A third-party review of Darktrace’s finances by Ernst & Young has concluded that improvements can be made – but the publicly listed company says there is no impact on its previously filed financial statements.
EY was appointed to review the cybersecurity leader’s key financial processes and controls following accusations that it inflated its growth rates prior to its IPO in April 2021.
Earlier this year the Cambridge-headquartered company was accused by US hedge fund Quintessential Capital Management of including “simulated or anticipated sales to phantom end-users through a network of resellers” in its figures.
EY has delivered its written report and presented its findings to Darktrace’s audit and risk committee, all other board members and Darktrace’s independent auditors Grant Thornton. Copies are being provided to the Financial Conduct Authority and the Financial Reporting Council.
“Neither management, nor the board consider EY’s report to have any impact on Darktrace’s previously filed public company financial statements nor to change their belief that those financial statements fairly represent Darktrace’s financial position and results,” Darktrace stated.
“In addition, Grant Thornton’s audit opinions for prior years remain unchanged and the audit for FY23 is in progress.
“Furthermore, since Darktrace’s February statements, the audit quality review team of the FRC, in accordance with its usual cycle of UK audit inspections, has undertaken an inspection of Grant Thornton’s audit of Darktrace for the year ended 30 June 2022. There were no key findings arising from this inspection.
“Darktrace gave EY unrestricted access to all information, employees, partners and customers necessary to allow it to conduct a thorough review of the policies, processes and controls… including Darktrace’s treatment of partner channel contracts and marketing spend, contract opt-outs and appliance deployments, as well as the process for calculation of non-current deferred revenue. Darktrace also expanded EY’s work to include a review of the process for calculating annual recurring revenue and the status of certain third-party relationships.
“In its review, EY reported a number of areas already known to Darktrace where systems, processes or controls could be improved. For example, as part of its work around channel processes and controls, EY reviewed a risk weighted sample of new channel contracts which identified a small number of errors and inconsistencies.
“Neither management nor the board consider these to be material to the financial statements and controls enhancements in this area are already underway.”
“We have a culture of continuous improvement at Darktrace. As you would expect and as we said in our FY22 Annual Report, we have an ongoing programme to advance our systems, processes and controls,” said Cathy Graham, Darktrace’s CFO.
“We have developments already underway, on our roadmap or under consideration across relevant areas of the business, including those covered in EY’s review. EY provided some valuable recommendations for how we could implement these planned improvements as we move through this journey.”
Shares in Darktrace have jumped more than 50p since the findings were reported at 7am this morning, reaching 350p by 9am – above its share price at IPO but well short of its high of 945p in October 2021. They had dropped as low as 198p following the accusations.
Poppy Gustafsson, CEO of Darktrace, was previously corporate controller at Autonomy – also founded in Cambridge – which specialised in software for sorting large data sets. That company was accused of irregular accounting practices relating to its $11.7 billion sale to Hewlett-Packard in 2011.
HP sued its founder Mike Lynch and former chief financial officer Sushovan Hussain. The latter is serving a prison term in the US for fraud relating to the sale, while Lynch is battling against extradition to the US to face fraud charges himself after the High Court found in 2022 that he and Hussain had defrauded HP by inflating the value of Autonomy. He denies the charges.
Darktrace was founded in 2013 by Gustafsson, Dave Palmer, Emily Orton, Jack Stockdale and Nicole Eagan, in part using funds provided by Lynch.