

Payments Due by Period

Total

Within 1 year

Year 2-3

Year 4-5

More than 5 years

Term loan

$23,529,875

$6,653,650

$12,028,900   

$4,847,325

$-

Capital leases

282,257

128,904

153,353

-

-

Operating leases

1,958,267

658,690

1,166,651

132,926

-

Total

$25,770,399

$7,441,244

$13,348,904

$4,980,251

$-


21



ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK.

Not applicable.

ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA.

The financial statements required by this item are included in Part IV, Item 15 of this Annual Report.

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE.

None.

ITEM 9A.CONTROLS AND PROCEDURES.

We maintain disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”) that are designed to ensure that information required to be disclosed in our reports under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our management, including our Chief Executive Officer (principal executive officer) and Chief Financial Officer (principal financial officer), as appropriate, to allow timely decisions regarding required disclosure.

We carried out an evaluation, under the supervision and with the participation of our management, including our Chief Executive Officer and Chief Financial Officer, of the effectiveness of our “disclosure controls and procedures” as of the end of the period covered by this Annual Report, pursuant to Rules 13a-15(b) and 15d-15(b) under the Exchange Act. Based on that evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that our disclosure controls and procedures, as of the end of the period covered by this Annual Report, were effective.

Management’s Report on Internal Control over Financial Reporting

Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act. Management conducted an assessment of the effectiveness, as of December 31, 2017, of our internal control over financial reporting, based on the framework established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”). Based on their assessment under the COSO framework, our management concluded that our internal control over financial reporting was effective as of December 31, 2017.

This Annual Report on Form 10-K does not include an attestation report of our independent registered public accounting firm regarding internal control over financial reporting. Management’s report was not subject to attestation by our independent registered public accounting firm pursuant to final rules of the Securities and Exchange Commission that permit us to provide only management’s report in this Annual Report on Form 10-K.

Changes in Internal Control over Financial Reporting

Our internal control environment was revised in the third quarter of 2017 to include a control process over business combinations. Other than this and excluding the acquisitions of CTEK Security, Inc., there were no changes to our internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) identified in connection with the evaluation of our internal controls that occurred during the last fiscal quarter that has materially affected, or is reasonably likely to materially affect, such controls.


22



ITEM 9B.OTHER INFORMATION.

On October 10, 2017, we filed a registration statement on Form S-3 (File No. 333-220888) to register an indeterminate number of securities.  On November 22, 2017, we filed an Amendment No. 1 to such registration statement on Form S-3 to update the information in the registration statement.  The registration statement covers such indeterminate principal amount or number of shares of Common Stock, debt securities, warrants and number of units of the registrant with an aggregate initial offering price not to exceed $15,000,000. The registration statement on Form S-3 was declared effective on November 22, 2017.

On February 10, 2018, the Company entered into a First Amendment to Executive Employment Agreement with Michael H. McMillan, the Company’s President and Chief Executive Officer. (the “McMillan Amendment”).  Pursuant to the McMillan Amendment, Mr. McMillan’s employment term was extended through December 31, 2020 and increased Mr. McMillan’s base salary to $334,700 for 2018, and $359,700 for 2019, with the 2020 base salary to be determined by the Company’s Board of Directors at the end of the 2019 calendar year. Mr. McMillan will also be eligible for a bonus of up to $219,375 and $242,798 in 2018 and 2019, respectively, and his 2020 bonus will be up to 67.5% of his base salary. The effective date of the McMillan Amendment is January 1, 2018.  The foregoing description of the McMillan Amendment does not purport to be complete and is qualified in its entirety by reference to the terms of the McMillan Amendment, which is found as Exhibit 10.44 to this Annual Report on Form 10-K.

On February 10, 2018, the Company entered into a First Amendment to Executive Employment Agreement with Paul Anthony, the Company’s Secretary, Treasurer and Chief Financial Officer. (the “Anthony Amendment”).  Pursuant the Anthony Amendment, Mr. Anthony’s employment agreement term was extended through December 31, 2020 and increased Mr. Anthony’s base salary to $284,700 for 2018, and $309,700 for 2019, with the 2020 base salary to be determined by the Company’s Board of Directors at the end of the 2019 calendar year. Mr. Anthony will also be eligible for a bonus of up to $185,625 and $209,047 in 2018 and 2019, respectively, and his 2020 bonus will be up to 67.5% of his base salary.  The effective date of the Anthony Amendment is January 1, 2018. The foregoing description of the Anthony Amendment does not purport to be complete and is qualified in its entirety by reference to the terms of the Anthony Amendment, which is found as Exhibit 10.45 to this Annual Report on Form 10-K

PART III

ITEM 10.DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE.

The information with respect to our executive officers and directors appearing in our Definitive Proxy Statement which is expected to be filed with the SEC on or prior to April 6, 2018 in connection with the 2018 Annual Meeting of Stockholders (“Proxy Statement”) is hereby incorporated by reference.

ITEM 11.EXECUTIVE COMPENSATION.

The information with respect to compensation of our executive officers appearing in our Proxy Statement is hereby incorporated by reference.

ITEM 12.SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS.

The information with respect to the security ownership of certain beneficial owners and management appearing in our Proxy Statement is hereby incorporated by reference.

ITEM 13.CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS AND DIRECTOR INDEPENDENCE.

The information with respect to certain relationships and related transactions with management appearing in our Proxy Statement is hereby incorporated by reference.

ITEM 14.PRINCIPAL ACCOUNTING FEES AND SERVICES.

The information with respect to the principal accounting fees and services appearing in the Proxy Statement is hereby incorporated by reference.


23



PART IV

ITEM 15.EXHIBITS, FINANCIAL STATEMENT SCHEDULES.

(a)

    (1)Financial Statements

The following consolidated financial statements and related notes thereto, and the report of our independent registered public accounting firm are filed as part of this Annual Report:

Page

Report of Independent Registered Public Accounting Firm

F-1

Consolidated Balance Sheets as of December 31, 2017 and 2016

F-2

Consolidated Statements of Operations for the years ended December 31, 2017 and 2016

F-3

Consolidated Statements of Stockholders’ Equity for the years ended December 31, 2017 and 2016

F-4

Consolidated Statements of Cash Flows for the years ended December 31, 2017 and 2016

F-5