10-K 2018


UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C.20549

FORM 10-K

[X]

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2018.

[  ]

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from _____ to _____

Commission File Number: 000-27507

CYNERGISTEK, INC.

(Exact name of registrant as specified in its charter)

Delaware

37-1867101

(State or other jurisdiction of incorporation or organization)

(I.R.S. Employer
Identification No.)

11940 Jollyville Road, Suite 300N, Austin Texas, 78759

(Address of principal executive offices) (Zip Code)

(512) 402-8550

(Registrant’s telephone number, including area code)

Securities registered under Section 12(b) of the Act:

Title of Class

Name of each exchange on which registered

Common Stock, $0.001 par value per share

NYSE American

Securities registered under Section 12(g) of the Act: None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes [  ] No [X]

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes [  ] No [X]

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.
Yes [X] No [  ]

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes [X] No [  ]




Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  [  ]

Indicate by check mark whether the Registrant is a large accelerated filer, an accelerated filer, or a non-accelerated filer. See definition of “accelerated filer” and “large accelerated filer” in Rule 12b-2 of the Exchange Act.

Large accelerated filer  ¨

Accelerated filer  ¨

Non-accelerated filer  ý

Smaller reporting company  ý

Emerging growth company  ¨

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act).
Yes [  ] No [X]

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standard provided pursuant to Section 13(a) of the Exchange Act.

The aggregate market value of the registrant’s common stock, $0.001 par value per share (“Common Stock”), held by non-affiliates of the registrant on June 30, 2018, the last business day of the registrant’s most recently completed second fiscal quarter, was approximately $35.0 million (based on the average bid price of the Common Stock on that date). Shares of Common Stock held by each officer and director and each person known to the registrant to own 10% or more of the outstanding voting securities of the registrant were excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not a determination for other purposes. The registrant has one class of securities, its Common Stock.  

As of March 26, 2019, the registrant had 9,722,053 shares of Common Stock outstanding.

DOCUMENTS INCORPORATED BY REFERENCE.

Part III incorporates by reference certain information from the registrant’s definitive proxy statement (the “Proxy Statement”) for the 2019 Annual Meeting of Stockholders to be filed on or before April 19, 2019.




CYNERGISTEK, INC.

ANNUAL REPORT ON FORM 10-K
FOR THE FISCAL YEAR ENDED DECEMBER 31, 2018

TABLE OF CONTENTS

Page

Cautionary Note Regarding Forward-Looking Statements

1

PART I

1

ITEM 1.

BUSINESS

1

ITEM 1A.

RISK FACTORS

4

ITEM 1B.

UNRESOLVED STAFF COMMENTS

11

ITEM 2.

PROPERTIES

12

ITEM 3.

LEGAL PROCEEDINGS

12

ITEM 4.

MINE SAFETY DISCLOSURES

12

PART II

13

ITEM 5.

MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

13

ITEM 6.

SELECTED FINANCIAL DATA

14

ITEM 7.

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

14

ITEM 7A.

QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

21

ITEM 8.

FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

21

ITEM 9.

CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE

21

ITEM 9A.

CONTROLS AND PROCEDURES

22

ITEM 9B.

OTHER INFORMATION

22

PART III

22

ITEM 10.

DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE

22

ITEM 11.

EXECUTIVE COMPENSATION

23

ITEM 12.

SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS

23

ITEM 13.

CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS AND DIRECTOR INDEPENDENCE

23

ITEM 14.

PRINCIPAL ACCOUNTING FEES AND SERVICES

23

PART IV

24

ITEM 15.

EXHIBITS, FINANCIAL STATEMENT SCHEDULES

24


i



Cautionary Note Regarding Forward-Looking Statements

From time to time, we and our representatives may provide information, whether orally or in writing, including certain statements in this Annual Report on Form 10-K (this “Annual Report”), which are deemed to be “forward-looking” within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), that concern matters that involve risks and uncertainties which could cause actual results to differ materially from those projected in the forward-looking statements. These forward-looking statements are intended to qualify for the safe harbor from liability established by the Private Securities Litigation Reform Act of 1995 (the “Litigation Reform Act”) and are based on our beliefs as well as assumptions made by us using information currently available. All statements other than statements of historical fact contained in this Annual Report, including statements regarding future events, our future financial performance, our future business strategy and the plans and objectives of management for future operations, are forward-looking statements. The words “anticipate,” “believe,” “estimate,” “expect,” “intend,” “will,” “should” and similar expressions, as they relate to us, are intended to identify forward-looking statements. Such statements reflect our current views with respect to future events and are subject to certain risks, uncertainties and assumptions. Should one or more of these risks or uncertainties materialize, or should underlying assumptions prove incorrect, actual results may vary materially from those described herein as anticipated, believed, estimated, expected or intended or using other similar expressions. In accordance with the provisions of the Litigation Reform Act, we are making investors aware that such forward-looking statements, because they relate to future events, are by their very nature subject to many important factors that could cause actual results to differ materially from those contemplated by the forward-looking statements contained in this Annual Report, any exhibits to this Annual Report and other public statements we make. Such factors are set forth in the “Business” section, the “Risk Factors” section, the “Legal Proceedings” section, the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” section and other sections of this Annual Report, as well as in our Quarterly Reports on Form 10-Q and Current Reports on Form 8-K. We expressly disclaim any intent or obligation to update any forward-looking statements after the date hereof to conform such statements to actual results or to changes in our opinions or expectations, except as required by applicable law.

PART I

ITEM 1.BUSINESS.

Introduction

CynergisTek, Inc. (including our subsidiaries, CTEK Solutions, Inc., CTEK Security, Inc. and Delphiis, Inc.) (referred to collectively in this Annual Report, as “CynergisTek,” the “Company,” “we,” “our” and “us”) is engaged in the business of providing cybersecurity and information management consulting services dedicated primarily to the healthcare industry and those businesses that support healthcare. Our principal executive offices are located at 11940 Jollyville Road, Suite 300N, Austin, Texas, 78759.

For more information on CynergisTek and our products and services, please see the section entitled “Principal Products or Services” below or visit our website at www.cynergistek.com. The inclusion of our Internet address in this Annual Report does not include or incorporate by reference into this Annual Report any information on our website. Our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, amendments to those reports and other filings with the Securities and Exchange Commission (the “SEC”) are generally available through the EDGAR system maintained by the SEC at www.sec.gov.

Background

CynergisTek, Inc. was originally incorporated under the laws of the State of Nevada on August 29, 1995, under the name Corporate Development Centers, Inc. On April 1, 2004, we acquired Alan Mayo and Associates, Inc. dba The Mayo Group (“TMG”), a managed print company. TMG provided outsourced print management services to healthcare facilities throughout California, which services we provide as the successor-in-interest to TMG. After we acquired TMG, we changed our name to “Auxilio, Inc.” and changed the name of TMG’s former subsidiary to “Auxilio Solutions, Inc.” Effective July 1, 2014, we acquired Delphiis, Inc., a California corporation, which provides IT security consulting services. On April 7, 2015, we acquired certain assets of Redspin, Inc. which


1



provides IT security consulting services. On January 13, 2017, we acquired CynergisTek, Inc., a Texas corporation, which provides IT security consulting services and solutions.  

As described in more detail in our Current Report on Form 8-K filed with the Securities and Exchange Commission on September 8, 2017, Auxilio, Inc., changed its name and state of incorporation from the State of Nevada to the State of Delaware by merging (the “Reincorporation”) with and into its wholly-owned subsidiary, CynergisTek, Inc., a Delaware corporation, which was established for the purpose of the Reincorporation.   As a result of the Reincorporation, Auxilio ceased to exist as a separate entity.  As of the date of the merger, each outstanding share of Auxilio’s common stock was deemed, by operation of law, to represent the same number of shares of our Common Stock.  In accordance with Rule 12g-3 under the Securities Exchange Act of 1934, as amended, the shares of our Common Stock were deemed to be registered under Section 12(b) of the Exchange Act as a successor to Auxilio.  Effective as of September 8, 2017, the Company’s trading symbol changed from AUXO to “CTEK.”

As part of the Reincorporation, two wholly owned subsidiaries of the Company also changed their corporate names, as follows: (i) Auxilio Solutions, Inc., a California corporation, changed its name to CTEK Solutions, Inc.; and (ii) CynergisTek, Inc., a Texas corporation, changed its name to CTEK Security, Inc. (“CTEK Security”).

Our Common Stock currently trades on the NYSE American under the symbol CTEK.”

Principal Products and Services

We are a top-ranked cybersecurity, privacy and compliance firm offering a suite of comprehensive services and solutions with an emphasis in healthcare and the challenges unique to the healthcare industry. Our service offerings help organizations identify ever-changing threat factors and security risks, provide resources to remediate or fill a gap in skilled and experienced talent, and offer a partner with experts in cybersecurity and privacy to manage and advise on their programs.

Our services include our Compliance Assist Partner Program (CAPP), which provides on-going risk assessments and remediation tracking to ensure organizations are compliant with HIPAA. Our Virtual Chief Information Security Officer (CISO) helps organizations with program development and prioritizes projects. The use of the CISO often reveals gaps in an organization’s security.  We can then provide additional resources through our Staffing service to execute a remediation plan or work on other IT security projects. Our Vendor Security Management oversees third-party risk and Incident Response services to help address the growing ransomware and malware attacks that plague organizations today.

To address growing market needs, we recently expanded our consulting and managed services offerings to include Medical Device Security Risk Assessment and Managed Security Services. The Medical Device Security Risk Assessment service helps organizations inventory the increasing number of medical devices connected to the network, identify hard to find vulnerabilities to overall security and the patient, and categorize these risks into a clearly defined remediation plan.  The Managed Security Services provide on-going monitoring and analysis of an organization’s security posture in regard to its network, endpoint devices, cloud infrastructure and SaaS applications.  

As of March 20, 2019 the Company is focused exclusively on cybersecurity and privacy. As reported in our prior public filings, beginning March 20, 2019, we no longer provide Managed Print Services (MPS) directly but will continue to refer our customers to our partners for these services. MPS optimizes high-volume print environments while reducing costs, improving efficiency and securing the print environment through industry best practices.


2



Competition

The competition in the healthcare industry market for cybersecurity and privacy services generally come from large or niche consulting and technology firms and regional companies that offer multiple approaches but within a much smaller geographic footprint.  Examples include companies like Deloitte, Dell Secureworks, Fire Eye, Coal Fire, Fortified Health Security, Mediology and Clearwater Consulting.

We believe our analysis of the competitive landscape shows a very strong opportunity for fully-outsourced and managed services to the healthcare industry, and we believe that we have a strong competitive position in the marketplace due to several important factors:

·We are focused on the healthcare industry. We are not aware of any other vendor or service provider which has the majority of its business dedicated to addressing HIPAA compliance, including printed and stored documents and improving efficiency for the healthcare industry. Our expertise and knowledge base are unmatched in the market.

·By focusing on healthcare, we believe we enjoy lower turn-around times for service, greater up-sell opportunities, and a deeper service relationship with the customer.

·We believe our offering provides a unique approach to managed security services. To address workforce and expertise shortages, we can deploy knowledgeable resources to perform a predefined security role on-site or virtually for a defined amount of time, which results in our customers receiving staff with expertise they need while controlling their costs.

·We are not restricted to any single supplier, which allows us to bring the best hardware and software solutions to our customers. Our approach is to use the most appropriate technology to provide a superior solution without any prejudice as to manufacturer or developer.

·We believe our relationship with healthcare providers gives us an advantage when targeting the larger pool of potential clients in the business associate category.

·We have a strong referral base within healthcare as a result of serving more than a thousand hospitals and other healthcare clients under managed services agreements.

·Many of our employees have worked in the healthcare provider setting, as well as for the Office for Civil Rights.

Customers

Most of our customers are hospitals, their related off-site facilities and third parties who provide services to healthcare entities. The loss of any key customer could have a material adverse effect upon our financial condition, business, prospects and results of operation. During the year ended December 31, 2018, our two largest customers represented approximately 57% of our revenues.

Intellectual Property

We maintain databases that contain the results of our managed services and consulting efforts. This allows us to anticipate our customers’ future needs and to meet those needs. These databases provide us with exclusive insight into the state of cybersecurity and information management of our customers and the healthcare industry. We consider our proprietary RiskSonar application suite an important tool in assessing and organizing the information technology control structure of our customers. We consider our intellectual property an important and valuable asset that enhances our competitive position.

We have filed a trademark application for the name “CynergisTek” and for the Company’s logo.


3



Employees

As of December 31, 2018, we had 292 full-time employees and five part-time employees, including 247 employees engaged in providing services, 22 employees engaged in sales and marketing, and 28 employees engaged in general and administrative activities. Our employees are not represented by any collective bargaining agreement, and we have never experienced a work stoppage. We believe our employee relations are good.

ITEM 1A. RISK FACTORS

Before deciding to purchase, hold or sell our Common Stock, you should carefully consider the risks described below in addition to the other information contained in this Annual Report and in our other filings with the SEC, including subsequent reports on Forms 10-Q and 8-K. The risks and uncertainties not presently known to us or that we currently deem immaterial may also affect our business. If any of these known or unknown risks or uncertainties actually occurs with material adverse effects on CynergisTek, our business, financial condition, results of operations and/or liquidity could be seriously harmed. In that event, the market price of our Common Stock will likely decline, and you may lose all or part of your investment.

Risks Related to Our Industry

We face substantial competition from better established companies that may offer similar products and services at a lower cost to our customers, resulting in a reduction in the sale of our products and services.

The market for our products and services is competitive and is likely to become even more competitive in the future. Increased competition could result in pricing pressures, reduced sales, reduced margins or the failure of our products and services to achieve or maintain market acceptance, any of which would have a material adverse effect on our business, results of operations and financial condition. Many of our current and potential competitors enjoy substantial competitive advantages, such as:

·greater name recognition and larger marketing budgets and resources;

·established marketing relationships and access to larger customer bases;

·substantially greater financial, technical and other resources; and

·larger technical and support staffs.

As a result, our competitors may be able to respond more quickly than we can to new or changing opportunities, technologies, standards or customer requirements. For all of the foregoing reasons, we may not be able to compete successfully against our current and future competitors.

Risks Related to Our Business

A substantial portion of our business is dependent on our largest customers.

The loss of any key customer could have a material adverse effect upon our financial condition, business, prospects, and results of operation.  Our two largest customers represented approximately 57% of our revenues for the year ended December 31, 2018.  As a result of the sale of our MPS business in March of 2019, we anticipate that these customers will represent less than 25% of revenue for 2019 and even less in subsequent years; although this is a significant reduction, a loss of any large customer could have a material impact on our operations that may require us to obtain equity funding or debt financing to continue our operations.  We cannot be certain that we will be able to obtain such financing on commercially reasonable terms, or at all.

Fluctuations in demand for our products and services are driven by many factors, and a decrease in demand for our products could adversely affect our financial results.

We are subject to fluctuations in demand for our products and services due to a variety of factors, including market transitions, general economic conditions, competition, product obsolescence, technological change, shifts in buying patterns, financial difficulties and budget constraints of our current and potential customers, awareness of


4



security threats to information systems and other factors. While such factors may, in some periods, increase product sales and services, fluctuations in demand can also negatively impact our product sales and services. If demand for our products and solutions declines, whether due to general economic conditions or a shift in buying patterns, our revenues and margins would likely be adversely affected.

We may be subject to data breaches and cyber-attacks which could materially adversely affect our financial condition, our competitive position and operating results.

Data breaches and cyber-attacks could compromise our trade secrets and other sensitive information, be costly to remediate and cause significant damage to our business and reputation. The secure maintenance of this information is critical to our business and reputation. We believe that companies have been increasingly subject to a wide variety of security incidents, cyber-attacks, hacking and phishing attacks, and other attempts to gain unauthorized access. These threats can come from a variety of sources, all ranging in sophistication from an individual hacker to a state-sponsored attack. Cyber threats may be generic, or they may be custom-crafted against our information systems.

Cyber-attacks have become increasingly more prevalent and much harder to detect and defend against. Our network and storage applications, as well as those of our customers, business partners, and third-party providers, may be subject to unauthorized access by hackers or breached due to operator error, malfeasance or other system disruptions. It is often difficult to anticipate or immediately detect such incidents and the damage caused by such incidents. These data breaches and any unauthorized access, misuse or disclosure of our information or intellectual property could compromise our intellectual property and expose sensitive business information. Cyber-attacks on us or our customers, business partners or third-party providers could also cause us to incur significant remediation costs, result in product development delays, disrupt key business operations and divert attention of management and key information technology resources. These incidents could also subject us to liability, expose us to significant expense and cause significant harm to our reputation and business.

In addition, we could be subject to claims for damages resulting from loss of data from alleged vulnerabilities in the security of our processors. We also maintain confidential and personally identifiable information about our workers. The integrity and protection of our worker data is critical to our business and our workers have a high expectation that we will adequately protect their personal information.

A breach of data privacy is likely to cause significant disruption of our business operations. Failure to adequately maintain and update our security systems could materially adversely affect our operations and our ability to maintain worker confidence. Failure to prevent unauthorized access to electronic and other confidential information and data breaches could materially adversely affect our financial condition, our competitive position and operating results.

If our customers experience data losses, our brand, reputation and business could be harmed.

A breach of our customers’ network security and systems or other events that cause the loss or public disclosure of, or access by third parties to, our customers’ files or data could have serious negative consequences for our business, including reduced demand for our services, an unwillingness of our customers to use our services, harm to our brand and reputation. The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated or remote areas around the world. As a result, our customers may be unable to proactively prevent these techniques, implement adequate preventative or reactionary measures, or enforce the laws and regulations that govern such activities. If our customers experience any data loss, or any data corruption or inaccuracies, whether caused by security breaches or otherwise, our brand, reputation and business could be harmed.  We believe our risk here is mitigated by the security we employ and the fact that we do not take possession or control of customer sensitive information.

Our insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our policy may not cover any claim against us for loss of data or other indirect or consequential damages. Defending a suit based on any data loss or system disruption, regardless of its merit, could be costly and divert management’s attention.


5



Healthcare legislation and regulation.  

We are a cybersecurity and information management consulting firm dedicated to serving the healthcare industry. The healthcare industry is highly regulated.  U.S. government agencies continue to implement the extensive requirements of the Patient Protection and Affordable Care Act (the “ACA”). These have both positive and negative impacts on the U.S. healthcare industry with much remaining uncertain as to how various provisions of the ACA will ultimately affect the industry, including our business.  

New legislation or regulation.

As to prospective legislation and regulation, we cannot determine what effect additional state or federal governmental legislation, regulations, or administrative orders would have on our business in the future. New legislation or regulation may require the reformulation of our business to meet new standards, require us to cease operations, impose stricter qualification and/or registration standards, impose additional record keeping, or require expanded consumer protection measures.  Congressional leaders and the current administration have attempted to repeal or modify the ACA.  At this time the Company is not certain as to the impact of federal health care legislation on its business.

We may be unable to recruit and maintain our senior management and other key personnel on whom we are dependent.

We are highly dependent upon senior management and key personnel, and we do not carry any life insurance policies on such persons. The loss of any of our senior management, or our inability to attract, retain and motivate the additional highly-skilled employees and consultants that our business requires, could substantially hurt our business, prospects, financial condition and results of operations. In addition, we rely on the ability of our management team to work together effectively. If our management team fails to work together effectively, our business could be harmed.

The market may not accept our products and services and we may not be able to continue our business operations; or if the market is receptive to our products but not our services, our revenues and profitability will be harmed.

Our products and services are targeted to the healthcare market, a market in which there are many competing service providers. Accordingly, the demand for our products and services is very uncertain. The market may not accept our products and services. Even if our products and services achieve market acceptance, our products and services may fail to adequately address the market’s requirements.

In addition, if we are able to sell our products but are unable to provide ongoing services, our revenues and profitability will be harmed. Our services are integral to the successful deployment of our solutions. If we do not effectively service and support our customers, our revenues and operating results would be harmed.

Our business depends on generating and maintaining ongoing, profitable customer demand for our services and solutions, including through the adaptation and expansion of our services and solutions in response to ongoing changes in technology and offerings.  A significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect our results of operations.

Our revenue and profitability depend on the demand for our services and solutions with favorable margins, which could be negatively affected by numerous factors, many of which are beyond our control and unrelated to our work product. Volatile, negative or uncertain global economic conditions and lower growth in the markets we serve have adversely affected and could in the future adversely affect customer demand for our services and solutions. Our success depends, in part, on our ability to continue to develop and implement services and solutions that anticipate and respond to rapid and continuing changes in technology and offerings to serve the evolving needs of our customers. Technological developments may materially affect the cost and use of technology by our customers.


6



Some technologies may replace some of our services and solutions in the future. This may cause customers to delay spending under existing contracts and engagements and to delay entering into new contracts while they evaluate new technologies. Such delays can negatively impact our results of operations if the pace and level of spending on new technologies is not sufficient to make up any shortfall.

Developments in the industries we serve, which may be rapid, also could shift demand to new services and solutions. If, as a result of new technologies or changes in the industries we serve, our customers demand new services and solutions, we may be less competitive in these new areas or need to make significant investment to meet that demand. Our growth strategy focuses on responding to these types of developments by driving innovation that will enable us to expand our business into new growth areas. We must continually address the challenges of dynamic and accelerating market trends, such as the emergence of advanced persistent threats in the security space, the continued decline in the PC market and the market shift towards mobility and the increasing transition towards cloud-based solutions. If we do not sufficiently invest in new technology and adapt to industry developments, or evolve and expand our business at sufficient speed and scale, or if we do not make the right strategic investments to respond to these developments and successfully drive innovation, our services and solutions, our results of operations, and our ability to develop and maintain a competitive advantage and to execute on our growth strategy could be negatively affected. New product development and introduction involves a significant commitment of time and resources and is subject to a number of risks and challenges including:

·Managing the length of the development cycle for new products and product enhancements;

·Adapting to emerging and evolving industry standards and to technological developments by our competitors and customers;

·Extending the operation of our products and services to new and evolving platforms, operating systems and hardware products, such as mobile devices;

·Entering into new or unproven markets with which we have limited experience;

·Managing new product and service strategies for the markets in which we operate; and

·Developing or expanding efficient sales channels.

If we are not successful in managing these risks and challenges, or if our new products, product upgrades and services are not technologically competitive or do not achieve market acceptance, our business and operating results could be adversely affected. We operate in a rapidly evolving environment in which there currently are, and we expect will continue to be, new technology entrants. New services or technologies offered by competitors or new entrants may make our offerings less differentiated or less competitive when compared to other alternatives, which may adversely affect our results of operations. In addition, companies in the industries we serve sometimes seek to achieve economies of scale and other synergies by combining with or acquiring other companies. If one of our current customers merges or consolidates with a company that relies on another provider for the services and solutions we offer, we may lose work from that customer or lose the opportunity to gain additional work if we are not successful in generating new opportunities from the merger or consolidation.

Many of our contracts allow customers to terminate, delay, reduce or eliminate spending on the services and solutions we provide. Additionally, a customer could choose not to retain us for additional stages of a project, try to renegotiate the terms of its contract or cancel or delay additional planned work. When contracts are terminated or not renewed, we lose the anticipated revenues, and it may take significant time to replace the level of revenues lost. Consequently, our results of operations in subsequent periods could be materially lower than expected. The specific business or financial condition of a customer, changes in management and changes in a customer’s strategy are also all factors that can result in terminations, cancellations or delays.

Achieving the desired benefits of recent acquisitions may be subject to a number of challenges and uncertainties which make it hard to predict the future success of each entity.

We have completed several acquisitions in recent years with expected benefits including, among other things, operating efficiencies, procurement savings, innovation, sharing of best practices and increased market share that may allow for future growth.  Achieving the anticipated benefits may be subject to a number of significant challenges and uncertainties, including, without limitation, whether unique corporate cultures will work


7



collaboratively in an efficient and effective manner, the coordination of separate organizations, the possibility of imprecise assumptions underlying expectations regarding potential synergies and the integration process, unforeseen expenses and delays, and competitive factors in the marketplace.  We could also encounter unforeseen transaction and integration-related costs or other circumstances such as unforeseen liabilities or other issues.  Many of these potential circumstances are outside of our control and any of them could result in increased costs, decreased revenue, decreased synergies and the diversion of management time and attention.  If we are unable to achieve our objectives within the anticipated time frame, or at all, the expected benefits may not be realized fully or at all, or may take longer to realize than expected, which could have an adverse effect on our business, financial condition and results of operations.

Our business and operations expose us to numerous legal and regulatory requirements, and any violation of these requirements could harm our business.

We are subject to numerous federal and state legal requirements on matters as diverse as data privacy and protection, employment and labor relations, immigration, taxation, anticorruption, import/export controls, trade restrictions, internal and disclosure control obligations, securities regulation and anti-competition. Compliance with diverse and changing legal requirements is costly, time-consuming and requires significant resources. We also conduct business in certain identified growth areas, such as health information technology, which are highly regulated and may expose us to increased compliance risk. Violations of one or more of these diverse legal requirements in the conduct of our business could result in significant fines and other damages, criminal sanctions against us or our officers, prohibitions on doing business and damage to our reputation. Violations of these regulations or contractual obligations related to regulatory compliance in connection with the performance of customer contracts could also result in liability for significant monetary damages, fines and/or criminal prosecution, unfavorable publicity and other reputational damage, restrictions on our ability to compete for certain work and allegations by our customers that we have not performed our contractual obligations.

We may need additional capital in the future and, if such capital is not available on terms acceptable to us or available to us at all, this may impact our ability to continue to grow our business operations.

We may need capital in the future to expand our business operations. If we need capital, we cannot be certain that it will be available on terms acceptable to us or available to us at all. In the event we are unable to raise capital, we may not be able to:

·develop or enhance our service offerings;

·take advantage of future opportunities; or

·respond to customers and competition.

We have a substantial amount of indebtedness which may adversely affect our financial resources and our ability to operate our business.

We are indebted to the former shareholders of CTEK Security, Inc. in the aggregate principal amount of approximately $6.1 million pursuant to promissory notes with maturity dates ranging from January 2019 to March 2023.  Our resulting substantial level of indebtedness and other financial obligations increase the possibility that we may be unable to pay, when due, the principal of, interest on, or other amounts due in respect of, our indebtedness.   If we are unable to pay our indebtedness under the aforementioned promissory notes when due, this could result in a default under the promissory notes. In such event, the lenders may elect (after the expiration of any applicable notice or grace periods) to declare all outstanding borrowings, together with accrued and unpaid interest and other amounts payable under the notes, to be immediately due and payable. Any such occurrence would have an immediate and materially adverse impact on our business and results of operations.

With the sale of our Managed Print Services assets, our business focus is narrower, and we are more dependent on the market’s acceptance of our cybersecurity and privacy products and services. If these products and services are not accepted by the market, any such rejection or delay in acceptance could have a material adverse impact on our business.


8



As disclosed in our recent public filings and discussed in the Business section of this Annual Report, in March 2019, we closed a transaction to sell the assets used in our Managed Print Services business (“MPS”). Following the sale of the MPS assets, we plan to focus on expanding our cybersecurity and privacy services and product offerings. However, there can be no guarantee that this more narrow business focus will succeed or that we will be able to grow our business or implement this new and more focused business strategy. If our cybersecurity and privacy products and services are not accepted by the market, or if the acceptance of these products and services is delayed or takes longer than anticipated, any such non-acceptance or delay in acceptance of our products or services by the market could have a proportionately larger material adverse impact on our business.

Achieving the desired benefits of recent changes in our business focus may be subject to a number of challenges and uncertainties which make it hard to predict the future success of each entity.

As noted, we recently sold the assets used in our MPS business and are planning to focus more on expanding our cybersecurity and privacy services and product offerings. As we transition from the MPS business to a business more focused on cybersecurity and privacy, achieving the anticipated benefits may be subject to a number of significant challenges and uncertainties, including, without limitation, changes in corporate culture; removal of prior business synergies between the current business and the MPS business; unforeseen expenses and delays resulting from the sale of the MPS business assets; and competitive factors in the marketplace.  We could also encounter unforeseen transaction and disposition-related costs or other circumstances such as unforeseen liabilities or other issues.  Many of these potential circumstances are outside of our control, and any of them could result in increased costs, decreased revenue, and the diversion of management time and attention.  If we are unable to achieve our objectives within our anticipated time frame, or at all, the expected benefits may not be realized fully or at all, or may take longer to realize than expected, which could have an adverse effect on our business, financial condition and results of operations.

Risks Related to the Market for Our Securities

Because the public market for shares of our Common Stock is limited, stockholders may be unable to resell their shares of Common Stock.

Currently, there is only a limited public market for our Common Stock on the NYSE American and our stockholders may be unable to resell their shares of Common Stock. Currently, the average daily trading volume of our Common Stock is not significant, and it may be more difficult for you to sell your shares in the future, if at all.

The development of an active trading market depends upon the existence of willing buyers and sellers who are able to sell shares of our Common Stock as well as market makers willing to create a market in such shares. Under these circumstances, the market bid and ask prices for the shares may be significantly influenced by the decisions of the market makers to buy or sell the shares for their own account. Such decisions of the market makers may be critical for the establishment and maintenance of a liquid public market in our Common Stock. Market makers are not required to maintain a continuous two-sided market and are free to withdraw quotations at any time. We cannot assure our stockholders that an active public trading market for our Common Stock will develop or be sustained.

The price of our Common Stock may be volatile and could decline in value, resulting in loss to our stockholders.

The market for our Common Stock is volatile, having ranged since January 1, 2018 through December 31, 2018 from a low of $3.23 to a high of $5.45. The market price for our Common Stock has been, and is likely to continue to be, volatile. The following factors may cause significant fluctuations in the market price of shares of our Common Stock:


9



·fluctuations in our quarterly revenues and earnings or those of our competitors;

·variations in our operating results compared to levels expected by the investment community;

·announcements concerning us, our competitors or our customers;

·announcements of technological innovations;

·sale or purchases of shares by traders or other investors;

·market conditions in the industry; and

·the conditions of the securities markets.

The factors discussed above may depress or cause volatility of our share price, regardless of our actual operating results. In addition, the highly volatile nature of our stock price may cause investment losses for our stockholders. In the past, securities class action litigation has often been brought against companies following periods of volatility in the market price of their securities. If securities class action litigation is brought against us, such litigation could result in substantial costs while diverting management’s attention and resources.

There are a large number of shares of Common Stock that may be issued or sold, and if such shares are issued or sold, the market price of our Common Stock may decline.

As of December 31, 2018, we had 9,630,050 shares of our Common Stock outstanding.

If all warrants, options and restricted stock grants outstanding as of December 31, 2018 are exercised prior to their expiration, up to approximately 1.5 million additional shares of Common Stock could become freely tradable. Such sales of substantial amounts of Common Stock in the public market could adversely affect the prevailing market price of our Common Stock and could also make it more difficult for us to raise funds through future offerings of Common Stock.

Our stockholders may experience dilution.

We anticipate that we may raise substantial additional capital to achieve our business objectives. We have an effective shelf registration statement under which we have the current ability to raise up to $15 million through the issuance of equity or debt securities.  We cannot assure you that we will be able to sell shares or other securities in any offering at a price per share that is equal to or greater than the price per share paid by investors in previous offerings, and investors purchasing shares or other securities in the future could have rights superior to existing stockholders. The price per share at which we sell additional shares of our Common Stock or other securities convertible into or exchangeable for our Common Stock in future transactions may be higher or lower than the price per share in previous offerings. The future issuance of the Company’s equity securities will further dilute the ownership of our outstanding Common Stock.  The market price of our Common Stock has been, and may continue to be, highly volatile, and such volatility could cause the market price of our Common Stock to decrease and could cause stockholders to lose some or all of their investment in our Common Stock.

We do not intend to pay dividends.

We have never declared or paid any cash dividends on our Common Stock. We do not anticipate paying dividends on our Common Stock in the foreseeable future. We may not have sufficient funds to legally pay dividends. Even if funds are legally available to pay dividends, we may nevertheless decide in our sole discretion not to pay dividends and to retain any future earnings to fund growth.


10



Other Risks

It may be difficult for a third party to acquire us even if doing so would be beneficial to our stockholders.

Some provisions of our Certificate of Incorporation, as amended, and Bylaws, as amended, as well as some provisions of Delaware, Texas or California law, may discourage, delay or prevent third parties from acquiring us, even if doing so would be beneficial to our stockholders.

As a public company, we are subject to complex legal and accounting requirements that will require us to incur significant expenses.

As a public company, we are subject to numerous legal and accounting requirements that do not apply to private companies. The cost of compliance with many of these requirements is material, not only in absolute terms but, more importantly, in relation to the overall scope of the operations of a small company. The cost of such compliance may prove to be a substantial competitive disadvantage vis-à-vis our privately held and larger public competitors.

The impact of any deterioration of the global credit markets, financial services industry and U.S. economy may negatively affect our business and our ability to obtain capital, if needed.

A deterioration in the global credit markets, the financial services industry and the U.S. economy could result in a period of substantial turmoil. The impact of these events on our business and the severity of an economic crisis is uncertain. It is possible that a crisis in the global credit markets, the financial services industry or the U.S. economy could adversely affect our business, vendors and prospects as well as our liquidity and financial condition. This could impact our ability to increase our customer base and generate positive cash flows. Although we have been able to raise additional working capital through convertible note agreements and private placement offerings of our Common Stock in the past, we may not be able to continue this practice in the future or we may not be able to obtain additional working capital through other debt or equity financings. In the event that sufficient capital cannot be obtained, we may be forced to minimize growth to a point that would be detrimental to our business development activities. These courses of action may be detrimental to our business prospects and result in material charges to our operations and financial position. In the event that any future financing should take the form of the sale of equity securities, the current equity holders may experience dilution of their investments.

The forward-looking statements contained in this Annual Report may prove incorrect.

This Annual Report contains certain forward-looking statements. These forward-looking statements are based largely on our current expectations and are subject to a number of risks and uncertainties. Actual results could differ materially from these forward-looking statements. In addition to the other risks described elsewhere in this “Risk Factors” discussion, important factors to consider in evaluating such forward-looking statements include: (i) changes to external competitive market factors or in our internal budgeting process which might impact trends in our results of operations; (ii) anticipated working capital or other cash requirements; (iii) changes in our business strategy or an inability to execute our strategy due to unanticipated changes in our industry; and (iv) various competitive factors that may prevent us from competing successfully in the marketplace. In light of these risks and uncertainties, many of which are described in greater detail elsewhere in this “Risk Factors” discussion, there can be no assurance that the events predicted in forward-looking statements contained in this Annual Report will, in fact, transpire.  Any negative change in the factors listed above could adversely affect the financial condition and operating results of the Company and its products and services.  

ITEM 1B. UNRESOLVED STAFF COMMENTS.

None.


11



ITEM 2. PROPERTIES.

We lease approximately 18,320 square feet of office space on the 2nd floor, referred to as Suite 200, and in a portion of the basement (the “Mission Viejo Premises”), in the building located at 27271 Las Ramblas, Mission Viejo, California 92691 (the “Mission Viejo Building”), pursuant to an Office Building Lease (the “Mission Viejo Lease”) dated June 26, 2015, with MVPlaza, Inc. (“Landlord”). The term of the Mission Viejo Lease commenced on or about October 1, 2015 and terminates in April 2021.  We lease approximately 3,600 square feet of office space at 11410 Jollyville Road, Suite 2201, Austin, Texas 78759. This lease terminates in September 2019. We also lease approximately 9,600 square feet of office space at 11940 Jollyville Road, Austin, Texas 78759. This lease terminates in May 31, 2020.

We sublease a portion of the Mission Viejo Premises containing approximately 4,500 square feet of space, a portion of which is located on the 2nd floor of the Mission Viejo Building, pursuant to a Standard Sublease Multi-Tenant dated January 23, 2019 (the “Total Vision Sublease”) with Total Vision, LLC, a Delaware limited liability company. The term of the Total Vision Sublease commenced on February 15, 2019, and terminates on April 15, 2021.  

We sublease a portion of the Mission Viejo Premises containing approximately 12,620 square feet of space, a portion of which is located on the 2nd floor of the Mission Viejo Building and the basement within the same, pursuant to a Sublease Agreement dated March 20, 2019 (the “Vereco Sublease”) with Vereco, LLC. The term of the Vereco Sublease commenced on March 20, 2019, and terminates April 15, 2021.

We expect that the current leased premises will be satisfactory until the future growth of our business operations necessitates an increase in office space.

ITEM 3. LEGAL PROCEEDINGS.

We are not a party to any material legal proceedings, nor has any material proceeding been terminated during the fiscal year ended December 31, 2018.

ITEM 4. MINE SAFETY DISCLOSURES.

Not applicable.


12



PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES.

Market Information

Since February 14, 2017, our Common Stock has been listed on the NYSE American.  From February 14, 2017 through September 7, 2017, our Common Stock was listed under the symbol “AUXO.”  Since September 8, 2017, our Common Stock has been listed under the symbol “CTEK.”  Prior to February 14, 2017, our Common Stock was listed on the OTCQB under the symbol “AUXO.”

On January 13, 2017, the Company effectuated a reverse stock split of its issued and outstanding shares of Common Stock at a ratio of 1 for 3 (the “Reverse Stock Split”). As a result of the Reverse Stock Split, the Company’s issued and outstanding stock decreased from 24,557,224 to 8,185,936 shares of Common Stock, all with a par value of $0.001. All information related to Common Stock, stock options, warrants and share price for prior periods has been retroactively adjusted in this Annual Report to give effect to the Reverse Stock Split.

The following table presents quarterly information on the high and low sales prices of our Common Stock for the fiscal years ended December 31, 2018 and 2017, furnished by the NYSE American and the OTCQB.

High

Low

Fiscal Year Ended December 31, 2018

First Quarter

$ 5.45

$ 3.73

Second Quarter

$5.04

$ 3.60

Third Quarter

$4.15

$3.23

Fourth Quarter

$4.78

$3.66

Fiscal Year Ended December 31, 2017

First Quarter

$ 5.85

$ 2.37

Second Quarter

$6.72

$ 4.20

Third Quarter

$5.08

$3.08

Fourth Quarter

$4.25

$2.70

Holders

On March 26, 2019, we had approximately 65 stockholders of record. Certain of our shares are held in “nominee” or “street” name, and the number of beneficial owners of such shares are approximately 1,800.

Dividends

We have never paid cash dividends on our Common Stock and do not anticipate paying such dividends in the foreseeable future. The future payment of dividends, if any, will be determined by our Board of Directors (the “Board”) in light of conditions then existing, including our financial condition and requirements, future prospects, restrictions in financing agreements, business conditions and other factors deemed relevant by the Board.

Repurchases

During the fiscal year ended December 31, 2018, we did not repurchase any of our securities.

Securities Authorized for Issuance under Equity Compensation Plans

The following table provides certain information as of December 31, 2018 with respect to our existing equity compensation plans under which shares of our Common Stock are authorized for issuance.


13



Plan

Number of Securities to be Issued Upon Exercise of Outstanding Options, Warrants and Rights

Weighted Average Exercise Price of Outstanding Options, Warrants and Rights

Number of Securities Remaining Available for Future Issuances Under Plans (excluding securities reflected in column (a))

(a)

(b)

(c)

Equity compensation plan options approved by security holders (1)

539,926

$2.97

1,208,665

Equity compensation plan restricted stock units approved by security holders (2)

880,000

Equity compensation plans not approved by security holders (3)

77,779

$2.93

Total

1,497,705

1,208,665

(1)These plans consist of the 2001 Stock Option Plan, the 2003 Stock Option Plan, the 2004 Stock Option Plan, the 2007 Stock Option Plan and the 2011 Stock Incentive Plan, each as amended.

(2)Represents restricted stock units issued under the 2011 Stock Incentive Plan. Since this plan includes option grants, number of securities remaining available for future issuances is combined.

(3)From time to time and at the discretion of the Board, we may issue warrants to our key individuals or officers as performance-based compensation.

ITEM 6. SELECTED FINANCIAL DATA.

As a smaller reporting company, we are not required to include this information in our Annual Report on Form 10-K.

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS.

The following discussion presents information about our consolidated results of operations, financial condition, liquidity and capital resources and should be read in conjunction with our consolidated financial statements and the notes thereto beginning on page F-1 of this Annual Report.

Overview

We are engaged in the business of providing IT and related consulting services, including cybersecurity, and IT security consulting services and managed print services to the healthcare industry.  Our business is operated throughout the United States.

We provide a large selection of testing services offered on a standalone basis or customized into a package of services to fit our customers’ needs or offered as an industry accepted methodology-based Risk Assessment that meets requirements outlined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Meaningful Use.

The HIPAA Risk Assessment is our flagship stand-alone service and combines several of our individual technical and physical assessment components into a single engagement aimed specifically at addressing the requirement for both a risk assessment as well as ongoing risk management processes for all organizations with a requirement to comply with HIPAA. We also offer an annual Risk Assessment as the base component of an ongoing holistic compliance management program, Compliance Assist Partner Program (“CAPP”), discussed more below.


14



We understand that health information privacy means more than just meeting an organization’s HIPAA compliance requirements – it is a business imperative. Our team of consultants is comprised of experienced professionals who have learned their craft both in the classroom and through years of experience as policy makers and in the health care industry. This allows us to provide our customers with expert HIPAA privacy consulting services that evaluate the rigor and effectiveness of their privacy program to ensure the confidentiality of their patients’ health information.

We offer a menu of services to measure and strengthen an organization’s compliance with the HIPAA Privacy Rule, Health Information Technology for Economic and Clinical Health Act (“HITECH”) Breach Notification Rule, Federal Trade Commission consumer protection guidelines and state privacy standards. Using state of the art assessment tools and applying industry best practices, our teams identify areas to strengthen our customers privacy program, recommend solutions, and provide tools and training materials to enhance the culture of privacy and compliance within an organization.

A variety of consulting advisory services are also offered, ranging from using cutting-edge technologies to monitor user access to patient health information to producing exercises replicating the HIPAA/HITECH audit experience that help guide organizations on how to respond to state or federal regulatory enforcement investigations. We can also customize any assessment to address specific organizational requirements. Working with us enables customers to have resources and expertise that they need to accelerate the effectiveness of their privacy program.

To help organizations prepare for audits and investigations, CynergisTek offers a series of audit solutions that help organizations verify and validate that privacy and security programs meet compliance and business objectives. CynergisTek understands the regulatory and compliance environment and can help organizations enhance their risk management efforts through various types of audits. Our Compliance and Audit Services are delivered by our industry experts and provide an overall assessment of an organization’s audit readiness.

We provide a Compliance Assist Partner Program (“CAPP”) that is a fully customizable managed security services support agreement.  The CAPP is offered to both providers and business associates and provides the basic building blocks to help an organization build and maintain their cybersecurity program. This multi-year program provides a fully managed support environment.

We offer a Patient Privacy Monitoring Service (“PPMS”) that supports multiple platforms allowing the customer to select the tool of choice and have a fully managed solution.  

Our Vendor Security Management service is a fully automated solution employing our proprietary Risk Sonar application.  Our program provides a cloud-based solution with a client portal that enables CynergisTek to conduct security reviews of the customers third-party supply chain vendors and provide the results back to the customer.

Our incident response service provides a proactive approach to assess, define, and prepare for a variety of cyber incidents. Our program ensures an organization has the right technologies, people and processes in place to respond to an incident in an efficient and effective manner. We expect that our services will help improve an organization’s ability to respond and recover from a cyber incident ranging from an attack or breach, to a system outage. We offer them as one-time engagements or as a part of a bundled, ongoing Incident Response Managed Service.

Prior to March 20, 2019, we provided document solutions for the healthcare industry.  We offered hospitals and health systems comprehensive services and solutions to support the document life cycle. We provided a vendor neutral program that enhanced security of printed, stored data and digital documents while driving out costs and inefficiencies within the patient information logistical chain.  .

We have been an industry leader in document solutions for the healthcare industry for many years, offering hospitals and health systems comprehensive services and solutions to support the document life cycle. We provide a vendor neutral program that enhances security of printed, stored data and digital documents while driving out costs and inefficiencies within the patient information logistical chain. We no longer provide these types of services.  Due


15



to this change we will see a reduction in our revenues and earnings until we are able to grow our cybersecurity business

Application of Critical Accounting Policies

The SEC defines critical accounting policies as those that are, in management’s view, most important to the portrayal of our financial condition and results of operations and most demanding of our judgment. The discussion and analysis of our financial condition and results of operations are based upon our financial statements, which were prepared in accordance with accounting principles generally accepted in the U.S., which is referred to as “GAAP.” The preparation of these financial statements requires us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenues and expenses, and related disclosures of contingent assets and liabilities. On an on-going basis, we evaluate these estimates, including those related to stock-based compensation, customer programs and incentives, bad debts, supply inventories, intangible assets, income taxes, contingencies and litigation. We base our estimates on historical experience and on various other assumptions that are believed to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Actual results may differ from these estimates under different assumptions or conditions.

We consider the following accounting policies to be those most important to the portrayal of our financial condition and those that require the most subjective judgment:

Revenue Recognition and Deferred Revenue

We operate under a consolidated strategy and management structure, deriving revenue from the following sources:

oManaged services

oConsulting and professional services

oOffice equipment, hardware and software resales

Revenue is recognized pursuant to ASC Topic 606, “Revenue from Contracts with Customers” (ASC 606).  Accordingly, revenue is recognized at an amount that reflects the consideration to which we expect to be entitled in exchange for transferring goods or services to a customer.  This principle is applied using the following 5-step process:

1.Identify the contract with the customer

2.Identify the performance obligations in the contract

3.Determine the transaction price

4.Allocate the transaction price to the performance obligations in the contract

5.Recognize revenue when (or as) each performance obligation is satisfied

 

Managed Services

Managed services revenue is earned monthly during the term of the contract, as services and supplies are provided at a fixed fee and is recognized ratably over the contract term beginning on the commencement date of the contract. Managed services contracts are typically long-term contracts lasting 3 to 5 years.

Prior to our sale of the MPS business in March 2019, our contracts with managed print service customers included provisions that related to guaranteed savings amounts and shared savings. Such provisions were considered by management during our initial proprietary client assessment. Our historical settlement of such amounts had been within management’s estimates.

Consulting and Professional Services

Consulting and professional services contracts are typically short-term, project-based services rendered on either a fixed fee or a time and materials basis. These contracts are normally for a duration of less than one year. For


16



fixed fee arrangements, revenue is recognized ratably over the term of the project. For time and materials arrangements, revenues are recognized as the services are rendered.

Office Equipment, Hardware and Software Resales

Revenues from office equipment sales transactions are recognized upon delivery of the contracted performance obligation. For equipment that is to be installed at a customer’s location at a future date, revenue is deferred until the installation of such equipment.

For hardware and software resales, we recognize revenue on a gross basis, as we are deemed to be the primary obligor in these arrangements. Revenue from the resale of hardware is recognized when delivered to the customer. For software resales, when we do not provide any services that are considered essential to the functionality of the software, revenue is recognized upon delivery of the software. All product warranties and upgrades or enhancements are provided exclusively by the manufacturer. We do not sell any internally-developed software.

For hardware and software maintenance arrangements, we recognize revenue at the time of sale on a net basis, as a third-party service provider is deemed to be the primary obligor. Under net sales recognition, the cost of the third-party service provider or vendor is recorded as a direct reduction to net revenues on the statements of operations.

Arrangements with Multiple Deliverables

We enter into contracts that include multiple deliverables, which typically consist of the sale of Multi-Function Device (“MFD”) equipment and a managed services contract.  We evaluate the deliverables in each contract to determine if they represent distinct performance obligations as defined in ASC 606.  Revenue is allocated to each performance obligation based on its relative standalone selling price. When standalone selling prices are not readily observable, it can be estimated using an adjusted market assessment approach, an expected cost-plus margin approach, or a residual approach. We generally do not sell MFD equipment on a standalone basis, but as we purchase the equipment, we have evidence of the cost of this element.  We estimate the transaction price of the contract to allocate to the managed service unit based on historical cost experience.  Based on the relative costs of each performance obligation to the overall transaction price of the contract, we utilize the same relative percentage to allocate the total transaction price.

Deferred and Unbilled Revenue

We receive payments from customers based on billing schedules established in our contracts.  Deferred revenue primarily consists of billings or payments received in advance of the amount of revenue recognized and such amounts are recognized as the revenue recognition criteria are met.  Unbilled revenue reflects our conditional right to receive payment from customers for our completed performance under contracts.  

New Customer Implementation Costs

We ordinarily incurred additional costs to implement our services for new customers.  These costs are comprised primarily of additional labor and support.  These costs were expensed as incurred and have a negative impact on our statements of operations and cash flows during the implementation phase.

Accounts Receivable Valuation and Related Reserves

We estimate the losses that may result from that portion of our accounts receivable that may not be collectible as a result of the inability of our customers to make required payments.  Management specifically analyzes customer concentration, customer credit-worthiness, current economic trends and changes in customer payment terms when evaluating the adequacy of the allowance for doubtful accounts.  We review past due accounts on a monthly basis and record an allowance for doubtful accounts where we deem appropriate.


17



Impairment Review of Goodwill and Intangible Assets

We periodically evaluate our intangible assets and goodwill relating to acquisitions for impairment. Goodwill is not amortized but is evaluated at least annually at year end for any impairment in the carrying value. We review our intangible assets for impairment whenever events or changes in circumstances indicate that the carrying value of such assets may not be recoverable. Factors we consider important which could trigger an impairment review include, but are not limited to, the following: significant underperformance relative to expected historical or projected future operating results; significant changes in the manner of our use of the acquired assets or the strategy for our overall business; and a significant negative industry or economic trend for a sustained period. Goodwill and intangible asset impairment assessments are generally determined based on fair value techniques, including determining the estimated future discounted and undiscounted cash flows over the remaining useful life of the asset. Those models require estimates of future revenue, profits, capital expenditures and working capital for each reporting unit. We estimate these amounts by evaluating historical trends, the current state of the Company’s industries and the economy, current budgets, and operating plans. Determining the fair value of reporting units and goodwill includes significant judgment by management and different judgments could yield different results. Any resulting impairment loss could have a material impact on our financial condition and results of operations.

Stock-Based Compensation

Under the fair value recognition provisions of the authoritative guidance, stock-based compensation cost granted to employees is measured at the grant date based on the fair value of the award and is recognized as expense over the requisite service or performance period, which is the vesting period.  Stock options and warrants issued to consultants and other non-employees as compensation for services to be provided to us are accounted for based upon the fair value of the services provided or the estimated fair value of the option or warrant, whichever can be more clearly determined.  We currently use the Black-Scholes option pricing model to determine the fair value of stock options.  The determination of the fair value of stock-based payment awards on the date of grant using an option-pricing model is affected by our stock price as well as assumptions regarding a number of complex and subjective variables.  These variables include our expected stock price volatility over the term of the awards, the expected term of the award, the risk-free interest rate and any expected dividends.  Compensation cost associated with grants of restricted stock units are also measured at fair value on the date of the grant.  We evaluate the assumptions used to value restricted stock units on a quarterly basis.  When factors change, including the market price of the stock, stock-based compensation expense may differ significantly from what has been recorded in the past.  If there are any modifications or cancellations of the underlying unvested securities, we may be required to accelerate, increase or cancel any remaining unearned stock-based compensation expense.

Income Taxes

Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial reporting requirements and those imposed under federal and state tax laws.  Deferred taxes are provided for timing differences in the recognition of revenue and expenses for income tax and financial reporting purposes and are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled.  The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period that includes the enactment date.  Deferred income tax expense represents the change during the period in the deferred tax assets and liabilities.  Realization of the deferred tax asset is largely dependent on generating sufficient taxable income in future years.  Deferred tax assets are reduced by a valuation allowance when, in the opinion of management, it is more likely than not that some portion or all the deferred tax assets will not be realized. Use of our net operating loss deferred assets may be limited by changes in our ownership.

The above listing is not intended to be a comprehensive list of all of our accounting policies. In many cases, the accounting treatment of a particular transaction is specifically dictated by GAAP, with no need for management’s judgment in its application. There are also areas in which management’s judgment in selecting any available alternative would not produce a materially different result. Please see our audited financial statements and notes thereto which begin on page F-1 of this Annual Report on Form 10-K, which contain accounting policies and other disclosures required by GAAP and please refer to the disclosures in Note 1 of our financial statements for a summary of our significant accounting policies.


18



Results of Operations

Year Ended December 31, 2018 Compared to the Year Ended December 31, 2017

Net Revenue

Revenue decreased by $532,488 to $71,106,459 for the year ended December 31, 2018, as compared to the same period in 2017.  We increased our cybersecurity consulting and professional services revenues by approximately $3,000,000 as a result of our successful sales efforts in gaining share while also benefiting from a backdrop of the industry-wide labor shortage of cyber-security professionals. Our office equipment, hardware & software resales grew by approximately $1,600,000 due to customer needs to refresh their print equipment. Offsetting these increases, managed service revenues were approximately $5,100,000 lower in 2018 due primarily to nonrenewal of long-term managed print related contracts.

Cost of Revenues

Cost of revenue consists of salaries and expenses of direct labor and indirect support staff as well as document imaging equipment, parts and supplies.  Cost of revenue was $50,233,836 for the year ended December 31, 2018, as compared to $50,739,359 for the same period in 2017. We incurred approximately $800,000 less in staffing costs, including contract labor, approximately $900,000 less in supplies and third-party services, and approximately $300,000 less in travel costs, largely as a result of the net reduction in managed print related services contracts. Equipment costs increased by approximately $1,500,000 in 2018, directly as a result of the increase in equipment revenues from copier fleet refresh activities.

Gross margin dollars for 2018 remained steady at $20,872,623 compared to $20,899,588 in 2017. Gross margin percentage similarly remained steady at 29% of revenue for both 2018 and 2017 as we reacted operationally to changes in our revenue mix.

Sales and Marketing

Sales and marketing expenses include salaries, commissions and expenses for sales and marketing personnel, travel and entertainment, and other selling and marketing costs. Sales and marketing expenses were $5,720,421 for the year ended December 31, 2018, as compared to $5,747,758 for the same period in 2017. Sales staff compensation decreased by approximately $200,000 and tradeshow and program related marketing expenses were approximately $200,000 more in 2018 as we actively pursued new business.

General and Administrative

General and administrative expenses include personnel costs for finance, administration, information systems, and general management, as well as facilities expenses, professional fees, legal expenses and other administrative costs. General and administrative expenses increased by $412,067 to $8,074,553 for the year ended December 31, 2018, as compared to $7,662,486 for the same period in 2017. The increase in general and administrative expenses is attributed to 1) approximately $600,000 in severance paid to a departed executive, accounting and other administrative staff related to CTEK Security; 2) approximately $100,000 increase in administrative salaries and related costs reflective of hiring additional recruiting and IT positions; 3) approximately $300,000 increase in stock compensation expense as a result of an increase in the issuance of restricted stock units to key employees and board members; 4) approximately $300,000 decrease in professional fees in 2018, where in 2017 professional fees were incurred in connection with the acquisition of CTEK Security as well as to reincorporate in Delaware and change the Company name, and 5) approximately $300,000 less in office and travel costs in 2018 where there was an increase in 2017 as a result of the integration of the newly acquired CTEK Security Texas office.

Change in Valuation of Contingent Earn-Out

In both 2017 and 2018, we performed a valuation of the contingent earn-out to the sellers of CTEK Security, Inc. In 2017, our valuation resulted in a markdown of the previous estimate by $1,394,000. For 2018, we


19



incurred $260,000 in earn-out charges for meeting 2018 criteria and we accrued an additional $178,269 related to the potential for payout for meeting earn-out criteria in 2019 and 2020.

Depreciation

Depreciation remained steady at $348,633 for the year ended December 31, 2018 as compared to $383,419 for the same period in 2017.

Amortization

Amortization expense decreased by $269,811 to $1,810,935 for the year ended December 31, 2018 compared to the $2,080,746 for same period in 2017. The decrease is a primarily a result of impairment charges taken in 2017 on identified intangible assets associated with the acquisitions of Delphiis, Inc. and Redspin which would otherwise be amortized in future periods.

Impairment of Goodwill and Intangible Assets

In 2017, we recognized an impairment charge of $180,726 related to the identified intangible assets we acquired with Delphiis, Inc. and Redspin. There was no impairment in 2018.

Other Income (Expense)

Interest expense for the year ended December 31, 2018 was $1,449,863 compared to $1,526,653 for the same period in 2017.  The decrease was primarily due to a lower interest rate on the bank term loan for the comparable period.

Income Tax Benefit (Expense)

Income tax expense was $1,132,166 for the year ended December 31, 2018 as compared to $2,365,476 in 2017. Income tax expense is based on estimated annual income tax rates that we anticipate for the tax years. The lower 2018 effective tax rate is reflective of lower U.S. corporate income tax rates compared with 2017, while income tax expense in 2017 also included an approximately $1,500,000 discrete expense resulting from revaluation of deferred taxes due to the recent changes in tax law.

Liquidity and Capital Resources

At December 31, 2018, our cash and cash equivalents were $6,571,381 and our working capital was $7,815,718. Our principal cash requirements are for operating expenses, including equipment, supplies, employee costs and capital expenditures as well as debt service to our bank term loan and related party sellers’ notes. Our primary sources of cash are revenues from operations and our bank line of credit.

During the year ended December 31, 2018, our cash provided by operating activities amounted to $6,290,616, as compared to $1,433,713 provided by operating activities for the same period in 2017. The increase in cash provided by operating activities in 2018 is primarily due to a significant improvement in accounts receivable collections from the previous year.

In March 2018, we restructured our debt and paid $6,750,000 of $9,000,000 in sellers’ notes related to the acquisition of CTEK Security, Inc. and repaid approximately $11,200,000 remaining on a bank term loan. To fund this, we borrowed $17,250,000 under a new five-year term loan agreement with a bank where we also have in place the availability of a $5,000,000 line of credit, subject to borrowing base limits. The $17.25 million of debt under term loan with a maturity date of September 12, 2022 and the promissory notes to the former shareholders of CTEK Security, Inc. in the aggregate principal amount of approximately $6.3 million with maturity dates ranging from January 2019 to March 2023 substantially increased our level of indebtedness


20



On October 10, 2017, we filed a registration statement on Form S-3 to register an indeterminate number of securities.  On November 22, 2017, we filed an Amendment No. 1 to such registration statement on Form S-3 to update the information in the registration statement.  The registration statement covers such indeterminate principal amount or number of shares of Common Stock, debt securities, warrants and number of units of the registrant with an aggregate initial offering price not to exceed $15,000,000. The registration statement on Form S-3 was declared effective on November 22, 2017.

We may seek additional financing or equity raises; however, there can be no assurance that additional financing will be available on acceptable terms, if at all. Any financing or equity raises may result in dilution to existing stockholders and any debt financing may include restrictive covenants.  Management believes that cash generated from debt and/or equity financing arrangements along with future cash flows from operations, together with cash reserves will be sufficient to sustain our business operations over at least the next twelve months.

Off-Balance Sheet Arrangements

Our off-balance sheet arrangements consist primarily of conventional operating leases and purchase and other commitments arising in the normal course of business, as further discussed below under the section “Contractual Obligations, Contingent Liabilities and Commitments.” As of December 31, 2018, we did not have any other relationships with unconsolidated entities or financial partners, such as entities often referred to as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.

Contractual Obligations, Contingent Liabilities and Commitments

As of December 31, 2018, expected future cash payments, including interest portions, related to contractual obligations, contingent liabilities, and commitments were as follows:

Payments Due by Period

Total

Within 1 year

Year 2-3

Year 4-5

More than 5 years

Term loans and promissory notes

$25,131,063

$4,370,235

$7,447,538   

$13,313,290

$-

Capital leases

156,036

93,094

62,942

-

-

Operating leases

1,299,577

654,049

645,558

-

-

Total

$26,586,676

$5,117,348

$8,156,038

$13,313,290

$-

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK.

Not applicable.

ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA.

The financial statements required by this item are included in Part IV, Item 15 of this Annual Report.

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE.

None.


21



ITEM 9A.CONTROLS AND PROCEDURES.

We maintain disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”) that are designed to ensure that information required to be disclosed in our reports under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our management, including our Chief Executive Officer (principal executive officer) and Chief Financial Officer (principal financial officer), as appropriate, to allow timely decisions regarding required disclosure.

We carried out an evaluation, under the supervision and with the participation of our management, including our Chief Executive Officer and Chief Financial Officer, of the effectiveness of our disclosure controls and procedures as of the end of the period covered by this Annual Report, pursuant to Rules 13a-15(b) and 15d-15(b) under the Exchange Act. Based on that evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that our disclosure controls and procedures, as of the end of the period covered by this Annual Report, were effective.

Management’s Report on Internal Control over Financial Reporting

Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act. Management conducted an assessment of the effectiveness, as of December 31, 2018, of our internal control over financial reporting, based on the framework established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”). Based on their assessment under the COSO framework, our management concluded that our internal control over financial reporting was effective as of December 31, 2018.

This Annual Report on Form 10-K does not include an attestation report of our independent registered public accounting firm regarding internal control over financial reporting. Management’s report was not subject to attestation by our independent registered public accounting firm pursuant to final rules of the Securities and Exchange Commission that permit us to provide only management’s report in this Annual Report on Form 10-K.

Changes in Internal Control over Financial Reporting

There were no changes to our internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) identified in connection with the evaluation of our internal controls that occurred during the last fiscal quarter of 2018 that has materially affected, or is reasonably likely to materially affect, such controls.

ITEM 9B.OTHER INFORMATION.

None.

PART III

ITEM 10.DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE.

The information with respect to our executive officers and directors appearing in our Definitive Proxy Statement which is expected to be filed with the SEC on or prior to April 19, 2019 in connection with the 2019 Annual Meeting of Stockholders (“Proxy Statement”) is hereby incorporated by reference.


22



ITEM 11.EXECUTIVE COMPENSATION.

The information with respect to compensation of our executive officers appearing in our Proxy Statement is hereby incorporated by reference.

ITEM 12.SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS.

The information with respect to the security ownership of certain beneficial owners and management appearing in our Proxy Statement is hereby incorporated by reference.

ITEM 13.CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS AND DIRECTOR INDEPENDENCE.

The information with respect to certain relationships and related transactions with management appearing in our Proxy Statement is hereby incorporated by reference.

ITEM 14.PRINCIPAL ACCOUNTING FEES AND SERVICES.

The information with respect to the principal accounting fees and services appearing in the Proxy Statement is hereby incorporated by reference.


23



PART IV

ITEM 15.EXHIBITS, FINANCIAL STATEMENT SCHEDULES.

(a)

    (1)  Financial Statements

The following consolidated financial statements and related notes thereto, and the report of our independent registered public accounting firm are filed as part of this Annual Report:

Page

Report of Independent Registered Public Accounting Firm

F-1

Consolidated Balance Sheets as of December 31, 2018 and 2017

F-2

Consolidated Statements of Operations for the years ended December 31, 2018 and 2017

F-3

Consolidated Statements of Stockholders’ Equity for the years ended December 31, 2018 and 2017

F-4

Consolidated Statements of Cash Flows for the years ended December 31, 2018 and 2017

F-5

Notes to Consolidated Financial Statements

F-7

    (2)  Financial Statement Schedules

All other financial statement schedules were omitted because they are not applicable, not required or the information required is shown in the financial statements or the notes thereto.

    (3)  Exhibits

The exhibits listed on the accompanying index to exhibits immediately following the financial statements are filed as part of, or hereby incorporated by reference into, this Annual Report.


24



REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Board of Directors and Stockholders
CynergisTek, Inc.

Opinion on the Consolidated Financial Statements

We have audited the accompanying consolidated balance sheets of CynergisTek, Inc. (the “Company”) as of December 31, 2018 and 2017, the related consolidated statements of operations, stockholders’ equity, and cash flows for each of the years then ended, and the related notes (collectively, the “consolidated financial statements”).  In our opinion, the consolidated financial statements present fairly, in all material respects, the consolidated financial position of the Company as of December 31, 2018 and 2017, and the consolidated results of its operations and its cash flows for each of the years then ended, in conformity with U.S. generally accepted accounting principles.

Emphasis of a Matter

As disclosed in Note 18 to the consolidated financial statements, the Company sold its assets used in the provision of its managed print services business division in March 2019. Our opinion is not modified with respect to this matter.

Adoption of New Accounting Pronouncement

As described in Note 1 to the consolidated financial statements, the Company changed its method of accounting for revenues and certain customer contract costs effective January 1, 2018, due to the adoption of Accounting Standards Codification Topic 606, Revenue from Contracts with Customers.

Basis for Opinion

These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s consolidated financial statements based on our audits.  We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (“PCAOB”) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud.  The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits, we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting.  Accordingly, we express no such opinion.

Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks.  Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion.

/s/ HASKELL & WHITE LLP

We have served as the Company’s auditor since 2005.

Irvine, California

March 27, 2019


F-1



CYNERGISTEK, INC. AND SUBSIDIARIES

CONSOLIDATED BALANCE SHEETS

As of December 31,

2018

2017

ASSETS

Current assets:

Cash and cash equivalents

$6,571,381 

$4,252,060 

Accounts receivable, net

10,696,738