More annual reports from SOPHiA GENETICS:
2018 ReportPeers and competitors of SOPHiA GENETICS:
Applied DNA Sciences2 2017 Annual Report and Accounts A Proven Global Leader in Delivering Innovative, Simple and Highly Effective Cybersecurity Solutions The Sophos Group is a leading global provider of cloud-enabled enduser and network security solutions, offering organisations end-to-end protection against known and unknown IT security threats through products that are easy to install, configure, update and maintain. The Group has more than 30 years of experience in enterprise security and has built a portfolio of products that protect more than 260,000 organisations and more than 100 million endusers in 150 countries across a variety of industries. GOVERNANCE Board of Directors Corporate Governance Statement Nomination Committee Report Audit and Risk Committee Report Disclosure Committee 42 46 54 57 64 Annual Statement of the Remuneration Committee Chairman 65 Directors’ Remuneration Policy Annual Report on Remuneration Directors’ Report 67 77 88 FINANCIAL STATEMENTS Independent Auditor’s Report 96 Consolidated Financial Statements and Notes Company Financial Statements and Notes Glossary Company Information 100 152 156 157 INTRODUCTION Highlights Investment Proposition Financial Stability and Visibility Chairman’s Statement STRATEGIC REPORT Markets Business Model Focus on Strategic Priorities Key Performance Indicators 01 02 04 06 10 12 14 15 Chief Executive Officer’s Statement 16 Q&A With Management Team Product Review Financial Review 19 24 28 Principal Risks and Risk Management 34 Corporate Responsibility Report 38 01 HIGHLIGHTS ANOTHER HIGHLY SUCCESSFUL YEAR IN WHICH SOPHOS MADE SIGNIFICANT PROGRESS AGAINST ITS STRATEGIC OBJECTIVES Financial highlights Billings1 $632.1M Cash EBITDA1 $150.1M (FY16: $534.9M) (FY16: $120.9M) Revenue $529.7M (FY16: $478.2M) Business highlights Operating Loss $44.3M (FY16: $32.7M) Adjusted Operating Profit1 $38.3M (FY16: $53.4M) Net Cash Flow from Operating Activities $118.5M (FY16: $21.3M) » Strong momentum across all regions and products » Focus on driving growth in our channel and customer base » Launched next-gen anti- ransomware solution Intercept X » Renewal rates from existing customers improved further » Sophos Central remained a core » Cloud at the heart of our technology strategy » World-class products and driver of our business innovation » Acquisition of Invincea adds machine-learning » Further industry recognition as a leader in cybersecurity 1 - Definitions and reconciliations of non-GAAP measures are included in note 6 of the financial statements and the glossary INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 02 INVESTMENT PROPOSITION HIGH VISIBILITY WITH SUBSTANTIAL OPPORTUNITY FOR GROWTH 1. COMPELLING INDUSTRY FUNDAMENTALS 2. DIFFERENTIATED STRATEGY 3. HIGHLY STABLE AND PREDICTABLE FINANCIAL MODEL A large, dynamic growing market opportunity A clear and compelling strategy High recurring revenues and renewal rates » Sophos is solely focused on cybersecurity and we strive to deliver industry-leading technology that is simple to deploy, use and manage » We principally sell our software as a service via recurring, upfront subscriptions, which provides significant visibility and stability of future revenues and cash flows » We offer enterprise-grade technology, rated as amongst the best in the industry, to mid-market organisations » Our sales strategy is 100% “channel first” and as a result of considerable investment we now have more than 30,000 partners » We have a proven ability to deliver consistent new customer growth and maintain strong renewal rates » Our business generates substantial and growing cash flows which we reinvest in driving billings growth for the future, via innovation, building brand awareness and sensible acquisitions » Security is consistently the top priority for corporate IT spend » Total market is estimated to be worth around $39 billion, growing at 5-7% per annum, within which the Group’s products address markets growing even faster » The cybersecurity threat environment is constantly evolving in scale and sophistication, presenting new challenges at a rapid pace to organisations of all sizes » Sophos is well-positioned to take advantage of opportunities as a leader in high growth areas, for example next-generation endpoint, cloud, network and synchronized security See Markets p10 for further information See Strategic Priorities p14 for further information See Financial Review p28 for further information 03 4. THE SOPHOS BRAND 5. OPPORTUNITIES FOR GROWTH 6. EXPERIENCED MANAGEMENT TEAM Innovative, simple and highly effective security We expect to continue to outperform the IT security market Consistently delivering against strategic goals » We are very proud of our brand » Differentiation is a key driver of and the ethos of simplicity that it represents – this spans all we do at Sophos » We employ a highly creative digital marketing approach, utilising educational in-person events and social media outreach » With one of the world’s leading threat intelligence operations, SophosLabs, and a reputation for excellence built over many years, Sophos is a trusted voice in the world of cybersecurity market share gains » Innovation will remain a key growth driver, with internal investment supplemented by sensible, disciplined technology acquisitions » Despite a broad international reach we see opportunities for further regional expansion » Our integrated product portfolio, delivered via the cloud in Sophos Central, provides significant cross- sell and upsell opportunities » We are focused on continuing to build our partner network and increasing the productivity of our existing partners » Strongly motivated team with the background and skills to deliver profitable growth over the long- term » Extensive experience in running large technology businesses, typically with more than twenty years of experience in their respective fields » Completely aligned in driving forward the Sophos vision and strategy of innovative, simple and highly effective security See Markets p10 for further information See Governance Report p46 for further information INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 04 FINANCIAL STABILITY AND VISIBILITY GROWTH IN THE GROUP’S SUBSCRIPTION BUSINESS TODAY FUELS THE FUTURE RENEWALS BOOK, UNDERPINNING VISIBILITY STRONG GROWTH IN BILLINGS DRIVES DEFERRED REVENUE Billings have accelerated in recent years following a significant investment in innovation and our partner channel. Billings are closely aligned with cash flows and are an indicator of growth in the business. Subscription contracts represent approximately 81 percent of total billings and around 75 percent of total billings are derived from existing customers. The average subscription contract duration, consistent with prior-year, is close to 28 months, resulting in the majority of the contract value being booked to deferred revenue to be recognised over the contract’s lifetime. This adds to the high levels of visibility into future revenues and profits. Principally a subscription business... $632m $535m 19% $476m 19% 81% 21% 79% 81% FY15 FY16 FY17 Hardware & Other Billings Subscription Billings NEW BILLINGS AND HARDWARE SALES Continued strong growth in new billings, +21 percent in FY17 and c.40k customers added. This is principally driven by a strong customer proposition, as well as the increasing productivity of our 30,000 strong partner channel of which 6,100 are now “blue chip”. Hardware sold to existing and new customers generally refreshes in line with subscriptions. DEFERRED REVENUE $ 5 8 1 m $ 4 9 9 m $ 4 3 3 m NUMBER OF CUSTOMERS 14% CAGR in customers 2 6 0 K 2 2 0 K 2 0 0 K FY15 FY16 FY17 FY15 FY16 FY17 05 With growing renewal rates… A 100% channel-first strategy... 1 0 6 % 1 0 2 % 1 0 0 % 30k 6.1k 23.9k 20k 4.7k 15.3k 15k 3.4k 11.6k FY15 FY16 FY17 FY15 FY16 FY17 Blue Chip Partners Other Partners HIGH LEVELS OF RECURRING SUBSCRIPTIONS, PLUS STRONG GROWTH IN NEW BUSINESS, UNDERPINS STABILITY AND VISIBILITY The nature of our financial model, which is rooted in predictable subscription revenues, a growing renewal base, improving renewal rates and increasing productivity in our channel ecosystem, gives us strong visibility over future growth in revenue, profitability and cash flow. OPERATING PRIORITIES » Innovate across our product portfolio to enhance capabilities and ease of use » Leverage the cloud to deliver better security and better manageability » Advance our synchronized security strategy through meaningful product integration » Grow our base of channel partners and our most active ‘blue chip’ partners » Expand Sophos’ brand visibility and awareness INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 06 CHAIRMAN’S STATEMENT THIS HAS BEEN AN IMPORTANT YEAR IN WHICH SOPHOS HAS DELIVERED AGAINST ITS COMMITMENTS TO SHAREHOLDERS – OPERATIONALLY, FINANCIALLY AND STRATEGICALLY. We are pleased to report continued growth both in market share and company scale, driven by strong operating and financial performance. Our significant growth in billings and free cash flow over the previous financial year was driven by ongoing investment in organic and acquired product innovation. This growth continues to fuel a strengthening talent pool and an extended reach of our selling and marketing operations. Cybersecurity remains a top priority for organisations of every size, and our rigorous focus on delivering enterprise-grade IT security to mid-market enterprises via the channel that serves them differentiates and strongly positions Sophos in the enormous and growing global IT security market. This past year we have made strong progress against our strategic goals in both our enduser and network security offerings. We have added significant customer value and expanded our market opportunity across our product lines through numerous product enhancements and additions, including through Sophos Central, our rapidly growing born-in-the-cloud offering. As we look ahead, we have a robust product roadmap, with planned offerings that will incorporate next-generation machine learning and artificial intelligence technologies, which will further differentiate Sophos and strengthen the value we deliver to our customers and channel partners. We have also strengthened our Board by welcoming two highly qualified UK-based global executives as independent non-executive directors. Vin Murria joined our Board in January and serves on our nomination and remuneration committees. Vin is a successful entrepreneur with strong operational leadership experience in growing UK-based global technology businesses and associated shareholder value. Rick Medlock joined our Board in April, bringing more than thirty years of experience in the financial management of large international technology companies in the UK and US. Rick also serves on our nomination, remuneration and audit and risk committees. Rick will be appointed Chairman of the audit and risk committee at the next Annual General Meeting (“AGM”). Ed Gillis, our current Chairman of the audit and risk committee, will be retiring from our Board at the upcoming AGM after eight years of service. We thank Ed for his very active and impactful leadership and for a strong foundation that Rick Medlock will now carry forward. FY17 has demonstrated the strength of our offerings as well as our capacity to execute on our strategy. As a result, we feel very encouraged about our ability to continue our growth and profitability trends. On behalf of our Board, we thank our Sophos employee team all around the world for your tireless dedication and good work to serve our customers, our partners, and our shareholders. We thank our customers and partners for your much-valued business and confidence in our capabilities throughout our journey together. Finally, we say ‘thank you’ to our investors for the trust you have placed in Sophos. We appreciate your support, and we will continue to work hard to earn your continued trust. Peter Gyenes Non-Executive Chairman 07 AWARDS DURING THE YEAR SOPHOS GAINED FURTHER RECOGNITION OF ITS LEADERSHIP POSITION IN ITS INDUSTRY SC Magazine Awards Europe Best UTM –Sophos UTM AV-TEST Sophos Mobile Security for Android – 100% for protection and usability – 10th time running CRN ARC awards Winner – Network Security; Winner – Data Security; Winner – Product Innovation in Endpoint Security SE Labs AAA award for SMB protection – Sophos Endpoint AAA award for enterprise protection – Sophos Endpoint GEC Awards 2016 Top Vendor for Endpoint Security Computing Security Excellence Awards 2016 Firewall Solution and Unified Threat Management Award – Sophos XG Firewall Computing Security Excellence Awards 2016 Data Encryption Award – Sophos SafeGuard Encryption 8 CRN Tech Innovators Award Winner – Network Security – Synchronized Security Channelnomics Overall Winner – Security Vendor of the Year AV-Test Best Android Security 2016 – Sophos Mobile Computerwoche Best Solution “Premium Class” – UTM Home Firewall INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 08 Our Brand Sophos maintains a single brand promise – security made simple. Sophos believes that complexity is the enemy of security. In a crowded marketplace and within increasingly diverse IT environments, we concentrate on making life simpler for the end user without compromising security. Sophos differentiates itself by making enterprise- grade products that are easy to sell, easy to deploy and easy to manage. Making something more effective by making it simpler to manage is a difficult challenge but one our teams rise to every day. INTRODUCTION STRATEGIC REPORT GOVERNANCE FINANCIAL STATEMENTS 09 Our Brand Strategic Report Markets Business Model Focus on Strategic Priorities Key Performance Indicators 10 12 14 15 Chief Executive Officer’s Statement 16 Q&A With Management Team Product Review Financial Review Principal Risks and Risk Management 19 24 28 34 Corporate Responsibility Report 38 10 MARKETS THE DEMAND FOR SECURITY SOLUTIONS CONTINUES TO GROW. THIS IS CONSISTENT ACROSS THE WORLD AND ACROSS ORGANISATIONS OF ALL SIZES. INDUSTRY ANALYSTS PREDICT THAT THE GLOBAL IT SECURITY MARKET1 WILL BE IN EXCESS OF $39B IN 2017, REACHING AN ESTIMATED $48B BY 2020... REGULATORY ENVIRONMENT The current geo-political landscape in Europe and the US will have an ongoing effect on regulations and government legislation related to privacy, data protection and cyber-security. As the UK moves towards Brexit, we anticipate clarification on the regulations affecting UK businesses and expect them to remain largely in line with the current legislation, as much of the EU proposals are built on UK requirements. There is currently a heightened focus on cybersecurity and nation-sate sponsored activity in the US and increased collaboration is anticipated between private industry and government agencies in the protection of US citizens’ data and privacy. The Investigatory Powers Act that was ratified by the UK government in December 2016 continues to remain under scrutiny and was most recently declared unlawful by the European Court of Justice. The EU Data Protection regulation (“GDPR”) will take effect at the end of 2017 and companies holding data on citizens within the EU will accelerate their readiness for it. It has numerous components, but one key takeaway is that European businesses will now be held responsible for the protection of the data they process, including cloud providers and other third parties. Indeed, regulatory pressures are here to stay and companies must continue to invest resources to ensure compliance. THREAT LANDSCAPE The 2016 threat landscape was dominated by two themes: state-sponsored hacking and cyberwarfare at the global level; and the specific threats of ransomware and phishing at the local business level. These themes demonstrated the challenges that face all businesses worldwide – attacks can be targeted, sustained and highly sophisticated, and they can be opportunistic and random. Cybercrime has reached an industrial scale and continues to be lucrative. While the headlines were consumed with high profile hacking, customers and partners across the world highlighted ransomware and phishing threats as the biggest challenge to maintaining security. An increasing amount of ransomware intercepted by SophosLabs was now seen to be targeting mobile devices, especially Android. Finding vulnerabilities and exploits on new platforms and devices continued. This year the security research communities concerns about inherent insecurity in internet of things (“IoT”) devices became reality after the Mirai assault against one of several companies hosting the Domain Name System (“DNS”). That denial of service attack affected some of the highest profile media, social media and commercial payment platforms, in turn impacting millions of users worldwide. While these new vectors of attack were exploited, high profile brands disclosed data breaches dating back to 2013, demonstrating how challenging it is to identify and investigate breaches at even the most sophisticated technology-based companies. Indeed, we also heard reports of an alleged auction of hacking tools stolen from the US National Security Agency. The year ended with allegations of nation-state involvement in the leak of emails during the US election, serving as a reminder to all that the threat from highly sophisticated, well-coordinated and well-funded attackers is a new normal. 11 ...THE HIGHLY CONNECTED, HIGHLY COMPLEX IT ENVIRONMENTS OF TODAY ARE CHALLENGING TO PROTECT AGAINST THE RISING COMMERCIALISATION AND INDUSTRIALISATION OF ORGANISED CYBERCRIME IT Security a $39B Market Growing at 7.4% EXPANDING ATTACK SURFACE GROWING RISK AWARENESS $39B IT Security Market 1 VANISHED PERIMETER INCREASED ATTACK SOPHISTICATION 1 Source for c.$39B IT security market (hardware + software) is IDC Worldwide IT Security Products Forecast, 2017-2020: Comprehensive Security Products Forecast Review (March 2017, IDC #US42374417) and represents expected market size in 2017. Growth of 7.4% represents 2015E-2020E CAGR. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 12 BUSINESS MODEL SOPHOS PRINCIPALLY OPERATES AS A SUBSCRIPTION- BASED SOFTWARE BUSINESS, WITH A DIFFERENTIATED AND COMPELLING APPROACH TO ITS CHOSEN MARKET CUSTOMER BENEFITS: SHAREHOLDER BENEFITS: OUR FOCUS Best in class security, easy to manage Scale, above market growth OUR FINANCIAL MODEL Ongoing, focussed investment in innovation Software – as-a-service model provides visibility over future revenues and cash flows OUR COMPETITIVE ADVANTAGES Cloud-based, highly effective, synchronized security Strongly differentiated market leader 13 Sophos is one of the world’s leading providers of cloud-enabled enduser and network security solutions, providing customers with end-to-end protection against known and unknown IT security threats, through products that are easy to install, configure, update and maintain. The Group’s products and services are suitable for businesses of any size seeking enterprise-grade security combined with ease of use. Through Sophos Central, a single integrated cloud-based management platform, customers are able to manage all their security needs from within a unified view. Enduser and network security solutions are sold primarily on a subscription basis, via a ‘channel first’ sales model supported by over 30,000 partners worldwide. The Group’s scale is a significant advantage, with over 100 million endpoints protected and more than 260,000 customers around the globe. The Group’s security solutions are underpinned by SophosLabs, a world- leading 24/7 threat intelligence operation, employing over 150 people across four continents. On average, subscription contracts are typically three-year commitments, paid for upfront by the customer, which provides ongoing updates over the course of the subscription, based on the evolving threat landscape. This software-as-a-service model consequently provides significant visibility over future revenues and cash flows, founded upon a substantial and growing renewal book and industry- leading renewal rates, boosted by cross- sell and upsell opportunities. The new business signed today feeds the future renewal base. In addition to growing the customer base worldwide, a key element of the Group’s strategy is to increase the product footprint within the existing customer base. This is seen as a significant opportunity, with just 9.6% of customers using both endpoint and UTM products today. The strength and visibility inherent in the subscription-based financial model is delivering significant value to shareholders. Sophos offers a highly differentiated array of industry-leading IT security solutions. The Group is the only security software vendor of scale with a strong presence in both enduser and network security. This is the foundation for the Group’s pioneering synchronized security strategy, where the products share contextual information and thus enhance the protection available to its customers. Sophos is a leader in next-generation endpoint security, with more than half a million endpoints protected by signature- less anti-exploit technology. The strongly differentiated products and strategy are enabling Sophos to deliver growth substantially ahead of the market in both enduser and network security. Focused investment in innovation, bolstered by selected technology acquisitions, supports customers and partners over the long-term, confirming the Group’s commitment to deliver industry-leading, trusted, enterprise- grade IT security solutions. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 14 FOCUS ON STRATEGIC PRIORITIES SOPHOS CONTINUES TO CONSOLIDATE ITS POSITION AS A LEADING VENDOR OF INNOVATIVE, SIMPLE AND HIGHLY EFFECTIVE IT SECURITY STRATEGIC GOALS Focus on IT security solutions Sophos will continue to prioritise its investment in technology and in consolidating its leadership position as the only security vendor with a balanced business spanning both enduser and network security. As the Group is committed to IT security, it believes it has an advantage over competitors who often seek to address disparate and unrelated areas of technology. Innovative, simple, effective security The Group’s industry-leading technologies are amongst the most innovative, advanced and effective available in the market, but are simple and easy to deploy, manage and use. Sophos believes that simple, integrated solutions deliver better security that is easier to manage for organisations of any size and particularly those in its chosen markets. Deliver complete, end-to-end cybersecurity capabilities The cloud is at the core of the Group’s strategy ‘Channel first’ sales strategy The Sophos cybersecurity portfolio is comprehensive and spans endpoint, mobile, server, encryption, web, email, Wi-Fi and UTM/Next-gen firewall. Sophos continues to make progress on its multi-year strategy to integrate these different products and enable a synchronized security approach for its customers. Synchronized security delivers added protection for customers and eliminates manual tasks. The Group’s customers derive significant benefits from Sophos Central, the single, integrated cloud-based management and reporting platform. Cloud technology underpins the channel strategy and it continues to enhance Sophos’ partner-centric management console, enabling partners to easily manage, update and configure the Group’s products, and to drive cross-sell and upsell opportunities from within the Sophos IT security portfolio. Sophos is committed to its highly successful channel-only sales strategy. The Group has grown its partner ecosystem to more than 30,000 partners during the course of FY17, and is seeing considerable success in helping partners to cross- sell and upsell to existing end users and 6,100 of the partners are now blue-chip partners, demonstrating higher levels of productivity. The Group is also helping a growing number of partners as they develop Managed Service Provider (“MSP”) businesses built around the Sophos product portfolio. 15 KEY PERFORMANCE INDICATORS To measure performance against the Group’s strategy, a number of Key Performance Indicators (“KPIs”) are utilised; further explanation of which, including reconciliations to GAAP numbers, is included in Note 6 of the financial statements and in the glossary. A description of these KPIs and performance against them during the period is set out below: Billings $632.1M (FY16: $534.9m) Billings represents the value of products and services invoiced to customers. Cash is received at the start of a subscription period and consequently billings become a key forward indicator of future performance. Continued strong growth in all regions and products with a particularly strong YOY Q4 performance. See page 29 for a detailed review of billings. PERFORMANCE Revenue $529.7M (FY16: $478.2m) Revenue reflects the element of billings recognised in the period including from companies acquired from the date of their acquisition. The majority of billings are for subscription contracts that are recognised rateably over the contract term. Subscription billings driving revenue growth into double-digits and trending towards billings growth rates. See page 30 for a detailed review of revenue. Cash EBITDA $150.1M (FY16: $120.9m) Cash EBITDA provides visibility of cash earnings during the period, even if the associated revenue for that period’s billings has not yet been recognised. Sustained momentum of billings growth coupled with leveraging of the existing cost base resulted in an increase in cash EBITDA and margin (cash EBITDA as a percentage of billings). Unlevered free cash flow $133.4M (FY16: $46.4m) Weighted average contract length 28.1 months (FY16: 27.8 months) Unlevered free cash flow represents the amount of cash generated by operations after allowing for capital expenditure, taxation and working capital movements. Strong performance above the Board’s expectations, driven by growth in billings and close control of working capital. The weighted average contract length, measured over the prior twelve month period, gives the Group an indication of the period over which future revenue will be recognised. Small increase due to material contract previously announced in Q1. The comparative has been restated as it is now measured on a total Group basis. Renewal rate 106% (FY16: 102%) Renewal rate (including upsell and cross-sell) is a measure of long-term value of end user agreements and the Group’s ability to retain end users. The Group has continued to leverage its product portfolio, leading to a continued improvement in the renewal rate. Endpoint-UTM cross-sell 9.6% (FY16: 7.4%) The continued growth of the business partially depends on successfully selling additional products and services to existing customers. Customers can derive greater value by owning multiple products from the Group as they benefit from synergies in management, support and functionality. As the Group has demonstrated the benefits of cross-ownership of its products, the level of cross-sell has continued to steadily increase through the year. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 16 CHIEF EXECUTIVE OFFICER’S STATEMENT FY17 WAS ANOTHER STRONG YEAR FOR SOPHOS, IN WHICH WE MADE SIGNIFICANT PROGRESS AGAINST OUR STRATEGIC GOALS, AND DELIVERED OPERATIONAL AND FINANCIAL PERFORMANCE ABOVE OUR EXPECTATIONS A FAST-GROWING CHANNEL AND CUSTOMER BASE The number of Sophos partners grew to more than 30,000, up from 20,000 a year ago, and the number of ‘blue-chip’ partners rose from 4,700 to 6,100. In FY17 we added more than 40,000 new customers, with more than 260,000 organisations now using one or more Sophos IT security products. With more than 60 million small and mid-market enterprises around the world who could benefit from Sophos’ industry-leading security portfolio, integrated and managed through a single, easy-to-use cloud-based platform, and sold entirely through the channel, our opportunity to continue to grow our market share remains significant. SOPHOS CENTRAL A robust, comprehensive commitment to the cloud has provided Sophos with a growing competitive advantage. Sophos Central is a single, integrated cloud-based management and reporting platform that has become a meaningful driver of the Group’s software subscriptions. Sophos Central represents 17.1 percent of subscription billings, having grown by 220 percent in the period. Leveraging the power of the cloud also allows us to deliver compelling cross-sell and upsell opportunities for partners, and many are now building additional services businesses around the Sophos partner portal, which enables them to manage, update and configure their customers’ solutions remotely. The Group expanded and enhanced Sophos Central throughout the year, with new endpoint, server and mobile security solutions, as well as additional partner and managed service provider (MSP) features. In addition, Sophos made a number of applications available on the platform for the first time, including email, encryption, wireless, and web security. September 2016 saw the launch of Intercept X, an exciting next-generation endpoint protection application, featuring signature-less anti-exploit, anti-ransomware and root cause analytics capabilities. Intercept X has resonated extremely well with partners OVERVIEW Among the many highlights, the Group saw an 18.2 percent increase in total reported billings to $632.1 million, underpinned by 21.4 percent subscription billings growth to $513.1 million, as we again delivered growth in excess of the market in both network and enduser security. Encouragingly, the strong momentum at the heart of this performance was manifest across all major regions and products, and in both new business and renewals, and accelerated in the second half of the year. Sophos Central remained a core driver of our business, delivering growth of 220 percent and an expanding opportunity for cross-sell and upsell momentum. Our cash generation was very strong, with unlevered free cash flow almost tripling to $133.4 million, from $46.4 million in the prior-year. STRATEGIC PROGRESS Sophos made significant progress in FY17, consolidating its position as the leading vendor of innovative, simple, and highly effective cybersecurity solutions for mid- market enterprises. A number of factors have helped to deliver this success which will continue to drive Sophos forward in the years ahead, including: » World-class products and innovation that provide leading enterprise-grade protection validated by numerous third parties, that at the same time are easy to deploy, use, and manage » Cloud-enabled security solutions that include a single, integrated cloud-based management console and cloud delivery of multiple security capabilities » Synchronized security product strategy, in which network, endpoint, and all the key offerings in our product portfolio actively share threat intelligence information to deliver better protection that is also easier to manage » 100% channel sales model » Deepening and expanding our relationship with our partners and customers, to drive upsell and cross-sell 17 and customers. In just two quarters since its launch, more than 8,000 customers have purchased Intercept X on the Sophos Central cloud-management platform. WORLD-CLASS PRODUCTS AND INNOVATION A commitment to industry-leading innovation, focused on our target customer, combined with a strong demand backdrop and an increasingly powerful channel ecosystem enabled Sophos to continue to gain market share, outpacing market growth rates in both enduser and network security. In addition to the launch of Intercept X, there was an enthusiastic response to the newest release of the Sophos XG Firewall, helping the Group achieve 17.8 percent growth in network security billings for the year, at constant currency. With version 16.0 launched in October 2016, customers are benefiting from over 100 new features and significant enhancements to the user experience, particularly navigation, policy management and logging, as well as additional synchronized security features linking the XG firewall with endpoint, encryption, mobile, and other security offerings. Sophos is already a leader in the emerging cloud-based infrastructure market for security, a growing opportunity as enterprises adopt infrastructure as a service via the cloud. XG Firewall version 16.0 introduced support for the Microsoft Azure cloud platform in addition to the existing support for Amazon Web Services. ACQUISITIONS In February 2017 Sophos announced the acquisition of Invincea, Inc., a leading developer of advanced next- generation malware protection, consistently ranked as among the best performing signature-less, next- generation endpoint technologies in third-party testing, rated highly both for high detection and low false- positive rates. The Invincea endpoint security portfolio prevents, detects, and remediates zero-day and sophisticated attacks, and combines neural-network based machine learning and behavioural monitoring to enhance detection through artificial intelligence and stop evasive malware before damage occurs. Invincea complements and enhances Sophos’ existing presence in next-generation endpoint protection, a dynamic new segment that is serving to increase meaningfully the size and growth rate of the multi- billion dollar endpoint security market as a whole. Invincea’s advanced machine learning technology is a critical element in the broad array of advanced endpoint technology components that customers will require in order to protect themselves effectively against the growing number and sophistication of cyber threats that face organisations of all sizes. The integration of the Invincea technology into the Sophos Central endpoint product line is progressing well, with the first Sophos products incorporating Invincea’s machine learning technology expected to be available and sold via our global channel of over 30,000 partners in 2017, bringing immediate value to customers. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 18 CHIEF EXECUTIVE OFFICER’S STATEMENT CONTINUED AN EARLY COMMITMENT TO THE CLOUD HAS GIVEN SOPHOS A REAL AND GROWING COMPETITIVE ADVANTAGE DEEPENING THE RELATIONSHIP WITH OUR CUSTOMERS We further increased the amount of cross-sell and upsell business with existing customers, a key element of the Group’s growth strategy. Our net renewal rate achieved on our subscription business was over 106 percent in the year, including cross-sell and upsell, versus 102 percent a year ago. Furthermore, the proportion of customers purchasing both the Sophos endpoint and unified threat management (UTM) products was just under 10 percent at the end of the period, up from 7 percent a year ago. The continued improvement in these areas demonstrates the Group’s success in leveraging its product portfolio and the benefits that both partners and customers are gaining from an integrated, synchronised approach to IT security. INDUSTRY LEADERSHIP During the year, leading industry analysts including Gartner and Forrester once again endorsed Sophos as a leader for products in both enduser and network security. In addition, Sophos won numerous channel awards, including 2016 Endpoint Security Innovation winner (CRN US), 2016 Data Security winner (CRN US), 2016 Network Security winner (CRN US), 2016 Security Vendor of the Year (CRN UK), and 2016 Channel Excellence Award winner - Security Hardware (Channel Partner DACH). Furthermore, in February 2017, five senior Sophos executives were named in CRN’s prestigious list of 2017 Channel Chiefs, which represents top leaders in the IT channel who excel at driving growth and revenue in their organisations through channel partners. While we are pleased with the scale, growth, and momentum we have established, we firmly believe we are just getting started. Security continues to be a mission-critical, board-level priority for organisations of every size that only rises in importance with each passing year. Delivering true enterprise-grade protection to mid-market enterprises, in a way that is integrated and simple to deploy and manage, all sold through the channel, provides Sophos with a substantial market opportunity. Our company mission is to be the best in the world at delivering innovative, simple, and highly-effective cybersecurity solutions to IT professionals and the channel that serves them. We believe we are uniquely positioned to successfully execute against that mission, and as we do so, our opportunities to continue to grow and succeed, both operationally and financially, are dramatic. Sophos’ success is only possible through the commitment and hard work of our global team of employees and partners, and I would like to extend my personal thanks to them for all they do to support and protect hundreds of thousands of organisations around the world each day. Kris Hagerman Chief Executive Officer 16 May 2017 19 Q & A WITH MANAGEMENT TEAM Q&A WITH MEMBERS OF THE SOPHOS SENIOR MANAGEMENT TEAM SOPHOS HELPS BUSINESSES TO FOCUS ON WHAT THEY DO BEST BY OFFERING THE INDUSTRY’S LEADING PROTECTION AGAINST CYBER AND DATA ATTACKS. MEMBERS OF THE MANAGEMENT TEAM OFFER THEIR INSIGHTS INTO SOME OF THE CHALLENGES AND OPPORTUNITIES FACING SOPHOS, ITS PARTNERS AND CUSTOMERS, TODAY AND IN THE FUTURE. MICHAEL VALENTINE SENIOR VICE PRESIDENT, WORLDWIDE SALES Q. When you talk to customers, what are their most pressing issues? A.It really is the need to reduce complexity. These companies often have limited IT staff and rarely a security expert. They struggle to manage multiple security products and are even more challenged to respond to the daily alerts and notifications they receive. They want simplicity and flexibility. They want a seamless experience between reseller and vendor. They do not have the expertise to run lengthy IT procurement projects and rely on their IT resellers to make the right choices for them. For our partners, their concerns are twofold: what business model do I adopt; and, how do I hire and retain the right calibre of sales and sales engineering staff? The opportunities offered by MSP and IaaS models are appealing as more customers move to AWS or Azure. However, can every product reseller make the move to value added or managed services? It’s a difficult question to answer. The demand for cybersecurity skills far outstrips the supply and we are focused on helping our partners to train and retain staff within their companies. Nothing motivates a sales person like hitting their targets and we believe that Sophos can offer the best products on the market and make business easy to close. Everyone wants to be on the winning team and that’s what we drive towards every day. Q. Can you tell me about the importance of the Sophos partner ecosystem? A.Without a strong partner ecosystem, we would have no business. As a 100 percent channel- focused company, it is our ability to educate, enable and incentivise our channel partners that drives our growth and enables us to more quickly enter new markets and scale up our business. rely heavily on their resellers for local support, so we can offer three different levels of support without additional investment. Our customers trust us to develop highly effective products that will protect them against today’s sophisticated threats and we rely on our partners to deliver the right advice, training and services to them. facing Sophos? Q. What is the biggest challenge A.There are more than 60 million businesses in the sweet spot of our target market and gaining brand recognition within a vast market is challenging. We compete against big established names and small challenger companies in both endpoint and network security markets. We have made huge progress over the last five years but we still have work to do in continuing to make our brand stand out in this huge market. We are addressing a huge market opportunity that relies on its trusted IT resellers for advice, services and products to protect their critical data. Mid-market companies also We are differentiated against the competition and gaining traction with our unique synchronized security vision, which is supported by our comprehensive network and INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 20 Q & A WITH MANAGEMENT TEAM CONTINUED Q&A WITH MEMBERS OF THE SOPHOS SENIOR MANAGEMENT TEAM endpoint security portfolio. However, much like the rest of the industry, our security-focused partners have specialisms in network or endpoint security and we need to continue to educate them on both sides of our portfolio. We are investing heavily in partner enablement, education and training to make sure that our partners are taking advantage of the opportunity offered by Sophos; both in terms of more business and with better security for their customers. JOE LEVY CHIEF TECHNOLOGY OFFICER prioritise what they are doing? Q. How should customers A.Know thyself. All endeavours to enhancing security must start here. Our information systems used to relate to physical things, applications and operating systems running directly on clients and servers that we could see, touch, and count, but they become more intangible, and abstract every day. Cloud, virtualisation, mobile, containers, micro services and APIs have enabled unimaginable advancements in automation, manufacturing, business intelligence, collaboration, personalisation, and prediction, but these come at the costs of complexity and opaqueness. In order to protect the confidentiality, integrity and availability of our assets, among the most valuable of which is our data, we must know that they exist, where they exist, and what they are worth. For any security effort to succeed, it must begin here. Only then can practicable risk management strategies be developed and applied. Q. Are attitudes towards security changing among your customers? A.It is difficult to ignore the headlines related to information security incidents. Whether it is the latest data breach, the rise of ransomware, reminders to the fragility of our critical infrastructure or allegations of tampering with democracy, hardly a day goes by without coverage of some unfortunate exploitation of weaknesses in our information systems. to you? Q. What does innovation mean A.Innovation at its core describes improvement through novelty, and in the context of information security its key attribute is continuous adaptation. Security is a property of system, so to innovate in information security requires not just continuous improvements in technology, but also in how people interact with that technology, and how it interfaces with the rest of our increasingly interconnected world. Advancements in computing and data science have given us a world where everything is a computer, everything is connected, and machines operate autonomously. Our day-to-day lives increasingly benefit from and depend on this new reality and with such leverage comes high-stake risk. Attackers exploit flaws in software, fragility in complex systems, human susceptibility to social engineering, and the shroud of anonymity provided by the internet and crypto-currencies. Innovation in information security seeks to anticipate and stay one step ahead of this and it should be measured by its usability, durability, adaptability and utility in preventing, detecting and responding to today’s and tomorrow’s threats. But every cloud has a silver lining, and a positive consequence of these events is a heightened awareness of the threat. Businesses of all sectors and sizes, institutions of learning, corporate boards, the insurance industry and governments are increasingly treating information security seriously and saliently. Attitudes toward information security are shifting from an afterthought that is taxing or punitive, to a forethought that is among any project’s core requirements. We are slowly getting better at understanding risk in the abstract. It’s an encouraging maturation, but we must not allow ourselves to become inured to the stream of reminders. We must be unrelenting in our pursuit of adaptation and improvement. 21 SIMON REED VICE PRESIDENT, SOPHOSLABS security? Q. What does Sophos mean by A. Computers now dominate our lives. It is part of everything we do, at work and in our personal lives. We’ve grown dependent on technology. Like any tool, it can be used to benefit our lives, or be used against us for nefarious purposes. Security allows us to have the full benefits that computers can provide whilst keeping the evil aspects at bay. Q. What is the best way to stay ahead of security concerns and threats? A. Be a smart consumer of the benefit of the IT-ization of our lives. Understand the basics of staying secure: strong passwords; prodigious patching; etc. Consider the downsides as well as the advantages that can be provided and make a balanced decision. Stay careful and cautious online and when interacting with email and websites. If it sounds too good to be true, treat with extreme caution. DAN SCHIAPPA SENIOR VICE PRESIDENT & GENERAL MANAGER, ENDUSER SECURITY & NETWORK SECURITY GROUPS secure? Q. Can a company be truly A. A company can be secure, but it will never be impervious. There has never been a security technology that is perfect, but by having a broad and interconnected ensemble of capabilities, a company can raise the bar high enough that the attacks return on investment isn’t worthwhile. for Sophos? Q. What is the biggest opportunity A. Our biggest opportunity is to take a highly innovative security portfolio and make it simple enough for any business to deploy and secure their business. Leveraging our portfolio through the synchronized security approach to differentiate the reason to use multiple Sophos products. By continuously innovating, staying on the front foot to compete against the attackers. Sophos business strategy? Q. How would you summarise the A. Deliver innovative, easy to use, and highly effective security solutions to enterprises of all sizes. Have end-to-end experiences that just work and delight our customers. Sell this to customers who value innovation, simplicity and highly effective security. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS Security made simple. Network and endpoint protection, centrally managed and communicating together. For stronger, more simple security. 24 25 NETWORK SECURITY PORTFOLIO SYNCHRONIZED SECURITY MODEL IN THE NETWORK SECURITY MARKET, SOPHOS CONTINUES TO INNOVATE WITHIN ITS PORTFOLIO OF FIREWALL, WIRELESS, EMAIL AND WEB SECURITY. d T h r e a t i o n t c e a v d A e c t o r n P IPS SOPHOS CENTRAL MANAGEMENT SYNCHRONIZED SECURITY P r o W t e e b c t i o n n o i t c e t o r ail P m E UTM/NEXT-GEN FIREWALL WIRELESS EMAIL IN CLOUD CENTRAL d Traff c n tio c e p s n I e t p y r c n E U s e r I d e n t i t y A p plication Protection g x i n o S a n d b WEB ON PREM During the year, Sophos accelerated performance with advanced protections, adding sandboxing across multiple products, expanding IaaS (Azure/AWS) firewall protection and driving further integration with the Sophos Central management platform. At this point, the key products of wireless, email and web are available as on-premise products that can be managed through Sophos Central. KEY PRODUCT DEVELOPMENTS » Sophos XG Firewall 16 is the latest next-generation firewall. It blocks evasive zero-day threats, automatically isolates endpoints upon threat detection or a missing Security Heartbeat™, identifies unknown application traffic, and adds enterprise-grade Secure Web Gateway protections and built-in Data Loss Prevention for email. It is available as a hardware appliance, software or virtual appliance, or for Microsoft Azure, extending support for IaaS environments. » Sophos Wireless provides a simple, effective way to manage and secure your wireless networks. Sophos introduced many features in FY17 to optimise performance, threat detection, and new management capability via Sophos Central. » Sophos Email Security is a proven anti-malware, anti-spam and anti-phishing solution, now managed by Sophos Central. Sophos offers email continuity and emergency inbox in cases of outages or attacks, a self-service portal for users, easy deployment and management, and support for Exchange, Office 365, and G Suite. » Sophos UTM for AWS is network security for Public Cloud environments, which includes advanced protections for intrusion prevention, network packet inspection, application control, VPN and a web application firewall. Designed for AWS, Sophos UTM scales automatically based on traffic changes, and offers high availability to ensure applications and users can always connect. CENTRAL Sophos Central is an integrated management platform that simplifies the administration of multiple Sophos products and enables more efficient business management for Sophos partners and customers. This unified platform for security management is the realisation of the Groups' synchronized security strategy to enable multiple security products to work together seamlessly, with simpler management and better security. Key products currently available through Sophos Central include Sophos Endpoint Security, Sophos Intercept X, Sophos Mobile, Sophos Server Protection, Sophos Encryption, Sophos Wireless, Sophos Email Security, Sophos Web Security, and Sophos Phish Threat. 26 27 ENDUSER SECURITY PORTFOLIO SOPHOS CONTINUES TO ENHANCE AND DEVELOP THE NEXT-GENERATION CAPABILITIES OF ITS ENDUSER PRODUCT PORTFOLIO. CLOUD INTELLIGENCE NEXT-GEN ENDPOINT MOBILE SERVER ENCRYPTION s And ontrol e vic p C e p D A re- p P r e v e n E x p l o t i i t o n B e h D a e t e vio ural c tio ns i o n i t y t a t c u r e R u e p S Signatures Genes M L a e c a h r i n n i e n g c f f a r T s u alicio M n o i t c e t e D SOPHOS CENTRAL MANAGEMENT SYNCHRONIZED SECURITY Memor y Scanning - t s o p p t o G uard y r C Admin | MANAGE ALL SOPHOS PRODUCTS Self Service | USER CUSTOMISED ALERTS Partner Analytics | MANAGEMENT OF CUSTOMER INSTALLATIONS | ANALYSE DATA ACROSS ALL OF SOPHOS’ PRODUCTS TO CREATE SIMPLE, ACTIONABLE INSIGHTS AND AUTOMATIC RESOLUTIONS SophosLabs | 24 X 7 X 365, MULTI-CONTINENT OPERATION Malware Identities · URL Database · Machine Learning · Threat Intelligence Genotypes · Reputation · Behavioural Rules · APT Rules · App Identities Anti spam · DLP · SophosID · Sandboxing · API Everywhere There is a significant rise in demand for next-generation threat protection as reports of ransomware and advanced phishing attacks become more numerous and widespread. Sophos rounded out its comprehensive endpoint defense strategy with the acquisition of Invincea and the anticipated introduction of integrated machine- learning products in FY18. Key products in the comprehensive defence strategy introduced during FY17 included: » Sophos Intercept X delivers next-generation anti- exploit protections with signature-less threat and exploit detection, anti-ransomware, root cause analysis and Sophos Clean for deep forensic-level malware removal. » Sophos Mobile 7 is a comprehensive EMM solution with features for Mobile Device Management (“MDM”), Mobile Application Management (“MAM”), Mobile Email Management (“MEM”), Mobile Content Management (“MCM”) and mobile security. Customers can manage iOS, Android, and Windows Mobile devices side-by-side with Windows computers to ensure a uniform company security and compliance policy across all devices. » Sophos Server Protection recently introduced anti- ransomware, new support of VMware and Microsoft Hyper-V with Sophos for Virtual Environments, and added Security Heartbeat technology which can now isolate servers as part of Synchronized Security » Sophos Safeguard Encryption provides ‘always-on’ file-level encryption for threat protection of data accessed from mobile devices, laptops, desktops, on-premise networks and cloud-based file sharing applications. Sophos is the first vendor to provide persistent, transparent and proactive encryption that protects files across Windows, Mac, iOS or Android platforms by default. » Sophos Phish Threat is an advanced phishing attack simulator and training solution that is fully integrated with the company’s cloud-based security management platform, Sophos Central. The core Phish Threat technology was acquired from Silent Break Security in December 2016 and integrated into Sophos Central before launch in January 2017. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 28 FINANCIAL REVIEW THE GROUP FINISHED THE YEAR STRONGLY AND IS INCREASINGLY WELL POSITIONED TO ACHIEVE GROWTH FROM BOTH NEW AND EXISTING CUSTOMERS IN FY18 AND BEYOND The key metrics of billings, cash EBITDA and cash flow were all strong in the year. The Group expected cash flow to show very strong growth in the year, yet the Directors were particularly encouraged that unlevered free cash flow almost trebled to $133.4 million. The table below presents the Group’s financial highlights on a reported basis: Billings Revenue Cash EBITDA Adjusted operating profit Operating loss Unlevered free cash flow Net cash flow from operating activities FY17 $m 632.1 529.7 150.1 38.3 (44.3) 133.4 118.5 FY16 $m 534.9 478.2 120.9 53.4 (32.7) 46.4 21.3 Growth % 18.2 10.8 24.2 (28.3) 35.5 187.5 456.3 Definitions and reconciliations of non-GAAP measures are included in note 6 of the financial statements and the glossary Reported billings grew by 18.2 percent to $632.1 million, while billings in constant currency grew at 19.9 percent to $648.7 million, revenue grew 12.3 percent on the same basis to $542.1 million, within which subscription revenue grew 14.4 percent to $420.4 million. Adjusted operating profit and operating loss were both impacted by the fact that the majority of billings are subscription contracts where the revenue is deferred to future periods; however, the level of spending is driven by billings growth and is recognised immediately in the profit and loss account. Accordingly, a strong billings performance is very positive for the long-term health of the business and cash generation yet the full benefit to the profit and loss account is in future periods. Deferred revenues increased by $82.3 million in the period further underpinning the confidence in future revenue growth. The Group finished the year with $581.0 million (FY16: $498.7 million) of deferred revenue, $330.6 million (FY16: $286.5 million) of which is due for release in the year ahead. Billings $632M $150M Cash EBITDA Revenue $530M $119M Net cash flow from operating activities 29 BILLINGS The Group’s reported billings increased by $97.2 million from $534.9 million in the year-ended 31 March 2016 to $632.1 million in the year-ended 31 March 2017, with growth in all regions, products and types as detailed below. This represented 18.2 percent reported growth or 19.9 percent growth on a constant currency (“CC”) basis. The reconciliation of billings to revenue is included in note 6 of the Financial Statements. Billings by Region: – Americas – EMEA – APJ Billings by Product: – Network – Enduser – Other Billings by Type: – Subscription – Hardware – Other Subscription agreements comprised 81 percent of the Group’s billings in FY17, an increase from 79 percent in the prior-year. Subscription agreements are paid in full upfront with revenue being recognised on a deferred basis over the life of the agreements, which mainly range from one to three years in duration, resulting in a highly visible and predictable future revenue stream. BILLINGS BY REGION AMERICAS Billings attributable to the Americas increased by $29.7 million to $217.6 million in the year-ended 31 March 2017, representing 15.8 percent growth on a reported basis and 15.9 percent on a constant currency basis. Network products and sustained adoption of the Sophos Central platform, including strong sales of new next-generation endpoint products drove the year-on- year growth. EMEA Billings attributable to EMEA increased by $55.5 million to $319.5 million in the year-ended 31 March 2017, representing 21.0 percent growth on a reported basis and 25.6 percent growth on a constant currency basis, reflecting the impact of the strengthening US Dollar against both Sterling and Euro. Enduser growth in the region was particularly strong, supported by a substantial increase in the adoption of the Sophos Central platform and the contribution from a material contract with an existing customer in the UK in the first quarter of the year. FY17 $m (Reported) FY16 $m (Reported) Growth % (Reported) Growth % (CC) 217.6 319.5 95.0 632.1 311.5 289.7 30.9 632.1 513.1 105.7 13.3 632.1 187.9 264.0 83.0 534.9 266.7 238.2 30.0 534.9 422.8 99.0 13.1 534.9 15.8 21.0 14.5 18.2 16.8 21.6 3.0 18.2 21.4 6.8 1.5 18.2 15.9 25.6 11.0 19.9 17.8 24.4 2.6 19.9 23.3 7.6 2.3 19.9 APJ Billings attributable to APJ increased by $12.0 million to $95.0 million in the year-ended 31 March 2017, representing 14.5 percent growth on a reported basis and 11.0 percent growth on a constant currency basis. Growth in the region was driven by Enduser billings; Network billings in the prior-year were assisted by a very strong performance in Japan leading to a tough comparative. BILLINGS BY PRODUCT NETWORK PRODUCTS The Group’s billings attributable to Network products increased by $44.8 million to $311.5 million in the year-ended 31 March 2017, representing 16.8 percent growth on a reported basis and 17.8 percent growth on a constant currency basis, despite a strong prior-year comparative from larger deals in Japan. This growth was balanced across UTM, Email and Web products. ENDUSER PRODUCTS The Group’s billings attributable to Enduser products increased by $51.5 million to $289.7 million in the year- ended 31 March 2017, representing 21.6 percent growth on a reported basis and 24.4 percent growth at constant currency. Sophos Central, incorporating the new next- generation endpoint product, Intercept X, was a key driver for Enduser billings growth. Growth was also assisted by the contribution from a material contract during the first quarter of the year with an existing customer in the UK. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 30 FINANCIAL REVIEW CONTINUED BILLINGS BY TYPE Subscription billings increased by $90.3 million to $513.1 million in the year-ended 31 March 2017, representing 21.4 percent growth on a reported basis and 23.3 percent growth on a constant currency basis. Encouragingly, Sophos Central billings were $87.7 million in the year, increasing from $27.4 million in the prior period and now represent 17.1 percent of subscription billings up from 6.5 percent in the prior period. Hardware billings increased by 6.8 percent on a reported basis, 7.6 percent growth on a constant currency basis, to $105.7 million primarily due to a tough comparative from the strong hardware sales in Japan. The share of subscription billings of total billings increased marginally in the year as Sophos Central continued to gain momentum. KEY BILLINGS METRICS BILLINGS FROM NEW CUSTOMERS Billings, at constant currency and excluding acquisitions, from new customers remained consistent at 25 percent of total billings and grew 21.3 percent year over year. RETENTION RATES The Group’s results are substantially driven by billings generated from subscriptions for its products and services. The Group’s net retention rates include the impact of cross-selling and upselling, which helps the Group evaluate its success in fully leveraging its broad product portfolio throughout its installed customer base. The Group’s net retention rate, excluding acquisitions, for the year-ended 31 March 2017 improved to 106.3 percent from 101.9 percent in the year-ended 31 March 2016. BILLINGS BY SIZE Sophos’ products are designed for the Group’s target market, mid-market enterprises, typically with less than 5,000 employees. In FY17 the proportion of billings to the Group’s customers with less than 5,000 employees increased marginally YOY to 83 percent. BILLINGS BY LENGTH OF CONTRACT Subscription agreements sold by the Group are of differing durations, most typically being one to three years in length. The weighted average contract length for the year-ended 31 March 2017 was 28.1 months, a small increase on the 27.8 months 1 for the year-ended 31 March 2016, mainly due to the material contract with an existing customer in the first quarter. The billings analysis of contracts by subscription length for each year1 was as follows: Constant currency Under one year One to two years Two to three years Greater than three years FY17 % 34.3 7.5 46.0 12.2 FY16 % 34.7 8.1 45.9 11.3 1 Comparatives were previously presented excluding Cyberoam and have now been re-stated to be on a total Group basis CROSS-SELL AND UPSELL OPPORTUNITIES The Group continued to demonstrate to its existing customers the benefits of cross-ownership. A measure of this success is the percentage of all customers who own both a Sophos Endpoint and UTM product (being the primary products of the Enduser and Network families, respectively). The Group expects this metric to steadily improve as customers take advantage of the benefits of synchronized security. At 31 March 2017, approximately 9.6 percent of customers had both a UTM product and an Endpoint product compared to 7.4 percent of customers at 31 March 2016. REVENUE The Group’s revenue increased by $51.5 million, or 10.8 percent, to $529.7 million in the year-ended 31 March 2017. Revenue at reported rates was impacted throughout the year by currency headwinds, most notable a weakening against the US Dollar of Sterling and the Euro. Accordingly, revenue growth for the year on a constant currency basis was higher at 12.3 percent, following an increasing trend through the year which generated Q4 constant currency revenue growth of 14.7 percent. The majority of the Group’s billings relate to subscriptions (FY17: 81.2 percent; FY16: 79.0 percent), and hence the benefit from increased billings is spread over a number of years based on the subsequent recognition of deferred revenue. Revenue of $529.7 million comprised $277.8 million (FY16: $251.4 million) from recognition of prior-year deferred revenues and $251.9 million (FY16: $226.8 million) from new billings. The deferred revenue balance at the end of the year of $581.0 million increased $82.3 million from the end of the prior year, an increase of 16.5 percent despite a negative translation impact of $24.2 million resulting from the devaluation of Sterling against the US Dollar. Revenue in the Americas increased by 12.5 percent to $186.9 million in the year-ended 31 March 2017 due to growth in both Network and Enduser sales. 31 +12.3% Constant currency revenue growth +16.5% Deferred revenue growth Revenue by Region: – Americas – EMEA – APJ Revenue by Product: – Network – Enduser – Other Revenue by Type: – Subscription – Hardware – Other FY17 $m (Reported) FY16 $m (Reported) Growth % (Reported) Growth % (CC) 186.9 263.1 79.7 529.7 271.2 231.6 26.9 529.7 410.7 106.7 12.3 529.7 166.1 239.5 72.6 478.2 239.0 211.9 27.3 478.2 364.7 100.9 12.6 478.2 12.5 9.9 9.8 10.8 13.5 9.3 (1.5) 10.8 12.6 5.7 (2.4) 10.8 12.6 13.8 6.4 12.3 14.6 11.4 (1.8) 12.3 14.4 6.3 (0.8) 12.3 EMEA revenue increased by 9.9 percent to $263.1 million in the year-ended 31 March 2017, primarily due to growth in UTM billings as much of the benefit of increased subscription billings is deferred into future periods. APJ revenue increased by 9.8 percent to $79.7 million in the year-ended 31 March 2017, predominantly due to strong growth in Enduser billings, with lower Network growth due to a tough compare in Japan. COST OF SALES The Group’s cost of sales increased by $16.9 million to $121.3 million in the year-ended 31 March 2017. This was primarily due to the continued growth of Network product billings, many of which have a hardware component, the growth in Sophos Central products which are hosted by the Group and higher costs in the support function which are increasing, albeit at a rate lower than billings thereby delivering operational leverage. SALES AND MARKETING The Group’s sales and marketing expenses increased by $26.6 million or 14.5 percent, to $210.6 million in the year-ended 31 March 2017. Sales and marketing investments are targeted to drive billings growth. The Group achieved a growth rate in sales and marketing costs that was below the rate of growth in billings, contributing to the anticipated leverage as the business scales, which is expected to continue. RESEARCH AND DEVELOPMENT The Group’s research and development expenses increased by $18.2 million, or 18.3 percent, to $117.8 million in the year-ended 31 March 2017. This reflects the significant investment made in new and enhanced products released in the period and an ongoing focus on product development. Research and development investments are broadly targeted to grow at the rate of billings. GENERAL FINANCE AND ADMINISTRATION The Group’s general finance and administration expenses, excluding exceptional items, foreign exchange and the amortisation of intangible assets, increased by $19.8 million, or 38.1 percent, to $71.8 million in the year-ended 31 March 2017. The increase was substantially due to the share-based payment expense, which increased by $16.2 million to $32.5 million representing the first full-year charge following the issue of new equity awards at the time of the Initial Public Offering of the Company’s shares in the prior-year. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 32 FINANCIAL REVIEW CONTINUED Underlying general finance and administration expenses have increased by 10.1 percent YOY and have decreased as a proportion of billings as the Group continued to leverage its strong back office function. The Group’s exceptional items, included within general finance and administration expenses, decreased by $10.5 million to $31.4 million in the year-ended 31 March 2017. Current-year exceptional items relate predominantly to expenses incurred connected with the defence of certain claims brought against the Group in relation to the previously announced intellectual property litigation case brought by Finjan Inc., including both the costs of an omnibus agreement entered into with Finjan Inc. on 30 March 2017 resolving all the parties’ disputes and associated legal costs. It also includes acquisition costs incurred in relation to material acquisitions in the year. Prior-year exceptional items included $17.8 million incurred during the Initial Public Offering of the Company’s shares, as well as acquisition costs and expenses incurred in relation to the defence or settlement of claims brought against a number of the Group’s employees by their former employer and certain intellectual property litigation cases. AMORTISATION OF INTANGIBLE ASSETS The Group’s amortisation of intangible assets decreased by $9.3 million, or 31.8 percent, to $19.9 million in the year-ended 31 March 2017. The decrease was due to the Group’s policy of amortising acquired intangibles on a reducing balance basis. In the current year, the Group’s largest acquisition, Invincea, Inc. was completed at the very end of the year, therefore limiting amortisation in the period. CURRENCY MOVEMENTS AND IMPACT The Group’s foreign exchange loss was $1.2 million in the year-ended 31 March 2017, compared with a gain of $0.2 million in the year-ended 31 March 2016. The loss arises as a result of the weakening of Sterling and the Euro against the US Dollar in the year, an impact which is mostly mitigated by the Group’s largely naturally- hedged position. CASH EBITDA The reconciliation of cash EBITDA to operating loss is included in note 6 of the Financial Statements. On a reported basis, cash EBITDA increased by 24.2 percent to $150.1 million in the year-ended 31 March 2017. The Cash EBITDA margin increased YOY to 23.7 percent from 22.6 percent in the prior year mainly as the Group leveraged sales, marketing and back office investments. ADJUSTED OPERATING PROFIT Adjusted operating profit provides a supplemental measure of earnings that facilitates review of operating performance on a period-to-period basis by excluding non-recurring and other items that are not indicative of the Group’s underlying operating performance. The Directors have chosen to disclose this alternative performance measure in order to not only allow a focus on underlying operating performance but also to aid comparability with other companies that disclose the same measure. The reconciliation of adjusted operating loss to operating loss is included in note 6 of the Financial Statements. Adjusted operating profit decreased by $15.1 million to $38.3 million in the year-ended 31 March 2017. The Group continues to invest to drive billings growth. The majority of billings are from subscription contracts with the revenue benefit from increased subscription billings being deferred into future periods. Accordingly, strong subscription billings growth, whilst very positive for the long-term health of the business and cash generation, can actually show as a detriment to the short-term income statement with most of the revenues deferred whilst all spending is recognised as incurred. For this reason, the Group primarily focuses on billings, cash EBITDA and cash flow as the key leading indicators and primary operating metrics of the business. OPERATING LOSS The Group’s operating loss was $44.3 million in the year-ended 31 March 2017, compared to a loss of $32.7 million in the prior year. The increase was mainly due to an increased share-based payment expense, following the issue of equity instruments at the time of the Initial Public Offering, though this increase was partially offset by decreases in exceptional costs and amortisation. NET FINANCE COSTS The Group’s net finance costs decreased by $30.7 million to $5.0 million in the year due to both the repayment in the prior year of the amounts due to the previous parent company and, at the time of the Company’s Initial Public Offering of shares, an $87.7 million repayment of bank debt. In addition, foreign exchange losses on borrowings in the prior year have become gains in the current year as the US Dollar has strengthened and the prior year included a $5.9 million write-off of un-amortised finance fees that arose on the repaid external debt facility. INCOME TAX The Group’s tax credit for the year was $2.6 million (FY16: $3.5 million charge) with an effective tax rate of 5.3 percent (FY16: -5.1 percent). The tax credit arises against a reported loss for the Group, however cash tax remains payable as a consequence of taxable profits in local subsidiaries. The Group also benefited from participation in the UK research and development expense credit regime. 33 LOSS FOR THE YEAR The Group’s loss for the year decreased by $25.2 million, from a loss of $71.9 million in the year-ended 31 March 2016 to a loss of $46.7 million in the year-ended 31 March 2017, predominantly reflecting the reduction in finance expenses. CAPITAL EXPENDITURE The Group’s capital expenditure primarily comprises property, plant and equipment as well as intangible assets. In the year-ended 31 March 2017, net cash capital expenditure decreased marginally by $0.3 million on the prior-year. CASH FLOW Net cash flow from operating activities significantly increased YOY to $118.5 million from $21.3 million in the prior year. The increase was due to billings growth, leverage of operating expenses and management of working capital. Cash EBITDA* Net deferral of revenue Foreign exchange Depreciation Adjusted operating profit Net deferral of revenue Exceptional items Depreciation Foreign exchange Change in working capital* Corporation tax paid* Net cash flow from operating activities Exceptional items Net capital expenditure* Unlevered free cash flow FY17 $m 150.1 (102.4) – (9.4) 38.3 102.4 (31.4) 9.4 – 19.0 (19.2) 118.5 31.4 (16.5) 133.4 FY16 $m 120.9 (56.7) (2.4) (8.4) 53.4 56.7 (41.9) 8.4 2.4 (32.5) (25.2) 21.3 41.9 (16.8) 46.4 * Unlevered free cash flow represented by the sum of marked rows and has been presented to enhance understanding of the Group’s cash generation capability. Unlevered free cash flow increased threefold over the prior-year to $133.4 million due to billings growth, significant movements in working capital, reduced year-over-year cash tax payments and flat net capital expenditure. CHANGES IN WORKING CAPITAL Working capital movements result from an increase in creditors for activity in the final month of the year while debtor days outstanding has decreased in the year to 42 days (FY16: 44 days). Prior-year working capital changes included outflows for significant accrued and payable amounts expensed in FY15. CASH TAXATION Corporation tax paid is lower than in the comparative year due to the receipt of a research and development expense credit of $5.5 million in the UK. FINANCING In the first half of FY17, the Group repaid its revolving credit facility which had been drawn to partially finance the acquisition of SurfRight in December FY16. In the second half of FY17, the Group agreed an additional revolving credit facility with its existing lenders in the amount of $40 million which at year-end was fully drawn along with $10 million from the original revolving credit facility in order to partially finance the acquisition of Invincea, Inc. At 31 March 2017 the ratio of net debt to cash EBITDA was 1.9 times, a decrease from 2.1 times as at 31 March 2016; reflecting the cash-generative nature of the Group. BREXIT Following the decision by the UK population to exit, in due course, from the European Union (“Brexit”), the Directors have considered whether or not this will manifest itself as an additional risk to the Group. The Group’s operations are globally diverse with only 11 percent of the Group’s revenue being sourced from the UK and as the recent devaluation of the Sterling exchange rates has a minor benefit to the Group, given more sterling denominated costs than revenues in a US Dollar denominated functional currency Group. As such, Brexit is not considered a principal risk for the Group. DIVIDENDS The Directors propose to pay a final dividend for the year-ending 31 March 2017 of 3.3 US Cents per share (FY16: 1.1 US Cents), giving a total dividend for the year of 4.6 US Cents per share (FY16: 1.8 US Cents). The final dividend, subject to shareholder approval, will be paid on 13 October 2017 to all shareholders on the register on 15 September 2017. The Directors continue to adopt a progressive dividend policy, reflecting the cash- generative nature of the Group; and accordingly intend to target continued dividend growth for the financial year-ending 31 March 2018. Nick Bray Chief Financial Officer 16 May 2017 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 34 PRINCIPAL RISKS AND RISK MANAGEMENT PRINCIPAL RISKS ARE IDENTIFIED THROUGH A BUSINESS WIDE RISK ASSESSMENT PROCESS, ALONG WITH AN EVALUATION OF THE STRATEGY AND OPERATING ENVIRONMENT OF THE GROUP The risk review process encompasses the identification, management and monitoring of risks in each area of the business and this process includes an assessment of the risks to determine the likelihood of occurrence, potential impact and the adequacy of the mitigation or controls already in place. A full review is then undertaken by the Risk and Compliance Committee (“RCC”), which evaluates the principal risks of the Group with reference to its strategy and the operating environment. The Audit and Risk Committee monitors and challenges these processes, reviewing the Group’s Consolidated Risk Register and reporting material risks to the Board. There may be other risks or uncertainties which could emerge in the future, however, the Group’s ongoing commitment to risk management will seek to address and mitigate the future risks, as and when they become apparent. STRUCTURE OF RISK MANAGEMENT R E S P O N S I B I L I T Y F O R R I S K M A N A G E M E N T M A N A G E M E N T T E A M S E N O R I SOPHOS GROUP PLC BOARD AUDIT AND RISK COMMITTEE RISK AND COMPLIANCE COMMITTEE INTERNAL AUDIT L O R T N O C E V I T C E F BUSINESS FUNCTIONS INTEGRATED BUSINESS RISK MANAGEMENT F E R O F Y T I L I B A T N U O C AC 35 THE DIRECTORS CONSIDER THE FOLLOWING MATTERS TO BE THE PRINCIPAL RISKS AND UNCERTAINTIES (IN NO SPECIFIC ORDER) AFFECTING THE GROUP: RISK 1: RECRUITMENT AND RETENTION OF KEY PERSONNEL How it impacts us The ongoing success of Sophos is dependent on attracting and retaining high quality employees at all levels in the business who can effectively implement the Group’s strategy. Failure to attract, retain or develop high quality employees across the business could limit the Group’s ability to deliver its business plan commitments. What we are doing about it Making Sophos a great place to work is central to the Group’s strategy. Risk movement Sophos are committed to strong recruitment processes supported by robust remuneration programs which are benchmarked appropriately. Additionally, Sophos has a commitment to all levels of training throughout the organisation. Reward schemes are continuously evaluated to drive and recognise performance and ensure retention of key talent. Annual employee engagement surveys enable the progress of our people actions to be monitored, areas of improvement identified and necessary actions performed. RISK 2: DEFECTS OR VULNERABILITIES IN PRODUCTS OR SERVICES What we are doing about it Sophos are committed to extensive test cycles and quality procedures which are subject to continuous improvement. Risk movement Sophos employs combinations of internal and external quality reviews and testing of products, including source code reviews, public and private 3rd party efficacy testing, automated code tests and various forms of penetration testing. Sophos also encourages a healthy collaboration with the security research community, as described in the Responsible Disclosure Policy: www.sophos.com/security In FY17, Sophos took the additional step of introducing a Bug Bounty program to leverage the skills of thousands of individuals to help make our products and web properties more secure. Further, the Group protects the privacy and security of its customers worldwide through the pledge to never engineer backdoors into its products as described here: www.sophos.com/nobackdoors How it impacts us The Group’s products and services are complex, and as such they have contained, and may in the future contain, design or manufacturing defects or errors that are not detected until after their commercial release and deployment by end customers. These defects could cause the Group’s products or services to be vulnerable to security attacks, cause them to fail to help security networks, temporarily interrupt end customers’ networking traffic and fail to prevent or detect viruses or similar threats. Further, due to the evolving nature of threats and the continual emergence of new threats, the Group may fail to identify and update its threat intelligence or other virus databases in time to protect its end customers’ networks and devices. As a result, actual or perceived defects or vulnerabilities in the Group’s products or services and/or the failure of the Group’s products or services to prevent a security threat could harm the Group’s reputation and divert the Group’s resources. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 36 PRINCIPAL RISKS AND RISK MANAGEMENT CONTINUED RISK 3: FALSE DETECTION OF THREATS How it impacts us The Group’s products may falsely detect threats or malware that do not actually exist in applications or content based on the Group’s classification of application type, virus, malware, vulnerability exploits, data or URL categories (known as ‘false positives). These false positives, while inherent in the Group’s industry, may impair the perceived reliability of the Group’s products and may therefore adversely impact market acceptance of the Group’s products. If the Group’s products restrict important files or applications based on falsely identifying them as malware or some other item that could be restricted, this could adversely affect end customers’ systems and cause material system failures. Any such false identification of important files or applications could result in negative publicity, damage to the Group’s reputation, loss of end customer and sale, increased costs to remedy any problem and risk of litigation, any of which could materially adversely affect the Group’s financial condition and operating results. RISK 4: IT SECURITY AND CYBER RISK How it impacts us As a provider of IT security products, the Group is naturally a target and the Group’s networks and products may have vulnerabilities that have from time-to-time been, and may in the future be, targeted by attacks specifically designed to disrupt the Group’s business and harm the Group’s reputation If an actual or perceived breach of security occurs in the Group’s internal systems, it could adversely affect the market perception of the Group’s products. In addition, a security breach could affect the Group’s ability to operate its business, including the Group’s ability to provide support services to end customers. What we are doing about it Sophos is committed to investment in its world class Virus Labs facility with emphasis placed on staff training, testing and quality procedures. Risk movement Moreover, there is a continuous proactive focus on improvement of processes to enable early detection of a false positive event, as well as applying a ‘lessons learnt’ approach through root cause analysis. Sophos acknowledges the inherent risk associated with a false positive incident within the industry and is committed to ensuring there are mitigating processes in place to manage any incident, large or small, in order to minimise the impact on its customers. Risk movement What we are doing about it Sophos has a dedicated cybersecurity team that is focused on investigation and mitigation of risks related to cyber-attack. The team is focused on day-to-day active monitoring processes to identify and deal with IT security incidents, and in implementing continual improvements in the IT security technology, education and awareness and policies that combine in the overall security posture of Sophos. Sophos continues to increase its investment in cybersecurity. The Sophos Group maintains cyber insurance to transfer part of the risk of any deliberate attack to the insurer. 37 Risk movement RISK 5: PRODUCT PORTFOLIO MANAGEMENT How it impacts us Sophos has an extensive number of products, enhanced further by acquired technologies. The extent of investment in each product needs to be managed and prioritised taking into account the expected future prospects. Additionally, consideration must be given to the ability to be able to adequately support the entire product range. Failure to manage the product portfolio adequately could result in inappropriate investment focus in relation to research and innovation in product development, which is essential to meet customer and partner requirements. This could result in products that do not meet the requirements of customers or partners and could increase the risk they will look to alternative solutions, resulting in the potential loss of both new and existing revenue streams. Additionally, insufficient focus on key research and development projects may damage the long-term growth prospects of the Group. What we are doing about it Sophos continue to focus on and improve the interaction between product management, product development, sales and marketing and all support functions in an integrated product development approach. Internal processes are run to identify opportunities for standardisation and consistency across products lines. This helps eliminate redundancies, reduce development and support costs and improve partner and customer experiences through a more predictable and coherent product portfolio. Sophos are working to bring all products under a single cloud management platform to deliver “parity” (of management features and user experience) and “portability” (to address any privacy or data sovereignty issues that our partners/customers might face). Additionally, during the current financial year, Sophos have consolidated both Network and Enduser under single leadership in order to improve synchronized security, cross business unit interlock and investment efficiencies. Sophos customer and partner communities continue to be invaluable resources in guiding portfolio management decisions. They provide immediate and constant feedback on how well Sophos are meeting their requirements, improvements that Sophos can make to its current offerings and opportunities for portfolio consolidation or expansion. During the year-ended 31 March 2017, the Group strengthened its product portfolio through the acquisition of Invincea, Barricade and PhishThreat. RISK 6: DISRUPTION TO DAY TO DAY GROUP OPERATIONS How it impacts us Sophos is at risk of disruption to its day to day operations from a disaster incident which may seriously impact IT systems or access to office space. A failure in the operation of the Group’s key systems or infrastructure on which the Group relies could cause a failure of service to its customers and negatively impact the Sophos brand. What we are doing about it Sophos has made significant investments in the technology and infrastructure of the Group to ensure it continues to support the growth of the organisation. Risk movement Additionally, incident management procedures and escalation processes are in place as well as maintaining security, business continuity and disaster recovery plans. Continual updates and testing of these plans is ongoing. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 38 CORPORATE RESPONSIBILITY REPORT Case Study: Village adoption Sophos India, through its ‘Prarambh’ CSR initiative has adopted a rural village to uplift the lives of 350 families living there. The aim is to improve education, healthcare, family welfare, infrastructure, sanitation and sustainable livelihood patterns in the village. The plan is to bring about all-round development of the village by focusing on key areas like education, sanitation, basic infrastructure, medical facilities and empowerment of women; Sophos works with the people of the village to ensure development goals are mutually agreed. Sophos is a firm believer in using environmentally friendly technology for the greater good and has installed solar street lights to help meet the energy requirements of the village community. There is also a focus on building water conservation structures with the active involvement of the villagers, the objective being the preservation of rainwater and to facilitate agricultural activities. EMPLOYEES The Group operates by its core values: simplicity, empowerment, passion, innovation and authenticity. The Group promotes a culture where people can achieve and be recognised for their achievements, where people have the support they need to develop themselves and where people are valued and treated with respect. Development opportunities are made available to all employees through unlimited access to one of the largest independent online libraries of e-learning courses in the world for technical, personal and leadership skills development, in addition to role- specific training and access to Instructor-Led Training (“ILT”) aligned to their development and career aspirations. The Group is committed to providing equal opportunities and recruits and promotes staff on the basis of their experience, qualifications, skills and attitude. At the end of the financial year, the gender breakdown of employees and Directors was: Executive & Non-Executive Directors Senior Managers* Employees 31 March 2017 31 March 2016 Female Male Female 2 17 692 8 79 2,495 1 13 600 Male 8 70 2,194 * The Group has defined Senior Managers as members of the Senior Management Team and their direct reports (excluding Executive Directors separately reported). Each year Sophos conducts an employee opinion survey to gain direct feedback from employees and help identify and deliver actions that will increase employee engagement and company performance. The results from the survey are reviewed by the senior management team and are used to drive global, regional or departmental changes so that the business makes Sophos a better place to work. During the year, the Group introduced a global Save as You Earn (”SAYE”) plan, and an equivalent Employee Share Purchase Plan (“ESPP”) for US employees to enable all employees to save and participate in the long- term success of Sophos. The Group actively engages with local universities in our key locations and offers internships and working student opportunities in Canada, the USA, the UK, Germany and Austria. In the UK, the Group has an established intern and graduate program, supporting students through a full-year paid internship and provides support, expertise and guidance for their final year projects. Many of the interns receive permanent offers to join Sophos post-graduation, as well as financial assistance for their final year of study. 39 Education is a core element of the project and Sophos’ aims include preventing drop-outs after 8th grade through providing uniforms, bags, books and transportation to students as well as providing skill development courses. To improve the health and wellness of villagers, free medical check-up camps are organised and a rural clinic is planned. Sophos also plans to further the cause of women empowerment in the village by imparting training in arts, crafts and other skillsets to aid self- dependence. COMMUNITY & CHARITIES Sophos employees share the core values of a commitment to help others and make a positive impact in the communities where they live and work. Sophos encourages and supports these activities and around the world local Sophos offices support a wide range of charities and community projects. During the year, Sophos in the Philippines continued its annual Sophos Cares project with Santuario de San Jose. Local staff held collections for donations and gifts were distributed by eighteen Sophos employees to forty orphans aged three to seven years old after having spent quality playtime with the children. In Hungary, the Budapest office prepared Christmas gift boxes for children living in poverty, as well as donating their time and creative skills to raise money for a local charity that helps support vulnerable people throughout the year. In the UK, a series of events were held in the year to raise money for Byte Night in support of Action for Children, a charity that supports some of the 80,000 young people who are homeless in the UK through no fault of their own. UK employees participated in a month-long series of sponsored events, auctions and fund-raising, culminating in 26 of the team, headed by the CFO, sleeping out for a night to raise over £16,000 for the charity. MODERN SLAVERY ACT Sophos is committed to compliance with the provisions of the Modern Slavery Act 2015. As such, the Group has a zero-tolerance approach to modern slavery and is further committed to acting ethically, transparently and with integrity in all of its business dealings and relationships. During the year, the Board adopted the Sophos Group Anti-Slavery and Human Trafficking Policy and published its Modern Slavery Act Transparency Statement, each of which can be found on the Group’s website at www.sophos.com. ENVIRONMENT The Group recognises that it has a responsibility for effectively managing its environmental performance and minimising the impact of its operations. The Group is committed to continual environmental improvement in the management of its premises, operations and employee engagement. To that end, an Environmental Sustainability Program has been developed that will operate over the medium to long term with key stages of: » A scoping review to explore in depth Sophos’ current position, establish appropriate standards for the Group and perform a gap analysis and action plan to attain the standards. » Development of a comprehensive policy, embracing all aspects of environmental sustainability that would include a road map for the Group to follow. » Perform a sustainability materiality audit to identify and prioritise issues, risks and opportunities to enable the Group to focus on those activities which make the most significant contribution to the business and to sustainable development. » Greening audit of buildings to explore opportunities for greening the interior and exterior of building and site, guided by the principles of sustainability, biodiversity and health and wellbeing. STRATEGIC REPORT APPROVAL The strategic report on pages 10 to 39 was approved by the Board on 16 May 2017 and signed on its behalf by: Kris Hagerman Chief Executive Officer 16 May 2017 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 40 Acquisitions Strong heritage in driving value from acquisitions. MACHINE LEARNING ANTIVIRUS In FY17 Sophos acquired neural- network based machine learning and behavioural monitoring technology to enhance malware detection through artificial intelligence. Invincea, Inc., a next- generation endpoint security company based in the US, had developed its portfolio to prevent, detect and remediate zero-day and sophisticated attacks. Sophos expects to rapidly integrate Invincea technology into the endpoint product line, and make it available through Sophos channel partners worldwide. CLOUD-BASED ANALYTICS Sophos acquired a start-up company that had created a real-time security monitoring and analysis technology that leverages machine learning to monitor users and devices for anomalous behaviour, significantly enhancing the ability to identify malicious or suspicious activity. The technology will deliver further capabilities around user and entity behaviour analytics and synchronized security intelligence through the Sophos Central management platform. AUTOMATED, INTEGRATED SECURITY AWARENESS The threat of phishing, which exploits human trust and behaviour to instigate an attack on an organisation, is growing in sophistication and volume. Sophos has acquired technology to help customers address the human side of corporate security. Sophos has since launched Sophos Phish Threat, an automated security training product that can significantly reduce the potential for phishing to be successful in a company, through consistent training and awareness. INTRODUCTION STRATEGIC REPORT GOVERNANCE FINANCIAL STATEMENTS 41 GOVERNANCE Board of Directors 42 Corporate Governance Statement 46 Nomination Committee Report Audit and Risk Committee Report 54 57 Disclosure Committee 64 Annual Statement of the Remuneration Committee Chairman 65 Directors’ Remuneration Policy 67 Annual Report on Remuneration Directors’ Report 77 88 42 BOARD OF DIRECTORS PETER GYENES KRIS HAGERMAN NICK BRAY Non-Executive Chairman Chief Executive Officer Chief Financial Officer Experience: Peter joined the Sophos Board in 2006, bringing experience with corporate growth and value creation to the Group’s vision for integrated threat management leadership. He has four decades of experience in technical, sales, marketing and general management positions within the computer systems and software industry globally, and was most recently the Chairman and CEO of Ascential Software Corporation. He has also served on the boards of Applix Inc., BladeLogic Software, Epicor Software Corporation, Lawson Software, EnerNoc, Cimpress NV, Intralinks Holdings, Inc. and webMethods. Qualifications: BA in Mathematics and an MBA, Columbia University, New York. Other current roles: Director of Carbonite Inc., Pegasystems Inc., RealPage, Inc. and is trustee emeritus of the Massachusetts Technology Leadership Council. Experience: Kris joined Sophos in 2012 as Chief Executive Officer. Kris was most recently CEO of Corel Corporation, and prior to that group president, data centre management at Symantec, where he led a business of more than $1.5 billion that represented nearly 30 percent of Symantec’s global revenue. Prior to Symantec, Kris was EVP and GM, storage and server management at Veritas Software where, during his tenure, the company’s revenue more than doubled, before its acquisition by Symantec. Earlier in his career, Kris was founder and CEO of BigBook and prior to that, Affinia. Kris also held positions at Silicon Graphics and McKinsey & Company. Qualifications: BA in Russian and Economics, Dartmouth College, an M.Phil. in International Relations, Cambridge University, and an MBA, Stanford Graduate School of Business. Other current roles: None Experience: Nick joined Sophos in 2010 as Chief Financial Officer, bringing more than 20 years’ experience in the technology sector, extensive international operational skills and significant public company experience on both the London Stock Exchange and Nasdaq. Nick was most recently CFO at Micro Focus International plc, where he was instrumental in the company tripling revenue and increasing market capitalisation from circa £200 million to in excess of £1 billion. He has also held Group CFO roles at Fibernet Group plc and Gentia Software plc, as well as senior financial positions at Comshare Inc. and Lotus Software. Qualifications: First class BA in Civil Engineering, Aston University, UK and a qualified Chartered Accountant. Other current roles: Non-executive director of De La Rue plc. 43 SANDRA BERGERON EDWIN GILLIS ROY MACKENZIE Independent Non-Executive Director Independent Non-Executive Director Non-Executive Director Experience: Sandra joined the Sophos Board in 2010. She has more than 20 years security, operations and board advisory expertise having previously served as a director of TraceSecurity Inc., Tipping Point, Netegrity, Nuance Communications, TriCipher Inc., and ArcSight Inc. Earlier in her career Sandra spent 10 years at McAfee, Inc. holding a number of key executive positions. Qualifications: MBA from Xavier University, Cincinnati, Ohio and a BA in Business Administration (Cum Laude), Georgia State University. Other current roles: Director of F5 Networks, Inc. and Qualys Inc. Experience: Edwin joined the Sophos Board in 2009. He has previously served as a director and member of the audit committees at BladeLogic, Endeca, Equalogic Inc., Plex Systems, Responsys Inc. and Trizetto. Earlier in his career, Edwin held senior roles at Symantec Corporation, Veritas Software, Parametric Technology and Lotus Development Corporation and spent 15 years with Coopers & Lybrand as a CPA and general practice partner. Qualifications: BA in Government, Clark University, Massachusetts, an MA in International Relations, University of Southern California and an MBA, Harvard Business School. Other current roles: Director and chairman of the audit committees of AppNexus Inc., LogMeIn Inc., Sprinklr, and Teradyne Corporation. Experience: Roy joined the Sophos Board in 2010. He is a partner of Apax Partners’ technology and telecoms team. He joined Apax Partners in 2003 and has been involved in a variety of technology focussed investments including Epicor Software Corporation, NXP Semiconductors, and King Digital Entertainment. Previously, Roy worked at McKinsey & Company, Inc., focusing on consulting clients in the high technology sector and also held product management positions at Psion Computers. Qualifications: MBA, Stanford Graduate School of Business and an MA in Engineering, Imperial College, London. Other current roles: Director of Duck Creek Software, Inc. and Exact Holdings NV. Key to Committee Membership: Audit and Risk Committee Nomination Committee Remuneration Committee Disclosure Committee INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 44 BOARD OF DIRECTORS CONTINUED RICK MEDLOCK STEVE MUNFORD VIN MURRIA Independent Non-Executive Director Non-Executive Director Independent Non-Executive Director Experience: Rick joined the Sophos Board in April 2017. Rick has 30 years of experience in the financial management of large international technology companies. Currently the CFO at Worldpay, Rick was CFO of Misys until December 2013 prior to which, he spent nine years as CFO of Inmarsat plc and seven years as CFO and company secretary of NDS Group plc. He was also a non-executive director and chairman of the audit committee of Edwards Vacuum (Edwards Group Ltd). He spent the early part of his career in a variety of roles as CFO of a number of private equity backed technology companies in the UK and the US. Qualifications: MA in Economics, University of Cambridge and a qualified Chartered Accountant. Other current roles: Chief financial officer at Worldpay Group plc. Experience: Steve served as Sophos’ CEO from 2006 to 2012 prior to which he had been COO, as well as president of Sophos, North America. Steve led the company through a period of dramatic growth, more than tripling billings. Previously, he was President of ActiveState before its acquisition by Sophos. Qualifications: BA in Economics, University of Western Ontario and MBA from Queen’s University, Ontario. Other current roles: Chairman of Carbonite, Inc. and Elastic Path Software, Inc., and also serves on the boards of Actenum Corporation, Alert Logic, Inc., Apica, Inc., NetMotion, Inc, QuickMobile Inc. and Teradici Corporation. Experience: Vin joined the Sophos Board in January 2017. She was founder and CEO at Advanced Computer Software and CEO of Computer Software Group. Previously, Vin was also a non-executive director of Chime Communications, Greenko Group and Concateno. Vin was named Cisco’s Woman of the Year and Tech Entrepreneur of the Year in 2012 and in addition, Advanced Computer Software was named Tech Company of the Year in 2014. Qualifications: BSc (Hons), an MBA, and a Doctorate business administration (Honorary), Edinburgh Napier University. Other current roles: Independent non-executive director at Softcat plc and Zoopla Property Group plc, Senior Advisor - Rothschild Global Advisory team, and a partner at Elderstreet Investments. 45 SALIM NATHOO PAUL WALKER ELEANOR LACEY Non-Executive Director Senior Independent Director Experience: Paul joined the Sophos Board in 2015. Paul brings more than 30 years of technology and senior leadership experience, having served for 16 years as CEO of Sage Group plc. Paul has previously served on the Boards of WANdisco plc, Diageo plc, My Travel Group plc and Ernst & Young. Qualifications: BA in Economics, York University, and a qualified Chartered Accountant having trained at Ernst & Young. Other current roles: Non-executive chairman of Halma plc and Perform Group Ltd, and a non-executive director of Experian plc. Experience: Salim joined the Sophos Board in 2010. He is a partner and co-head of Apax Partners’ technology and telecoms team. He joined Apax Partners in 1999 and has been involved in a variety of technology-focussed investments including EVRY, Global Logic, Orange Switzerland, iGATE, Weather Investments, Tim Hellas and SMART Technologies. Previously, Salim worked at McKinsey & Company, Inc. where he focused extensively on telecommunications. Salim also held sales, marketing and technical positions at NYNEX CableComms Ltd. and IBM. Qualifications: MA in Mathematics, St. John’s College, Cambridge and an MBA, INSEAD. Other current roles: Non-executive chairman of Evry ASA, and a director of Global Logic. General Counsel and Company Secretary Experience: Eleanor joined Sophos in 2016 as SVP General Counsel and Company Secretary. Most recently, Eleanor had been SVP, General Counsel and Corporate Secretary at SurveyMonkey Inc. Prior to SurveyMonkey she has held the roles of General Counsel and VP of Business Development at Corel Corporation, VP of Corporate Development at SupportSoft, Inc. and VP and General Counsel at Niku Corporation, prior to its acquisition by Computer Associates. Qualifications: J.D., Yale Law School and BA in History and English, University of Massachusetts at Amherst. Other current roles: None Key to Committee Membership: Audit and Risk Committee Nomination Committee Remuneration Committee Disclosure Committee INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 46 CORPORATE GOVERNANCE STATEMENT and professionalism to the Board throughout his tenure, for which we are all very grateful. Rick Medlock will assume the role of chairman of the Audit and Risk Committee at the time of Ed’s retirement. Following Ed’s retirement, the Board with the Nomination Committee will keep the Board’s overall composition under review and in particular, the proportion comprised of independent Non-Executive Directors. BOARD EVALUATION Sophos supports the Code principle that each FTSE 350 company should undertake a thorough review of Board process, practice and culture on an annual basis; with the input of an external facilitator at least once every three years. The Board considers such annual reviews as an essential part of good corporate governance. During the year, we assessed the effectiveness of the Board externally for the first time, building on the findings from the previous year’s internal exercise. We focused on our effectiveness as a Board as a whole, on each committee’s effectiveness and the performance of each individual Director. The evaluation concluded that the Board continued to operate in a functional, collegiate way which is committed, effective and purposeful in seeking to deliver value to shareholders. In addition, the committee structure in place, together with orderly and thoughtful refreshment of the Board in the past year, has ensured that an appropriate level of specialist support and assurance is available to the main Board. The review is discussed in more detail on pages 52 to 53 of this Report. SHAREHOLDER ENGAGEMENT At Sophos, all our shareholders are important to us and the Board looks to encourage and maintain an open dialogue with them. The design and operation of a robust, yet evolving governance structure appropriate for a group of the scale and ambition of Sophos remains critical to meeting their needs. The Company’s approach to governance is based firmly on the concept that good corporate governance enhances long-term shareholder value and sets the culture, ethics and values for the rest of the Group. The Board has ultimate responsibility for reviewing and approving the Annual Report and Accounts and it has considered and endorsed the arrangements for their preparation, under the guidance of its Audit and Risk Committee. The Directors confirm the Annual Report and Accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group’s position and performance, business model and strategy. Peter Gyenes Non-Executive Chairman DEAR SHAREHOLDER, FY17 has been a year of continued successful progress in our business, as well as in strengthening our status as a UK public listed company. The Board has kept under review its policies and procedures created to meet the various corporate governance and regulatory requirements applicable to the Company following its Initial Public Offering (“IPO”) and built upon them in order to take in to account new regulations, including the EU Market Abuse Regulation (“MAR”) and the UK Modern Slavery Act 2015. In response to MAR, the Board approved the adoption of a new Sophos Dealing Code, established a Disclosure Committee of the Board and implemented accompanying internal processes. In respect of the Modern Slavery Act, the Board approved the adoption of the Sophos Anti-Slavery and Human Trafficking policy, together with associated internal processes, and published the Sophos Modern Slavery Act Transparency Statement on its website, accessible from the homepage. BOARD COMPOSITION AND COMPLIANCE The Board has forged ahead with its plan to further strengthen its composition and to comply with the UK Corporate Governance Code (the “Code”) by successfully welcoming two new independent Non- Executive Directors in early 2017. I, and my fellow Board members, were delighted to welcome Vin Murria on 3 January 2017 and Rick Medlock, shortly after the end of the financial year on 3 April 2017. Vin Murria is a successful entrepreneur with a strong background in both building and advising technology-based companies in the UK, and in growing shareholder value. Vin was previously named Quoted Company Entrepreneur of the year and Woman of The Year in the Cisco Everywoman Technology Awards. Rick Medlock has 30 years of experience in the financial management of large international technology companies. His deep understanding and knowledge of financial management in the technology industry, and extensive experience with global businesses listed in both the UK and the US will be of great benefit to the Board. In addition, Ed Gillis announced his intention to retire as an independent Non-Executive Director and chairman of our Audit and Risk Committee, with effect from the conclusion of the Company’s 2017 Annual General Meeting (“AGM”). Ed has been a member of the Board for eight years, leading the Audit and Risk Committee, including seeing the Company through its IPO and he has brought considerable insight, diligence 47 UK CORPORATE GOVERNANCE CODE COMPLIANCE This report, which is available on the Company’s website, explains the key features of the Company’s governance structure to provide a greater understanding of how the main principles of the UK Corporate Governance Code (“the Code”) have been applied and to highlight areas of focus during the year. The Code can be found on the FRC’s website at www.frc.org.uk During the year, the Company complied with all the principles and provisions of the Code, except for Code provision B.1.2 which recommends that at least half of the Board of Directors of a UK-listed company, excluding the Chairman, should comprise independent Non-Executive Directors. Following the appointment of Vin Murria, 44 percent of the Board were considered to be independent at the end of the financial year. Notwithstanding the appointment of Rick Medlock in April 2017, the Board recognises that the Company will no longer comply with this provision following Ed Gillis’s retirement at the conclusion of the 2017 AGM. The Board will keep this position under review, and it is their intention to comply in due course. Full details of independence can be found in the Board of Directors section on pages 50 and 51. THE BOARD AND ITS COMMITTEES The Board is responsible for the effective oversight of the Company. It also agrees the strategic direction and governance structure that will help achieve the long-term success of the Company and deliver shareholder value. The Board takes the lead in areas such as strategy, financial policy and making sure a sound system of internal control is maintained. The Board’s full responsibilities are set out in the schedule of matters reserved for the Board described below. The Board delegates authority to its Committees to carry out certain tasks on its behalf, so that it can operate efficiently and give the right level of attention and consideration to relevant matters. RESPONSIBILITIES OF THE BOARD The Board has approved and keeps under review, the schedule of matters reserved for its decision; specifically, taking in to account the recommendations of the relevant Board Committees, the Board is responsible for: • Guiding the Group’s long-term strategic aims, leading to its approval of the Group’s strategy and its budgetary and business plans • Approval of significant investments and capital expenditure • Approval of annual and half-year results • Approval of the dividend policy, payment of the interim dividend and the recommendation of final dividends • Ensuring maintenance of a sound system of internal control and risk management • Ensuring adequate succession planning for the Board and senior management • Determining the remuneration policy for the Directors and the senior management team BOARD FOCUS DURING THE YEAR • Strategy: During the year the Board held a Board Strategy event and worked with management to: – discuss the changing business environment for the Company; – review the Company’s strategy and growth plans and consider the key risks; – discuss in detail the performance of the Company’s existing portfolio of products, key risks to delivery for the portfolio, together with the ongoing portfolio management strategy and different portfolio scenarios; and – integration of completed acquisitions and potential future acquisition opportunities to advance the Company’s strategy, following three acquisitions executed during FY17. • Financial statements: During FY17, the Board reviewed the Company’s operating results and financial statements with management and the Company’s external auditors. The Board also reviewed and approved the operating plan for the fiscal year. • Business performance: In FY17, the Board received and reviewed reports from management on the performance of the Company’s business. The Board engaged in discussions with management on various aspects of business performance, including business drivers, industry trends, risks, opportunities and the competitive landscape. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 48 CORPORATE GOVERNANCE STATEMENT CONTINUED • Risk: In conjunction with the recommendations of the Audit and Risk Committee, the Board’s review of the Annual Report included detailed consideration of: – the identified principle risks of the Company and the continued effective management of those risks in order to achieve the Company’s strategic objectives; – the ongoing appropriateness of the adoption of the going concern basis of accounting; – the appropriateness of the Viability Statement disclosure; and – that the Annual Report was fair, balanced and understandable and it provided the information necessary to assess the Group’s position and performance, business model and strategy. • Governance: The Board took account of the changing corporate governance landscape and kept under review the ongoing effectiveness of its governance structure in FY17 in order to keep pace. As a result, the Board considered and approved governance policies designed to ensure its compliance with MAR and the UK Modern Slavery Act 2015, together with the establishment of a Disclosure Committee and the publication of the Sophos Modern Slavery Act Transparency Statement. • Performance: In FY17, the Board undertook an evaluation of its own performance, the performance of its committees and each individual Director with the assistance of an external facilitator, Duncan Reed of Condign Board Consulting Limited. As a result, a number of recommendations were made, and actions identified for the forthcoming year, and are set out on pages 52 to 53 of this Report. BOARD COMMITTEES The Board has a number of committees that were established at the time of its IPO, and which support the effective discharge of its duties. During the year, the Board also established a Disclosure Committee to oversee the disclosure of information by the Company and to assist it to meet its obligations under MAR and the FCAs Listing Rules and Disclosure Guidance and Transparency Rules. The various committee reports can be found on pages 54 to 87 of this Report and each committee’s full terms of reference are available on the Company’s website at https://investors.sophos.com Non-Executive Directors The Non-Executive Directors meet without the Executive Directors present after each scheduled Board meeting, and at least once a year without the Chairman present. Senior Management Team The Senior Management Team (SMT) is comprised of the Chief Executive, Chief Financial Officer and 9 individuals who head up the key Group functions and each report to the Chief Executive, and support him in the leadership of the business. Full biographical details of the SMT can be found on the Company’s website at www.sophos.com The structure of the Committees is set out below: BOARD OF DIRECTORS Audit & Risk Committee Nomination Committee Remuneration Committee Disclosure Committee Risk & Compliance Committee 49 TABLE OF ATTENDANCE The table below summarises the attendance of the Directors and committee members at the scheduled Board and committee meetings held during the year: Board Audit and Risk Committee Remuneration Committee Nomination Committee Disclosure Committee Director Peter Gyenes* Kris Hagerman** Nick Bray Sandra Bergeron Edwin Gillis*** Salim Nathoo Roy Mackenzie Steve Munford Paul Walker**** Vin Murria All appointments stated are as at 31 March 2017 * ** *** Peter Gyenes is Chairman of the Board and of the Nomination Committee. Kris Hagerman is Chairman of the Disclosure Committee. Edwin Gillis is Chairman of the Audit and Risk Committee. **** Paul Walker is Chairman of the Remuneration Committee. Attended of those eligible Not attended of those eligible BOARD COMPOSITION, QUALIFICATION AND EXPERIENCE The composition, experience and balance of skills on the Board are periodically reviewed to ensure that there is the right combination on the Board and its Committees and they are working effectively. At the date of publication, there are currently eleven Directors on the Board, which comprises a Non-Executive Chairman (who, for the purposes of the Code was independent on appointment), two Executive Directors, five independent Non-Executive Directors and three Non-Executive Directors who are considered by the Board not to be independent for the purposes of the Code. The current members of the Board have a wide range of skills and experience. The Board believes that crucial to its ability to lead the Company successfully it requires a membership that combines detailed knowledge of: the Group’s operations; the technology industry in which the Group operates; leading a global business; and, being listed on the London Stock Exchange. KEY BOARD ROLES INTERACTION BETWEEN THE CHAIRMAN AND CHIEF-EXECUTIVE The division of responsibilities between the Chairman, Chief Executive Officer and Senior Independent Director is clearly defined and agreed by the Board. The Board supports the separation of the roles of the Chairman and Chief Executive and the partnership between Peter Gyenes and Kris Hagerman is based on mutual trust, facilitated by regular contact between the two. The separation of authority enhances independent oversight of the executive management by the Board and helps to ensure that no one individual on the Board has unfettered authority. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 50 CORPORATE GOVERNANCE STATEMENT CONTINUED INTERACTION BETWEEN THE CHAIRMAN AND CHIEF-EXECUTIVE continued The key responsibilities that are attributable to each role are summarised below: Chairman • Leads the Board • Promotes a high standard of corporate governance • Facilitates effective contributions by the Non-Executive Directors • Promotes a culture of openness and debate • Encourages constructive relations between Executive and Non-Executive Directors • Facilitates effective communication by the Company with its shareholders • Leads the evaluation of performance of the Board, its Committees and Directors in accordance with best practice. Chief Executive Officer • Leads the management team • Facilitates an effective management structure with appropriate delegation of authorities • Develops proposals for the Board to consider, including on Group strategy, annual plans and commercial objectives • Responsible to the Board for the operational activity of the Company • Oversees implementation of all Board-approved actions • Supports the Chairman to ensure that appropriate governance standards spread through the organisation • Ensures that the Board is made aware of the employees’ views on relevant issues. THE ROLE OF NON-EXECUTIVE DIRECTORS Senior Independent Director • Acts as intermediary between Directors when required • Works closely with the Chairman, acting as a sounding board and providing support • Is available to shareholders and other Non- Executives to address any concerns or issues they feel have not been adequately dealt with through the usual channels of communication • Chairs the Nomination Committee on consideration of succession for the role of Chairman of the Board. Non-Executive Directors • Constructively challenges management proposals • Help develop proposals on strategy • Have a prime role in appointing and, where necessary, removing Executive Directors • Have an integral role in succession planning • Provide an external, diverse perspective and insight to consideration of management proposals. NON-EXECUTIVE DIRECTOR INDEPENDENCE The Board considers and reviews the independence of each Non-Executive Director on an annual basis as part of the Directors’ performance evaluation. In carrying out the review, consideration is given to factors such as their character, judgement, commitment and performance on the Board and relevant committees and their ability to provide objective challenge to management and an external, diverse perspective to the consideration of management proposals to support the Company achieve its strategic aims. The Board considers its independent Non-Executive Directors bring strong judgement and considerable knowledge and experience to the Board’s deliberations. The Board considers that the appointments made during the year have only strengthened this position further. The Code requires a company to state its reasons if it determines that a Director is independent in certain circumstances, including where a Director holds cross-directorships or participates in the Company’s share option or performance related pay scheme. Paul Walker, as noted in the annual report on Directors’ Remuneration on page 87, participates in a restricted share arrangement. Notwithstanding this arrangement, the Board considers Paul to be independent in character and judgement. This continues to be evidenced by his valuable contributions at Board and committee meetings, and in particular, the knowledge and experience he brings to his role as Chairman of the Remuneration Committee. Additionally, Peter Gyenes is a director of Carbonite Inc., to whose board Steve Munford was appointed Chairman in March 2016. The Code provides that the Chairman of a company should be independent on appointment. The Board considers that Peter Gyenes, the Chairman, was independent upon appointment and that he continues to be independent notwithstanding the cross-directorship described above. Steve Munford was also Chief Executive of the Group between 2006 and 2012 and accordingly is not considered to be independent. Roy Mackenzie and Salim Nathoo are shareholder appointed Directors and accordingly are not considered independent. 51 By the date of the 2017 AGM, Sandra Bergeron will have served on the Board for seven years. In accordance with the Code, the Board has determined that Sandra Bergeron has retained independence of character and judgement and had not formed associations with the Company that might compromise her independent judgement, notwithstanding her length of service. APPOINTMENT AND TENURE All Non-Executive Directors serve on the basis of letters of appointment which are available for inspection upon request. The letters of appointment set out the expected time commitment of Non-Executive Directors who, on appointment, undertake that they will have sufficient time to meet what is expected of them. This will include attendance at scheduled and emergency Board meetings, meetings of any committee to which they are appointed, site visits, board strategy away days, meetings with shareholders, meetings as part of the Board evaluation process, update meetings and training days and meetings of Non-Executive Directors. Non-Executive Directors are appointed for an initial three-year term and the continuation of their appointment is conditional on satisfactory performance and subject to annual re-election at the Company’s Annual General Meetings. Executive Directors serve on the basis of service agreements which are also available for inspection upon request. Further details on the Executive Directors’ service agreements are included in the Directors’ Remuneration Policy, on page 75. DIRECTOR INDUCTION AND TRAINING The Chairman, with the support of the Company Secretary, is responsible for the induction of new Directors and ongoing development of all Directors. New Directors receive a full, formal and tailored induction on joining the Board, designed to provide an understanding of the Group’s business, governance and key stakeholders. The induction process includes the provision of an induction pack and past Board materials, operational site visits, meetings with key individuals and the Company’s advisors, and briefings on key business, legal and regulatory issues facing the Group. As the business environment changes, it is important to ensure the Directors’ skills and knowledge are refreshed and updated regularly. Accordingly, the Company Secretary ensures that updates on corporate governance, regulatory and technical matters are provided to Directors at Board meetings and by means of communications or special sessions in between formal Board meetings. In this way, Directors keep their skills and knowledge relevant so as to enable them to continue to fulfil their duties effectively. Following the conclusion of the recent Board evaluation process, a new selection of training and development opportunities will be made available to the Board to address any identified areas for focus as well as topical corporate governance, regulatory and technical matters. INFORMATION AND SUPPORT AVAILABLE TO DIRECTORS, THE COMPANY SECRETARY The Board and each Director has unlimited access to the General Counsel and Company Secretary, who advises the Board and the Board Committees on relevant matters, including compliance with the Company’s policies and procedures, relevant legislation and regulation, including the Listing Rules and the Code and other governance standards. The General Counsel and Company Secretary provides guidance to the Board and individual Directors regarding their duties, responsibilities and powers and ensures the proper administration of the proceedings and matters relating to the Board. The Chief Executive Officer and the Company Secretary work together to ensure that Board papers are clear, accurate, delivered in a timely and secure manner to Directors, and are of sufficient quality to enable the Board to discharge its duties effectively. As well as the support of the General Counsel and Company Secretary, there is a procedure in place for any Director to take independent professional advice at the Company’s expense in the furtherance of their duties, where considered necessary or advisable. All Directors have access to an online portal to which Board materials are published and Board resources, including information about the Company and helpful guidance documents for their reference as Directors of a UK listed company, are available. DIRECTOR ELECTION AND RE-ELECTION Following recommendations from the Nomination Committee and taking into account the results of the Board’s performance evaluation process, the Board considers that each of the Directors proposed for election or re-election is fully competent to carry out their responsibilities as a Director and as set out earlier, is content that each independent Non-Executive Director is independent in character and there are no relationships or circumstances likely to affect his or her character or judgement. In accordance with the Company’s Articles of Association (the “Articles”) and provision B.7.1 of the Code, all Directors will be subject to annual re-election. All Directors will seek re-election at the Company’s AGM in 2017 as set out in the Notice of AGM, with the exception of Edwin Gillis who has indicated his intention to retire at the conclusion of the AGM, and Vin Murria and Rick Medlock who will be standing for election for the first time. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 52 CORPORATE GOVERNANCE STATEMENT CONTINUED DIRECTORS’ CONFLICTS OF INTEREST Directors have a statutory duty to avoid situations in which they have, or may have, interests that conflict with those of the Company, unless that conflict is first authorised by the Board. This includes potential conflicts that may arise when a Director takes up a position with another company. The Companies Act 2006 (the “Act”) and the Articles allow the Board to authorise such potential conflicts, and the Board has adopted a procedure to address these requirements, which includes the Directors completing detailed conflict of interest questionnaires. The matters disclosed in the questionnaires are reviewed by the Board following the Directors’ appointments and annually thereafter and, if considered appropriate, authorised in accordance with the Act and the Articles. The Board deals with each appointment on its individual merit and takes into consideration all the circumstances. The following appointments have been authorised by the Board and have been included in the conflicts register for the relevant period. • Salim Nathoo is a partner at Apax Partners LLP and Roy Mackenzie is a partner at Apax Partners, LP. Apax Partners, LP is a wholly-owned subsidiary of Apax Partners LLP. Both Apax Partners, LP and Apax Partners LLP are advisors of the Apax Funds, which wholly own Pentagon Lock Sarl, Pentagon Lock 6-A Sarl, Pentagon Lock 7-A Sarl and Pentagon Lock US Sarl, and shares a common owner with Apax Global Alpha Limited (collectively “Apax”). Following the admission of the Company’s shares to the London Stock Exchange in 2015, Apax controlled 35.2 percent of the voting rights in the Company and at 31 March 2017, continued to control more than 20 percent of the voting rights in the Company. • Steve Munford is chairman of Carbonite, Inc. which supplies cloud and hybrid data protection solutions, and a company on whose board Peter Gyenes is also a director. Steve also sits on the board of Alert Logic, Inc. which supplies security and compliance solutions and until January 2017, sat on the board of Utimaco Inc, a subsidiary of Utimaco GmbH which supplies professional cybersecurity solutions. • Ed Gillis sits on the board of LogMeIn, Inc., a leading SaaS company. • Sandra Bergeron sits on the boards of F5 Networks and Qualys, Inc., suppliers of application delivery networking and cloud security and compliance management solutions respectively. • Vin Murria is a Non-Executive Director of Softcat plc, with whom the Company maintains an ongoing customer relationship, see note 32 of the Financial Statements for details of related party transactions. BOARD EVALUATION AND EFFECTIVENESS In accordance with Principle B.6.2. of the Code and corporate governance best practice, it is the Board’s policy to invite external evaluation of the Board, its Committees and the role of individual Directors every three years. During the year, it was agreed that the evaluation process for the current fiscal year would be externally facilitated and following a robust tender process, Duncan Reed of Condign Board Consulting Limited was engaged to conduct the evaluation. Duncan Reed is independent. His only connection to Sophos Group plc is his work with the Board evaluation. The results of the evaluation concluded that the Board continued to operate in a functional, collegiate way which is committed, effective and purposeful in seeking to deliver value to shareholders. In addition, the committee structure in place, together with orderly and thoughtful refreshment of the Board in the past year, has ensured that an appropriate level of specialist support and assurance is available to the main Board. The Board evaluation process was led by the Chairman, in consultation with the Senior Independent Director and General Counsel and Company Secretary. The approach adopted included observation by Mr Reed at the February 2017 Board Meeting and Strategy event, together with one to one discussions between Mr Reed and each Director, the General Counsel and Company Secretary and the Deputy Company Secretary. During the year, the following activities were undertaken as recommendations adopted by the Board from the previous year’s internal evaluation: • The Board received regular updates on corporate governance, regulatory and technical matters at Board meetings in order to build on their understanding of the applicable UK rules; • With the support of the Nomination Committee and the SVP, Human Resources, the Board; – considered the Company’s succession plan for each role in the Senior Management Team; and – monitored the Board’s composition in light of Code provisions and agreed potential Board candidate profiles in order to secure the appointment of two new independent Non-Executive Directors during the year; 53 • With the support of the Audit and Risk Committee and Head of Internal Audit, the Board placed additional focus on the consideration of Group risks and in particular, the identification, understanding and management of those risks; • With the support of the General Counsel and Company Secretary, the Board undertook an evaluation of the Board, its Committees and the role of individual Directors in order to continue to assess and improve Board processes. Following the conclusion of the current year’s evaluation, the Board agreed the following recommendations for improvement in the next fiscal year: • Bring greater clarity and focus to the role of the Board, and individuals within it, by providing more directional board materials and through clearer allocation and management of the Board’s time in disciplined discussions; • Further promote focused debate at the Board by operating an annual strategic agenda in which the Directors will input, ensuring that each meeting considers key strategic issues at the most appropriate junctures, alongside the normal requirements of the quarterly reporting cycle; • Support the Nomination Committee in crystallising and planning for future Board and Committee rotation, including scoping and clarifying specifications for key roles, in accordance with the provisions of the Code; and • Continue working closely with management and the Company’s advisers, to ensure that wider shareholder sentiment on Company matters is fully explored, understood and weighed. SHAREHOLDER ENGAGEMENT Responsibility for shareholder relations rests with the Group’s Chief Financial Officer, supported principally by the Chief Executive, the Chairman and Senior Independent Director, as appropriate. He ensures that there is effective communication with shareholders and is responsible for ensuring that the Board understands the views of shareholders. Mr. Bray and Mr Hagerman are also supported by the Group’s VP of Investor Relations and corporate brokers with whom they are in regular dialogue. As a part of a comprehensive investor relations programme, formal meetings with investors are scheduled to discuss the Group’s interim and final results. In the intervening periods, the Company continues its dialogue with the investor community by meeting key investor representatives and holding investor roadshows. Non-Executive Directors are invited to attend meetings in the investor relations programme and welcome the opportunity to meet with our major shareholders. ANNUAL GENERAL MEETING The Company’s next AGM will take place at 3:00 pm on Thursday, 7 September 2017 at the Company’s registered office. All shareholders have the opportunity to attend and vote, in person or by proxy, at the AGM. The Notice of AGM can be found on our website at https://investors.sophos.com, and in a circular which is being mailed out at the same time as this Report. The Notice of AGM sets out the business of the meeting and explanatory notes on all proposed resolutions. Separate resolutions are proposed in respect of each substantive issue. The AGM is the Company’s principal forum for communication with private shareholders. RISK MANAGEMENT AND INTERNAL CONTROLS The Audit and Risk Committee report explains the process carried out for the assessment of the effectiveness of the Company’s risk management and internal control systems on page 62. EXTERNAL AUDITOR KPMG LLP have expressed their willingness to continue as the Company’s auditor. As outlined in the Audit and Risk Committee report on page 63, resolutions proposing their reappointment and to authorise the Audit and Risk Committee to determine their remuneration will be proposed at the 2017 AGM. By order of the Board Eleanor Lacey Company Secretary 16 May 2017 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 54 NOMINATION COMMITTEE REPORT DEAR SHAREHOLDER, I am pleased to present our second report on behalf of my fellow Nomination Committee members. The Committee met three times during the year and has placed a significant amount of focus on the Company’s search for additional independent non-executive directors, the attendant process for Board appointments and succession planning for senior management, Board and Committee appointments. Here we set out the key aspects of the Committee’s role in more detail, together with our main areas of consideration and the activities we have undertaken during the year. Since our last report to Shareholders, the Committee has also welcomed two new members, following the successful appointment of two new independent non-executive directors to the Board earlier this year. Vin Murria and Rick Medlock joined the Company in January and April, respectively; and bring with them a wealth of experience in both the technology industry and globally-oriented UK listed companies. COMMITTEE COMPOSITION AND MEETING ATTENDANCE Peter Gyenes (Chairman) Sandra Bergeron Edwin Gillis Roy Mackenzie Vin Murria Paul Walker Attended of those eligible Not attended of those eligible All appointments stated are as at 31 March 2017 The composition of the Committee is in compliance with the Code, which provides that a majority of its members should be independent non-executive directors. The Committee is chaired by the Chairman of the Board. The Company Secretary is secretary to the Committee and attends all meetings. Other attendees at Committee meetings may differ from time to time and, upon invitation from the Committee, include the Chief Executive and other members of the senior management team. ROLE AND RESPONSIBILITIES The Committee is responsible for regularly evaluating the balance of skills, knowledge, experience and diversity of the Board and its Committees, as well as the size, structure and composition of each. It is also responsible for periodically reviewing the Board, Committees’ and senior management structure and succession plans, and identifying with management, the priorities for succession planning in respect of each position. On an annual basis, the committee considers the re-election of Directors prior to their recommended approval by shareholders. The full terms of reference of the Committee can be found on the Company’s website at https://investors.sophos.com. MAIN ACTIVITIES The Committee has an annual forward agenda, developed from its terms of reference, with standing items that the Committee considers at each meeting, in addition to any specific matters arising, and topical business or governance items on which the Committee has chosen to focus. During the year, time was taken, to: review the performance of external search consultants; instigate and keep under review the search for at least one new Non-Executive Director; review the succession plans for senior management, Board and Committee appointments; • review the composition of the Board and its Committees, including the chairmanship of each Committee; • consider the implications for Board composition of the results of the Board performance evaluation process; • • • • • • • • review and recommend the appointment and re-appointment of directors at the Annual General Meeting (AGM) of the Company. review the Company’s Diversity Policy and the performance of the Company when measured against it; review and approve the Committee’s report for inclusion in the Annual Report and Accounts; and review the annual time requirement of Non-Executive Directors; review the Committee’s terms of reference; 55 PROCESS FOR BOARD APPOINTMENTS The Committee is asked to lead, on behalf of the Board, the selection process for new Board appointments as and when they arise and to make recommendations in respect of such appointments. Following the Committee’s review of the structure, size and composition of the Board and in particular, having regard to the principles of the Code and the results of the annual Board performance evaluation process relating to Board composition, the Company initiated a search for two new independent Non-Executive Directors during the year. During May 2016, the Company engaged Heidrick & Struggles, independent executive search consultants, with whom the Company has no other connection, to assist with the search. Heidrick & Struggles is a signatory to and abides by the voluntary Code of Conduct, on gender diversity and best practice. Following a rigorous search process, the Company was delighted to appoint Vin Murria and Rick Medlock to the Board as independent Non-Executive Directors with effect from 3 January 2017 and 3 April 2017, respectively. In addition, Edwin Gillis has confirmed to the Board his intention to retire and not stand for re-election at the Company’s 2017 AGM. The Committee is aware that following Edwin’s retirement, the Board will no longer be compliant with the provision of the Code, that at least half the Board, excluding the Chairman, should comprise independent Non-Executive Directors, and as outlined in my earlier statement the Company will continue its process to identify and recruit a further candidate to serve as an independent Non-Executive Director. The process adopted for searches undertaken during the year is set out below: • The Committee Chairman, with the consultants, submitted a short-list of candidates to members of the Committee and the Chief Executive Officer for them to review and, to enable them to suggest other candidates. • The Committee Chairman, Senior Independent Director, the Chief Executive Officer and Chief Financial Officer each met the short-listed candidates selected by the Committee. Once it was determined that the Chairman wished to proceed with the selection process, the candidate was then invited to meet all members of the Board. • After all Board members had met the candidate, the Committee then determined whether to recommend the candidate to the Board for appointment. Where the Company decides to appoint an Executive Director, the process it will adopt is set out below: • The Committee Chairman and the Chief Executive Officer or, if engaged, search consultants, will submit a short-list of one or more candidates to the Committee. • The Committee Chairman, Senior Independent Director, Chief Executive Officer and Chief Financial Officer will each meet the candidates selected for interview. Once determined that the Chairman and Chief Executive Officer wish to proceed with the selection process, some or all of the Committee members will then meet the candidates selected for interview. • The Committee’s assessments will be reviewed with the Chairman of the Board and the Chief Executive Officer, following which a candidate may be recommended to the Board for appointment. SUCCESSION During the year, the Committee conducted a review of succession to SMT roles and identified individuals internally and externally, as appropriate who would be suited to take on each role. Internal successors were categorised by their relative readiness to assume any such role and where it was not possible to identify a suitable internal successor, an external successor would be identified, as and when appropriate. Management would look at the implementation of developmental plans to address any internal successors relative readiness to assume any such role. Alongside the ongoing search process outlined above, the Committee had kept a watching brief on succession to Board roles during the year, and would continue to do so during the current financial year. DIVERSITY The Company’s Diversity Policy acknowledges the importance of diversity in its broadest sense, including gender and ethnicity, for the Group. The Board does not feel it would be appropriate to set absolute targets as it believes all appointments should be made on merit, although it will take in to consideration the recommendations of the Davies and Hampton-Alexander reviews for female representation on the Board of at least one third by 2020, and for recruitment and promotion to the SMT, and their direct reports, to reflect this. Details of diversity within our workforce, including at Board and at the senior management level, can be found on page 38. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 56 NOMINATION COMMITTEE REPORT CONTINUED The Board also established the measurable objectives set out below for achieving diversity on the Board and the Committee firmly believes that in the appointments made since our last report to Shareholders, the Board has delivered on each of these objectives: • All Board appointments will be made on merit, in the context of the skills, knowledge and experience that are needed for the Board to be effective. • Ensure long lists of potential Non-Executive Directors include diverse candidates of appropriate merit. • Encourage the emergence of female candidates and candidates of diverse backgrounds among the senior management talent pool. • Only engage executive search firms who have signed up to the voluntary Code of Conduct on gender diversity and best practice. During the year, the Committee, in recognition of their role in increasing diversity throughout the Group, considered diversity in its broadest sense when reviewing the succession plans for roles to the Board, Committees and senior management, and in assessing long-lists of potential candidates for appointment to the Board. In addition to taking in to account gender, ethnicity and other forms of diversity, the Committee seeks to achieve the optimal balance of skills, experience, independence and knowledge of Sophos and the industry as a whole amongst the Board and senior management team, in order to support the Company’s long-term objectives. At 31 March 2017, the proportion of women on the Board was 20 percent and the proportion of independent Non-Executive Directors (excluding the Chairman) was 44 percent. Following Rick Medlock’s appointment, the proportion of women on the Board is 18 percent, and the proportion of independent Non-Executive Directors (excluding the Chairman) is 50 percent. The Committee will continue to keep these measurable objectives under review and will make recommendations to the Board for their future adjustment, as appropriate. The Committee is pleased with the Company’s performance against these objectives to date, but acknowledges that progress is ongoing. PERFORMANCE EVALUATION The Nomination Committee’s performance was assessed as part of the Board’s annual effectiveness review. It was concluded that the Committee operated effectively. In response to the findings of the review, Committee members will consider and develop the Board rotation and succession road map taking in to account the current and desired balance of skills and experience, together with, tenure, independence and diversity including as to gender and the international background of its Directors. As referred to above, the Committee will also keep under review the Company’s people policies, including Diversity Policy and recommend implementation or revision, where appropriate. The Committee also undertakes a review of its terms of reference and composition each year. This review last took place in November 2016, and the full terms of reference of the Committee can be found on the Company’s website, at https://investors.sophos.com Peter Gyenes Nomination Committee Chairman 16 May 2017 57 AUDIT AND RISK COMMITTEE REPORT DEAR SHAREHOLDER, I am pleased to present our second report on behalf of my fellow Audit and Risk Committee members. The Committee met five times during the year and kept under close review the risk management framework put in place following the Company’s IPO in 2015. Here we have set out the key aspects of the Committee’s role in more detail, together with the main activities we have undertaken and the significant issues we have considered during the year. Following the year-end we have also welcomed a new member of the Committee who will become my successor as its Chairman, following the conclusion of the 2017 AGM later this year. In Rick Medlock, the Committee has acquired a strong leader with a deep understanding and knowledge of financial management in the technology industry, and extensive experience with globally-oriented UK-listed companies. COMMITTEE COMPOSITION AND MEETING ATTENDANCE Edwin Gillis (Chairman) Sandra Bergeron Paul Walker Attended of those eligible Not attended of those eligible All appointments stated are as at 31 March 2017 The composition of the Committee is in compliance with the Principles of the Code, which provides that all members should be independent Non-Executive Directors. In line with the requirements of the Code and the FRC’s Guidance on Audit Committees, Edwin Gillis, the Committee Chairman has recent and relevant financial experience through his previous employment in senior financial positions at large companies, including US listed companies, and is a CPA. Rick Medlock, who will assume the role of Committee Chairman at the time of Edwin’s retirement, has recent and relevant financial experience through his current employment as CFO of Worldpay Group plc, and is a qualified chartered accountant. The Board is also satisfied that all members of the Committee have extensive experience of the technology industry in which we operate, sufficient to enable the Committee to exercise its duties effectively. The Company Secretary is secretary to the Committee and attends all meetings. Other attendees at Committee meetings may differ from time to time and, upon invitation from the Committee, include the Chairman, the Chief Executive, the Chief Financial Officer and other members of the senior management team. The Committee will also invite representatives from the internal auditor (Ernst & Young LLP (“EY”)) and the external auditor (KPMG LLP (“KPMG”)), as required. ROLES AND RESPONSIBILITIES The Committee has a fundamental role to play in reviewing, monitoring and challenging the integrity and effectiveness of the Company’s financial reporting and internal control processes. The Committee also oversees the relationship between the Group and its external auditors and makes recommendations to the Board on their appointment. In addition, the Committee monitors and reviews the external auditor’s independence and objectivity and the effectiveness of the audit process, taking into account relevant legal, professional and regulatory requirements. The full terms of reference of the Committee can be found on the Company’s website, at https://investors.sophos.com. MAIN ACTIVITIES The Committee has an annual forward agenda, developed from its terms of reference, with standing items that the Committee considers at each meeting, in addition to any specific matters arising, and topical business or financial items on which the Committee has chosen to focus. During the year, the work of the Committee fell in to three main areas as follows: INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 58 AUDIT AND RISK COMMITTEE REPORT CONTINUED ACCOUNTING, TAX AND FINANCIAL REPORTING • reviewed and approved the quarterly trading updates, half-year and annual financial statements and the attendant significant financial reporting judgements and disclosures; • • • reviewed and approved the going concern and viability assessment, and external statement issued annually; reviewed updates on accounting matters, including consideration of relevant accounting standards and underlying assumptions, and in particular: – the review and revision of alternative performance measures applied by the Company; – the impact of changing accounting standards, in particular revenue recognition; – the codification of accounting for exceptional items; and reviewed and approved the interim and full-year dividend proposals and adjudged them to be in line with the Company’s Dividend policy. RISK MANAGEMENT AND INTERNAL CONTROLS • reviewed and approved the internal audit plan for the year as well as longer-term objectives and received regular updates of the work performed by internal audit and EY, as the outsourced internal audit providers appointed by the Committee in 2015; • • reviewed and approved the risk assessment process and, in particular the identification and assessment of the Company’s principal risks and the attendant disclosures; and received and noted regular updates from the Risk and Compliance Committee (“RCC”), a management committee established following the IPO and which has a direct reporting line to the Committee, to provide an additional level of assurance to the Committee. EXTERNAL AUDITOR • met with the external auditors, KPMG, to review the annual audit plan and receive their findings and reports of the annual audit and interim review; • • reviewed with the auditor the outcome of a FRC Audit Quality Review of their 2016 audit of the Company, undertaken as part of the FRC’s standard quality procedures for which the FRC noted limited planned enhancements to the audit approach; and reviewed and approved the external auditor evaluation paper prepared by management covering the auditor’s independence and objectivity, and evaluation of the effectiveness of the audit process, together with the attendant recommendation for reappointment. Key issues covered by the Committee are reported to the subsequent meeting of the Board, and the Board also receives copies of the minutes of each meeting. PERFORMANCE EVALUATION The Audit and Risk Committee’s performance was assessed as part of the Board’s annual effectiveness review. It was concluded that the Committee operated effectively. In response to the findings of the review, Committee members will work closely with management and KPMG to address the forthcoming period of transition, including a new lead audit partner and a new Committee Chairman, from the conclusion of the 2017 AGM. During the year, the Committee plans to focus on a number of key issues and in particular, review the Group risk appetite and continue to assess the major risks to the business. The Committee also undertakes a review of its terms of reference and composition each year. This review last took place in November 2016, and the full terms of reference of the Committee can be found on the Company’s website, at: investors.sophos.com. 59 SIGNIFICANT ISSUES The issues considered by the Committee that are deemed to be significant to the Group are set out below. Revenue recognition The Group generates revenue from sales of the Group’s Network and Enduser products through subscriptions, hardware and the rendering of enhanced support or professional services. There is a risk that revenue is inappropriately recognised if revenue is incorrectly apportioned to a product or service. Reporting requirements and presentation The Group has a revenue recognition policy in place that details the application of relevant standards to the products and services sold by the Group. The policy includes rules for applying fair value to components of multiple element arrangements and timing of recognition dependent upon the individual nature of the goods or services sold. At half-year and year-end management also provide to the Committee an accounting paper on revenue recognition, any changes arising from updated standards, and a commentary on the revenue recognised. The Group’s external auditors have also reported to the Committee that they have reviewed the revenue recognition policy and processes as well as performing detailed testing of revenue recognition across the year and found revenue to be appropriately accounted for. Having provided appropriate challenge to management and the external auditors, the Committee has concluded that the revenue recognition for the Group is appropriate. The Group makes use of certain non-GAAP measures and discloses certain items separately within the consolidated statement of profit or loss as exceptional items which, in the opinion of the Directors, enables a better understanding of the performance of the Group. The use of these measures and disclosures is judgemental in nature. The use of non-GAAP measures and the classification of certain income statement items as exceptional by the Group have been reviewed by the Committee during the year with reference to authoritative guidance and regulations as well as through discussions with management and external advisors. The Committee is satisfied that the use of such measures is appropriate and enhances the understanding of the Groups financial performance and its prospects. Furthermore, to ensure such measures remain relevant, the Group is proposing a change to the non-GAAP measures that it publishes, as explained further in note 6 to the financial statements. The Committee has also reviewed the disclosures made in this annual report and has discussed them with the external auditors; so as to ensure that it is comfortable with the content and presentation made in the annual report. INTERNAL CONTROLS AND RISK MANAGEMENT During the year, the Committee received and reviewed reports regarding progress on risk management and the principal risks identified across the Group. The Committee was satisfied with the risk management process and with the relevance of the risks identified. It was also satisfied with the level of assurance provided by the Group’s Internal Audit & Risk Management function, which is supported by EY. The Committee has concluded that sound risk management and internal control systems have been maintained throughout the year. During the current year, management have further enhanced the Company’s approach to risk management through the alignment of the risk identification and budgetary planning processes. Through this alignment management can ensure appropriate and targeted investment by the Company to address and, where appropriate, to control and mitigate the identified risks. Whilst the Board is ultimately responsible for the Group’s systems of risk management and internal control, each of the individual functional leaders are recognised as key drivers of the process through which risks and uncertainties are identified. The Board recognises that rigorous internal control systems are critical to managing risk and fundamental to the achievement of its strategic objectives. The Board further acknowledges that these systems are designed to manage rather than eliminate risk in the Group. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 60 AUDIT AND RISK COMMITTEE REPORT CONTINUED The formal process for identifying, evaluating and managing significant risks faced by the Group is overseen by the RCC in association with the work performed by the Internal Audit & Risk Management function. The RCC has designed the risk framework in order to capture and evaluate control weaknesses and risks facing the business. Where the Board defines an identified risk as significant, procedures exist to ensure that necessary action is taken to rectify or mitigate as appropriate. These aforementioned functions provide additional assurance to the Audit and Risk Committee who have ultimate responsibility for the oversight and review of the adequacy and effectiveness of the Group’s systems of internal controls. The external auditors provide a supplementary, independent and autonomous perspective on those areas of the internal control system which they assess in the course of their work. Their findings are regularly reported to both the Committee and the Board. Key elements of the control environment are: • Annual budgets and strategic plans performed for all business units and the Group as a whole • Monitoring of performance against budget and subsequent forecasts with reporting to the Board on a regular basis • Monthly review of detailed key performance indicators • All contracts are reviewed at a level of detail appropriate to the size and complexity of the contract • Timely reconciliations are performed for all significant balance sheet accounts • Clearly defined organisational structure and authorisation lines • The management Risk and Compliance Committee that oversees the risk management process • The Board Audit and Risk Committee that approves audit plans and assesses the overall appropriateness of the Group’s internal control environment The preparation and issue of financial reports is managed by the Group’s finance department, as delegated by the Board. The Group’s financial reporting process is controlled using the Group accounting policies and reporting systems. The Group finance department supports all reporting entities with guidance on the preparation of financial information. Each legal entity has a Finance Director or Controller who has responsibility and accountability for providing information which is in accordance with agreed policies. The financial information for each entity is subject to a review at reporting entity and Group level by the Chief Financial Officer alongside the Vice President of Finance. The Annual Report is reviewed by the Audit and Risk Committee in advance of presentation to the Board for approval. Additionally, the Finance Director or Controller of the reporting entity completes a self-certified quarterly Financial Reporting Review Questionnaire which is used to identify control strengths and weaknesses across all financial areas with any weaknesses being subsequently addressed. The Group also maintains a consolidated Risk Register which sets out the nature and extent of the significant risks facing the Group. Each of the risks are prioritised according to likelihood of occurrence and potential impact to the Group and the register ensures that all risks are identified, measured and either mitigated or managed by an appropriate owner. The Directors, through the use of appropriate procedures, systems and the employment of competent personnel, have ensured that measures are in place to secure compliance with the Company’s obligation to keep adequate accounting records. The accounting records are kept at the registered office of the Company. HOW WE MANAGE RISK The Sophos Board is ultimately responsible for ensuring effective identification, assessment and management of risk across the Group. Central to the risk management process is the Group’s culture of openness, transparency and accountability. The Internal Audit & Risk Management function manages and drives the risk management framework and operates on an independent basis providing further assurance to the Board around risk management. The risk management framework enables a robust assessment of risk appropriate to the achievement of the business strategy, as well as being simple and easy to follow to ensure it is embedded into the day-to-day business processes across the Group in order to facilitate risk awareness. This function also ensures that all relevant and significant risks identified across the business are mapped to the internal audit plan for the year. 61 Identify Re-evaluate Risk Management Process Analyse & evaluate Develop & implement Risk Management Plan On a quarterly basis, the RCC reviews the status of risk exposures and risk management throughout the business as managed by the Internal Audit & Risk Management function. The RCC is a committee of senior leaders authorised by the Board to provide an additional level of assurance to the Audit and Risk Committee in overseeing risk management and internal control activities. On behalf of the Board, the Committee reviews and challenges the effectiveness of the risk management process. The Group takes a two-pronged approach to identifying risks: 1) 2) A bottom-up approach at the business function level; these risks are managed at the operational level with an appropriately defined escalation process in place for those risks rated as high. A top-down approach at the senior leadership team level; these are the principal risks which could have a serious impact on the strategic business plan of the Group and may encompass several of the risks identified in the bottom-up approach. A series of risk identification approaches are used such as risk identification and horizon scanning workshops; interviews and inclusion of risk discussions in team meetings. Risk registers are fully owned at the business function level and registers are maintained and reviewed on a quarterly basis. All identified risks are assessed against our pre-defined scoring matrix and prioritised accordingly. Any risks identified in the bottom-up approach deemed to be rated as higher risk are escalated in line with pre-defined escalation procedures for further evaluation. Following the identification of risks, a risk management plan is developed and implemented; this is managed by the assigned risk owner with regular feedback to the RCC. Regular reporting of risk management ensures each risk is re-evaluated on a timely basis to ensure that all relevant risks are identified and managed appropriately and that the Board is focused on the principal risks identified. WHISTLEBLOWING A whistleblowing policy is in place in the Group enabling employees to confidentially report matters of concern directly to Non-Executive Directors. The Committee receives details of any matters raised. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 62 AUDIT AND RISK COMMITTEE REPORT CONTINUED INTERNAL AUDIT EY continue to support the Sophos Internal Audit & Risk Management function. The Group’s Chief Financial Officer provides oversight and coordination of Internal Audit with support from the RCC. In order to ensure independence, the Internal Audit function has a direct reporting line to the Committee and its Chairman. The nature and scope of the Internal Audit plan using a risk-based approach, was approved by the Committee, with any subsequent changes to the plan requiring further approval. The results of the audits were assessed alongside responses from management. Any outcomes graded as requiring improvement were considered in detail by the Committee along with the appropriateness of mitigation plans to resolve the issues identified. At each meeting, the Committee received audit reports and updates from the Internal Auditors, in order to ascertain progress in completing the internal audit plan and to review results of the audits. The Internal Audit plan continues to be developed through a review of formal risk assessments, together with consideration of the Group’s key business processes and functions that could be subject to audit. The Committee have monitored and reviewed the scope and results of the Internal Auditors’ activities as well as the effectiveness of Internal Audit during the financial year. REVIEW OF EFFECTIVENESS The Board, through the Committee, has reviewed and considered the effectiveness of the risk management and system of internal controls in operation across the Group. The main objectives of the Group’s internal control systems are: • To ensure its aims and objectives are met • To ensure adherence to management policies • To ensure compliance with statutory requirements • To safeguard assets • To ensure the relevance, reliability and integrity of information, so ensuring as far as possible the completeness and accuracy of records Any system of control can only ever provide reasonable and not absolute assurance that control weaknesses or irregularities do not exist, or that there is no risk of material errors, losses, fraud, or breaches of laws or regulations. Accordingly, the Group is continually seeking to improve the effectiveness of its systems of internal control. The Committee has concluded that the Group’s risk management and system of internal controls is deemed effective. This is informed by a number of sources: • The audit work undertaken by the Internal Audit function during this financial year • Risk management procedures managed and overseen by the Risk and Compliance Committee • Reports issued by the Group’s external auditors A detailed review of the Group’s management of each principle risk or uncertainty is explained on pages 34 to 37. 63 EXTERNAL AUDITOR The Committee reviews and makes recommendations with regard to the appointment and reappointment of the external auditors. In making these recommendations, consideration is given to auditor effectiveness and independence, partner rotation and any other factors that may impact the reappointment of the external auditors. There are no contractual restrictions on the choice of external auditors and the Committee considers on an annual basis the need for a formal tender process in accordance with the provisions of the UK Corporate Governance Code. The Group’s auditors, KPMG LLP, were appointed for the year-ended 31 March 2001 with the audit engagement partner rotation last occurring for the year-ended 31 March 2011. As the Group listed during the prior financial year, in accordance with Ethical Standard 3, the audit engagement partner could continue to serve for not more than two years after the listing occurred with a maximum term of seven years in total. On that basis the audit engagement partner is to be rotated for the year-ending 31 March 2018. The external auditors may perform certain non-audit services for the Group, any such non-audit services require pre-approval by the Audit and Risk Committee and are only permitted to the extent allowed by relevant laws and regulations. During the year-ended 31 March 2017 the non-audit services provided by KPMG related primarily to tax compliance activities. In the year-ended 31 March 2016, the non-audit services provided by KPMG primarily related to their role as reporting accountant for the Initial Public Offering of the Company’s shares and as a result their non-audit fees exceeded their audit fees for that year. Non-audit fees for the year ended 31 March 2017 were 33 percent of the audit and audit related fees, in the year-ended 31 March 2016, excluding fees associated with the Initial Public Offering, the non-audit fees were 47 percent of the audit and audit-related fees. Full details of auditor remuneration is shown in note 9 to the Financial Statements. REVIEW OF EFFECTIVENESS OF EXTERNAL AUDITORS An important role of the Committee is to assess the effectiveness of the external audit process. In performing this assessment the Committee: • reviewed the annual audit plan and considered the auditors performance against that plan along with any variations to it; • met with the audit engagement partner to review the audit findings and responses received to questions raised by the Committee; • held regular meetings with the audit engagement partner, including with the absence of executive management; • considered their length of tenure; • • reviewed the external auditors own independence confirmation presented to the Committee. reviewed the nature and magnitude of non-audit services provided; and Based on the assessment performed, the Committee has recommended to the Board that a resolution to reappoint KPMG LLP be proposed at the next Annual General Meeting. Edwin Gillis Chairman of the Audit and Risk Committee 16 May 2017 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 64 DISCLOSURE COMMITTEE COMMITTEE COMPOSITION AND MEETING ATTENDANCE Kris Hagerman (Chairman) Nick Bray Attended of those eligible Not attended of those eligible All appointments stated are as at 31 March 2017 The Committee was established by the Board on 8 November 2016 and is chaired by Kris Hagerman, the CEO. A quorum of two members, including at least one Executive Director is required for the transaction of business. The Company Secretary is secretary to the Committee and attends all meetings. ROLE AND RESPONSIBILITIES The Committee is responsible for the implementation and monitoring of systems and controls in respect of the identification, management and disclosure of inside information and for ensuring that regulatory announcements, shareholder circulars, prospectuses and other documents issued by the Company comply with applicable legal or regulatory requirements. The primary responsibilities of the Committee include: • review of the preliminary results announcement, the interim management statements, the half-year results and any other trading statements; • review of information provided to the Committee, consideration of its potential categorisation as inside information and determination of the date and time at which that inside information first existed within the Company; • determination of whether any identified inside information gives rise to an immediate disclosure obligation, or whether it is permissible to delay disclosure; and, review and approval of announcements in respect of disclosable projects. • At each Board and Senior Management Team meeting, transactions or events are considered against the disclosure obligations of the Company and whether any matter is considered to be price sensitive. MAIN ACTIVITIES Key issues reviewed by the Disclosure Committee since its inception, include: • • • • • • the interim dividend; the announcement in respect of the interim results for the six-months ended 30 September 2016; the trading update for the three-months ended 31 December 2016; the announcement of the acquisition of the commercial software products business of Invincea, Inc.; the proposed final dividend; and the preliminary results announcement. 65 ANNUAL STATEMENT OF THE REMUNERATION COMMITTEE CHAIRMAN DEAR SHAREHOLDER, As Chairman of Sophos’ Remuneration Committee, I am pleased to present the Directors’ Remuneration Report for the year-ended 31 March 2017 which has been prepared by the Committee and approved by the Board. In line with the UK reporting regulations, this report is divided into three sections: • The Annual Statement by the Remuneration Committee Chairman; • The Directors’ Remuneration Policy, which was approved by shareholders at the 2016 Annual General Meeting (“AGM”) and details of Sophos’ remuneration policies and their link to Group strategy, as well as projected pay outcomes under various performance scenarios; and • The Annual Report on Remuneration, which focuses on our remuneration arrangements and incentive outcomes for the year under review and how the Committee intends to implement the Remuneration Policy in FY18. We will be seeking shareholder approval for the Annual Report on Remuneration at the AGM on 7 September 2017. REMUNERATION DECISIONS IN FY17 Sophos achieved strong results in the year-ended 31 March 2017, with billings of $632 million and cash EBITDA of $150 million. As a result, Kris Hagerman and Nick Bray will receive bonuses of 110 percent and 88 percent of salary, respectively. During the year, Kris Hagerman and Nick Bray were granted awards of 500 percent and 390 percent of salary, respectively, under the Sophos Group Long-Term Incentive Plan 2015 (“LTIP”) in the form of performance share units (75 percent of the awards) vesting over three years subject to achievement of annual billings and cash EBITDA targets and in the form of restricted share units (25 percent of the awards) vesting over four years subject to continued employment only. No performance share units were due to vest in the year under review. REMUNERATION FOR FY18 Following a review of Group performance and their personal contribution, the salaries of the Executive Directors will be increased by 3 percent, effective from 1 July 2017. This is in line with the average increase expected for the wider employee population (c.4 percent). The Committee will operate the annual bonus on the same basis as in FY17. Billings and EBITDA targets have been set by the Committee and will require Executive Directors to deliver significant stretch performance to achieve full payout. The bonus will continue to be paid in cash. In FY18, the Committee intends to grant long-term incentive awards to Executive Directors in line with the stated remuneration policy and using the same measures as were used in FY17 (billings and cash EBITDA). Awards will be made over performance share units (at least 75 percent of the total award) and restricted shares, within the normal policy limits. SHAREHOLDER CONSULTATION The Remuneration Committee consulted with a number of our major shareholders in advance of the 2016 AGM to provide additional context surrounding our remuneration arrangements, recognising that a number of features are out of line with typical UK market practice. We believe that this contributed to a number of the votes against both our Policy and implementation of that remuneration framework last year. The Committee values all of our shareholders’ feedback and we have provided additional rationale for our remuneration arrangements below. Sophos is also committed to improving the disclosure in our remuneration reporting, in particular in the disclosure of our short and long-term incentive targets. Details of the result on the binding vote on the remuneration policy and the advisory vote on the 2016 Annual Report on Remuneration are set out on page 85 of this report. The policy approved by our shareholders at the 2016 AGM was broadly unchanged from that outlined in our IPO prospectus, and our remuneration arrangements reflect that we compete for talent in a competitive market against other high-technology US West Coast companies. A number of our shareholders highlighted that the linking of some of our long-term incentive (25 percent of the total) to time-only vesting shares is not typical FTSE market practice. The Committee has been conscious of UK institutional investors’ preference for packages to be weighted towards performance-related pay. However we believe that an element of the long-term incentive in restricted stock was necessary to provide a competitive package of fixed and variable pay that will enable the Group to attract and retain executives in the relevant geographies with the right skills and experience to drive the long-term success of the Company. We believe that, in addition to the performance-based long-term incentive awards, the exposure to the share price in combination with shareholding guidelines (and the fact that our Executive Directors hold shares in excess of these guidelines) provides further alignment with shareholders’ interests. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 66 ANNUAL STATEMENT OF THE REMUNERATION COMMITTEE CHAIRMAN CONTINUED For FY16, FY17 and FY18, cash EBITDA and billings were considered to be the best measures of the Group’s performance given our current size and stage of growth. The Committee is aware of some shareholders’ concerns regarding using the same measures for both the short-term and long-term incentives, and will keep the selection of measures under review. We may make changes for future incentive cycles as the profile of the business changes. With regards to our incentive opportunities, awards are calibrated to be competitive in the same market as other high-technology companies on the US West Coast, where a number of the Company’s executives, including our CEO, are located. The Committee has reviewed benchmarks against both US and UK companies, and believes incentive opportunities have been set at the appropriate level to be competitive in the relevant markets, balanced with the fact that we are UK-listed. Whilst our Remuneration Policy is not due for renewal until the 2018 AGM, the Committee continues to monitor developments in remuneration governance, market practice and, most importantly, our shareholders views and will make adjustments to our remuneration arrangements, if appropriate. The Committee is aware of recent developments in remuneration governance, including some shareholders’ preference for post-exit share ownership guidelines and the BEIS consultation on the CEO to employee pay ratios. The Committee will continue to monitor market trends and developments over the next year in order to assess ongoing relevance for the Company’s remuneration practices. The Committee welcomes feedback from our shareholders, as we remain committed to an open and transparent dialogue, and hope to receive your support at the forthcoming AGM. On behalf of the Remuneration Committee Paul Walker Chairman of the Remuneration Committee 16 May 2017 This report, prepared by the Remuneration Committee (‘the Committee’) on behalf of the Board, takes account of the UK Corporate Governance Code and the latest Investment Association, ISS and PLSA guidelines, and has been prepared in accordance with the provisions of the Act, the Listing Rules of the Financial Conduct Authority and the Large and Medium-Sized Companies and Groups (Accounts and Reports) (Amendment) Regulations 2013. The Act requires the Auditor to report to the Company’s Shareholders on the audited information within this report and to state whether in their opinion those parts of the report have been prepared in accordance with the Act. The Auditor’s opinion is set out on pages 96 to 99 and those aspects of the report that have been subject to audit are clearly marked. 67 DIRECTORS’ REMUNERATION POLICY This section describes the Group’s remuneration policy for Directors which applies for up to three years from approval at the Annual General Meeting on 14 September 2016. The overarching principles of the remuneration policy are to provide a competitive package of fixed and variable pay that will enable the Group to ensure it has executives with the right skills and experience to drive the success of the Company, and that their remuneration is linked to shareholder interests and the Company’s long-term success. The remuneration philosophy is: • • • to promote the long-term success of the Company, with stretching performance targets which are rigorously applied; to provide appropriate alignment between the Company’s strategic goals, shareholder returns and executive reward; and to have a competitive mix of base salary and short and long-term incentives, with an appropriate proportion of the package determined by stretching targets linked to the Company’s performance. Executive Directors’ fixed and variable remuneration arrangements have been determined taking into account: • • • • the role, experience in the role, and performance of the Executive Director; the location in which the Executive Director is working; remuneration arrangements at UK listed companies of a similar size and complexity; remuneration arrangements at US high-technology companies of a similar size and complexity, including companies with which the Company competes for talent; and • best practice guidelines for UK listed companies set by institutional investor bodies. PURPOSE AND LINK TO STRATEGY OPERATION MAXIMUM OPPORTUNITY PERFORMANCE METRICS Fixed pay: Base salary To attract and retain talent of the right calibre and with the ability to contribute to strategy, by ensuring base salaries are competitive in the relevant talent market. Base salaries are reviewed annually, with reference to individual performance, Group performance, market competitiveness, salary increases across the Group and the position holder’s experience, competence and criticality to the business. Executive Directors’ salary increases will normally be in line with those for the wider employee population. However, higher salary increases may be made where there is a change in role or responsibilities or a significant market misalignment. Individual and Group performance is taken into account when determining appropriate salary levels. Any increases are generally effective from 1 July. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 68 DIRECTORS’ REMUNERATION POLICY CONTINUED PURPOSE AND LINK TO STRATEGY OPERATION MAXIMUM OPPORTUNITY PERFORMANCE METRICS Fixed pay: Pension Provide post- retirement benefits for participants in a cost-efficient manner. Pension contributions are provided, with a choice of funding vehicles: US 401(k) savings plan for all US employees or group personal pension scheme. None The CEO currently receives a matching contribution of up to 3 percent of salary under his US 401(k) savings plan, subject to the applicable maximum contribution (US$24,000 for FY17). The CFO receives up to 5 percent of salary as a contribution to a group personal pension scheme. Other than in exceptional cases (such as to replace existing arrangements for new recruits) the Committee does not anticipate pension benefits as being at a cost to the Company that would exceed 20 percent of base salary. Fixed pay: Benefits To provide competitive benefits for each role. Benefits currently include the provision of medical and dental insurance, life and disability insurance, travel insurance, personal tax return preparation, and car allowance. Reasonable relocation, travel and subsistence allowances (and, in certain circumstances, cash allowances in respect of the associated tax charge) and other benefits may be provided based on individual circumstances. None There is no overall maximum value set out for benefits. They are set at a level that is comparable to market practice and appropriate for individual and Company circumstances. The Committee retains the discretion to amend benefits in exceptional circumstances or in circumstances where factors outside of the Group’s control have materially changed (e.g. increases in insurance premiums). 69 PURPOSE AND LINK TO STRATEGY OPERATION MAXIMUM OPPORTUNITY PERFORMANCE METRICS Variable pay: Annual bonus Aims to focus executives on achieving stretching financial targets relevant to the business priorities for the financial period. Performance measures and targets are set prior to or shortly after the start of the relevant financial period. The maximum bonus opportunity for Executive Directors will be up to 200 percent of salary. Up to 50 percent of maximum will vest for target performance. The Committee may award up to 12.5 percent of maximum for threshold performance. At the end of the financial period, the Remuneration Committee will determine the extent to which the targets have been achieved. Awards are typically delivered in cash, however the Committee has discretion to defer awards in cash or in shares. The Committee has discretion to reduce the bonus in the event of serious financial misstatement or misconduct. In extreme cases of misconduct, the Committee may claw back annual bonus payments previously made. The annual bonus will be based on achievement of stretching financial targets (e.g. billings, EBITDA) and personal performance. Personal performance will have a weighting of no more than a third. Details of the measures used during the period under review are set out on page 79. The Committee has discretion to adjust the formulaic bonus outcome downwards (or upwards with shareholder consultation) within the limits of the plan, to ensure alignment of pay with the underlying performance of the business. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 70 DIRECTORS’ REMUNERATION POLICY CONTINUED PURPOSE AND LINK TO STRATEGY OPERATION MAXIMUM OPPORTUNITY PERFORMANCE METRICS Variable pay: Long-term incentive plan (“LTIP”) Aligns the interests of executives with shareholders in growing the value of the business over the long-term. The plan provides for annual awards of restricted shares, options and performance shares to eligible participants. Other than for restricted shares, vesting is based on three-year performance. The Committee has discretion to reduce any unvested long-term incentive awards, or to vary the opportunities for future awards, in the case of serious financial misstatement or misconduct. In extreme cases of misconduct, the Committee may claw back vested long-term incentive awards. Participants are eligible to receive cash or shares equal to the value of dividends that would have been paid over the vesting period on shares that vest. Awards may be made up to a maximum of 500 percent of salary in normal circumstances and up to 750 percent in exceptional circumstances (including, but not limited to, recruiting an individual). The award size is reviewed in advance of grant. No performance-based awards will vest below threshold. Up to 25 percent of each element will vest for achievement of threshold performance under each metric, then increase on a straight-line basis to full vesting for achieving stretch performance. It is anticipated that no more than 25 percent of aggregate awards in any one year will be over restricted shares or options. Performance-based awards will vest on achievement of financial performance measures, measured over a three-year performance period, which may include profit measures and billings. Performance-based awards: profit will receive a weighting of at least 50 percent. Other measures may be considered in future years to help capture the strategic goals of the business and may be used in conjunction with these metrics. Time-based awards: restricted shares will begin vesting after one year, and thereafter vest in equal instalments on a quarterly basis until the fourth anniversary of grant based on continued employment only. The Committee has discretion to adjust the formulaic LTIP award downwards (or upwards with shareholder consultation), within the limits of the plan, to ensure alignment of pay with the underlying performance of the business. 71 PURPOSE AND LINK TO STRATEGY OPERATION MAXIMUM OPPORTUNITY PERFORMANCE METRICS Other Arrangements: Shareholding guidelines n/a n/a To align directors’ interests with the long-term interests of shareholders. Executive Directors are required to retain a minimum shareholding in the Company, and are required to retain at least 50 percent of shares vesting (after tax) under the LTIP until the shareholding guideline has been met. Further details of the level of shareholding guideline currently in operation is set out on page 85. Other Arrangements: All-employee schemes To encourage share ownership across the workforce. SAYE and ESPP schemes are operated by the Company for eligible employees, in which Executive Directors may participate on the same terms. Participation is capped at the prevailing approved limit at the time eligible employees are invited to participate, or such lower limit as determined by the Remuneration Committee. None None Any increases to Non- Executive Director fees will be considered as a result of the outcome of a review process and taking into account wider market factors, e.g. inflation. There is no prescribed individual maximum fee. Further details are set out on page 83. Other Arrangements: Non-Executive Directors’ fees To reflect the time commitment in preparing for and attending meetings, the duties and responsibilities of the role and the contribution expected from the Non-Executive Directors. Annual fee for Chairman. Annual base fee for Non- Executive Directors. Additional fees paid to the Chairmen of Board Committees. Additional fees may be paid if there is a material increase in time commitment required. Non-Executive Directors do not participate in any incentive schemes, nor do they receive any pension or benefits (other than nominal travel expenses and, in certain circumstances, cash allowances in respect of the associated tax charge). INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 72 DIRECTORS’ REMUNERATION POLICY CONTINUED NOTES TO THE POLICY TABLE This policy is unchanged in substance since approval at the AGM on 14 September 2016. Other than minor text changes to ensure this policy remains clear for the reader, a few other minor changes have been made to provide additional clarity, including updated scenario charts shown below. PERFORMANCE MEASURE SELECTION AND APPROACH TO TARGET SETTING EBITDA and billings are considered to be the best measures of the Group’s annual performance given the current size and stage of growth, and will continue to determine annual bonus vesting. The Committee will keep this under review, and may select alternative measures as the Group evolves and strategic priorities change. Annual bonus targets will be selected prior to, or shortly after, the start of the financial period. Financial targets will be calibrated with reference to the Group’s budget for the upcoming financial period and the Group’s performance over the prior financial period. Threshold and stretch performance levels for performance-based awards under the LTIP will be set at the start of the three-year performance period. The Committee aims to set stretching but achievable targets, taking account of a range of reference points, including market consensus and the Group’s strategic plan. DIFFERENCES IN REMUNERATION POLICY OPERATED FOR OTHER EMPLOYEES Other employee remuneration has the same components as set out in the policy, being base salary, annual bonus, long-term incentive participation, pension, life assurance and benefit provision. Annual bonus and long-term incentive arrangements share a similar structure and pay-out arrangement, although the mix between performance-based and time-based awards, and the maximum award, varies by seniority and role. OTHER In addition to the above elements of remuneration, any commitment made prior to, but due to be fulfilled after, the approval and implementation of the policy detailed in this report will be honoured, this includes awards made to Directors (both Executive and Non-Executive) prior to IPO. PERFORMANCE SCENARIOS The graphs below provide estimates of the potential future reward opportunities for Executive Directors, and the potential split between the different elements of remuneration under three different performance scenarios; ‘Minimum’, ‘Target’ and ‘Maximum’. CHIEF EXECUTIVE OFFICER $000 CHIEF FINANCIAL OFFICER £000 Maximum Maximum 13% 25% 62% 5,611 17% 24% 59% 1,872 Target Target 25% 25% 50% 2,811 32% 23% 45% 980 Minimum 100% 711 Minimum 100% 310 Fixed pay Annual Bonus LTIP 73 The potential reward opportunities illustrated are based on the policy approved at the AGM on 14 September 2016, applied to the base salaries in force at 1 April 2017. The projected value of LTIP amounts excludes the impact of share price movement or dividend accrual. The assumptions made in illustrating potential reward opportunities are shown in the table below: Performance scenario Minimum Target Maximum Fixed pay Annual bonus LTIP (performance-based awards) LTIP (time- based awards) Salary as at most recent review date. Benefits and pension value as for the most recent financial period. No annual bonus payable. Threshold not achieved On target annual bonus payable Performance warrants threshold vesting Full vesting Maximum annual bonus payable Performance warrants full vesting APPROACH TO REMUNERATION FOR NEW EXECUTIVE DIRECTOR APPOINTMENTS In the cases of hiring or appointing a new Executive Director, the Remuneration Committee may make use of all the existing components of remuneration, as follows: Component Approach Maximum opportunity Base salary The base salaries of new appointees will be determined based on the experience and skills of the individual, relevant market data and their current basic salary. n/a Pension Benefits Membership of pension scheme or salary supplement on a similar basis to other executives, as described in the policy table. Other than in exceptional cases (such as to replace existing arrangements for new recruits) the Committee does not anticipate pension benefits as being at a cost to the Company that would exceed 20 percent of base salary. In line with Policy Table. New appointees will be eligible to receive benefits in line with the policy which may include (but are not limited to) car allowance, medical insurance and life insurance. n/a Annual bonus The structure described in the policy table will apply to new appointees with the relevant maximum being pro-rated to reflect the proportion of employment over the year. 200 percent of base salary. LTIP New appointees will be granted awards under the LTIP on similar terms as other executives, as described in the policy table. Up to 750 percent of base salary. All-employee schemes New appointees may be eligible to participate in all-employee schemes on the same basis as other employees. In line with Policy Table. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 74 DIRECTORS’ REMUNERATION POLICY CONTINUED In determining appropriate remuneration for a new Executive Director, the Committee will take into consideration all relevant factors to ensure that arrangements are in the best interests of the Group and its shareholders. In addition to the remuneration arrangements set out above, the Committee may make an award in respect of a new appointment to ‘buy out’ incentive arrangements forfeited on leaving a previous employer, using Listing Rule 9.4.2 R if necessary. In doing so, the Committee will take account of relevant factors including any performance conditions attached to these awards, the likelihood of those conditions being met and the proportion of the vesting period remaining. The fair value of any buy out will not exceed that of the award being foregone. In cases of appointing a new Executive Director by way of internal promotion, the approach will be consistent with the policy for external appointees detailed above. Where an individual has contractual commitments made prior to their promotion to Board level, the Group will continue to honour these arrangements. Incentive opportunities for below Board employees are no higher than for Executive Directors, but measures may vary. In recruiting a new Non-Executive Director, the Committee will use the policy as set out in the table on page 71. SERVICE CONTRACTS AND EXIT PAYMENT POLICY NON-EXECUTIVE DIRECTORS The appointments of each of the Chairman and the Non-Executive Directors are for a fixed term of three years and subject to annual re-election by the Company at the AGM. Their letters of appointment set out the terms of their appointment and are available for inspection upon request. They are not eligible to participate in the annual bonus, nor do they receive any additional pension or benefits (other than nominal travel expenses) on top of the fees disclosed on page 83. Non-Executive Directors appointment may be terminated at any time upon written notice or in accordance with the articles and receive no compensation on termination. Non-Executive Director Role Appointment date Term of appointment Peter Gyenes Paul Walker Chairman Senior Independent Director 11 June 2015 11 June 2015 Steve Munford Non-Executive Director 11 June 2015 Sandra Bergeron Edwin Gillis Salim Nathoo Roy Mackenzie Vin Murria Rick Medlock Independent Non-Executive Director Independent Non-Executive Director 11 June 2015 Non-Executive Director 11 June 2015 Non-Executive Director 11 June 2015 3 January 2017 Independent Non-Executive Director Independent Non-Executive Director Three years Three years Three years Three years Three years Three years Three years 11 June 2015 Three years 3 April 2017 Three years 75 EXECUTIVE DIRECTORS On 11 June 2015, each of the Executive Directors entered into a service agreement with the Company, which are available for inspection upon request. Executive Director Role Appointment date Term of appointment Kris Hagerman Chief Executive Officer 11 June 2015 Nick Bray Chief Financial Officer 11 June 2015 12 months 12 months The Employer is entitled to terminate an Executive Director’s employment by payment of a cash sum in lieu of notice, equal to (i) the basic salary that would have been payable, and (ii) the cost that would have been incurred in providing the Executive Director with medical insurance benefits for any unexpired portion of the notice period (the ‘‘Payment in Lieu’’). The Company can alternatively choose to continue providing the medical insurance benefits under item (ii) instead of paying a cash sum representing their cost. The Payment in Lieu will be paid in monthly instalments over the notice period. In specified circumstances (not involving a change of control, in which case the severance payment applicable is as described below), each Executive Director is entitled to terminate his employment without notice and receive a severance payment. The severance payment will be equal to the Payment in Lieu and paid in a single lump sum. The specified circumstances are where either: (a) the Employer terminates or gives notice to terminate the Executive Director’s employment without cause; or (b) the Executive Director terminates his employment in response to: a material diminution of his authority, duties, responsibilities or status in a manner inconsistent with his service agreement; a breach of a fundamental term of his service agreement; a material reduction in his annual basic salary or target bonus opportunity; or being required to relocate his place of work beyond a specified distance (each a ‘‘Good Leaver Reason’’). Each Executive Director is entitled to a severance payment, paid in a single lump sum, in the event of a termination of his employment by his Employer without cause or by the Executive Director for a Good Leaver Reason at any time during a period ending 18 months after any change of control of the Company (whether by way of a general offer or a scheme of arrangement or compromise) and beginning three months prior to the announcement of such general offer or scheme of arrangement or compromise. The severance payment will be equal to the sum of: (i) 150 percent of the Executive Director’s annual basic salary; (ii) 150 percent of the Executive Director’s target bonus for the Company’s financial year in which the termination occurs; and (iii) the total cost of providing the Executive Director with the benefits (including pension contributions) to which he is entitled under his service agreement for a period of 12 months. The Group’s change of control provisions are standard practice in the US (where many of the Group’s executives, including the CEO, are located) and to renegotiate contracts would likely represent an increased cost for the Company (where this provision may never be triggered). For future hires, the Committee will consider the appropriateness of the contractual provisions at that time, taking into account prevailing market practice in the geography that the executive is located. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 76 DIRECTORS’ REMUNERATION POLICY CONTINUED The Company’s policy on termination payments is to consider the circumstances on a case-by-case basis, taking into account the executive’s contractual terms, the circumstances of termination and any duty to mitigate. The table below summarises how incentives are typically treated in different circumstances: Reason for leaving Treatment Bonus Summary dismissal, resignation Awards lapse. Good leaver Change of control Eligible for an award to the extent that performance conditions have been satisfied, pro-rated for the proportion of the financial year served, with Committee discretion to treat otherwise. Eligible for an award to the extent that performance conditions have been satisfied up to the change of control, pro-rated for the proportion of the financial year served, with Committee discretion to treat otherwise. Executives may be eligible for an enhanced bonus payment in the case of termination of employment within 18 months of a change of control, as described above. Long-term incentives Summary dismissal, resignation Awards lapse. Good leaver Change of control Outstanding awards will normally be pro-rated to the date of leaving, with Committee discretion to treat otherwise and with discretion to either test at the end of relevant performance periods, or immediately assess, whether or not relevant performance criteria have been met. Outstanding awards will normally vest and be tested for performance over the period to change of control, and be pro-rated for time based on the proportion of the period served, with Committee discretion to treat otherwise. Executives may be eligible for additional vesting in the case of termination of employment within 18 months of a change of control. All-employee schemes Treated in line with applicable scheme rules EXTERNAL APPOINTMENTS OF EXECUTIVE DIRECTORS Executive Directors may accept external appointments with the prior approval of the Chairman, provided that such appointments do not prejudice the executive’s ability to fulfil their duties for the Group. Any fees for outside appointments would normally be retained by the Director. CONSIDERATION OF EMPLOYMENT CONDITIONS ELSEWHERE IN GROUP The Committee takes into account the general basic salary increase being offered to employees elsewhere in the Group when annually reviewing the salary increases and remuneration for the Executive Directors. Employees have not been consulted in respect of the design of the Group’s senior executive remuneration policy. CONSIDERATION OF SHAREHOLDER VIEWS The Committee takes shareholder feedback into careful consideration when reviewing remuneration and regularly reviews the Remuneration policy in the context of key institutional shareholder guidelines and best practice. It is the Committee’s policy to consult with major shareholders prior to making any major changes to its executive remuneration structure. 77 ANNUAL REPORT ON REMUNERATION THE REMUNERATION COMMITTEE The following section provides details of remuneration outcomes for the financial year-ended 31 March 2017 for Executive Directors who served Sophos Group plc during the year, and how the Remuneration policy will be implemented in FY18. COMMITTEE COMPOSITION AND MEETING ATTENDANCE Paul Walker (Chairman) Sandra Bergeron Edwin Gillis Peter Gyenes Vin Murria Attended of those eligible Not attended of those eligible All appointments stated are as at 31 March 2017 The composition of the Committee is in compliance with the Code, which provides that its members should comprise at least three independent non-executive directors and that the Chairman of the Group may be a member, but not chair, of the Committee due to his independence at the time of his appointment. The Committee is chaired by Paul Walker, the Senior Independent Director. The Company Secretary is secretary to the Committee and attends all meetings. Other attendees at Committee meetings may differ from time to time and, upon invitation from the Committee, include the Chief Executive and other members of the senior management team, but they are not present when their own remuneration is set. ROLE AND RESPONSIBILITIES The Committee is responsible for overseeing the Group’s Remuneration policy and practices having regard for relevant legal and regulatory requirements, the provisions and recommendations of the UK Corporate Governance Code and associated guidance. The key responsibilities of the Committee include, to: • determine and monitor the remuneration policy for the Chairman, Executive Directors and the senior management team it is designated to consider; • ensure that the remuneration policy and reward decisions support the Sophos business strategy and sustainable long-term performance; review the Executive Directors’ service contracts; • set specific remuneration packages which include salary, annual bonus, share incentives, pension and benefits; • • review remuneration trends across the Group and in the market in which Sophos operates; and • approve employee share-based incentive plans and associated performance conditions and targets. MAIN ACTIVITIES The Committee has an annual forward agenda, developed from its terms of reference, with standing items that the Committee considers at each meeting, in addition to any specific matters arising, and topical business or governance items on which the Committee has chosen to focus. The work of the Committee undertaken during the year is summarised throughout this Report. EXTERNAL ADVISERS Kepler, a brand of Mercer (“Kepler”), independent remuneration consultants appointed by the Committee in FY16 after consultation with the Board, continued to act as the remuneration adviser to the Committee during the year. Kepler reports directly to the Committee Chairman and is a signatory to and abides by the Code of Conduct for Remuneration Consultants (which can be found at www.remunerationconsultantsgroup.com). The fees paid to Kepler in respect of work carried out for the Remuneration Committee in FY17 totalled £41,621. Kepler (or any other part of the MMC Group of companies) does not provide other services to the Company. The Committee undertakes due diligence periodically to ensure that Kepler remains independent of the Company and that the advice provided is impartial and objective. The Committee is satisfied that the advice provided by Kepler is independent. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 78 ANNUAL REPORT ON REMUNERATION CONTINUED PERFORMANCE EVALUATION The Remuneration Committee’s performance was assessed as part of the Board’s annual effectiveness review. It was concluded that the Committee operated effectively. In response to the findings of the review, Committee members will continue to give significant weight to shareholder sentiment whilst balancing this with the recruitment and retention needs of the business. The Committee also undertakes a review of its terms of reference and composition each year. This review last took place in November 2016 and the full terms of reference of the Committee can be found on the Company’s website, at https://investors.sophos.com SINGLE TOTAL FIGURE OF REMUNERATION FOR EXECUTIVE DIRECTORS (AUDITED) The table below sets out the total single figure of remuneration received by each Executive Director who served during the year-ended 31 March 2017 and the prior year: Kris Hagerman ($000) Nick Bray (£000) Salary1 Taxable benefits2 Pension3 Single-year variable4 Restricted Stock Units5 All employee schemes Multi-year variable6 Total FY17 695 3 8 772 842 2 – 2,322 FY16 676 8 9 788 9,173 – 7,973 18,627 FY17 282 12 14 250 267 4 – 829 FY16 276 13 14 255 2,531 – 1,473 4,562 1. Amount earned in respect of the year 2. Taxable benefits include: Kris Hagerman: Car allowance (FY17: nil, FY16: $3K) and health insurance; Nick Bray: Car allowance (FY17: £10K, FY16: £10K), health insurance and critical illness 3. The Company’s pension contributions during the year of up to 3 percent and 5 percent of salary for Kris Hagerman and Nick Bray, respectively 4. Bonus payment for performance during the year 5. RSUs: The face value at grant, using market price on day of issue, of time-based RSUs 6. Multi-year: The embedded value on date of vesting of performance-based options that vested on IPO BASE SALARY During the year the Remuneration Committee reviewed the salaries of Kris Hagerman and Nick Bray, who were each awarded an increase of 3 percent, effective 1 July 2017. The salaries of the Executive Directors are as follows: Executive Director Kris Hagerman Nick Bray 1 July 2017 1 July 2016 Increase % $721,000 £293,000 $700,000 £284,000 3 3 PENSION AND BENEFITS Kris Hagerman receives medical and dental insurance, travel insurance, life and disability insurance, a reimbursement of up to US$10,000 per annum for the preparation of his tax returns and, under his Employer’s standard US 401(k) savings plan for all US employees, is entitled to receive a matching contribution of up to three percent of his salary, subject to any annual maximum contribution applicable to US 401(k) savings plans from time to time. For 2017, this annual maximum is US$24,000. Nick Bray is entitled to receive up to five percent of his base salary as a contribution to a group personal pension scheme. In FY17 he also received an annual car allowance of £10,000 (paid monthly), life insurance, private medical and critical illness insurance, travel insurance, personal accident insurance and employee assistance programme arrangements. 79 ANNUAL BONUS ANNUAL BONUS FOR FY17 The Group operates an annual performance-related bonus scheme for a number of senior executives including Executive Directors. Bonus opportunities for FY17 were 200 percent of salary for Kris Hagerman and 160 percent of salary for Nick Bray. Target bonus was 50 percent of the maximum opportunity. The level of annual bonus earned in any one year is based on Group performance against predetermined financial targets for the year and personal performance. In FY17, the bonus was based 80 percent on billings and EBITDA, as defined by the scheme rules, with 12.5 percent of maximum vesting for threshold performance and 50 percent for target performance, and 20 percent on personal performance. No bonus is awarded for performance below the threshold. The financial element payout is based on the lower of the implied payouts for billings and EBITDA, so to achieve any vesting of this element, executives were required to perform on both billings and EBITDA. Following consultation with shareholders, the Committee has worked to improve disclosure of retrospective annual bonus targets. The financial targets for the FY17 annual bonus are no longer considered commercially sensitive, and are disclosed in full, alongside performance against these targets, below. Performance measure Threshold (12.5% payout) Target (50% payout) Stretch (100% payout) Achievement Implied vesting (percent of maximum) Billings EBITDA $595 $142 $642 $153 $770 $184 $649 $155 53 53 Performance was measured using constant currency exchange rates. For levels of performance between the points set out in the table above, bonus payout was determined on a straight-line, pro-rata basis. The overall bonus payout was based on the lower of the implied payouts for billings and EBITDA, and was therefore 53 percent of maximum for the financial element. After taking into account personal performance, including strong financial delivery, supporting talent retention and succession planning, and delivery of key products into the marketplace in line with the product strategy, Kris Hagerman and Nick Bray will receive bonuses of 110 percent and 88 percent of salary, respectively. The entire bonus in respect of FY17 will be paid in cash. The bonus calculations for FY17 is illustrated below: Maximum bonus opportunity (% of salary) Weighting on financial performance (% of bonus) Weighting on personal performance (% of bonus) Executive Director Kris Hagerman Nick Bray 200% 160% 80% 80% 20% 20% Financial measure outcome (% of maximum for element) 53% 53% Personal performance outcome (% of maximum for element) Overall bonus vesting (% of maximum) FY17 bonus award ($/£000) 65% 65% 55% 55% $772 £250 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 80 ANNUAL REPORT ON REMUNERATION CONTINUED ANNUAL BONUS FOR FY16 For FY16, the level of annual bonus earned was based on Group performance against predetermined billings and EBITDA, as defined by the scheme rules, targets for the year. In last year’s Annual Report on Remuneration the Committee committed to disclose the targets for FY16 at the end of the 31 March 2017 financial year. The targets set for FY16 are no longer considered commercially sensitive and are disclosed in full below, along with performance against those targets: Performance measure Threshold (12.5% payout) Target (50% payout) Stretch (100% payout) Achievement Implied vesting (percent of maximum) Billings EBITDA $482M $109M $516M $116M $619M $140M $533M $121M 58% 59% Plan targets were adjusted for acquisitions in the year and performance was measured using constant currency exchange rates. For levels of performance between the points set out in the table above, bonus payout was determined on a straight-line, pro-rata basis. The overall bonus payout was based on the lower of the implied payouts for billings and EBITDA, and was therefore 58 percent of maximum. After taking into account personal performance, Kris Hagerman and Nick Bray received bonuses of 116 percent and 92 percent of salary, respectively. All of the bonus in respect of FY16 was paid in cash. The bonus calculation for FY16 is illustrated below: Maximum bonus opportunity (% of salary) Weighting on financial performance (% of bonus) Weighting on personal performance (% of bonus) Executive Director Kris Hagerman Nick Bray 196% 156% 80% 80% 20% 20% Financial measure outcome (% of maximum for element) 58% 58% Personal performance outcome (% of maximum for element) Overall bonus vesting (% of maximum) FY16 bonus award ($/£000) 65% 65% 59% 59% $788 £255 LONG-TERM INCENTIVE PLAN LTIP AWARDS IN FY17 (AUDITED) On 14 June 2016, Kris Hagerman and Nick Bray were granted awards under the LTIP in the form of restricted share units (“RSU”) and performance share units (“PSU”). Details are provided in the table below. Date of award Type of award Awards made during the year Reference price of award1 Face value of award (£000) Face value of award2 (% of salary) Executive Director Kris Hagerman Nick Bray 14 June 2016 RSU PSU RSU PSU 331,201 993,603 149,248 447,744 185.53p 185.53p 185.53p 185.53p 614 1,843 277 831 125 375 97 292 1. Average price of the Shares on the main market of the London Stock Exchange between 10 June 2016 and 14 June 2016. 2. Based on salary as at 1 July 2016. The RSU awards are not subject to future performance conditions, and will vest over four years, subject to continued employment, with 25 percent of the awards vesting on 14 June 2017 and the remainder vesting on a quarterly basis thereafter until 14 June 2020. The PSU awards vest subject to the vesting outcome implied by performance against annual targets over the three years to the financial year-ended 31 March 2019, with the award vesting (to the extent that targets are met) on the third anniversary of grant. Targets for the three years are set at the start of the performance period. For FY16 and FY17 awards, vesting is based on the lower of the implied payouts for billings and cash EBITDA (i.e. the measures are equally weighted), with 25 percent vesting for threshold performance, 100 percent for stretch performance, with up to an additional 25 percent vesting for performance between a super stretch target and maximum target. The face value of awards in the table above are calculated after application of the potential opportunity above the super stretch target. No awards will vest for performance below the threshold. 81 PERFORMANCE TARGETS FOR OUTSTANDING PSU AWARDS The Committee believes that disclosing the individual annual financial performance targets for FY18 and FY19 in this report would put the Company at a competitive disadvantage to its international and privately held competitors, which are not subject to similar disclosure requirements. In response to feedback from our shareholders in advance of the 2016 AGM, the Committee recognises shareholders request for improved disclosure of long-term incentive performance targets. Therefore, below is disclosed on a retrospective basis the annual financial targets, and performance against these targets, for PSU awards made in 2015 and 2016. 2015 PSU AWARDS Performance measure Weighting (% of max) Performance period Billings 50% Cash EBITDA 50% FY16 FY17 FY18 FY16 FY17 FY18 Threshold (25% vesting) Stretch (100% vesting) Super Stretch (100% vesting) Maximum (125% vesting) Financial year performance $448M $498M $519M $560M $508M $565M $597M $644M $535M $632M To be disclosed in 2018 Annual Report on Remuneration $99M $110M $118M $127M $114M $127M $143M $155M $121M $150M To be disclosed in 2018 Annual Report on Remuneration Note: actual vesting is dependent on the performance against targets for each of the financial years FY16 to FY18 and is based on the lower of the implied payouts for billings and cash EBITDA (i.e. the measures are equally weighted); sliding scale vesting applies between threshold and stretch, and super stretch and maximum. Based on two years of performance to 31 March 2017, forecast vesting is c.111% or 89% of maximum (final total vesting percentage will not be known until the end of the 3-year performance period). 2016 PSU AWARDS Performance measure Weighting (% of max) Performance period Billings 50% Cash EBITDA 50% FY17 FY18 FY19 FY17 FY18 FY19 Threshold (25% vesting) Stretch (100% vesting) Super Stretch (100% vesting) Maximum (125% vesting) One-year performance to 31 March 2017 $554M $615M $655M $706M $632M To be disclosed in 2018 Annual Report on Remuneration To be disclosed in 2019 Annual Report on Remuneration $127M $142M $157M $169M $150M To be disclosed in 2018 Annual Report on Remuneration To be disclosed in 2019 Annual Report on Remuneration Note: actual vesting is dependent on the performance against targets for each of the financial years FY17 to FY19 and is based on the lower of the implied payouts for billings and cash EBITDA (i.e. the measures are equally weighted); sliding scale vesting applies between threshold and stretch, and super stretch and maximum. Based on one year of performance to 31 March 2017, forecast vesting is c.100%, or 80% of maximum (final total vesting percentage will not be known until the end of the 3-year performance period). INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 82 ANNUAL REPORT ON REMUNERATION CONTINUED DILUTION LIMITS It is proposed that Sophos will continue to manage dilution within the context of maintaining award levels within a 10 percent limit over five years, the limit that has applied since our incentive plans were approved at IPO. The Committee is aware that this is higher than the limit adopted by many UK companies and preferred by many institutional investors of 5 percent over ten years in respect of discretionary awards and 10 percent over ten years in respect of all schemes. The Committee believes the higher limit we operate is necessary in part because of the broad-based nature of our equity plans, under which shares are provided to a large proportion of our employees (including SAYE and ESPP schemes open to most employees) and are a key part of the Group’s employee compensation package, and reflects the need to be able to compete with other US and international companies for the high-calibre employees and executives required to secure Sophos’ future success. Current dilution under all our incentive schemes is c.5.5 percent, and reflects the front-loaded approach to incentive grants following our IPO. SINGLE TOTAL FIGURE OF REMUNERATION FOR NON-EXECUTIVE DIRECTORS (AUDITED) The table below sets out the total single figure of remuneration received by each Non-Executive Director who served during the year-ended 31 March 2017 and the prior year: Peter Gyenes Sandra Bergeron Edwin Gillis Roy Mackenzie Steve Munford Vin Murria Salim Nathoo Paul Walker Base fee ($000) Additional fees1 ($000) Other2 ($000) Total ($000) FY17 FY16 FY17 FY16 FY17 FY16 FY17 FY16 250 150 150 – 150 37 – 150 230 129 120 – 147 – – 5 – 15 – – – – 4 – 12 – – – – 120 25 21 – – – – – – – – – – – – 4,642 – – – 255 150 165 – 150 37 – 175 234 129 132 – 4,789 – – 141 1. Additional fees relate to fees for chairing Board Committees 2. Steve Munford: The embedded value on date of vesting of performance-based options. EXIT PAYMENTS MADE IN YEAR (AUDITED) No exit payments were made to Directors in FY17. PAYMENTS TO PAST DIRECTORS (AUDITED) No payments were made to past Directors in FY17. EXTERNAL DIRECTORSHIPS In FY17 Nick Bray received £39.5k as a Non-Executive Director of De La Rue plc (FY16: nil). 83 REMUNERATION FOR FY18 BASE SALARY Salaries for Kris Hagerman and Nick Bray, effective from 1 July 2017, will be $721,000 and £293,000, respectively. This equates to an increase of 3 percent, which is in line with average increase awarded to the broader employee population of c.4 percent. PENSION AND BENEFITS In line with the Remuneration Policy, the Executive Directors will receive pension contributions of 3-5 percent of salary. They will also receive benefits in line with the policy. ANNUAL BONUS For the year-ending 31 March 2018, the Committee will operate the annual bonus using the same framework and measures as used in FY17. Billings and EBITDA targets have been set by the Committee and will require Executive Directors to deliver significant stretch performance to achieve full payout. Given the close link between these targets and Sophos’ competitive strategy, these financial targets are considered commercially sensitive and will not be disclosed in advance, but will be disclosed on a retrospective basis in next year’s Annual Report on Remuneration to the extent that the Committee determines that the targets are no longer commercially sensitive. 100 percent of the bonus will be paid in cash. Bonus payments are subject to malus and clawback provisions. LONG-TERM INCENTIVE PLAN In FY18, the Committee intends to grant long-term incentive awards to Executive Directors in line with the stated remuneration policy and using the same measures as were used in FY17 (see above). Awards will be made over performance share units (at least 75 percent of the total award) and restricted shares, within the normal policy limits. Full details of the awards will be set out in the Annual Report for the year-ended 31 March 2018. LTIP awards are subject to malus and clawback provisions. NON-EXECUTIVE DIRECTOR FEES (INCLUDING THE CHAIRMAN) With effect from IPO, the fees payable to the Chairman of the Board and other Non-Executive Directors (“NEDs”) are as follows: Chairman of the Board NED base fee Additional fees: Audit & Risk Committee Chairman Remuneration Committee Chairman Nominations Committee Chairman Senior Independent Director Fee p.a. $250,000 $150,000 $15,000 $10,000 $5,000 $15,000 PERCENTAGE CHANGE IN CEO REMUNERATION The table below shows the percentage change in the CEO’s remuneration from the prior-year compared to the average percentage change in remuneration for all other employees. To provide a meaningful comparison, the analysis is based on a consistent set of employees, i.e. the same individuals appear in the FY17 and FY16 populations. Base salary Taxable benefits Single-year variable % change FY16 to FY17 CEO 3 -63 -2 Other employees 4 – -5 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 84 ANNUAL REPORT ON REMUNERATION CONTINUED RELATIVE IMPORTANCE OF SPEND ON PAY The following table shows, for FY17 and FY16, the actual expenditure and percentage change in total employee costs and percentage change in distributions to shareholders. Shareholder distributions – dividends1 Total employee expenditure2 FY17 $M 10.9 304.6 FY16 $M 3.1 250.3 Change % 252 22 1. Represents dividends paid. FY16 includes the payment of an interim dividend only, see note 29 of the financial statements. 2. Total employee expenditure includes wages and salaries, social security costs, pension and other costs and share-based payments, see note 10 of the financial statements. PAY FOR PERFORMANCE Under remuneration reporting regulations, companies are required to provide a graph showing the Company’s Total Shareholder Return (“TSR”) performance (share price plus dividends paid) compared with the performance of a relevant comparator group since IPO, assuming a nominal £100 investment in both the Company and the comparator group at the start of the timeframe. Companies are also required to show the CEO’s single figure of remuneration and actual variable pay outcomes over the same period. Sophos has chosen to compare its performance against the FTSE250 Index, as the Company became a constituent of the index after IPO. The table below details the Chief Executive’s single figure of remuneration and actual variable pay outcomes over the same period. As Sophos completed its IPO in July 2015, TSR data and pay disclosure is available only for FY16 and FY17. £100 invested on Sophos' IPO £125 £120 £115 £110 £105 £100 £95 £90 25 June 2015 30 September 2015 31 March 2016 30 September 2016 31 March 2017 Sophos FTSE250 Incumbent CEO single figure of remuneration ($000) Annual bonus outcomes (% of maximum) PSU vesting outcome (% of maximum) FY17 FY16 Kris Hagerman Kris Hagerman $2,322 $18,627 55 n/a 59 n/a 85 STATEMENT OF SHAREHOLDER VOTING The following table shows the result of the binding vote on the Remuneration Policy and the advisory vote on the 2016 Annual Report on Remuneration at the 14 September 2016 AGM. For Against Withheld Number % Number % Number Remuneration Policy 279,603,831 72.15% 107,903,661 27.85% 4,904,177 2016 Annual Report on Remuneration 286,286,507 72.96% 106,122,511 27.04% 2,650 See the Annual Statement of the Remuneration Committee Chairman on page 65 for further details of shareholder consultation during the year, and the Committee’s response to the vote on the Remuneration Policy and Annual Report on Remuneration at the 2017 AGM. DIRECTORS’ SHARE OWNERSHIP (AUDITED) The table below shows the shareholding of each Director against their respective shareholding requirement as at 31 March 2017. Share and option awards Beneficially owned Subject to performance Subject to continued employment only Vested but not yet exercised Kris Hagerman 2,478,073 1,709,895 2,263,349 4,327,518 Nick Bray 1,210,679 784,823 820,472 Peter Gyenes 286,631 Sandra Bergeron 214,974 Edwin Gillis 286,631 Roy Mackenzie – Steve Munford 2,866,194 Vin Murria Salim Nathoo Paul Walker 750,000 – 63,565 – – – – – – – – – – – – – – – 127,129 – – – – – 153,457 – – – Shareholding required (% of salary) Current shareholding (% of salary) Requirement met 200 200 1,202 1,158 Yes Yes There have been no changes to shareholdings between 1 April 2017 and 16 May 2017. None of the Directors had an interest in the shares of any subsidiary undertaking of the Company or in any significant contracts of the Group, with the exception of Vin Murria who is also a Non-Executive Director of Softcat plc, with whom the Company maintains an ongoing customer relationship, see note 32 of the Financial Statements for details of related party transactions. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 86 ANNUAL REPORT ON REMUNERATION CONTINUED SUMMARY OF OUTSTANDING SHARE AWARDS The interests of the Directors in the Company’s share schemes as at 31 March 2016 are summarised in the table below. Date of award Awards held at 1 Apr 16 Granted during the year Exercised during the year Awards held at 31 Mar 17 Exercise price Market price at grant Performance period Vesting period/ date Expiry date Director – 2,312,285 $0.598 $0.598 n/a 1 Aug 13 –1 Aug 17 10 Oct 22 – 2,420,174 $0.598 $0.598 Exit event 1 Jul 15 10 Oct 22 Kris Hagerman Pre-IPO Options Pre-IPO Options 10 Oct 12 2,312,285 10 Oct 12 2,420,174 LTIP – RSU 7 Aug 15 1,966,292 LTIP – RSU 7 Aug 15 238,764 LTIP – PSU 7 Aug 15 716,292 – – – – – LTIP – RSU 14 Jun 16 – 331,201 LTIP – PSU 14 Jun 16 – 993,603 (589,887) 1,376,405 (89,536) 149,228 – – – 716,292 331,201 993,603 – – – – – ESPP ESPP 24 Jun 16 1 Jan 17 – – 2,495 1,574 (2,495) – – 1,574 142p TBD* Nick Bray LTIP – RSU 7 Aug 15 842,697 LTIP – RSU 7 Aug 15 112,359 LTIP – PSU 7 Aug 15 337,079 – – – LTIP – RSU 14 Jun 16 LTIP – PSU 14 Jun 16 SAYE 24 Jun 16 Steve Munford – – – 149,248 447,744 11,111 22 Oct 10 153,457 – (252,809) 589,888 (42,134) 70,225 337,079 149,248 447,744 – – – – – 265p 265p 265p 179p 179p 167p 262p n/a n/a 7 Aug 16 –7 Aug 20 7 Aug 16 –7 Aug 19 6 Aug 25 6 Aug 25 1 Apr 15 –31 Mar 18 7 Aug 18 6 Aug 25 n/a 14 Jun 17 – 14 Jun 20 13 Jun 26 1 Apr 16 – 31 Mar 19 14 Jun 19 13 Jun 26 n/a n/a 28 Dec 16 28 Dec 16 30 Jun 17 30 Jun 17 – – – – – 265p 265p 265p 179p 179p n/a n/a 7 Aug 16 –7 Aug 20 7 Aug 16 -7 Aug 19 6 Aug 25 6 Aug 25 1 Apr 15 –31 Mar 18 7 Aug 18 6 Aug 25 n/a 14 Jun 17 – 14 Jun 20 13 Jun 26 1 Apr 16 – 31 Mar 19 14 Jun 19 13 Jun 26 11,111 162p 202p n/a 8 Aug 19 8 Feb 20 153,457 $0.019 $0.476 n/a 22 Oct 10 22 Oct 20 Pre-IPO Options Pre-IPO Options Pre-IPO Options 22 Oct 10 2,065,863 – (2,065,863) 22 Oct 10 441,564 – (441,564) – – $0.119 $0.476 n/a 16 Jun 11 –16 Jun 15 22 Oct 20 $0.119 $0.476 Exit event 1 Jul 15 22 Oct 20 * Under Group scheme rules exercise price is to be not less than 85% of the lesser of market value on date of grant and market value on date of exercise. 87 As outlined in the IPO prospectus, Kris Hagerman continues to hold share options granted under the Pentagon Holdings Management Equity Plan (“MEP”) that were issued prior to IPO. Nick Bray’s (until exercised under the JOE agreement in FY16) and Steve Munford’s (until exercised under the JOE agreement in FY17) MEP options (a “Linked Option”) were linked to a parallel award under a JOE Agreement. Awards under a JOE agreement entitle the participant to call for the transfer to him by the Trustee of the JOE agreement of that part of the beneficial interest in any jointly owned shares which vest, upon payment by the participant of a price specified in the JOE Agreement. Rights under a JOE Agreement may only be exercised to the extent that a Linked Option has not been exercised and vice versa. The rules of the MEP provide that 50 percent of a MEP option is subject to time vesting and 50 percent is subject to performance vesting. On Admission, 66.2 percent of the awards subject to performance vested. Depending on the length of service of a MEP participant, the Company may require that a portion of an option which is vested as to performance may only be exercised at a later date. Steve Munford additionally holds vested share options granted under an option deed with Pentagon Holdings SARL on 22 October 2010. All share options over shares in Pentagon Holdings SARL were exchanged for new options over shares in Sophos Group plc as part of the reorganisation of the Group immediately prior to the IPO. The interests of the Directors in pre-IPO restricted shares as at 31 March 2017 are summarised in the table below. Restricted awards held at 1 Apr 16 Restriction lifted during year Restricted awards held at 31 Mar 17 Date of award Exercise price Market price at grant date Performance period Vesting period/ date Expiry date Director Paul Walker Pre-IPO Restricted Shares 27 March 2015 127,129 – 127,129 – $1.5575 n/a 27 Mar 16 – 27 Mar 18 n/a As outlined in the IPO prospectus certain of the Non-Executive Directors held Restricted Shares, the majority of which have now vested. Paul Walker entered into a restricted share agreement on 27 March 2015 (the “Acquisition Date”) pursuant to which he acquired 300,000 A shares in Pentagon Holdings SARL. Provided Paul Walker continues as a Director of Sophos, the Restricted Shares shall vest in three equal tranches on the first, second and third anniversaries of the Acquisition Date or as soon as reasonably practicable thereafter, in accordance with the provisions of the EU Market Abuse Regulation (596/2014). All Restricted Shares in Pentagon Holdings SARL were exchanged for new shares in Sophos Group plc as part of the reorganisation of the Group immediately prior to the IPO. On behalf of the Board Paul Walker Chairman of the Remuneration Committee 16 May 2017 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 88 DIRECTORS’ REPORT The Directors of Sophos Group plc (the “Company”) present their Annual Report on the affairs of the Group, together with the Consolidated Financial Statements and Auditor’s Report on the Group for the year-ended 31 March 2017. There are a number of legal and regulatory requirements with which the Company must comply, such as the Companies Act 2006 (the Act), the Listing Rules and the Disclosure and Transparency Rules, which are addressed in this section. STRATEGIC REPORT The Strategic Report, which is presented on pages 10 to 39 of this Annual Report, includes a fair review of the business, a description of the principal risks and uncertainties facing the Group and an indication of likely future developments, and forms part of this report. CORPORATE GOVERNANCE The Corporate Governance Statement set out on pages 46 to 53 and Committee Reports on pages 54 to 87 have been incorporated into the Directors’ Report by cross-reference. The majority of the disclosures required under LR 9.8.4 R are not applicable to the Group. The table below sets out the location of the disclosures for those requirements that are applicable: Applicable sub-paragraph Disclosure provided Publication of unaudited financial information Financial Review Details of long-term incentive schemes Annual Report on Remuneration Allotment of equity securities Note 30 to the Financial Statements Contracts of significance Agreements with controlling shareholders Directors’ Report Directors’ Report ARTICLES OF ASSOCIATION AND CONSTITUTION Sophos Group plc is domiciled in England and incorporated in England and Wales under Company Number 09608658. The Articles of Association of the Company (the “Articles”) may only be amended by a special resolution at a meeting of the shareholders, as set out in the proposed resolutions contained in the notice of AGM for the 2017 AGM. The Notice of AGM can be found on our website at https://investors.sophos.com, and in a circular which is being mailed out at the same time as this Report. DIRECTORS AND DIRECTORS’ INTERESTS The Directors who held office during the year and up to the date of the signing of this report: Peter Gyenes Kris Hagerman Nick Bray Sandra Bergeron Edwin Gillis Roy Mackenzie Rick Medlock Steve Munford Vin Murria Salim Nathoo Paul Walker Non-Executive Director and Chairman Chief Executive Officer Chief Financial Officer Non-Executive Director Non-Executive Director Non-Executive Director Non-Executive Director (appointed 3 April 2017) Non-Executive Director Non-Executive Director (appointed 3 January 2017) Non-Executive Director Non-Executive Director A summary of the Directors’ remuneration, employment contracts and interests in the shares of the Company are disclosed within the Remuneration Report. None of the Directors had an interest in any significant contracts of the Group or its subsidiaries, with the exception of Vin Murria who is also a Non-Executive Director of Softcat plc, with whom the Company maintains an ongoing customer relationship, see note 32 of the Financial Statements for details of related party transactions. 89 DIRECTORS’ INDEMNITY AND INSURANCE Throughout the year the Company has purchased and maintained Directors’ and Officers’ liability insurance in respect of itself and its Directors, and the directors of its Group subsidiaries. The Directors also have the benefit of the indemnity provision contained in the Articles. The Company has entered into qualifying third-party indemnity arrangements for the benefit of all its Directors in a form and scope which comply with the requirements of the Companies Act 2006 and which were in force throughout the year and remain in force. RELATIONSHIP AGREEMENT Pentagon Lock Sarl, Pentagon Lock 6-A Sarl, Pentagon Lock 7-A Sarl and Pentagon Lock US Sarl (collectively “Apax”) previously held more than 30 percent of the issued ordinary share capital of the Company and still hold more than 10 percent of the issued ordinary share capital as at 31 March 2017. On 26 June 2015, the Company and Apax entered into a Relationship Agreement which regulates the ongoing relationship between the Company and the controlling shareholder in accordance with the Listing Rules. The Board can confirm that throughout the period: the Company has complied with the agreement’s independence provisions; • • as far as the Company is aware, the controlling shareholder and its associates have complied with the agreement’s independence provisions; and • as far as the Company is aware, the controlling shareholder has procured the compliance of non-signing controlling shareholders with the agreement’s independence provisions. SIGNIFICANT AGREEMENTS The following significant agreements are in place as at 31 March 2017 that include provisions which would enable the counterparties to alter or terminate the agreements upon a change of control of the Company following a takeover bid: • a syndicated secured term loan (“Facility A”) of $235.0 million entered into on 1 July 2015; • a syndicated secured term loan (“Facility B”) of €60.0 million entered into on 1 July 2015; • a revolving credit facility agreement (“RCF 1”) of $30.0 million entered into on 1 July 2015; and • a revolving credit facility agreement (“RCF 2”) of $40.0 million entered into on 6 February 2017. Further details of financing agreements in place are included in note 25 of the Financial Statements. SHARE CAPITAL AND SUBSTANTIAL SHAREHOLDERS The share capital of the Company is disclosed in note 28 of the Financial Statements; ordinary shares of 3p each are the only class of share in issue. As at 31 March 2017 and 11 May 2017 the Company had been notified under DTR 5 of the following significant holdings of voting rights in its shares. It should be noted that these holdings may have changed since they were notified to the Company, however notification of any change is not required until the next applicable threshold is crossed: Name Apax Jan Hruska Peter Lammer Standard Life Investments (Holdings) Limited Old Mutual plc ODDO Meriten Asset Management As at 31 March 2017 As at 11 May 2017 Ordinary shares held Percentage of total ordinary shares Ordinary shares held Percentage of total ordinary shares 100,722,776 42,543,360 42,543,360 22,724,690 19,821,783 13,633,922 21.91 100,722,776 9.26 9.26 4.94 4.31 2.97 42,543,360 42,543,360 22,724,690 19,821,783 13,633,922 21.88 9.24 9.24 4.94 4.31 2.96 VOTING RIGHTS The Articles allow, subject to any rights or restrictions attached to any shares, on a vote on a resolution on a show of hands, every member or proxy who is present shall have one vote. Subject to any rights or restrictions attached to any shares, on a vote on a resolution on a poll, every member present in person or by proxy shall have one vote for every share of which they are the holder. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 90 DIRECTORS’ REPORT CONTINUED TRANSFER OF SHARES The transfer of shares is governed by the Articles which allows any member to transfer certificated shares in any usual form or in any other form for which the Board may approve. The Board may, in its absolute discretion, refuse to register a transfer of a certificated share which is not fully paid, provided that the refusal does not prevent dealings in the Company from taking place on an open and proper basis. The Board may also refuse to register the transfer of a certificated share unless the instrument of transfer is (i) lodged, duly stamped (if stampable), at the office or at another place appointed by the Board, accompanied by the certificate for the shares to which it relates and such other evidence as the Board may reasonably require to show the right of the transferor to make the transfer; (ii) in respect of only one class of shares; and (iii) in favour of not more than four transferees. APPOINTMENT AND RETIREMENT OF DIRECTORS Unless otherwise determined by ordinary resolution, the number of Directors shall be no less than three but is not subject to any maximum number. The Board may appoint a person who is willing to act to be a Director, either to fill a vacancy or as an additional Director. At every AGM all the Directors at the date of the notice convening the AGM shall retire from office, if the Company does not fill the vacancy at the meeting the retiring Director shall, if willing to act, be deemed to have been re-appointed unless at the meeting it is resolved not to fill the vacancy or unless a resolution for the re-appointment of the Director is put to the meeting and lost. A person ceases to be a Director as soon as: (i) notification is received by the Company from the Director that they are resigning or retiring from office; (ii) that person has been absent for more than six consecutive months without permission of the Board and the Board resolves that their office be vacated; (iii) the person has become physically or mentally incapable of acting as a Director and may remain so for more than three months; (iv) a bankruptcy order is made against that person; (v) a composition is made with that person’s creditors generally in satisfaction of that person’s debts; (vi) that person ceases to be a Director by virtue of any provision of the Act or is prohibited from being a Director by law; or (vii) that person is removed from office pursuant to the Articles. POWERS OF THE BOARD Subject to provisions of the Companies Act 2006 and the Articles and to any directions given by special resolution, the business of the Company shall be managed by the Board who may exercise all the powers of the Company. DIVIDENDS The Directors have recommended that the Company pay a final dividend in relation to the year-ended 31 March 2017 of 3.3 US Cents per share. Subject to shareholder approval, combined with the interim dividend announced of 1.3 US Cents per share, this gives a total dividend for the year of 4.6 US Cents per share. ANNUAL GENERAL MEETING The notice of the AGM which sets out the resolutions to be proposed at the AGM accompanies this Annual Report and Accounts. The AGM will be held at 3:00 pm on 7 September 2017 at: The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP. EMPLOYEES The Group continues to invest to drive future growth. A key objective of the Group is to achieve a shared commitment by all employees to the success of the business. Throughout the Group there is consultation between employees and management on matters of mutual interest and information is disseminated through team and Company briefings, an intranet and individual development reviews. Employees are encouraged to promote and participate in the progress and profitability of the Group through the share option plans and other incentive schemes. The Group provides full consideration to applications for employment from disabled persons where the requirements of the role can be adequately fulfilled by a disabled person. Where existing employees become disabled it is the Group’s policy, wherever practicable, to provide continuing employment under normal terms and conditions and to provide training and career development to disabled employees wherever appropriate. 91 RESEARCH AND DEVELOPMENT The Group continues to undertake research and development activity relating to its principal activities. In the year- ended 31 March 2017, the Group spent 18.6 percent of its billings on research and development (2016: 18.6 percent). POLITICAL DONATIONS The Group’s policy is not to make any political donations. Accordingly, no political donations have been made in either the year-ended 31 March 2017 or were made in the year-ended 31 March 2016. SHARE OPTION PLANS The Group operates a number of share option plans to motivate and retain staff and align their interests with shareholders. Details of these schemes are set out in note 30 to the Financial Statements. BRANCHES The Group, through various subsidiaries, has established branches in a number of different countries in which the business operates. FINANCIAL INSTRUMENTS Details of the Group’s financial risk management policies and risks are set out in note 27 to the Financial Statements. AUTHORITY TO ISSUE SHARES AND AUTHORITY TO PURCHASE OWN SHARES The Company did not repurchase shares during the year or make any shares the subject of a charge. At a general meeting held on 14 September 2016 the Company was authorised to make market purchases (within the meaning of section 693(4)) of the Companies Act 2006) up to 45,236,013 of its own ordinary shares and to issue shares up to an aggregate nominal amount of £4,523,149. The Company is seeking to renew these authorities at the forthcoming AGM, within the limits set out in the AGM Notice. SHARES HELD IN THE EMPLOYEE BENEFIT TRUST The Trustees of the Employee Benefit Trust will abstain from voting or exercising any other rights in respect of any shares held by them and in which no beneficial interest is held by any beneficiary unless otherwise directed by the Company. GREENHOUSE GAS EMISSIONS The Greenhouse Gas Emissions (“GHG”) disclosures for the Group have been shown for the year-ended 31 March 2017, consistent with the Group’s financial year. The calculation of the disclosures has been performed in accordance with Greenhouse Gas Protocol Corporate Standard and using the UK government’s DEFRA conversion factor guidance for the year reported. The Group’s operations that primarily release GHG includes usage of electricity and gas of owned and leased offices, business travel and usage of vehicles. The Group reported on its GHG emissions for the first time in the prior-year report and, as stated at the time, has been developing its GHG data gathering capabilities. The prior-year reporting covered all material operations and locations that included the majority of employees. In the current year the number of locations covered has been increased and estimates have been developed to enable reporting for sites where direct information was not available, including prior-year data. As a result the information shown in the table below for the year-ended 31 March 2016 has been restated to be on a consistent basis with the current-year approach and methodology. The Group will continue to build up its GHG reporting capabilities. The Group’s chosen intensity ratio is tonnes of CO2 equivalent per million US Dollars of billings as it reflects the impact of the growth of the business with emissions and with the strategy of the Group. Usage of fuel and operation of buildings Electricity purchased for own use Business travel (air and car) Total Intensity ratio – tCO2e per $M of billings Year-ended 31 March 2017 tCO2e 219.6 Year-ended 31 March 2016 tCO2e 192.9 4,681.9 4,543.1 9,444.6 14.9 4,819.7 4,039.5 9,052.1 16.9 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 92 DIRECTORS’ REPORT CONTINUED GOING CONCERN Having made appropriate enquiries and considered the Group’s forecasts, the Directors consider that the Group has sufficient resources to continue for the foreseeable future. Accordingly, they continue to adopt the going concern basis in preparing the Financial Statements. Further details regarding the adoption of the going concern basis can be found in the viability statement below. VIABILITY STATEMENT The Directors have assessed the viability of the Group over a three-year period, taking into account the Group’s current position and the potential impacts of the principal risks documented on pages 34 to 37 of the Annual Report. Based on this assessment, the Directors confirm that they have a reasonable expectation that the Company will be able to continue to operate and to meet its liabilities as they fall due over the three years to 31 March 2020. The Group prepares annually, and on a rolling basis, a strategic plan, which is predicated on a detailed year one budget and higher level forecasts thereafter. The output of this plan is used to perform debt and associated covenant headroom profile analysis, which includes sensitivity to business as usual risks such as billings and profitability impacts. A bottom-up operating plan is prepared on an annual basis for presentation to the Board. Following assessment of the planning process, the Directors have determined that a three-year period is an appropriate period over which to assess the Group’s viability. Whilst the Directors have no reason to believe that the Group will not be viable over a longer period; the period of three years has been chosen to provide a greater degree of certainty and, in the view of the Directors, provides an appropriate long-term outlook. In making this viability statement, the Board carried out a robust assessment of the principal risks facing the Group, including those that would threaten its business model, future performance, solvency or liquidity. Where individual principal risks did not impact the future viability of the Group, consideration was given to potential principal risk combinations. The process of identifying, assessing and managing our principal risks is described in the Audit and Risk Committee Report on pages 57 to 63. POST BALANCE SHEET EVENTS There have been no material events from 31 March 2017 to the date of this report. AUDITORS KPMG LLP has expressed their willingness to continue in office as auditors of the Company and accordingly a resolution for the re-appointment of KPMG LLP as auditors of the Company is to be proposed to the shareholders at the 2017 AGM. DISCLOSURE OF INFORMATION TO AUDITORS The Directors who held office at the date of approval of this Directors’ report confirm that, so far as they are each aware, there is no relevant audit information of which the Company’s auditors are unaware and each Director has taken all the steps that he or she ought to have taken as a Director to make them aware of any relevant audit information. 93 STATEMENT OF DIRECTORS’ RESPONSIBILITIES IN RESPECT OF THE ANNUAL REPORT AND THE FINANCIAL STATEMENTS The Directors are responsible for preparing the Annual Report and the group and parent company financial statements in accordance with applicable law and regulations. Company law requires the Directors to prepare group and parent company financial statements for each financial year. Under that law they are required to prepare the group financial statements in accordance with IFRSs as adopted by the EU and applicable law and have elected to prepare the parent company financial statements in accordance with UK Accounting Standards, including FRS 102, the Financial Reporting Standard applicable in the UK and Republic of Ireland. Under company law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the group and parent company and of their profit or loss for that period. In preparing each of the group and parent company financial statements, the Directors are required to: • select suitable accounting policies and then apply them consistently; • make judgements and estimates that are reasonable and prudent; • for the group financial statements, state whether they have been prepared in accordance with IFRSs as adopted by the EU; and • for the parent company financial statements, state whether applicable UK Accounting Standards have been followed, subject to any material departures disclosed and explained in the parent company financial statements. The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the parent company’s transactions and disclose with reasonable accuracy at any time the financial position of the parent company and enable them to ensure that its financial statements comply with the Companies Act 2006. They have general responsibility for taking such steps as are reasonably open to them to safeguard the assets of the group and to prevent and detect fraud and other irregularities. Under applicable law and regulations, the Directors are also responsible for preparing a Strategic Report, Directors’ Report, Directors’ Remuneration Report and Corporate Governance Statement that complies with that law and those regulations. The Directors are responsible for the maintenance and integrity of the corporate and financial information included on the company’s website. Legislation in the UK governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions. RESPONSIBILITY STATEMENT OF THE DIRECTORS IN RESPECT OF THE ANNUAL FINANCIAL REPORT We confirm that to the best of our knowledge: • • the financial statements, prepared in accordance with the applicable set of accounting standards, give a true and fair view of the assets, liabilities, financial position and profit or loss of the company and the undertakings included in the consolidation taken as a whole; and the strategic report includes a fair review of the development and performance of the business and the position of the issuer and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face. We consider the annual report and accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the group’s position and performance, business model and strategy. By order of the Board Eleanor Lacey Company Secretary 16 May 2017 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 94 Our Team Sophos is a truly global company with more than 40 offices around the world, with major offices in the UK, USA, Canada, India and Germany. Our values unite and drive us to deliver on our promises for security made simple. We strive for simplicity in all we do. Our leadership empowers employees to do the right thing, make the right choices, and take the right risks for our customers. We share a passion that extends beyond our desire to deliver quality products and customer satisfaction to support clean water and sanitation for Indian villages, to raise awareness and funds for homelessness in the UK, and to encourage more girls into cybercoding careers. We strive to innovate and challenge the status quo in order to deliver on our promise for security made simple – it requires open minds and a true understanding of customer needs. And we are authentic. True to each other, true to our promises to customers and acting with honesty and integrity in our working lives. SOPHOS IS SUCCESSFUL BECAUSE OF ITS CULTURE, ITS PEOPLE AND ITS ABILITY TO DELIVER ON ITS PROMISES. INTRODUCTION STRATEGIC REPORT GOVERNANCE 95 Financial Statements Independent Auditor’s Report 96 Consolidated Financial Statements and Notes 100 Company Financial Statements and Notes Glossary 152 156 Company Information 157 FINANCIAL STATEMENTS 96 Independent Auditor’s Report to the members of Sophos Group plc only OPINIONS AND CONCLUSIONS ARISING FROM OUR AUDIT 1. OUR OPINION ON THE FINANCIAL STATEMENTS IS UNMODIFIED We have audited the financial statements of Sophos Group plc for the year ended 31 March 2017 set out on pages 100 to 155. In our opinion: • • • • the financial statements give a true and fair view of the state of the group’s and of the parent company’s affairs as at 31 March 2017 and of the group’s loss for the year then ended; the group financial statements have been properly prepared in accordance with International Financial Reporting Standards as adopted by the European Union; the parent company financial statements have been properly prepared in accordance with UK Accounting Standards, including FRS 102 The Financial Reporting Standard applicable in the UK and Republic of Ireland; and the financial statements have been prepared in accordance with the requirements of the Companies Act 2006; and, as regards the group financial statements, Article 4 of the IAS Regulation. Overview Materiality: group financial statements as a whole $5.5m (2016:$4.78m) 1% (2016: 1%) of Group Revenue Coverage 93% (2016:89%) of group loss before tax Risks of material misstatement vs 2016 Recurring risks Revenue Exceptional Expenses & Non- GAAP Measures 2. OUR ASSESSMENT OF RISKS OF MATERIAL MISSTATEMENT In arriving at our audit opinion above on the financial statements, the risks of material misstatement that had the greatest effect on our audit, in decreasing order of audit significance, were as follows (the risk related to the carrying value of intangible assets and goodwill noted in our prior year audit opinion has been removed as we no longer considered this risk to be one of those having the greatest effect on our audit given the group’s cash generation and trading performance in the year and forecast growth): Revenue ($529.7 million; 2016: $478.2m) Refer to page 59 (Audit Committee Report), page 108 (accounting policy) and page 116 (financial disclosures). The risk Our response Multiple Element Arrangements: Our procedures included: As the Group expands and product portfolios evolve, there can be considerable risk associated with recognising revenue on contracts containing multiple elements. A significant audit risk has been recognised with regards to such multiple element arrangements as judgement is required in allocating the consideration receivable to each element of the arrangement. This requires the fair value for each separable element of the arrangement to be estimated. In estimating the relative fair values of each element, management make reference to list prices of individual elements and discounts given on the total contract. This judgement could materially affect the timing and quantum of revenue and profit recognised in each period. • Fair Value Allocation Control: We evaluated the operating effectiveness of the revenue allocation control and assessed the appropriateness of the Group’s principles in determining the relative fair value of each separable element of the arrangement against applicable accounting standards; • Billings Substantive Sample: We selected a sample of Group billings from throughout the year and with reference to list prices and discounts given, we recalculated the relative fair values of each element to assess if the determination of relative fair values of each separable element was in in line with Group Policy; • Policy: We assessed the Group’s policy in respect of fair value allocation and revenue recognition against IAS 18 “Revenue”. • Disclosure: We assessed the adequacy of the Group’s disclosure about estimation uncertainty regarding the determination of fair values of multiple element arrangements. 97 The risk Our response Exceptional Expenses & Non- GAAP Measures Classification of Exceptional Expenses and Presentation of Non-GAAP Measures: Exceptional Expenses: ($31.4 million; 2016: $41.9m) Refer to page 59 (Audit Committee Report), page 113 (accounting policy) and page 117-119 (financial disclosures). The Group presents alternative income statement measures to operating loss for the period within the consolidated income statement and throughout the Annual Report. The Directors believe that the separate identification of exceptional items and the presentation of the following Non-GAAP measures of Billings ($632.1m), Cash EBITDA ($150.1m), Adjusted operating profit ($38.3m) and Unlevered Free Cash Flow ($133.4m), provides clear and useful information on the Group’s underlying trading performance. However, when improperly used and presented, these kind of measures might prevent the Annual Report from being fair, balanced and understandable by focusing on only part of the performance. The determination of whether an item should be separately disclosed as an exceptional item requires judgement on its nature and incidence, and its use along with presentation of Non-GAAP measures requires judgement as to whether they provide a better understanding of the Group’s underlying trading performance. Therefore, these are key judgement areas on which our audit is concentrated. Our procedures included assessing and challenging the judgements made by the Directors of the Group regarding their determination of exceptional items and the presentation of Non-GAAP measures. This included: • Determination of Exceptional Items: We assessed whether, in judging what to include in exceptional items, the Directors took appropriate regard to guidance issued by the Financial Reporting Council on the reporting of exceptional items. We also evaluated the presentation and completeness of material or unusual transactions for appropriate classification within the financial statements by assessing whether these items fulfil the criteria to require separate disclosure in accordance with IAS 1 “Presentation of financial statements”, and whether they were consistent with the Group’s definition of exceptional items as set out in Note 7. We then assessed the application of these principles by assessing whether the approach taken to identify exceptional items was consistent between gains and losses; assessing whether the same category of material items are treated consistently each year; assessing whether the tax effects of exceptional items are explained; by agreeing amounts incurred in the year to underlying documentation and supporting information; and by using our knowledge of the Group’s transactions throughout the audit to consider the completeness of exceptional items; • Presentation and Prominence of Non-GAAP Measures: We assessed whether the separate disclosure and related commentary of exceptional items and alternative Non-GAAP measures of Billings, Cash EBITDA, Adjusted operating profit and Unlevered Cash Flow throughout the Annual Report and Accounts placed disproportionate emphasis on those component of performance; whether such measures were given meaningful labels that are not GAAP terms; whether they were clearly described and explained; whether the alternative measures provided meaningful measures of trading performance; whether adjusted results and alternate measures were adequately reconciled to IFRS numbers with sufficient prominence given to that reconciliation; whether their presentation are in line with guidance issued by the FRC and European Securities and Markets Authority with respect to Alternative Performance Measures; and whether the underlying financial information is not other wise misleading. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 98 Independent Auditor’s Report continued to the members of Sophos Group plc only 3. OUR APPLICATION OF MATERIALITY AND AN OVERVIEW OF THE SCOPE OF OUR AUDIT Materiality for the Group financial statements as a whole was set at $5.5m (2016: $4.78m), determined with reference to a benchmark of Group revenue, of which it represents 1% (2016: 1%). We consider revenue to be the most appropriate benchmark as it provides a more stable measure year on year than Group Loss before tax. We reported to the Audit Committee all corrected or uncorrected identified misstatements exceeding $0.25m (2016: $0.235m), in addition to other identified misstatements that warranted reporting on qualitative grounds. Of the Group’s 28 (2016: 28) reporting components, we subjected 10 (2016: 10) to audits for group reporting purposes and 2 (2016: 2) to specified risk-focused audit procedures. The latter were not individually significant enough to require an audit for group reporting purposes, but did present specific individual risks that needed to be addressed. The Group team instructed component auditors as to the significant areas to be covered, including the relevant risks detailed above and the information to be reported back. The Group team approved the component materialities, which ranged from $1m to $3.9m (2016: $2.75m to $3.9m), having regard to the mix of size and risk profile of the Group across the components. The work on 6 of the 12 components (2016: 6 of the 12 components) was performed by component auditors and the rest by the Group team. The Group team visited 1 (2016: 2) component location in Germany (2016: Germany and India). Telephone conference meetings were also held with these component auditors and all others that were not physically visited. At these visits and meetings, the findings reported to the Group team were discussed in more detail, and any further work required by the Group team was then performed by the component auditor. Group Revenue $529.7m (2016: $478.2m) Materiality $5.5m (2016: $4.78m) $5.5M Whole financial statements materiality (2016: $4.78m) $3.9M Range of materiality at 28 components ($1m-$3.9m) (2016: $2.75m to $3.9m) $0.25M Misstatements reported to the audit committee (2016: $0.235m) Group revenue Group materiality Group Revenue Group Billings 98% 2016: 99% 99% 98% 99% 2016: 99% 99% 99% Group Loss Before Tax Group Total assets 1% 1% 93% 2016: 89% 88% 92% 5% 6% 94% 2016: 96% 90% 89% Full scope for group audit purposes 2017 Specified risk-focused audit procedures 2017 Full scope for group audit purposes 2016 Specified risk-focused audit procedures 2016 Analysis aggregated at Group level 99 4. OUR OPINION ON OTHER MATTERS PRESCRIBED BY THE COMPANIES ACT 2006 IS UNMODIFIED In our opinion: • • the part of the Directors’ Remuneration Report to be audited has been properly prepared in accordance with the Companies Act 2006; and the information given in the Strategic Report and the Directors’ Report for the financial year is consistent with the financial statements. Based solely on the work required to be undertaken in the course of the audit of the financial statements and from reading the Strategic Report and the Directors’ Report: • we have not identified material misstatements in those reports; and • in our opinion, those reports have been prepared in accordance with the Companies Act 2006. 5. WE HAVE NOTHING TO REPORT ON THE DISCLOSURES OF PRINCIPAL RISKS Based on the knowledge we acquired during our audit, we have nothing material to add or draw attention to in relation to: • • the Directors’ Viability Statement on page 92, concerning the principal risks, their management, and, based on that, the directors’ assessment and expectations of the group’s continuing in operation over the 3 years to March 2020; or the disclosures in note 3.2 of the financial statements concerning the use of the going concern basis of accounting. 6. WE HAVE NOTHING TO REPORT IN RESPECT OF THE MATTERS ON WHICH WE ARE REQUIRED TO REPORT BY EXCEPTION Under ISAs (UK and Ireland) we are required to report to you if, based on the knowledge we acquired during our audit, we have identified other information in the annual report that contains a material inconsistency with either that knowledge or the financial statements, a material misstatement of fact, or that is otherwise misleading. In particular, we are required to report to you if: • we have identified material inconsistencies between the knowledge we acquired during our audit and the Directors’ statement that they consider that the annual report and financial statements taken as a whole is fair, balanced and understandable and provides the information necessary for shareholders to assess the group’s position and performance, business model and strategy; or • the Audit Committee Report does not appropriately address matters communicated by us to the Audit Committee. Under the Companies Act 2006 we are required to report to you if, in our opinion: • adequate accounting records have not been kept by the parent company, or returns adequate for our audit have not been received from branches not visited by us; or • the parent company financial statements and the part of the Directors’ Remuneration Report to be audited are not in agreement with the accounting records and returns; or • certain disclosures of Directors’ remuneration specified by law are not made; or • we have not received all the information and explanations we require for our audit. Under the Listing Rules we are required to review: • • the Directors’ statements, set out on page 92, in relation to going concern and longer-term viability; and the part of the Corporate Governance Statement on pages 46 to 53 relating to the company’s compliance with the eleven provisions of the 2014 UK Corporate Governance Code specified for our review. We have nothing to report in respect of the above responsibilities. SCOPE AND RESPONSIBILITIES As explained more fully in the Directors’ Responsibilities Statement set out on page 93, the directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view. A description of the scope of an audit of financial statements is provided on the Financial Reporting Council’s website at www.frc.org.uk/auditscopeukprivate. This report is made solely to the Company’s members as a body and is subject to important explanations and disclaimers regarding our responsibilities, published on our website at www.kpmg. com/uk/auditscopeukco2014a, which are incorporated into this report as if set out in full and should be read to provide an understanding of the purpose of this report, the work we have undertaken and the basis of our opinions. Tudor Aw (Senior Statutory Auditor) for and on behalf of KPMG LLP, Statutory Auditor Chartered Accountants 15 Canada Square London E14 5GL 16 May 2017 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 100 CONSOLIDATED STATEMENT OF PROFIT OR LOSS For the year-ended 31 March 2017 Revenue Cost of sales Gross profit Sales and marketing Research and development General finance and administration: – Underlying – Share-based payments – Exceptional items – Amortisation of intangible assets – Foreign exchange (loss) / gain Operating loss Finance income Finance expense Loss before taxation Income tax credit / (charge) Loss for the period Earnings per share ($ cents) Basic and diluted EPS Adjusted EPS Diluted adjusted EPS All of the loss for the year is attributable to equity holders of the parent company. The notes on pages 105 to 151 form an integral part of these financial statements. Note 5 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 529.7 (121.3) 408.4 (210.6) (117.8) 478.2 (104.4) 373.8 (184.0) (99.6) (124.3) (122.9) (39.3) (32.5) (31.4) (19.9) (1.2) (44.3) 0.1 (5.1) (49.3) 2.6 (46.7) (35.7) (16.3) (41.9) (29.2) 0.2 (32.7) 0.7 (36.4) (68.4) (3.5) (71.9) (10.3) (16.4) 8.5 8.1 12.1 11.6 7 12 12 13 14 14 14 101 CONSOLIDATED STATEMENT OF COMPREHENSIVE INCOME For the year-ended 31 March 2017 Loss for the period Other comprehensive gains / (losses) : Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M (46.7) (71.9) Items that will not be reclassified subsequently to profit or loss: – – Items that may be reclassified subsequently to profit or loss: – Exchange differences arising on translation of foreign operations Total other comprehensive gains / (losses) Comprehensive loss for the year 2.8 2.8 (43.9) (2.9) (2.9) (74.8) All of the comprehensive loss for the year is attributable to equity holders of the parent company. The notes on pages 105 to 151 form an integral part of these financial statements. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 102 CONSOLIDATED STATEMENT OF FINANCIAL POSITION At 31 March 2017 Company registered number: 09608658 31 March 2017 $M 31 March 2016 $M Note Non-current assets Intangible assets Property, plant and equipment Deferred tax asset Other receivables Current assets Investments Tax assets Inventories Trade and other receivables Cash and cash equivalents Total assets Current liabilities Trade and other payables Deferred revenue Tax liabilities Financial liabilities Provisions Non-current liabilities Trade and other payables Deferred revenue Financial liabilities Provisions Deferred tax liabilities Total liabilities Net assets Represented by: Share capital Share premium Merger reserve Other reserves Retained earnings Share-based payment reserve Translation reserve Total equity 15 17 13 21 19 20 21 22 23 24 25 26 23 24 25 26 13 28 856.0 23.4 105.3 1.3 986.0 – 7.7 16.2 145.2 68.1 237.2 756.6 24.9 73.9 0.8 856.2 – – 18.7 129.8 66.8 215.3 1,223.2 1,071.5 107.3 330.6 21.0 71.1 0.4 76.4 286.5 11.2 26.2 0.3 530.4 400.6 3.9 250.4 296.3 1.1 14.4 566.1 1,096.5 0.8 212.2 300.9 1.0 10.1 525.0 925.6 126.7 145.9 21.6 118.4 (200.9) – 148.1 68.9 (29.4) 126.7 21.3 115.9 (200.9) (0.1) 205.7 36.2 (32.2) 145.9 These financial statements were approved by the Board of Directors on 16 May 2017 and were signed on its behalf by: Nick Bray Chief Financial Officer The notes on pages 105 to 151 form an integral part of these financial statements. 103 CONSOLIDATED STATEMENT OF CHANGES IN EQUITY For the year-ended 31 March 2017 Share Capital $M 552.6 – – Share Premium $M – – – Merger Reserve $M (200.9) – – Other Reserves1 $M 10.4 – – Retained Earnings $M (750.0) (71.9) – Share- Based Payment Reserve $M 11.4 – – At 31 March 20152 Loss for the period: Other comprehensive profit or loss: Total comprehensive loss Shares issued3 Capital reduction4 EBT treasury shares Primary proceeds Share issue expenses Share options exercised Disposal of EBT treasury shares Share-based payments expense Share-based payments deferred tax Cash dividend (note 29) At 31 March 2016 Loss for the period: Other comprehensive profit or loss: Total comprehensive loss Share options exercised Disposal of EBT treasury shares Share-based payments expense Share-based payments deferred tax Cash dividends (note 29) At 31 March 2017 – – – – – – – – – – – – – – (533.1) – 1.7 – 0.1 485.3 (485.2) – 123.3 (8.6) 1.1 – – – – 21.3 – – – 0.3 – – – – – – – – 115.9 – – (200.9) – – – 2.5 – – – – – – – – – – – (71.9) – (10.4) (0.2) – – – – 1,030.8 – – – – 0.1 (0.1) – – (3.1) 205.7 (46.7) – (46.7) – – – – (10.9) – – – (0.1) – – – – 0.1 – – – – Translation Reserve $M (29.3) – (2.9) Total $M (405.8) (71.9) (2.9) (2.9) (74.8) – – – – – – – – – – 485.3 2.1 (0.2) 125.0 (8.6) 1.2 – 15.0 9.8 (3.1) (32.2) – 2.8 145.9 (46.7) 2.8 2.8 (43.9) – – – – – 2.8 0.1 31.3 1.4 (10.9) – – – – – – – – 15.0 9.8 – 36.2 – – – – – 31.3 1.4 – 21.6 118.4 (200.9) 148.1 68.9 (29.4) 126.7 1. At 31 March 2017 other reserves comprise an insignificant number of own shares held in an Employment Benefit Trust. 2. Sophos Group plc listed its shares on the London Stock Exchange on 1 July 2015. The Group has applied the principles of reverse acquisition accounting under IFRS 3 – Business Combinations in preparing the consolidated financial statements. By applying the principles of reverse acquisition accounting, the Group is presented as if Sophos Group plc has always owned Shield Midco Limited, the largest company for which consolidated financial statements were previously produced under IFRS. On 26 June 2015 Sophos Group issued 333,037 Ordinary, A-Class and C shares of £0.75 each together with 1,009,869 Preference shares of £0.10 each in consideration for the purchase of the issued share capital of Pentagon Holdings SARL. 3. 4. On 26 June 2015 Sophos Group plc issued 14 shares at nominal £0.001 in consideration for the purchase of $485.3m of Preferred Equity Certificates issued by Pentagon Holdings SARL. On 1 July 2015 Sophos Group plc reorganised its share capital and share premium to comprise 414,654,813 Ordinary shares of £0.03 each creating distributable reserves. The notes on pages 105 to 151 form an integral part of these financial statements. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 104 CONSOLIDATED STATEMENT OF CASH FLOWS For the year-ended 31 March 2017 Loss for the year Adjusted for: Depreciation Amortisation of intangible assets Amortisation of fair value adjustment on deferred income Foreign exchange Share-based payments Finance income Finance costs Income tax (credit) / charge Decrease / (increase) in inventories Increase in trade and other receivables Increase / (decrease) in trade and other payables Increase in deferred revenue Increase in provisions Cash generated from continuing operations Income taxes paid Net cash flow from operating activities Investing activities Purchase of property, plant and equipment Acquisition of subsidiaries net of cash acquired Purchase of intangible assets – software Finance income Net cash flow from investing activities Financing activities Proceeds from issue of shares Transaction costs related to the issue of shares Dividends paid Proceeds from borrowings Repayment of borrowings Transaction costs related to borrowings Finance lease payments Finance costs Net cash flow from financing activities Increase / (decrease) in cash and cash equivalents Net foreign exchange differences Cash and cash equivalents at the start of the period Cash and cash equivalents at the end of the period The notes on pages 105 to 151 form an integral part of these financial statements. Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M (46.7) (71.9) Note 9.4 19.9 (1.0) – 31.3 (0.1) 5.1 (2.6) 15.3 1.1 (20.5) 37.1 104.4 0.3 137.7 (19.2) 118.5 (11.4) (101.7) (5.1) 0.1 (118.1) 2.8 – (10.9) 50.0 (25.0) (0.9) (0.1) (8.8) 7.1 7.5 (6.2) 66.8 68.1 8.4 29.2 (1.8) 2.4 15.0 (0.7) 36.4 3.5 20.5 (6.7) (16.1) (10.9) 59.4 0.3 46.5 (25.2) 21.3 (8.5) (46.0) (8.3) 0.7 (62.1) 126.2 (8.6) (3.1) 326.9 (389.6) (4.4) (0.1) (12.9) 34.4 (6.4) 0.6 72.6 66.8 30 12 12 34 12 34 34 34 22 105 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS For the year-ended 31 March 2017 1 GENERAL INFORMATION REPORTING ENTITY Sophos Group plc (“the Company”) is a company domiciled in the United Kingdom. The Company’s registered office is Sophos Group plc, The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP, United Kingdom. The consolidated financial statements of the Company as at and for the year-ended March 31, 2017 comprise the Company and its subsidiaries (together referred to as “the Group”). The Group is a leading provider of cloud-enabled enduser and network security solutions 2 APPLICATION OF NEW AND REVISED INTERNATIONAL FINANCIAL REPORTING STANDARDS (“IFRSs”) The Group has not applied the following new and revised IFRSs that have been issued but are not yet effective. The Directors do not anticipate that the IFRSs will have a significant effect on the Group’s consolidated financial information: Effective for annual periods beginning on or after January 2017: Amendments to IAS 7 – Statement of Cash Flows Amendment to IAS12 – Income Taxes Effective for annual periods beginning on or after January 2018: IFRS 9 – Financial Instruments Amendments to IFRS 2 – Share-based Payment Transactions IFRS 15 – REVENUE FROM CONTRACTS WITH CUSTOMERS IFRS 15 “Revenue from contracts with customers” is effective for annual periods beginning on or after 1 January 2018. The Directors have made an assessment of the impact of the standard on the Group based on the final issued version of the standard and the latest authoritative guidance and have concluded that there will be a material impact on the Group’s consolidated financial information as a result of the accelerated recognition of certain software revenue where the Group has no remaining vendor obligations and the deferral of commissions, including other direct costs, and rebates in line with the recognition of revenue. The estimate of this impact on results, had it been effective for the reported periods, is an increase in revenue in FY17 of $3.4 million (FY16: $3.0 million) and a decrease in operating expenses of $1.2 million (FY16: 0.5 million). Other receivables are estimated to increase by $27.3 million (FY16: 24.5 million) while deferred revenue would decrease by $24.4 million (FY16: 22.6 million). IFRS 16 – LEASES The Directors are still evaluating the impact on the Group of IFRS 16 – Leases, which was issued in January 2016 and becomes effective for annual periods beginning on or after 1 January 2019, which for the Group will be the year-ended 31 March 2020. The Group’s major operating lease expenditure is incurred on property lease rentals as set out in note 35 “Commitments and contingent liabilities”. Following adoption of IFRS 16, the Group will recognise a right of use (“ROU”) asset and a corresponding financial liability to the lessor based on the present value of future lease payments. In the consolidated statement of profit or loss, the property lease rentals expenditure will be replaced by amortisation of the ROU asset together with a finance expense. Alternative performance measures which exclude amortisation, will benefit from the adoption of IFRS 16 through the removal of the leasing charge. In the consolidated statement of cash flows, “Net cash flow from operating activities” will see an improvement as a result of the amortisation adjustment, with a corresponding increased outflow in “Net cash flow from financing activities”. 3 SIGNIFICANT ACCOUNTING POLICIES 3.1 STATEMENT OF COMPLIANCE The consolidated financial statements have been prepared using International Financial Reporting Standards as adopted by the European Union (“Adopted IFRSs”) as they apply to the Group. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 106 3 SIGNIFICANT ACCOUNTING POLICIES CONTINUED 3.2 GOING CONCERN The Group has considerable financial resources together with contracts with a large number of customers and across different geographic areas and industries. As a consequence, the Directors believe that the Group is well placed to manage its business risks successfully. The Directors have a reasonable expectation that the Group has adequate resources to continue in operational existence for the foreseeable future. Accordingly, they continue to adopt the going concern basis in preparing the annual financial statements. Further information regarding the Group's business activities, together with the factors likely to affect its future development, performance and position is set out in the Strategic Report on pages 10 to 39. Further information regarding the financial position of the Group, its cash flows, liquidity position and borrowing facilities are described in the Strategic Report and the notes to the financial statements. In addition, note 27 to the financial statements includes the Group's objectives, policies and processes for managing its capital, its financial risk management objectives, and its exposures to credit risk and liquidity risk. 3.3 BASIS OF CONSOLIDATION The consolidated historical financial information has been prepared under the historical cost convention and is presented in US Dollars. All values are rounded to the nearest 0.1 million ($M) unless otherwise indicated. The functional currency of Sophos Group plc is US Dollars. The Group uses US Dollars as its presentation currency to aid comparability of its financial information with that of its peers and the industry; whose information is generally presented in US Dollars. The accounting policies used in preparing the consolidated historical financial information for the year-ended 31 March 2017 have been consistently applied to all years presented and are set out below. The historical financial information consolidates the financial information of Sophos Group plc and the entities it controls (its subsidiaries) at 31 March 2017. Control is achieved where the Company has the power to govern the financial and operating policies of an investee entity so as to obtain benefits from its activities. The financial information of the subsidiaries is prepared for the same reporting period as the parent Company, using consistent accounting policies. Subsidiaries are fully consolidated from the date of acquisition, being the date on which the Group obtains control, and continue to be consolidated until the date that such control ceases. All intra-Group balances, transactions, income and expenses and profits and losses resulting from intra-Group transactions that are recognised in the statement of financial position of the individual reporting entities, are eliminated in full on consolidation. 3.4 FOREIGN CURRENCY TRANSLATION The individual historical financial information of each Group company is prepared in the currency of the primary economic environment in which it operates (its functional currency). Each entity in the Group determines its own functional currency and items included in the historical financial information of each entity are measured using that functional currency. In preparing the financial information of the individual companies, transactions in foreign currencies are recorded at the rate of exchange prevailing at the date of the transaction. Monetary assets and liabilities in foreign currencies are translated at the exchange rate prevailing at the reporting date. All exchange differences are taken to the Consolidated Statement of profit or loss, except for differences on monetary assets and liabilities that form part of the Group’s net investment in a foreign operation. These are taken directly to equity until the disposal of the net investment, at which time they are recognised in the consolidated statement of profit or loss. Tax charges and credits attributable to exchange differences on those borrowings are also dealt with in equity. Non-monetary items that are measured in terms of historical cost in a foreign currency are translated using the exchange rates as at the dates of the initial transactions. Any goodwill arising on the acquisition of a foreign operation and any fair value adjustments to the carrying amounts of assets and liabilities arising on the acquisition are treated as assets and liabilities of the foreign operation and translated at the closing rate. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 107 On consolidation, assets and liabilities of foreign subsidiaries are translated into the presentation currency (US Dollars) at the exchange rate prevailing at the reporting date. Income and expense items are translated into US Dollars at the prior month closing rate to that in which the transaction took place because they approximate the rate of exchange at the transaction dates. Exchange differences arising on the translation of opening net assets of entities whose functional currency is not US Dollars, together with differences arising from the translation of the net results at average or actual rates to the exchange rate prevailing at the reporting date, are taken to equity. On disposal of a foreign entity, the deferred accumulated amount recognised in equity relating to that particular foreign operation is recognised in the consolidated statement of profit or loss. 3.5 CRITICAL ACCOUNTING JUDGMENTS AND KEY SOURCES OF ESTIMATION UNCERTAINTY The preparation of historical financial information requires Directors to make estimates and assumptions that affect the amounts reported for assets and liabilities as at the reporting date and the amounts reported for revenues and expenses during the period. The nature of estimation means that actual outcomes could differ from those estimates. In the process of applying the Group’s accounting policies described in this note, Directors have made the following judgments that have a significant effect on the amounts recognised in the historical financial information. The key assumptions concerning the future, and other key sources of estimation uncertainty at the reporting date, that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year, are discussed below: Revenue The Group sells software products under fixed term contracts and perpetual licences. Where there is a multi-element arrangement, the consideration receivable is allocated to each element of the arrangement and this is done on the basis of an estimate of their respective fair values. In determining the relative fair values of each element, Directors make reference to current prices of individual elements and adjust this by its relative share of discounts applied to the entire sale. See note 5 Classification of exceptional items and presentation of Non-GAAP measures Directors exercise their judgement in the classification of certain items as exceptional and outside of the Group’s underlying results. The determination of whether an item should be separately disclosed as an exceptional item or other adjustments requires judgement on its materiality, nature and incidence, as well as whether it provides clarity on the Group’s underlying trading performance. In exercising this judgement, Directors take appropriate regard of IAS 1 “Presentation of financial statements’’ as well as guidance issued by the Financial Reporting Council and the European Securities and Market Authority on the reporting of exceptional items and alternative performance measures. The overall goal of the Directors is to present the Group’s underlying performance without distortion from one-off or non- trading events regardless of whether they be favourable or unfavourable to the underlying result. Further details of the individual exceptional items, and the reasons for their disclosure treatment, are set out in note 7. Share-based payment transactions The fair value of employee share options issued to third parties are measured using the Black-Scholes model. Measurement inputs include share price on the measurement date, exercise price of the instrument, expected volatility (based on weighted average historic volatility adjusted for changes expected due to publicly available information), weighted average expected life of the instruments (based on historical experience and general option holder behaviour), expected dividends, and the risk-free interest rate. Service and non-market performance conditions attached to the transactions are not taken into account in determining fair value. The fair value of Restricted Share Units and Performance Share Units is equal to the market price of the underlying shares on the day of the grant. See note 30. Research and development costs Development costs are capitalised in accordance with the accounting policy in this note. Determining the amounts to be capitalised requires Directors to make assumptions regarding the capitalisation criteria requirements of IAS 38 – Intangible assets. See note 15. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 108 3 SIGNIFICANT ACCOUNTING POLICIES CONTINUED 3.5 CRITICAL ACCOUNTING JUDGMENTS AND KEY SOURCES OF ESTIMATION UNCERTAINTY CONTINUED Business combinations Directors are required to make an assessment of the intangible assets to be recognised as a result of the business acquisition. Furthermore, Directors are required to make an assessment as to whether the intangible assets are separable and their fair values as at the time of acquisition. This is based on certain assumptions including the expected future cash flows arising from use of the intangibles, discount rates and estimated economic lives of the intangibles. See note 33 Provisions The Group measures provisions at Directors best estimate of the amount required to settle the obligation at the balance sheet date, discounted where the time value of money is considered material. These estimates take account of available information, historical experience and the likelihood of different possible outcomes. Both the amount and the maturity of these liabilities could be different from those estimated. See note 26. 3.6 REVENUE RECOGNITION Revenue is recognised to the extent that it is probable that the economic benefits will flow to the Group and the revenue can be reliably measured. Revenue is measured at the fair value of the consideration received, excluding discounts, rebates, VAT and other sales taxes or duty. The following specific recognition criteria must also be met before revenue is recognised: Revenue from software licenses and service contracts The Group sells software products under fixed-term contracts and perpetual licenses. Where there is multi-element arrangement revenue is allocated to each element on a fair value basis, based on the price at which the respective elements are usually sold separately, regardless of any separate prices stated within the contract. The portion of the revenue allocated to an element is recognised when the revenue recognition criteria for that element has been met. Fixed-term contracts Customers who receive software products at the start of the contract under a fixed-term license, are entitled to receive regular updates and upgrades for the duration of the license term which runs for periods ranging from 1 to 5 years. Revenue for these-fixed rate contracts is recognised rateably over the period that the contractual obligation exists. Accrued and deferred revenue arising on long-term contracts is included in receivables as accrued income and payables as deferred revenue as appropriate. Where the Group contracts with an original equipment manufacturer (OEM) or a service provider, rather than an end user, it mirrors the above policy and recognises the revenue in line with the contractual terms granted to the end user. Perpetual licenses Revenue is recognised immediately where customers purchase software products under a perpetual license. Revenue in respect of support and maintenance contracts associated with perpetual licenses is recognised rateably over the life of the support / maintenance contract. Sale of goods Where software licenses and hardware and are sold together, if the software is not essential to the functionality of the tangible product, then the revenue from the sale of goods is recognised immediately. However, where the software is essential to the functionality of the tangible product and the hardware cannot function without the software, revenue from the sale of goods is recognised rateably over the period of the associated software license contract. Interest income Interest income is recognised as interest is accrued. 3.7 PROPERTY, PLANT AND EQUIPMENT Property, plant and equipment is stated at cost less accumulated depreciation and accumulated impairment losses. Cost comprises the aggregate amount paid and the fair value of any other consideration given to acquire the asset and includes costs directly attributable to making the asset capable of operating as intended. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 109 Except for freehold land, depreciation is provided to write off the cost less the estimated residual values of all property, plant and equipment on a straight-line basis over their estimated useful life as follows: Freehold buildings 25 years Leasehold improvements Over the lease period Computer equipment 3 – 5 years Other plant and equipment Motor vehicles 5 years 4 years Fixtures and fittings 6 – 10 years The carrying values of property, plant and equipment are reviewed for impairment if events or changes in circumstances indicate the carrying value may not be recoverable and are written down immediately to their recoverable amount. An item of property, plant and equipment is derecognised upon disposal or when no future economic benefits are expected to arise from the continued use of the asset. Any gain or loss arising on de-recognition of the asset is included in the Consolidated Statement of profit or loss in the period of de-recognition. The residual values, useful lives and methods of depreciation of the assets are reviewed, and adjusted if appropriate, at each financial year-end. 3.8 BUSINESS COMBINATIONS AND GOODWILL Business combinations are accounted for using the acquisition accounting method. This involves recognising identifiable assets (including previously unrecognised intangible assets) and liabilities (including contingent liabilities and excluding future restructuring) of the acquired business at fair value. Business combinations on or after 1 April 2004 are accounted for under IFRS 3. Any excess of the cost of the business combination over the Group’s interest in the net fair value of the identifiable assets, liabilities and contingent liabilities is recognised in the Consolidated Statement of Financial Position as goodwill and is not amortised. To the extent that the net fair value of the acquired entity’s identifiable assets, liabilities and contingent liabilities is greater than the cost of the investment, a gain is recognised immediately in the consolidated statement of profit or loss. Goodwill recognised as an asset as at 31 March 2004 is recorded at its previous carrying amount under UK GAAP and is not amortised. After initial recognition, goodwill is stated at cost less any accumulated impairment losses, with the carrying value being reviewed for impairment, at least annually and whenever events or changes in circumstances indicate that the carrying value may be impaired. Goodwill assets considered significant in comparison to the Company’s total carrying amount of such assets have been allocated to cash-generating units or groups of cash-generating units. Where the recoverable amount of the cash-generating unit is less than its carrying amount including goodwill, an impairment loss is recognised in the consolidated statement of profit or loss. The carrying amount of goodwill allocated to a cash-generating unit is taken into account when determining the gain or loss on disposal of the unit, or of an operation within it. 3.9 INTANGIBLE ASSETS Intangible assets are carried at cost less accumulated amortisation and accumulated impairment losses. Intangible assets acquired separately from a business are carried initially at cost. An intangible asset acquired as part of a business combination is recognised outside goodwill if the asset is separable or arises from contractual or other legal rights and its fair value can be measured reliably. Expenditure on internally developed intangible assets is taken to the Consolidated Statement of profit or loss in the period in which it is incurred to the extent that the expenditure does not qualify for capitalisation under research and development costs. Where computer software is not an integral part of a related item of computer hardware, the software is classified as an intangible asset. The capitalised costs of software for internal use include external direct costs of materials and services consumed in developing or obtaining the software, and incremental payroll and payroll-related costs arising from the assignment of employees to implementation projects. Capitalisation of these costs ceases no later than the point at which the software is substantially complete and ready for its intended internal use. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 110 3 SIGNIFICANT ACCOUNTING POLICIES CONTINUED 3.9 INTANGIBLE ASSETS CONTINUED Intangible assets with a finite life have no residual value and are amortised over their expected useful lives as follows: Intangible assets arising on acquisition of subsidiaries Intellectual property 5 – 15 years reducing balance basis Brand names Customer base 15 – 20 years reducing balance basis 6 – 14 years reducing balance basis Other purchased intangible assets All other intangibles 3 years straight-line basis The amortisation expense on intangible assets with finite lives is recognised in the consolidated statement of profit or loss as a general finance and administration cost. The amortisation period and the amortisation method for an intangible asset with a finite useful life are reviewed at least annually. The carrying value of intangible assets is reviewed for impairment whenever events or changes in circumstances indicate the carrying value may not be recoverable. Intangible assets with indefinite useful lives are tested for impairment annually either individually or at the cash- generating unit level. Such intangibles are not amortised. The term of their useful life is reviewed annually to determine whether indefinite life assessment continues to be appropriate. 3.10 RESEARCH AND DEVELOPMENT COSTS Expenditure on research activities is expensed as incurred. Development expenditure is recognised as an intangible asset when its future recoverability can reasonably be regarded as assured and technical feasibility and commercial viability can be demonstrated. During the period of development, the asset is tested for impairment annually. Following the initial recognition of the development expenditure, the cost model is applied requiring the asset to be carried at cost less any accumulated amortisation and accumulated impairment losses. Amortisation of the asset begins when development is complete and the asset is available for use. It is amortised over the period of expected future sales. Development expenditure incurred on minor or major upgrades, or other changes in software functionalities does not satisfy the criteria, as the product is not substantially new in its design or functional characteristics. Such expenditure is therefore recognised as an expense in the Consolidated Statement of profit or loss as incurred. 3.11 IMPAIRMENT OF ASSETS At least annually, or when otherwise required, Directors review the carrying amounts of the Group’s tangible and intangible assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of any impairment loss. Where the asset does not generate cash flows that are independent from other assets, the Group estimates the recoverable amount of the cash-generating unit to which the asset belongs. The recoverable amount is the higher of fair value less costs to sell and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money as well as risks specific to the asset for which the estimates of future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. An impairment loss is recognised as an expense immediately in the Consolidated Statement of profit or loss. Where an impairment loss subsequently reverses, the carrying amount of the asset is increased to the revised estimate of its recoverable amount, but not beyond the carrying amount that would have been determined had no impairment loss been recognised for the asset in prior years. A reversal of an impairment loss is recognised immediately as income in the Consolidated Statement of profit or loss, although impairment losses relating to goodwill may not be reversed. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 111 3.12 INVENTORIES Inventories are stated at the lower of cost and net realisable value. Cost includes all costs incurred in bringing each product to its present location and condition. The cost of raw materials, consumables and goods for resale is based on the purchase cost and is determined on a first-in, first-out basis. Net realisable value is based on estimated selling price less any further costs expected to be incurred to completion and disposal. 3.13 FINANCIAL INSTRUMENTS Financial assets and liabilities are recognised in the Group’s statement of financial position when the Group becomes party to the contractual provisions of the instrument. When financial instruments are recognised initially they are measured at fair value, being the transaction price plus, in the case of financial assets and financial liabilities not at fair value through profit or loss, directly attributable transaction costs. Trade receivables Trade receivables, which generally have 30-90 day payment terms, are carried at original invoice amount, including value added tax and other sales taxes, less an estimate made for doubtful receivables based on a review of any outstanding amounts at the period end and on historical performance. Provision for bad debts is made in the period in which they are identified. Cash and cash equivalents Cash and cash equivalents comprise cash in hand and bank deposits repayable in 90 days or less. For the purpose of the Consolidated Statement of Cash Flows, cash and cash equivalents consist of cash in hand and bank deposits net of outstanding bank overdrafts. Trade payables Trade payables are recognised at cost, which is deemed to be materially the same as the fair value. Classification of equity instruments as debt or equity Financial liabilities and equity instruments are classified according to the substance of the contractual arrangements entered into. An equity instrument is any contract that evidences a residual interest in the assets of the Group after deducting all of its liabilities. When equity instruments are issued, any component that creates a financial liability of the Group is presented as a liability in the Consolidated Statement of Financial Position; measured initially at fair value net of transaction costs and thereafter at amortised cost until extinguished on conversion or redemption. The corresponding dividends relating to the liability component are charged as interest expense in the Consolidated Statement of profit or loss. Equity instruments issued by the Company are recorded as the proceeds received, net of direct issue costs. Equity instruments are classified according to the substance of the contractual arrangements entered into. Interest bearing loans and borrowings Obligations for loans and borrowings are recognised when the Group becomes party to the related contracts and are measured initially at fair value less directly attributable transactions costs. After initial recognition, interest bearing loans and borrowings are subsequently measured at amortised cost using the effective interest method. Gains and losses arising on the re-purchase, settlement or other cancellation of liabilities are recognised respectively in finance income and finance expense. Derivative financial instruments The Group sometimes uses derivative financial instruments, principally forward foreign currency contracts to reduce its exposure to exchange rate movements and interest rate caps to reduce its exposure to fluctuating interest rates. The Group does not hold or issue derivatives for speculative or trading purposes. Derivative financial instruments are recognised as assets and liabilities measured at their fair values at the reporting date. Changes in the fair values are recognised in the Consolidated Statement of profit or loss and this is likely to cause volatility in situations where the carrying value of the hedged item is either not adjusted to reflect fair value changes arising from the hedged risk or is so adjusted but that adjustment is not recognised in the Consolidated Statement of profit or loss. Provided the conditions specified by IAS 39 — Financial Instruments are met, hedge accounting may be used to mitigate this volatility. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 112 3 SIGNIFICANT ACCOUNTING POLICIES CONTINUED 3.14 LEASES Leases are classified as finance leases whenever the terms of the lease transfer substantially all the risks and rewards of ownership to the lessee. All other leases are classified as operating leases. Rentals payable under operating leases are charged to income on a straight-line basis over the term of the relevant lease. Benefits received and receivable as an incentive to enter into an operating lease are also spread on a straight- line basis over the lease term. 3.15 PROVISIONS A provision is recognised when the Group has a legal or constructive obligation as a result of a past event and it is probable that an outflow of economic benefits will be required to settle the obligation and a reliable estimate can be made of the amount of the obligation. If the effect is material, expected future cash flows are discounted using a current pre-tax rate that reflects, where appropriate, the risks specific to the liability. Where the Group expects some or all of a provision to be reimbursed, for example under an insurance policy, the reimbursement is recognised as a separate asset but only when recovery is virtually certain. The expense relating to any provision is presented in the consolidated statement of profit or loss net of any reimbursement. Where discounting is used, the increase in the provision due to unwinding the discount is recognised as a finance expense. 3.16 TAXATION The income tax charge represents the sum of the current and deferred taxes. Current tax payable or recoverable is based on the taxable profit for the period. Taxable profit differs from profit reported in the consolidated statement of profit or loss because some items of income or expense are taxable in different periods or may never be taxable or deductible. The Group’s liability for current tax is calculated using UK and foreign rates and laws that have been enacted or substantively enacted by the reporting period date. A current tax provision is recognised when the group has a present obligation as a result of a past event and it is probable that the group will be required to settle that obligation. Tax liabilities are recognised when it is considered probable that there will be a future outflow of funds to a taxing authority. They are measured using the single best estimate of likely outcome approach. The Group’s current tax provision relates to the management’s judgement of the amount of tax payable on open tax computations where the liabilities remain to be agreed with authorities. The uncertain tax items for which provision is made, relate to the interpretation of tax legislation impacting arrangements entered into in the ordinary course of business. Due to the uncertainty associated with such items, it is possible that at a future date, on conclusion of open tax matters, the final outcome may vary. Deferred tax is the tax expected to be payable or recoverable in the future arising from temporary differences between the carrying amounts of assets and liabilities in the financial statements and the corresponding tax bases used in the computation of taxable profit. It is accounted for using the balance sheet liability method. Deferred tax liabilities are generally recognised for all taxable temporary differences and deferred tax assets are recognised to the extent that it is probable that taxable profits will be available against which deductible temporary differences can be utilised. Such assets and liabilities are not recognised if the temporary difference arises from the initial recognition of goodwill or from the initial recognition (other than in a business combination) of other assets and liabilities in a transaction that affects neither the tax profit nor the accounting profit. Deferred tax liabilities are recognised for taxable temporary differences arising on investments in subsidiaries, except where the Group is able to control the reversal of the temporary difference and it is probable that the temporary difference will not reverse in the foreseeable future. The carrying amount of deferred tax assets is reviewed at each reporting date and reduced to the extent that it is no longer probable that sufficient taxable profits will be available to allow all or part of the asset to be recovered. Deferred tax is calculated at the tax rates that are expected to apply in the period when the liability is settled or the asset is realised. The rate is based on tax rates that have been enacted or substantively enacted by the reporting period date. Deferred tax is charged or credited in the consolidated statement of profit or loss, except when it relates to items charged or credited to other comprehensive income or directly to equity, in which case the deferred tax is dealt with in other comprehensive income or in equity. Deferred tax assets and deferred tax liabilities are offset if a legally NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 113 enforceable right exists to set off current tax assets against current tax liabilities and the deferred taxes relate to the income taxes levied in the same taxation authority on either the same entity or on different taxable entities which intend to settle the current tax assets and liabilities on a net basis. 3.17 PENSIONS AND OTHER POST-RETIREMENT BENEFITS The Group operates defined contribution pension schemes for its employees. The assets of the schemes are held separately from those of the Group in independently administered funds. Contributions to defined contribution schemes are recognised in the Consolidated Statement of profit or loss in the period in which they become payable. 3.18 SHARE-BASED PAYMENTS Employees (including senior executives) of the Group receive remuneration in the form of share-based payment transactions, whereby employees render services as consideration for equity instruments ("equity-settled transactions"). The cost of equity-settled transactions with employees is measured by reference to the fair value at the date on which they are granted. The fair value is determined by using an appropriate pricing model, further details of which are given in note 30. The cost of equity-settled transactions is recognised, together with a corresponding increase in equity, ending on the date on which the relevant employees become fully entitled to the award. At each reporting date before vesting, the cumulative expense is calculated, representing the extent to which the vesting period has expired and the Directors best estimate of the achievement or otherwise of non-market conditions and of the number of equity instruments that will ultimately vest or, in the case of an instrument subject to a market condition, be treated as vesting as described above. The movement in cumulative expense since the previous reporting date is recognised in the consolidated statement of profit or loss, with a corresponding entry in equity. Where the terms of an equity-settled award are modified or a new award is designated as replacing a cancelled or settled award, the cost based on the original award terms continues to be recognised over the original vesting period. In addition, an expense is recognised over the remainder of the new vesting period for the incremental fair value of any modification, based on the difference between the fair value of the original award and the fair value of the modified award, both as measured on the date of the modification. No reduction is recognised if this difference is negative. Where an equity-settled award is cancelled, it is treated as if it had vested on the date of cancellation, and any cost not yet recognised in the consolidated statement of profit or loss for the award is expensed immediately. Any compensation paid up to the fair value of the award at the cancellation or settlement date is deducted from equity, with any excess over fair value being treated as an expense in the Consolidated Statement of profit or loss. 3.19 EXCEPTIONAL ITEMS Exceptional items are those that in the judgment of the Directors need to be disclosed by virtue of their size, nature or incidence, in order to draw the attention of the reader and to show the underlying business performance of the Group more accurately. Such items are included within the income statement caption to which they relate, and are separately disclosed either in the notes to the consolidated financial statements or on the face of the consolidated income statement. 3.20 EVENTS AFTER REPORTING DATE Events between the reporting date and the date the financial statements are approved, favourable and unfavourable, providing evidence of conditions that existed at the reporting date, adjust the amounts recognised in the financial statements. Those that indicate conditions arising after the reporting date are disclosed but are not recognised within the financial statements. 4 SEGMENT INFORMATION For internal management reporting purposes, the primary segment reporting format is determined to be geographic segments as the Group's risks and rates of return are affected predominantly by the different economic environments. This is consistent with the information provided to the Chief Operating Decision Maker. The Group has only one secondary business segment on the basis that the products and services offered to external customers are very similar and therefore do not result in different risks and rates of return for the Group. The Group's geographical segments are based on the location of the Group's operations consisting of Europe, Middle East and Africa (“EMEA”), The Americas and Asia Pacific and Japan (“APJ”). INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 114 4 SEGMENT INFORMATION CONTINUED Billings are the value of products and services invoiced to customers after receiving a purchase order from the customer and delivering products and services to them, or for which there is no right to a refund. Billings does not equate to statutory revenue. Billings are classified by the geographic location of direct customers, OEMs and the distributors which purchase our products. The geographic location of OEMs or distributors may be different from that of the end customers. A disclosure of revenue by region is included in the Financial Review on page 31. The accounting policies of the reportable segments are the same as the Group’s accounting policies described in note 3. Segment profits represent the profit earned by each segment without allocation of central administration costs including Directors’ salaries, finance costs and income tax expense. This is the measure reported to the Chief Operating Decision Maker, the Chief Executive Officer, and Senior Management Team for the purposes of resource allocation and assessment of segment performance. Transfer prices between geographical segments are set on an arm's length basis in a manner similar to transactions with third parties. Geographical segments The following tables present billings, expenditure and certain asset information regarding the Group's geographical segments for the period ended 31 March 2017 and 31 March 2016. Year-ended 31 March 2017 Billings Regional cost of sales Regional gross margin Regional sales and marketing expense Regional operating profit Revenue deferral Central costs Amortisation Depreciation Operating loss Year-ended 31 March 2016 Billings Regional cost of sales Regional gross margin Regional sales and marketing expense Regional operating profit Revenue deferral Central costs Amortisation Depreciation Operating loss Americas $M 217.6 (16.2) 201.4 (64.2) 137.2 Americas $M 187.9 (13.3) 174.6 (55.4) 119.2 EMEA $M 319.5 (36.5) 283.0 (69.0) 214.0 EMEA $M 264.0 (34.6) 229.4 (60.2) 169.2 APJ $M 95.0 (15.2) 79.8 (29.5) 50.3 APJ $M 83.0 (15.8) 67.2 (28.1) 39.1 Total $M 632.1 (67.9) 564.2 (162.7) 401.5 (102.4) (314.1) (19.9) (9.4) (44.3) Total $M 534.9 (63.7) 471.2 (143.7) 327.5 (56.7) (265.9) (29.2) (8.4) (32.7) NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 115 Other segment information Segment assets Americas EMEA APJ Total segment assets Unallocated assets Consolidated total assets Unallocated assets relate to financial instruments and deferred tax. Depreciation and amortisation Americas EMEA APJ Total depreciation and amortisation Additions to non-current assets Americas EMEA APJ Total additions to non-current assets 31 March 2017 $M 31 March 2016 $M 332.5 658.1 127.3 1,117.9 105.3 311.8 568.1 117.7 997.6 73.9 1,223.2 1,071.5 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 4.9 22.0 2.4 29.3 7.1 27.8 2.7 37.6 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 2.1 11.5 2.9 16.5 1.8 11.9 3.1 16.8 Additions to non-current assets exclude financial instruments, other receivables and deferred tax assets Non-current assets by country UK USA Germany Other countries Total non-current assets by country 31 March 2017 $M 31 March 2016 $M 20.9 3.4 2.2 10.0 36.5 27.5 2.9 2.5 8.1 41.0 Non-current assets by country exclude financial instruments, goodwill, intellectual property, other intangibles and deferred income taxes. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 116 4 SEGMENT INFORMATION CONTINUED Revenue from external customers by country UK USA Germany Other countries Total Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 58.7 169.3 103.1 198.6 529.7 58.9 151.3 89.3 178.7 478.2 The Group’s revenue is diversified across its entire end customer base and no single end user accounted for greater than 10% of the Group’s revenue (2016: none). In 2017 three distributors accounted for 15 percent, 13 percent and 11 percent each of Group billings which were attributable to all segments of the Group (2016: two distributors at 17 percent and 12 percent each). 5 REVENUE Revenue recognised in the Consolidated Statement of Profit or Loss is analysed as follows: Revenue by product Network Enduser Other Total Revenue by type Subscription Hardware Other Total Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 271.2 231.6 26.9 529.7 239.0 211.9 27.3 478.2 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 410.7 106.7 12.3 529.7 364.7 100.9 12.6 478.2 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 117 6 ALTERNATIVE PERFORMANCE MEASURES (“APMs”) The Group uses certain financial measures that are not defined or recognised under IFRS. The Directors believe that these non-GAAP measures enable a better understanding of the results of the Group and are used as key performance indicators within the business to aid in evaluating its current business performance. As the measures are not defined by IFRS other companies may calculate them differently or may use such measures for different purposes than the Group does, limiting the usefulness of such measures as a comparative. Constant currency measures have limitations, particularly as the currency effects that are eliminated may constitute a significant element of the Group’s revenue and expenses and could materially impact the Group’s performance. The Directors do not evaluate the Group’s results and performance on a constant currency basis without also evaluating the Group’s financial information prepared at actual foreign exchange rates in accordance with IFRS. The definition of non-GAAP measures in the year-ended 31 March 2017 is consistent with those presented for the year-ended 31 March 2016. However, to ensure such measures remain relevant, the Group regularly reviews their usage and is now proposing a change to the non-GAAP measures that it publishes. The Directors have updated the key metrics used in the year to enable greater comparability while retaining the key aspects of measures that provide visibility into the fundamental underlying performance of the Group. Hence in the current year, as explained in the sections below, both the previous and future metrics have been presented to provide some consistency, whilst in future annual reports only details of the revised metrics in use in that period will be disclosed. The reconciliation of non-GAAP measures to GAAP measures is set out below. BILLINGS Billings represent the value of products and services invoiced to customers after receiving a purchase order from the customer and delivering products and services to them, or for which there is no right to a refund. Billings does not equate to statutory revenue. In previous periods the Group has also reported like-for-like billings which represent billings on a constant currency basis excluding disposals and including acquisitions from the point of acquisition plus the pre-acquisition billings of any acquired companies on a reported basis. To aid comparability with peer companies the Group will only be using actual rate and constant currency billings in the future. As like-for-like billings growth has been previously disclosed, and in accordance with best practice for a transition in metric disclosures, the figures for the current and comparative periods are, on this occasion, shown below. Revenue Net deferral of revenue Billings Currency revaluation Constant currency billings Pre-acquisition billings1 Like-for-like billings Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 529.7 102.4 632.1 16.6 648.7 – 648.7 478.2 56.7 534.9 6.2 541.1 3.4 544.5 1 Invincea was acquired on 21 March 2017 and contributed $0.3M of billings in the year-ended 31 March 2017, as a result pre-acquisition billings for Invincea are excluded from the like-for-like calculation. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 118 6 ALTERNATIVE PERFORMANCE MEASURES (“APMs”) CONTINUED ADJUSTED OPERATING PROFIT AND CASH EBITDA Adjusted operating profit provides a supplemental measure of earnings that facilitates review of operating performance on a period-to-period basis by excluding non-recurring and other items that are not indicative of the Group’s underlying operating performance. Adjusted operating profit is a key profit measure used by the Board to assess the underlying financial performance of the Group. Adjusted operating profit is stated before the following items for the following reasons • Exceptional items, as set out in Note 7, are those items that in the Directors judgment should be disclosed separately by virtue of their size, nature or incidence, in order to show the underlying business performance of the Group more accurately. • Charges for the amortisation of acquired intangibles are excluded from the calculation of adjusted operating profit because these charges are based on judgments about their value and economic life, are the result of the application of acquisition accounting rather than core operations and bear no relation to the Group’s underlying ongoing performance. • Share-based payment charges are similarly excluded from the calculation of adjusted operating profit because these represent a non-cash accounting charge for long term incentives to senior management rather than the underlying operations of the Group’s business. On an ongoing basis, the Group will be reporting on adjusted operating profit as it believes that it will improve comparability of the Group’s results, while also giving insight into the Group’s underlying trading performance. Cash earnings before interest, taxation, depreciation and amortisation (“Cash EBITDA”) is defined as the Group’s operating profit / (loss) adjusted for depreciation and amortisation charges, any gain or loss on the sale of tangible and intangible assets, share option charges, unrealised foreign exchange differences and exceptional items, with billings replacing recognised revenue and is a useful supplemental measure of earnings that provides visibility on actual cash earned in the year. Depreciation and unrealised foreign exchange differences are adjusted as they do not represent cash costs of the business. Operating loss Amortisation of intangible purchased assets Share-based payments expense Exceptional items Adjusted operating profit Depreciation Foreign exchange loss / (gain) Net deferral of revenue Cash EBITDA Billings Revenue Net deferral of revenue (note 24) Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M (44.3) (32.7) 19.9 31.3 31.4 38.3 9.4 – 102.4 150.1 632.1 (529.7) 102.4 29.2 15.0 41.9 53.4 8.4 2.4 56.7 120.9 534.9 (478.2) 56.7 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 119 UNLEVERED FREE CASH FLOW Unlevered free cash flow represents net cash flow from operating activities adjusted for exceptional items and net capital expenditure. Unlevered free cash flow provides an understanding of the Group’s cash generation and is a supplemental measure of liquidity in respect of the Group’s operations without the distortions of exceptional and other non-operating items. Net cash flow from operating activities Exceptional items Net capital expenditure Unlevered free cash flow Cash EBITDA Net capital expenditure Change in working capital Corporation tax paid Unlevered free cash flow Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 118.5 31.4 (16.5) 133.4 21.3 41.9 (16.8) 46.4 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 150.1 (16.5) 19.0 (19.2) 133.4 120.9 (16.8) (32.5) (25.2) 46.4 7 EXCEPTIONAL ITEMS Exceptional items are those that in the judgment of the Directors need to be disclosed by virtue of their size, nature or incidence, in order to draw the attention of the reader and to show the underlying business performance of the Group more accurately. Such items are included within the income statement caption to which they relate and are separately disclosed on the face of the consolidated income statement within general finance and administration expenses. During the year-ended 31 March 2017, acquisition related expenses of $7.2M (2016: $1.7M), restructuring and integration costs of ($0.4M) (2016: $2.6M) and costs incurred in relation to the defence and settlement of certain intellectual property (“IP”) litigation of $24.6M (2016: $19.8M) were incurred. In the prior-year, Initial Public Offering (“IPO”) costs of $17.8M were incurred. The current-year Intellectual Property litigation costs include an omnibus agreement entered into with Finjan Inc. on 30 March 2017 resolving all the parties’ disputes. This resulted in total exceptional items of $31.4M (2016: $41.9M).Tax relief on these exceptional items amounted to $4.8M (2016: $5.3M). INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 120 8 LOSS ON ORDINARY ACTIVITIES The loss on ordinary activities before taxation is stated after charging: Depreciation of property, plant and equipment Amortisation of intangible assets Research and development expenditure Operating lease rentals: Property Other Pension scheme contributions Impairment of trade receivables Net foreign currency differences Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 9.4 19.9 117.8 10.8 1.4 6.5 0.1 1.1 8.4 29.2 99.6 8.9 1.4 6.7 0.5 (0.2) 9 AUDITOR’S REMUNERATION The Group paid the following amounts to its auditors in respect of the audit of the historical financial information and for other non-audit services provided to the Group. Audit of the financial statements Subsidiary local statutory audits Total audit fees Taxation compliance services Other assurance services1 Total non-audit fees 1 Other assurance services relates to the Company’s Initial Public Offering in the year-ended 31 March 2016. Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 0.4 0.2 0.6 0.2 – 0.2 0.3 0.2 0.5 0.2 1.1 1.3 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 121 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 234.2 22.2 6.5 9.2 200.5 19.1 6.7 7.7 272.1 234.0 32.5 304.6 16.3 250.3 Year-ended 31 March 2017 Year-ended 31 March 2016 1,830 1,487 998 294 934 278 3,122 2,699 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 3.2 7.9 11.1 3.0 5.2 8.2 10 EMPLOYEE COSTS Wages and salaries Social security costs Pension costs Other costs Share-based payments (note 30) Total employee costs The average number of employees during the period, analysed by category, was as follows: Technical Sales and marketing Administration Total average number of employees 11 DIRECTORS’ REMUNERATION Directors' emoluments Share-based payment – equity-settled Total Directors' emoluments Directors’ remuneration represents all emoluments and aggregate contributions to pension schemes earned during the year as a Director of Sophos Group plc and its subsidiaries. Further details can be found in the Group’s Remuneration Report on pages 65 to 87. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 122 12 FINANCE INCOME AND EXPENSE Finance income Interest on bank deposits Finance expense Interest expense on loans and borrowings Other interest, bank charges and swap settlements Accretion on Subordinated Preference Certificates Accretion on contingent consideration Foreign exchange (gain) / loss on borrowings Amortisation of facility fees Facility fees expensed on settlement of debt Total finance expense Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 0.1 0. 7 Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 7.8 0.4 8.2 – 0.2 (4.2) 0.9 – 5.1 11.0 0.5 11.5 13.5 0.2 4.4 0.9 5.9 36.4 13 TAXATION UK corporation tax for the year-ended 31 March 2017 is calculated at 20% (2016:20%) of the estimated assessable loss for the period. Current income tax: UK corporation tax Adjustments in respect of previous years UK tax Overseas tax before exceptional items Overseas tax on exceptional items Adjustment in respect of previous years Total current tax charge Deferred tax: Origination and reversal of temporary differences Origination and reversal of temporary differences on exceptional items Adjustment in respect of previous years Total deferred tax credit Total income tax (credit) / charge Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M (4.0) (1.1) 22.5 0.1 4.1 21.6 (2.0) (2.7) 30.4 (1.0) 0.6 25.3 (18.9) (15.9) (5.0) (0.3) (4.2) (1.7) (24.2) (21.8) (2.6) 3.5 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 123 The charge for the year-ended can be reconciled to the loss for the period before taxation per the consolidated statement of profit or loss as follows: Loss for the year before taxation Loss for the year before taxation multiplied by the standard rate of corporation tax in the UK of 20% (2016: 20%) Effects of: Adjustments in respect of previous years Change in tax rate during the year Expenses not deductible for tax purposes Losses not recognised Higher tax rates on overseas earnings Research and development and other tax credits Other movements (Credit) / charge for taxation on loss for the year Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M (49.3) (9.9) (68.4) (13.7) 2.7 1.6 (1.8) 1.8 6.5 (5.4) 1.9 (2.6) (4.2) 1.1 7.0 6.8 8.7 (3.2) 1.0 3.5 The Group’s taxation strategy is aligned to business strategy and operational needs. Oversight of taxation is within the remit of the Audit and Risk Committee. The Chief Financial Officer is responsible for tax strategy supported by a global team of tax professionals. Sophos strives for an open and transparent relationship with all revenue authorities. A tax authority may seek adjustment to the filing position adopted by a Group company and it is accepted that interpretation of complex regulations may lead to additional tax being assessed. Uncertain tax positions are monitored regularly and a provision made in the accounts where appropriate. Key influences The Group’s tax rate is sensitive to the geographic mix of profits and reflects a combination of higher rates in certain jurisdictions, such as Germany, a low effective rate in the UK due to available tax losses and rates that lie in between. The group receives incentives in certain jurisdictions. In the UK, the Research & Development Expense Credit resulted in a lower tax charge in the income statement and a lower net cash tax payment. There is no guarantee that these incentives will continue to be applicable in future years. Expected future rate Over the medium term the tax rate is likely to stabilise as the integration of acquisitions in higher rate jurisdictions are completed. However, the tax rate may fluctuate if business changes are implemented in response to legislation arising from the OECD’s Base Erosion & Profit Shifting Project, the UK’s exit from the EU and proposed tax reforms following the US presidential election. Legislative change in key territories is being monitored and acted upon. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 124 13 TAXATION CONTINUED Deferred tax assets and liabilities are attributable to the following: Deferred income tax assets in relation to: Deferred revenue Tax value of carry forward losses of UK subsidiaries Tax value of carry forward losses of overseas subsidiaries Advanced capital allowances Share-based payments Other timing differences Total Deferred income tax liabilities in relation to: Intangible assets Other timing differences Total 31 March 2017 $M 31 March 2016 $M 37.1 15.4 13.1 6.2 19.7 13.8 105.3 14.4 – 14.4 35.1 9.3 2.3 6.7 13.7 6.8 73.9 9.6 0.5 10.1 Losses A deferred tax asset has been recognised in respect of losses where current forecasts indicate profits will arise in the foreseeable future against which the losses recognised will be offset. At the balance sheet date the Group has unused tax losses of $336.6M (2016: $248.5M) available for offset against future profits. A deferred tax asset has been recognised in respect of $118.2M (2016: $54.6M) of such losses. No deferred tax asset has been recognised in respect of the remaining $218.4M (2016: $193.9M unutilised) as it is not considered probable that there will be the required type of future trading or non-trading profits available in the correct entities necessary to permit offset and recognition. Share-based payments A remuneration expense for share based payments is recorded in the consolidated statement of profit or loss over the period from the award date to the vesting date of the relevant options. Where there is a temporary difference between the accounting and tax bases, a deferred tax asset may be recorded. Any deferred tax asset arising on share option awards is calculated as the estimated amount of tax deduction to be obtained in the future. This is based on the Group’s share price at the reporting date so will be impacted by share price movement and is pro-rated to the extent that the services of the employee have been rendered over the vesting period. If this amount exceeds the cumulative amount of the remuneration expense at the statutory rate, the excess is recorded directly in equity, against retained earnings. Similarly, current tax relief in excess of the cumulative amount of the remuneration expense at the statutory rate is also recorded in retained earnings. Deferred tax assets have only been recognised in jurisdictions in which future tax deductions are expected. As at 31 March 2017 the aggregate amount of temporary differences associated with undistributed earnings of subsidiaries for which deferred tax liabilities have been recognised was $Nil (2016: $Nil). No liability has been recognised because the Group is in a position to control the reversal of temporary differences and it is probable that such differences will not reverse in the foreseeable future. Deferred tax assets and liabilities are measured at the tax rates that are expected to apply in the period when the asset is realised or the liability settled, based on tax rates that have been enacted or substantially enacted at the reporting date. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 125 14 EARNINGS PER SHARE Basic earnings per share (“EPS”) is calculated by dividing the profit for the period attributable to equity holders of the parent by the weighted average number of ordinary shares outstanding during the period. Diluted EPS is calculated by dividing the profit for the period attributable to equity holders of the parent by the weighted average number of ordinary shares outstanding during the period plus the weighted average number of shares that would be issued if all dilutive potential ordinary shares were converted into ordinary shares. In accordance with IAS 33, the dilutive earnings per share are without reference to adjustments in respect of outstanding shares when the impact would be anti-dilutive. Adjusted EPS is calculated by dividing the adjusted operating profit for the period attributable to equity holders of the parent by the weighted average number of ordinary shares outstanding during the period. In the prior-year, adjusted EPS was calculated on the basis of cash EBITDA. In the current-year, the calculation has been made on the basis of adjusted operating profit, with an equivalent restatement of the comparative number. This change of basis has been made to ensure better comparability with other UK listed companies. In each case, the weighted average number of shares take into account the weighted average number of own shares held during the period. The following reflects the income and share data used in calculating EPS: Loss for the period attributable to the equity holders of the Company Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M (46.7) (71.9) Adjusted operating profit for the period attributable to the equity holders of the Company (see note 6) 38.3 53.4 Weighted average number of shares (000's): Effects of dilution from: Share options Restricted share units Diluted weighted average number of shares (000's): Basic and diluted EPS Adjusted EPS Diluted adjusted EPS Year-ended 31 March 2017 Year-ended 31 March 2016 452,338 438,640 11,434 10,589 17,818 3,992 474,361 460,450 Year-ended 31 March 2017 $ Cents Year-ended 31 March 2016 $ Cents (10.3) (16.4) 8.5 8.1 12.1 11.6 The weighted average number of shares used in the calculation for the comparative period reflects the shares in issue after adjusting for the capital restructuring. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 126 15 INTANGIBLE ASSETS Cost At 31 March 2015 Additions Acquired through business combinations Disposals Effect of movements in exchange rates At 31 March 2016 Additions Acquired through business combinations Effect of movements in exchange rates Goodwill $M Intellectual Property $M 669.8 361.4 – 41.6 – 4.9 – 5.6 – 1.9 716.3 368.9 – 99.8 (6.6) – 21.6 (2.2) At 31 March 2017 809.5 388.3 Amortisation/Impairment loss At 31 March 2015 Charge for the period Disposals Effect of movements in exchange rates At 31 March 2016 Charge for the period Effect of movements in exchange rates At 31 March 2017 Net book value At 31 March 2016 At 31 March 2017 0.2 – – – 341.9 12.7 – 1.7 0.2 356.3 – – 7.4 (2.1) 0.2 361.6 716.1 809.3 12.6 26.7 Software $M Others $M Total $M 29.0 8.3 – (0.1) (1.0) 36.2 5.1 – (4.2) 37.1 15.4 6.2 (0.1) (0.6) 20.9 7.0 (2.6) 25.3 15.3 11.8 258.7 1,318.9 – 6.2 – 2.3 8.3 53.4 (0.1) 8.1 267.2 1,388.6 – 1.2 (3.1) 5.1 122.6 (16.1) 265.3 1,500.2 242.1 10.3 – 2.2 599.6 29.2 (0.1) 3.3 254.6 632.0 5.5 (3.0) 19.9 (7.7) 257.1 644.2 12.6 8.2 756.6 856.0 Intellectual property is written off on a reducing balance basis over its estimated useful life of up to fifteen years. Software is amortised on a straight line basis over 3 years. Within Other intangibles, brand names are amortised on a reducing balance basis over a period of up to twenty years, and the customer base on a reducing balance basis over a period of up to fourteen years. The Group has not capitalised development costs in the year-ended 31 March 2017 (2016: $Nil). The Group does not have any intangible assets with indefinite useful lives. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 127 16 IMPAIRMENT OF GOODWILL AND INTANGIBLES Before recognition of impairment losses, the carrying amount of goodwill had been allocated as follows: Americas EMEA APJ 31 March 2017 $M 31 March 2016 $M 253.0 473.2 83.1 809.3 253.5 379.3 83.3 716.1 Impairment of goodwill and intangible assets is tested annually or more frequently where there is indication of impairment. The goodwill of $96.4M arising on the acquisition of Invincea Inc., on 21 March 2017 has been initially allocated to the EMEA CGU. Management will re-assess the allocation of goodwill within 12 months from the acquisition date based upon synergies provided to each CGU. Where the asset does not generate cash flows that are independent from other assets, the Group estimates the recoverable amount of the cash-generating unit to which the asset belongs. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash- generating unit is reduced to its recoverable amount. An impairment loss is recognised as an expense immediately in the Consolidated Statement of profit or loss. Goodwill is considered impaired if the carrying value of the cash-generating unit to which it relates is greater than the higher of fair value less costs of disposal and the value in use. For the year-ended 31 March 2017, the Directors have reviewed the value of goodwill based on internal value in use calculations. The key assumptions for these calculations are discount rates, growth rates and expected changes to billings and direct costs during the period. The Group prepares cash flow forecasts derived from the Directors’ most recent financial forecasts for the following five years. The growth rates for the five-year period are based on Directors expectations of the medium-term operating performance of the cash-generating unit, planned growth in market share, industry forecasts, growth in the market and specific regional considerations. Discount rates have been estimated based on rates that reflect current market assessments of the Group’s weighted average cost of capital. The key assumptions used in the assessments in the year-ended 31 March 2017 are as follows: Long-term regional growth rate beyond 5 years Discount rate Americas % 2.5% 10.5% EMEA % 1.5% 10.0% The key assumptions used in the assessments in the year-ended 31 March 2016 were as follows: Long-term regional growth rate beyond 5 years Discount rate Americas % 2.5% 11.0% EMEA % 1.5% 10.0% APJ % 2.0% 11.5% APJ % 2.0% 12.0% As at 31 March 2017, there were no indicators of impairment that suggested the carrying amounts of the Group’s long-lived assets are not recoverable. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 128 17 PROPERTY, PLANT AND EQUIPMENT Cost As at 31 March 2015 Additions Acquired through business combinations Disposals Effect of movements in exchange rates As at 31 March 2016 Additions Acquired through business combinations Disposals Effect of movements in exchange rates As at 31 March 2017 Depreciation As at 31 March 2015 Charge for the year Acquired through business combinations Disposals Effect of movements in exchange rates As at 31 March 2016 Charge for the year Acquired through business combinations Disposals Effect of movements in exchange rates As at 31 March 2017 Net book value At 31 March 2016 At 31 March 2017 Land and Buildings $M Plant and Machinery $M Fixtures and Fittings $M 20.5 1.6 – (0.1) (1.5) 20.5 0.9 – – (6.4) 15.0 7.1 2.5 – (0.1) (0.7) 8.8 2.7 – – (3.3) 8.2 11.7 6.8 22.8 5.9 1.5 (0.6) (0.2) 29.4 9.8 0.5 (0.3) (2.5) 36.9 13.6 5.1 0.9 (0.6) (0.1) 18.9 6.0 0.4 (0.3) (2.0) 23.0 10.5 13.9 3.4 1.0 0.1 (0.1) – 4.4 0.7 0.1 – (0.3) 4.9 0.9 0.8 – (0.1) 0.1 1.7 0.7 – – (0.2) 2.2 2.7 2.7 Total $M 46.7 8.5 1.6 (0.8) (1.7) 54.3 11.4 0.6 (0.3) (9.2) 56.8 21.6 8.4 0.9 (0.8) (0.7) 29.4 9.4 0.4 (0.3) (5.5) 33.4 24.9 23.4 Included in the net book value of property, plant and equipment are assets under finance lease of $0.1M (2016: $0.2M). There has been no impairment to the property, plant and equipment held by the Group. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 129 31 March 2017 $M 31 March 2016 $M 37.1 15.4 13.1 6.2 19.7 13.8 105.3 14.4 – 14.4 35.1 9.3 2.3 6.7 13.7 6.8 73.9 9.6 0.5 10.1 31 March 2017 $M 31 March 2016 $M – – – – 0.6 (0.4) (0.2) – 31 March 2017 $M 31 March 2016 $M 16.2 18.7 18 DEFERRED TAX Deferred tax assets and liabilities are attributable to the following: Deferred income tax assets in relation to: Deferred revenue Tax value of carry forward losses of UK subsidiaries Tax value of carry forward losses of overseas subsidiaries Advanced capital allowances Share-based payments Other timing differences Total Deferred income tax liabilities in relation to: Intangible assets Other timing differences Total 19 INVESTMENTS Employee benefit Trust Brought forward Shares cancelled on pre-admission restructuring Own shares transferred to equity Carried forward 20 INVENTORIES Finished goods and goods for resale The amount of write-down of inventories included within cost of sales was $0.1M (2016: $1.0M). INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 130 21 TRADE AND OTHER RECEIVABLES Current Trade receivables Prepayments Other receivables Total current trade and other receivables Non-current Other receivables Total non-current trade and other receivables 31 March 2017 $M 31 March 2016 $M 123.1 14.1 8.0 103.7 19.0 7.1 145.2 129.8 1.3 1.3 0.8 0.8 Trade receivables are non interest-bearing and are generally on 30-90 day payment terms depending on the geographical territory in which sales are generated. The carrying value of trade and other receivables also represents their fair value. During the period ended 31 March 2017 a provision for impairment of $0.1M (2016: $0.3M) was recognised in operating expenses against receivables. At 31 March 2017, trade receivables at a nominal value of $0.4M (2016: $0.7M) were impaired and fully provided for. Movements in the provision for impairment of receivables were as follows: At 1 April Charge for the year Amounts written off Unused amounts reversed Effects of movements in exchange rates At 31 March The analysis of trade receivables that were past due, but not impaired is as follows: Up to 3 months 3 to 6 months Greater than 6 months Total 31 March 2017 $M 31 March 2016 $M 0.7 0.1 (0.3) (0.1) – 0.4 0.4 – 0.4 0.8 0.7 0.3 (0.1) (0.2) – 0.7 4.1 0.2 – 4.3 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 131 22 CASH AND CASH EQUIVALENTS Cash at bank and in hand Short-term deposits Total cash and cash equivalent 31 March 2017 $M 31 March 2016 $M 62.3 5.8 68.1 49.7 17.1 66.8 Cash at bank earns interest at floating rates based on daily bank deposit rates. Short-term deposits are made for varying periods of between one day and three months, depending on the immediate cash requirements of the Group, and earn interest at the respective short-term deposit rates. 23 TRADE AND OTHER PAYABLES Current Trade payables Accruals Social security and other taxes Other payables Total current trade and other payables Non-current Other payables Total non-current trade and other payables 31 March 2017 $M 31 March 2016 $M 34.9 53.5 11.5 7.4 107.3 3.9 3.9 21.8 46.5 5.2 2.9 76.4 0.8 0.8 Trade payables are non interest-bearing and are normally settled on 30-day terms or as otherwise agreed with suppliers. 24 DEFERRED REVENUE Current Non-current At 1 April Billings deferred during the year Revenue released to the statement of profit or loss Net deferral Acquired through business combinations Translation and other adjustments Current Non-current At 31 March 31 March 2017 $M 31 March 2016 $M 286.5 212.2 498.7 632.1 (529.7) 102.4 4.1 (24.2) 330.6 250.4 581.0 251.4 181.9 433.3 534.9 (478.2) 56.7 1.5 7.2 286.5 212.2 498.7 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 132 24 DEFERRED REVENUE CONTINUED On acquisition of Invincea, Inc. on 21 March 2017, acquired deferred revenue of $6.1 was reduced by $2.0M representing the fair value of original selling cost and associated profit. $4.1M (2016: Nil) remains unamortised at 31 March 2017. On acquisition of SurfRight B.V. on 3 December 2015, deferred revenue was increased by $1.3M representing the fair value of future support costs acquired. $0.2M remains unamortised at 31 March 2017. 25 FINANCIAL LIABILITIES The fair values of financial assets and liabilities are included at the price that would be received to sell an asset, or paid to transfer a liability, in an orderly transaction between market participants at the end of the reporting period. The following methods and assumptions are used to estimate the fair values: • Cash and cash equivalents • Finance leases • Bank loans • • Receivables and payables Interest rate swaps, caps and floors – – – – – approximates to the carrying amount approximates to the carrying amount approximates to the carrying amount based on the net present value of discounted cash flows approximates to carrying amount Where financial assets and liabilities are measured at fair values their measurement should be classified into the following hierarchy: • Level 1 – quoted prices (unadjusted) in active markets from identical assets or liabilities • Level 2 – inputs other than quoted prices included within level 1 that are observable for the asset or liability, either directly (i.e. as prices) or indirectly (i.e. derived from prices) • Level 3 – inputs for the asset or liability that are not based on observable market data The Group had a Level 3 financial liability of $21.7M of contingent consideration measured at fair value through profit and loss at 31 March 2017 (2016: $2.1M). The fair value of the contingent consideration is determined using a probability-weighted average of outcomes discounted back to acquisition date. Total financial liabilities at the end of the reporting period were as follows: Current instalments due on finance leases Current instalments due on bank loans Contingent consideration Total current financial liabilities Non-current instalments due on finance leases within 5 years Non-current instalments due on bank loans Contingent consideration Unamortised facility fees Total non-current financial liabilities Total financial liabilities 31 March 2017 $M 31 March 2016 $M 0.1 50.0 21.0 71.1 – 0.1 25.0 1.1 26.2 0.1 299.2 303.4 0.7 (3.6) 296.3 367.4 1.0 (3.6) 300.9 327.1 FINANCE LEASES The Group has acquired lease obligations on certain of its fixtures and fittings under finance leases with terms of 3 to 5 ½ years and underlying interest rates ranging from 5.2% – 6.3% per annum as part of the acquisition of Reflexion Inc. At 31 March 2017, the present value of future lease payments was $0.1M (2016: $0.2M) NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 133 CONTINGENT CONSIDERATION Invincea, Inc. As part of the purchase agreement with the previous owners of Invincea, Inc., a contingent consideration has been agreed. The consideration is dependent on the billings of products including the intellectual property acquired with Invincea, Inc. for the 12 month period to 21 March 2018 with a maximum payout of $20.0M. The fair value of the contingent consideration at the acquisition date was estimated at $19.3M. The contingent consideration is due for measurement and payment to the former shareholders on 30 June 2017, 30 September 2017, 31 December 2017 and 21 March 2018 respectively. Silent Break LLC As part of the purchase agreement with the previous owners of the “PhishThreat” technology, a contingent consideration has been agreed. The consideration is dependent on the billings of the “PhishThreat” product range for three annual periods commencing 1 March 2017 and ending on 28 February 2020 with a maximum payout of $2.0M. The fair value of the contingent consideration at the acquisition date was estimated at $1.2M. The contingent consideration is due for measurement and payment to the sellers on 28 February 2018, 2019 and 2020 respectively. Reflexion Inc. As part of the purchase agreement with the previous owners of Reflexion Inc., a contingent consideration has been agreed. The consideration is dependent on the billings of the Reflexion Inc. product range for the calendar years ended 31 December 2015 and ending 31 December 2016 with a maximum payout of $6.5M. The fair value of the contingent consideration at the acquisition date was estimated at $2.0M. The contingent consideration is due for final measurement and payment to the former shareholders on 5 June 2016 in respect of billings for the calendar year-ended 31 December 2015, and no later than 05 April 2017 in respect of the billings for the calendar year-ended 31 December 2016. LOANS AND BORROWINGS Included in borrowings are bank loans of $349.2M (2016: $328.4M) as analysed below. This note provides information about the contractual terms of the Group's interest-bearing loans and borrowings, which are measured at amortised cost. For more information about the Group's exposure to interest rate, foreign currency and liquidity risk, see note 27. Current instalments due on bank loans Non-current instalments due on bank loans Total bank loans The bank loans are repayable as follows: Due within one year Due between two and five years Total bank loans 31 March 2017 $M 31 March 2016 $M 50.0 299.2 349.2 25.0 303.4 328.4 31 March 2017 $M 31 March 2016 $M 50.0 299.2 349.2 25.0 303.4 328.4 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 134 25 FINANCIAL LIABILITIES CONTINUED The Group entered into an amended Senior Facilities agreement on 6 February 2017, whereby an additional Revolving Credit Facility was added to the existing agreement. Following the amendment, the following terms apply to the bank loans outstanding at 31 March 2017: Facility Facility – A Facility – B Revolving Credit Facility 1 Revolving Credit Facility 2 Interest Margin Libor Euribor Libor Libor 1.75% 1.75% 1.50% 2.50% Principal M $ 235.0 € 60.0 $ 10.0 $ 40.0 Principal $M 235.0 64.2 10.0 40.0 349.2 REPAYMENT AND MATURITY: Facility A ($235.0M), Facility B (€60.0M), Revolving Credit Facility 1 (multicurrency up to $30.0M) are repayable in full on the termination date at the end of the 60-month term on 1 July 2020. Revolving Credit Facility 2 (multicurrency up to $40.0M) is repayable in full on the termination date of 2 July 2020. Any utilisation of a Revolving Credit Facility is repayable on the last day of its interest period, any amount repaid may be re-borrowed. The margin payable on the facilities is dependent upon the ratio of the Group's net debt to Cash EBITDA as defined in the facility agreement. The bank loans are secured by fixed and floating charges over the trade and assets of certain Group companies. 26 PROVISIONS At 31 March 2015 Arising during the year Utilised Exchange differences At 31 March 2016 Arising during the year Utilised At 31 March 2017 31 March 2017 Current Non-current Total provisions 31 March 2016 Current Non-current Total provisions Re-structuring $M Other $M Total $M 0.7 0.1 (0.5) – 0.3 – (0.3) – – – – 0.3 – 0.3 0.3 0.6 – 0.1 1.0 0.6 (0.1) 1.5 0.4 1.1 1.5 – 1.0 1.0 1.0 0.7 (0.5) 0.1 1.3 0.6 (0.4) 1.5 0.4 1.1 1.5 0.3 1.0 1.3 Restructuring provision The opening provision related to expenditure in relation to vacant properties which were surplus to the Group’s requirements and were due to be disposed of, and the integration of Cyberoam into the wider Sophos Group. The provisions have been fully utilised in the period. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 135 Other provisions The opening provisions related to the Group’s obligations to make good the dilapidations of various leasehold premises at the end of the lease periods. Additionally, In France, the Group operates an unfunded, compulsory retirement indemnity plan, payable only if the employees are working for the Group when they retire. The provision arising in the year-ended 31 March 2017 relates to both the retirement indemnity plan $0.1M (2016: $0.6M) and further provisions for dilapidations $0.5M (2016: $ nil). 27 FINANCIAL RISK MANAGEMENT Financial risk management is conducted at a Group level, applying treasury policies which have been approved by the Board. The major financial risks to which the Group is exposed relate to interest rate risk, credit risk and movements in foreign currency exchange rates. Where appropriate, cost effective and practicable, the Group uses various financial instruments to manage these risks. The main purpose of these financial instruments is to reduce the impact on the Group operations of changes in market rates. No speculative use of derivatives, currency or other instruments is permitted. The Directors review and agree policies for managing each of these risks as summarised below: Liquidity risk The Group prepares budgets annually in advance. This enables the Group's operating cash flow requirements to be anticipated and to ensure sufficient liquidity is available to meet foreseeable needs, financial obligations and to invest any surplus cash assets safely and profitably. Quarterly covenant tests are performed and monitored by the Directors at quarterly board meetings. The Group's objective is to maintain a balance between continuity of funding, minimising finance costs and maintaining flexibility through the use of short-term deposits and intra-group loan arrangements. Capital management The primary objective of the Group's capital management is to ensure that it maintains a strong credit rating and healthy capital ratios in order to support its business and maximise shareholders' value. The capital structure of the Group consists of cash and cash equivalents as disclosed in note 21, borrowings as disclosed in note 25 and equity attributable to equity holders of the parent, comprising issued capital, reserves and retained earnings, as disclosed in the Consolidated Statement of Changes in Equity. The Group manages its capital structure, and makes adjustments to it, in light of changes in economic conditions. The Group reviews the capital structure on a regular basis and considers the cost of capital and the risks associated with each class of capital. Credit risk The Group's principal financial assets are cash and bank deposits and trade and other receivables. The Group's credit risk is primarily attributable to its trade receivables. In order to manage credit risk the Directors set limits for customers based on a combination of payment history and third party credit references. Credit limits are reviewed by the credit controller on a regular basis in conjunction with debt ageing and collection history. The amounts presented in the Consolidated Statement of Financial Position are net of allowance for doubtful debts. An allowance for impairment is made where there is an identified loss event which, based on previous experience, is evidence of a reduction in the recoverability of cash flows. The expense recognised in the Consolidated Statement of profit or loss in respect of doubtful debts during the period was $0.1M, as disclosed in note 21. The Group has no significant concentration of credit risk in trade receivables; exposure is spread over a large number of counterparties and customers. With respect to cash and deposits, the Group's exposure to credit risk arises from the risk of default by the counterparty with a maximum exposure equal to the carrying amount of these assets. To mitigate this risk, cash and deposits are only held with reputable banking institutions. The Group reduces the concentrations of credit risk in cash and deposits by holding balances with a number of separate institutions. Interest rate risk The Group is exposed to interest rate risk primarily due to the long-term debt obligations with floating rates of interest. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 136 27 FINANCIAL RISK MANAGEMENT CONTINUED Interest rate sensitivity A change of 100 basis points in market interest rates would have increased/(decreased) equity and profit and loss by the amounts shown below. Increase in interest rates Decrease in interest rates Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M (3.1) 3.1 (2.3) 2.3 Foreign currency risk The Group is exposed to translation and transaction foreign exchange risk. Several other currencies in addition to the reporting currency of US Dollar are used, including Sterling and the Euro. The Group experiences currency exchange differences arising upon retranslation of monetary items (primarily short-term inter-company balances and long- term borrowings), which are recognised as an expense in the period the difference occurs. The Group endeavours to match the cash inflows and outflows in the various currencies; the Group typically invoices its customers in their local currency, and pays its local expenses in local currency as a means to mitigate this risk. The Group is also exposed to exchange differences arising from the translation of its subsidiaries' financial statements into the Group's reporting currency of US Dollar with the corresponding exchange differences taken directly to equity. The following table illustrates the movement that 10% in the value of Sterling or the Euro would have had on the Group’s profit or loss for the period and on the Group’s equity as at the end of the period. 10% movement in Sterling to US Dollar value Profit or loss Equity 10% movement in Euro to US Dollar value Profit or loss Equity Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 0.6 25.9 6.5 (11.9) 1.9 25.1 6.9 (7.2) Any foreign exchange variance would be recognised as unrealised foreign exchange in the Consolidated Statement of profit or loss and have no impact on cash flows. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 137 28 SHARE CAPITAL Shares issued and fully paid At 1 April of £0.75 each At 1 April of £0.10 each At 1 April of £0.03 each Pre-admission capital restructuring shares @ £0.03 each Initial Public Offering Issued for cash on exercise of options At 31 March, Ordinary shares of £0.03 Year-ended 31 March 2017 $M – – 000's – – 452,172 21.3 Year-ended 31 March 2016 $M 393.5 159.1 000's 333,037 1,009,869 – – 7,470 459,642 – – 0.3 21.6 (928,251) (533.1) 35,345 2,172 452,172 1.7 0.1 21.3 1 2 On 26 June 2015 Sophos Group issued 333,037 Ordinary, A-Class and C shares of £0.75 each together with 1,009,869 Preference shares of £0.10 each in consideration for the purchase of the issued share capital of Pentagon Holdings SARL. On 1 July 2015 Sophos Group plc reorganised its share capital and share premium to comprise 414,654,813 Ordinary shares of £0.03 each creating distributable reserves. 29 DISTRIBUTIONS MADE AND PROPOSED Cash dividends on ordinary shares declared and paid Interim dividend for the year-ended 31 March 2016 at $0.007 per share Final dividend for the year-ended 31 March 2016 at $0.011 per share Interim dividend for the year-ended 31 March 2017 at $0.013 per share Total cash dividends paid Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M – 5.0 5.9 10.9 3.1 – – 3.1 The Directors have proposed that the Company will pay a full-year dividend for the year-ending 31 March 2017 amounting to 3.3 US Cents per share. Proposed final dividends on ordinary shares are subject to approval at the annual general meeting to be held on 7 September 2017, and are not recognised as a liability at 31 March 2017. 30 SHARE-BASED PAYMENTS On 25 June 2015, and in connection with the reorganisation of the Group immediately prior to admission of the Company’s shares for trading on the London Stock Exchange, participants with existing options outstanding under the Pentagon Holdings SARL approved share plans were offered to exchange their options for new options over shares in Sophos Group plc. On 11 June 2015, and in connection with the admission of the Company’s shares for trading on the London Stock Exchange, the Company’s Board of Directors approved the following share-based payment plans: The Sophos Group Long Term Incentive Plan 2015, (“2015 LTIP”) The 2015 LTIP plan aims to motivate and retain employees and align their interest with shareholders. Under the plan the remuneration committee of the Board can award the following types of awards: Performance Share Units, Restricted Share Units, Share Options, Conditional Share Awards, Cash-Based Awards or Forfeitable Shares. Sophos Group SAYE option scheme 2015 (“SAYE”) The SAYE plan aims to encourage wider share ownership amongst UK employees of the Group by offering an HMRC approved share save scheme, whereby employees are offered options to buy shares at a discount following a pre-set savings period. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 138 30 SHARE-BASED PAYMENTS CONTINUED Sophos Group 2015 Employee Stock Purchase Plan (“ESPP”) The ESPP plan aims to encourage wider share ownership amongst US employees of the Group by offering options compliant with Section 423 of the Internal Revenue Code. Employees are offered options to buy shares at a discount following a pre-set savings period. Sophos Group International SAYE option scheme 2015 “(International SAYE”) The International SAYE plan aims to encourage wider share ownership amongst the Group’s employees outside of the UK and US by offering options to buy shares at a discount following a pre-set savings period. Share-based payment expense The expense recognised for employee services received during the year is as follows: Cash-settled transactions Equity-settled transactions Total share-based payment expense Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 1.2 31.3 32.5 1.3 15.0 16.3 The cash-settled expense comprises cash-based awards together with certain social security taxes. The carrying value of the liability as at 31 March 2017 was $1.8M (2016: $1.1M). SHARE OPTIONS The fair value of equity-settled share options granted is estimated as at the date of grant using a Black-Scholes model, taking into account the terms and conditions upon which the options were granted. The following table illustrates the weighted average inputs into the Black-Scholes model in the year: Weighted average share price ($ Cents) Weighted average exercise price ($ Cents) Expected volatility Expected life of options (years) Risk free rate Dividend yield Year-ended 31 March 2017 Year-ended 31 March 2016 291.00 234.00 130.63 130.63 42.40% 32.66% 3.20 0.92% 0.62% 2.28 0.57% Nil The weighted average fair value of options granted during the year was $ cents 51.75 (2016 $ cents 24.4) The expected volatility reflects the assumption that the historical share price volatility is indicative of future trends, which may not necessarily be the actual outcome. An increase in the expected volatility will increase the estimated fair value. The expected life of the options is based on historical data and is not necessarily indicative of exercise patterns that may occur. The expected life used in the model has been adjusted, based on Directors best estimate, taking into account the effects of exercise restrictions, non-transferability and behavioural considerations. An increase in the expected life will increase the estimated fair value. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 139 The number and weighted average exercise prices (“WAEP”) of, and movements in, share options during the year are set out below: Outstanding at the start of the year Awarded Forfeited Exercised Outstanding at the end of the year Year-ended 31 March 2017 WAEP $ Cents 74.5 234.0 138.6 44.7 99.9 Number 000's 22,677 1,725 (642) (6,787) 16,973 Year-ended 31 March 2016 WAEP $ Cents 62.5 205.3 52.7 40.1 74.5 Number1 000's 35,072 631 (7,478) (5,548) 22,677 Exercisable at the end of the year 10,958 73.8 13,918 56.0 1 Share option activity in the prior-year before Admission has been converted using the share conversion ratio applied to the Pre-admission capital restructuring. The weighted average share price for options exercised during the year was £ pence 262 (2016: £ pence 228) Options outstanding at the end of the year had the following range of exercise prices and weighted average remaining contractual terms (“WARCT”): Exercise price ($ Cents) Number 000's 31 March 2017 WARCT Years 1.8598 2.5000 11.897 47.589 51.915 59.781 70.794 91.245 155.746 210.808 234.000 153 – – 676 32 9,972 378 175 3,523 419 1,645 16,973 3.2 – – 3.2 5.7 5.7 7.2 7.2 7.5 7.9 2.9 5.9 31 March 2016 WARCT Years 4.2 0.9 4.2 4.2 6.7 6.7 8.2 8.2 8.5 8.9 – 6.8 Number 000's 153 446 2,507 1,286 43 12,133 1,144 276 4,199 490 – 22,677 Outstanding at the end of the year INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 140 30 SHARE-BASED PAYMENTS CONTINUED Restricted shares The following table illustrates the number and weighted average share price (“WASP”) on date of award of, and movements in, non-vested restricted shares in the year: Restricted shares Year-ended 31 March 2017 WASP $ Cents Number 000's Year-ended 31 March 2016 WASP $ Cents Number1 000's Outstanding at the start of the year 127 155.75 348 106.88 Awarded Forfeited Vested – – – – – – Outstanding at the end of the year 127 155.75 – – (221) 127 – – 78.42 155.75 1 Restricted share activity in the prior-year before Admission has been converted using the share conversion ratio applied to the Pre-admission capital restructuring. Restricted share units The following table illustrates the number and weighted average share price (“WASP”) on date of award, and movements in, restricted share units (“RSU’s”) and cash based awards granted under the 2015 LTIP: Restricted share units Outstanding at the start of the year Awarded Forfeited Released Outstanding at the end of the year Year-ended 31 March 2017 WASP £ pence 264.74 187.00 209.94 261.81 215.92 Number 000's 9,389 10,930 (1,652) (3,317) 15,350 Year-ended 31 March 2016 WASP £ pence – 264.75 265.00 – Number 000's – 9,630 (241) – 9,389 264.74 RSU’s and cash-based awards vest as to 25% (20% in the case of RSU’s with a 5 year vesting period) on the anniversary of the award and the remaining 75% (or 80% in the case of RSU’s with a 5 year vesting period) quarterly thereafter. NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUEDFor the year-ended 31 March 2017 141 Performance share units The following table illustrates the number and weighted average share price (“WASP”) on date of award, and movements in, performance share units (“PSU’s”) granted under the 2015 LTIP: Performance share units Outstanding at the start of the year Awarded Forfeited Released Outstanding at the end of the year Year-ended 31 March 2017 WASP £ pence 265.00 186.75 203.99 265.00 219.41 Number 000's 2,785 4,090 (745) (106) 6,024 Year-ended 31 March 2016 WASP £ pence – 265.00 265.00 – Number 000's – 2,879 (94) – 2,785 265.00 PSU’s vest on one vesting date following a three year vesting period which will comprise three financial years. The awards are divided into three equal parts which will each be subject to an individual annual performance condition linked to the financial performance of the Group. 31 PENSION SCHEMES The Group contributes to defined contribution pension schemes in the UK and to similar or state pension schemes overseas for the benefit of the employees and Directors. The assets of the schemes are administered by trusts or other bodies in funds independent from the Group. The pension cost charge for the period represents contributions payable by the Group to the funds and amounted to $6.5M (2016: $6.7M). Contributions of $1.5M (2016:$1.2M) to the defined contribution pension scheme were outstanding, but not overdue, at 31 March 2017. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 142 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUED For the year-ended 31 March 2017 32 RELATED PARTY TRANSACTIONS The consolidated financial information includes the financial information of Sophos Group plc and the subsidiaries listed in the following table: Country of incorporation Australia Subsidiary undertaking Sophos Pty Ltd3 Canada Sophos Inc3 France Sophos Sarl3 Principal activity / registered address Selling IT security solutions Level 11, 1 Elizabeth Plaza, North Sydney, NSW 2060, Australia Selling IT security solutions 3400, 350-7th Ave SW, Calgary AB T2P 3N9, Canada Selling IT security solutions River Ouest, 80 Quai Voltaire, 95870 Bezons, France Germany Sophos Holdings GmbH3 Holding Company Sophos GmbH4 Sophos Technology GmbH4 Hong Kong Sophos Hong Kong Co Ltd3 Hungary Sophos Hungary Kft3 India Sophos Technology Private Ltd10 Italy Sophos Italia Srl3 Japan Sophos KK3 Luxembourg Aspen Finance Co Sarl2 Netherlands Sophos BV3 Threatstar Holding BV8 Threatstar BV9 SurfRight BV8 Singapore Sophos Computer Security Pte Ltd3 Selling IT security solutions Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany Research and Development Amalienbadstr. 41/ Bau 52 76227 Karlsruhe, Germany Selling IT security solutions Unit K, 12/F., MG Tower, No. 133 Hoi Bun Road, Kwun Tong, Kowloon, Hong Kong Research and Development Aliz Utca, 1 Office Garden, Irodahaz A Epulet, 1117 Budapest, Hungary Selling IT security solutions Sophos House, Saigulshan Complex, Beside White House, Panchwati Cross Road, Ahmedabad 380006, Gujarat, India Selling IT security solutions Via Tonale 26, CAP 20125 Milano (MI), Italy Selling IT security solutions Izumi Garden Tower 10F, 1-6-1 Roppongi, Minato-ku Tokyo 106-6010 Japan Financing Company 1-3, Boulevard de la Foire, L-1528, Luxembourg Selling IT security solutions Hoevestein 11B, 4903 SE Oosterhout NB, Netherlands Holding Company Research and Development Selling IT security solutions Lansinkesweg 4, 7553 AE Hengelo, Netherlands Selling IT security solutions 60 Paya Lebar Road, #08-13 Paya Lebar Square, Singapore 409051 Class of shares held Ordinary Percentage of shares held 100% Common 100% Ordinary 100% Ordinary Ordinary 100% 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary Ordinary Ordinary 100% 100% 100% Ordinary 100% 143 Country of incorporation Spain Subsidiary undertaking Sophos Iberia Srl3 Sweden Sophos AB3 Switzerland Sophos Schweiz AG3 Astaro Trading AG5 Taiwan Sophos Taiwan Ltd3 Turkey UK Sophos Turkey Technoji Ltd Sirketi3 Sophos Holdings Ltd1 Sophos Treasury Ltd2 Sophos Limited2 Sophos Overseas Limited3 Sophos Nominees Limited3 USA Sophos Inc3 Cyberoam Inc6 Reflexion Networks Inc7 Invincea, Inc7 Sandboxie Holdings, LLC11 Principal activity / registered address Selling IT security solutions Calle Orense 81, 28020 Madrid, Spain Selling IT security solutions Färögatan 33, 164 51 Kista, Stockholms län, Sweden Selling IT security solutions Bernstrasse 388, 8953 Dietikon, Switzerland Historical purchasing entity Blumenaustr. 28, 8200 Schaffhausen, Switzerland Services Company 5F-4, No. 57, Sec. 1 Chongqing S. Road, Zhongzheng Dist., Taipei City 100 Taiwan (R.O.C.) Services Company 19 Mayıs Mah. Turaboğlu Sok., Hamdiye Yazgan, İş M. Apt. No: 4 / 2 Kadıköy, İstanbul, Turkey Holding Company Financing Company Selling IT security solutions Services Company Class of shares held Ordinary Percentage of shares held 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary 100% Ordinary Ordinary Ordinary Ordinary 100% 100% 100% 100% Share nominee company Ordinary 100% The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK Selling IT security solutions 3 Van de Graaff Drive, 2nd Floor, Burlington, MA 01803, USA Services Company 10 Schalks Crossing Road, Suite 501-329, Plainsboro, NJ 08536, USA Selling IT security solutions 1209 Orange St, Wilmington, County of New Castle DE 19801, USA Selling IT security solutions Services Company Ordinary 100% Ordinary 100% Ordinary 100% Ordinary Ordinary 100% 100% 2711 Centerville Rd Suite 400, Wilmington, New Castle, DE 19808, USA 1 Shares held by Sophos Group Plc 5 Shares held by Sophos Technology GmbH 9 Shares held by Threatstar Holding BV 2 Shares held by Sophos Holdings Ltd 6 Shares held by Sophos Technology Private Ltd 10 Shares held by Sophos Limited and Sophos 3 Shares held by Sophos Limited 7 Shares held by Sophos Inc 4 Shares held by Sophos Holdings GmbH 8 Shares held by Sophos BV Nominees Limited 11 Shares held by Invincea, Inc INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 144 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUED For the year-ended 31 March 2017 32 RELATED PARTY TRANSACTIONS CONTINUED Other related parties During the year the Group entered into transactions, in the ordinary course of business, with other related parties. Transactions entered into, and trading balances outstanding with other related parties, are as follows: Softcat Plc, an entity related through common Director’s interest from 3 January 2017, is a leading provider of IT infrastructure and a customer of the Group. The Group made sales of $4.5M to Softcat Plc during the period that the entity was a related party, and the amount owed by Softcat Plc as at 31 March 2017 was $2.6M. During the year-ended 31 March 2017, no provisions were made for doubtful debts relating to amounts owed by related parties (2016: $Nil). Sales and purchases between related parties are made at normal market prices. Outstanding balances with entities other than subsidiaries are unsecured, interest free and cash settlement is expected within 60 days of invoice. Terms and conditions for transactions with subsidiaries are the same, with the exception that balances are placed on inter- company accounts with no specified credit period. The Group has not provided or benefitted from any guarantees for any related party receivables or payables. The Company and certain subsidiaries have provided unsecured guarantees to certain third parties within the normal course of business, the majority of which were in favour of certain lenders in respect of some of the Group's borrowing facilities. As at 31 March 2017, these guarantees totaled $349.2M (2016: $328.4M) relating to the Group's financing facilities. Compensation of key management personnel (including Directors) Short-term employee benefits Post-employment benefits Share-based payments – equity-settled Total Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 9.7 0.1 16.0 25.8 8.6 0.1 8.7 17.4 Short-term employee benefits comprise fees, salaries, benefits and bonuses earned during the year as well as non- monetary benefits. Post-employment benefits comprise the cost of providing defined contribution pensions to senior management in respect of the current period. Share-based payments comprise the cost of senior management’s participation in share-based payment plans for the period as measured by the fair value of awards in accordance with IFRS2. 145 33 BUSINESS COMBINATIONS Invincea, Inc. On 21 March 2017, Sophos Inc. acquired for cash 100% of the share capital of Invincea, Inc., a company based in Fairfax, Virginia, United States. The acquisition will significantly strengthen the Group’s industry leading next- generation endpoint protection product by adding Invincea, Inc.’s machine learning and artificial intelligence technology threats. Acquisition-related expenses of $4.1M have been excluded from the consideration transferred and have been recognised as an expense within General finance and administration – exceptional items. Assets acquired and liabilities assumed on the day of acquisition were as follows: Non-current assets: Intangible assets Intellectual property Customer relationships Plant and equipment Current assets: Trade and other receivables Deferred tax asset Cash and cash equivalents Non-current liabilities: Deferred tax liability Current liabilities: Deferred revenues Trade and other payables Lease obligations Net assets recognised at the date of acquisition Cash paid Contingent consideration Goodwill arising on acquisition – Invincea, Inc. Book value $M Adjustment $M Fair value $M – – 0.2 1.3 13.8 0.3 18.5 1.2 – – – – 18.5 1.2 0.2 1.3 13.8 0.3 – 8.7 8.7 6.1 3.7 – 5.8 (2.0) – – 13.0 4.1 3.7 – 18.8 95.9 19.3 96.4 Prior to the acquisition, Invincea, Inc. operated in a complimentary market sector to the Group and, accordingly, the results of Invincea, Inc. are incremental to those of the Group. Revenue of $529.7M for the twelve-months to 31 March 2017 includes $0.2M in respect of Invincea, Inc. The impact of Invincea, Inc. on the operating loss of the Group for the period is insignificant. Had Invincea, Inc. been owned since 1 April 2016, revenue for the year-ended 31 March 2017 would have increased over the reported revenue by approximately $19.1M. The impact on the operating loss of the Group would have been $7.0M. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 146 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUED For the year-ended 31 March 2017 33 BUSINESS COMBINATIONS CONTINUED Intellectual property – Silent Break Security LLC On 18 November 2016, Sophos Limited entered into an agreement to buy for cash the trade and assets of Silent Break Security LLC and acquire the Intellectual Property of “PhishThreat”, a phishing attack simulator used to train users to spot phishing attacks, dangerous attachments and bogus scripts. The Group also secured the ongoing services of certain key employees. Asset acquired Cash paid Contingent consideration Goodwill arising on asset acquisition from Silent Break Security LLC Fair value $M 3.1 3.0 1.2 1.1 Had the trade and assets of Silent Break Security LLC been owned since 1 April 2016, the impact on the operating loss of the Group would have been insignificant. Barricade Security Systems Limited. On 20 October 2016, Sophos Limited acquired for cash 100% of the share capital of Barricade Security Systems Limited, a company based in Cork, Ireland. The company is a start-up company providing cloud-based security analytics and the acquisition has strengthened the Group’s machine learning and artificial intelligence expertise. Non-current assets Trade and other receivables Trade and other payables Net liabilities recognised at the date of acquisition Cash paid Goodwill arising on acquisition – Barricade Security Systems Limited Fair value $M 0.1 0.1 0.5 0.3 1.9 2.2 Prior to the acquisition, Barricade Security Systems Limited had immaterial revenues and all trading ceased on the day of acquisition. The impact of Barricade Security Systems Limited on the operating loss of the Group for the period is insignificant. Had Barricade Security Systems Limited been owned since 1 April 2016, the impact on the operating loss of the Group would have been insignificant. Reflexion Networks Inc. In the prior year, on 5 June 2015, Sophos Inc. acquired for cash 100% of the share capital of Reflexion Networks Inc., a leader in e-mail security, archiving and encryption. Reflexion Networks Inc. was acquired to further enhance the Group’s Cloud product offering. Acquisition related expenses of $0.8M have been excluded from the consideration transferred and have been recognised as an expense within General finance and administration – exceptional items. 147 Assets acquired and liabilities assumed on the day of acquisition were as follows: Book value $M Adjustment $M Fair value $M Non-current assets: Intangible assets Intellectual property Customer relationships Other non-current assets Current assets: Trade and other receivables Deferred tax asset Cash and cash equivalents Non-current liabilities: Deferred tax liability Current liabilities: Deferred revenues Trade and other payables Lease obligations Net assets recognised at the date of acquisition Cash paid Contingent consideration (Note 25) Goodwill arising on acquisition – Reflexion Networks Inc. – – 0.4 0.5 – – – 0.2 0.7 0.2 (0.2) 1.9 5.8 – – – – 1.9 5.8 0.4 0.5 – – 3.1 3.1 – – – 4.6 0.2 0.7 0.2 4.4 15.0 2.0 12.6 Prior to the acquisition, Reflexion Networks Inc. operated in a complimentary market sector to the Group and, accordingly, the results of Reflexion Networks Inc. are incremental to those of the Group. Revenue of $478.2M for the twelve-months to 31 March 2016 includes $5.1M in respect of Reflexion Networks Inc. The impact of Reflexion Networks Inc. on the operating loss of the Group for the period is insignificant. Had Reflexion Networks Inc. been owned since 1 April 2015, revenue for the year-ended 31 March 2016 would have increased over the reported revenue by approximately $1.0M. The impact on the operating loss of the Group would have been insignificant. Surfright B.V and Threatstar Holdings B.V. In the prior year, on 3 December 2015, Sophos B.V. completed the acquisition for cash from common shareholders of 100% of the share capital of SurfRight B.V. and Threatstar Holdings B.V. to enhance the Group’s next generation endpoint security offering. Acquisition-related expenses of $0.4M have been excluded from the consideration transferred and have been recognised as an expense within General finance and administration – exceptional items. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 148 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUED For the year-ended 31 March 2017 33 BUSINESS COMBINATIONS CONTINUED Assets acquired and liabilities assumed on the day of acquisition were as follows: Non-current assets: Intangible assets Intellectual property Customer relationships Brand Other non-current assets Current assets: Trade and other receivables Deferred tax asset Cash and cash equivalents Non-current liabilities: Deferred tax liability Current liabilities: Deferred revenues Trade and other payables Net assets recognised at the date of acquisition Cash paid Goodwill arising on acquisition – Threatstar B.V. and Surfright B.V. Book value $M Adjustment $M Fair value $M – – – 0.3 0.6 – 0.7 3.7 0.3 0.1 – – 0.3 – 3.7 0.3 0.1 0.3 0.6 0.3 0.7 – 0.9 0.9 – 1.0 0.6 1.3 – 2.2 1.3 1.0 2.8 31.8 29.0 Prior to the acquisition Threatstar Holdings B.V. and Surfright B.V. operated in a complimentary market sector to the Group and accordingly the results of the companies are incremental to the Group. Revenue of 478.2M for the twelve months to 31 March 2016 includes $1.1M in respect of Surfright B.V. The impact of Surfright B.V. and Threatstar Holdings B.V. on the operating loss of the Group is insignificant. Had both companies been owned since 1 April 2015, revenue for the year-ended 31 March 2016 would have increased over the reported revenue by approximately $2.2M. The impact on the operating loss would have been insignificant. Goodwill arose in all the above business combinations because the cost of the combination included amounts in relation to the benefit of expected synergies, future market development and the assembled workforce. These benefits are not recognised separately from Goodwill because they do not meet the recognition criteria for identifiable intangible assets. None of the goodwill recognised is expected to be deductible for income tax purposes. 149 34 NOTES TO THE CONSOLIDATED STATEMENT OF CASH FLOWS Acquisition of subsidiaries net of cash acquired Consideration paid, satisfied in cash: – Invincea, Inc. – Intellectual Property – Silent Break Security – Barricade Security Systems Limited – Surfright B.V. and Threatstar Holdings B.V. – Reflexion Networks Inc. Net cash purchased Acquisition of subsidiaries net of cash Movement in net debt Cash at bank and in hand Short-term deposits Cash and cash equivalents Obligations under finance leases Bank loans Gross debt Net debt Movement in net debt Cash at bank and in hand Short-term deposits Cash and cash equivalents Obligations under finance leases Bank loans Gross debt Net debt Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 95.9 3.0 1.9 – 1.2 (0.3) 101.7 – – – 31.8 15.0 (0.8) 46.0 31 March 2016 $M Cash flow $M Non-cash movements $M Effect of movements in exchange rates $M 31 March 2017 $M (49.7) (17.1) (66.8) 0.2 324.7 324.9 258.1 (16.2) 8.7 (7.5) (0.1) 24.1 24.0 16.5 – – – – 0.9 0.9 0.9 3.6 2.6 6.2 – (4.1) (4.1) 2.1 (62.3) (5.8) (68.1) 0.1 345.6 345.7 277.6 31 March 2015 $M Cash flow $M Non-cash movements $M Effect of movements in exchange rates $M 31 March 2016 $M (59.0) (13.6) (72.6) 0.1 380.6 380.7 308.1 10.5 (4.1) 6.4 (0.1) (67.2) (67.3) (60.9) – – – 0.2 6.8 7.0 7.0 (1.2) 0.6 (0.6) – 4.5 4.5 3.9 (49.7) (17.1) (66.8) 0.2 324.7 324.9 258.1 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 150 NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS CONTINUED For the year-ended 31 March 2017 35 COMMITMENTS AND CONTINGENT LIABILITIES Operating lease arrangements Amount recognised for the year: Property Other Total Year-ended 31 March 2017 $M Year-ended 31 March 2016 $M 10.8 1.4 12.2 8.9 1.4 10.3 At the reporting date, the Group had outstanding commitments for future minimum lease payments under non- cancellable operating leases, which fall due as follows: Within one year In the second to fifth years inclusive After five years Total 31 March 2017 $M 31 March 2016 $M 12.0 34.8 20.6 67.4 10.8 28.0 10.8 49.6 Commitments for the acquisition of property, plant and equipment At 31 March 2017 the Group had entered into contractual commitments for the acquisition of property, plant and equipment amounting to $0.2M (2016: $0.8M) Guarantees At 31 March 2017 the Group had outstanding guarantees provided to third parties of $1.2M (2016:$1.3M). Legal proceedings The Group is involved in a number of legal proceedings that are incidental to our business. Although it is possible that adverse decisions (or settlements) may occur in one or more of the cases, it is not currently possible to estimate the potential loss or losses. The final outcome of these proceedings, individually or in the aggregate, is not expected to have a material impact on the business. Litigation is currently in process against an entity within the Group by RPost Holdings Inc. The company allege patent infringements and claim unspecified damages. In accordance with IAS 37.92, the Group does not provide further information on the grounds that this could seriously prejudice the outcome of the litigation. The Directors are of the opinion that the claim can be successfully resisted by the Group. 151 36 PRINCIPAL EXCHANGE RATES Principal exchange rates Translation of Sterling into US Dollar ($:£1.00) Average Closing Translation of Euro into US Dollar ($:€1.00) Average Closing Year-ended 31 March 2017 Year-ended 31 March 2016 1.3200 1.2505 1.5057 1.4373 1.1017 1.0696 1.0969 1.1395 When calculating performance measures on a constant currency basis, the Group uses the closing balance sheet rate of the previous year. 37 EVENTS AFTER THE REPORTING PERIOD There are no material events after the reporting period which require disclosure under IAS10. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 152 COMPANY ONLY STATEMENT OF FINANCIAL POSITION At 31 March 2017 Company registered number: 09608658 Non-current assets Deferred tax asset Investments Loan due from subsidiary Current assets Trade and other receivables Amounts due from subsidiaries Total current assets Total assets Current liabilities Trade and other payables Amounts due to subsidiaries Total current liabilities Net assets Represented by: Share capital Share premium Retained earnings Share-based payment reserve Total equity 31 March 2017 $M 31 March 2016 $M Note 3 4 5 13.6 5.9 1,068.4 1,045.3 93.5 93.5 1,175.5 1,144.7 – 24.0 24.0 0.3 22.3 22.6 1,199.5 1,167.3 0.6 26.2 26.8 0.7 16.7 17.4 1,172.7 1,149.9 21.6 118.4 977.1 55.6 21.3 115.9 993.7 19.0 1,172.7 1,149.9 These financial statements were approved by the Board of Directors on 16 May 2017 and were signed on its behalf by: Nick Bray Chief Financial Officer The notes on pages 154 to 155 form an integral part of these financial statements. COMPANY ONLY STATEMENT OF CHANGES IN EQUITY At 31 March 2017 Share Capital $M Share Premium $M Retained Earnings $M Share Based Payment Reserve $M On Incorporation 26 May 2015 Loss for the period: Total comprehensive loss Issue shares Capital contribution EBT treasury shares Primary proceeds Share issue expenses Share options exercised Disposal of EBT treasury shares Share-based payments – expense Share-based payments – deferred tax Cash dividend At 31 March 2016 Loss for the period: Other comprehensive profit or loss: Total comprehensive loss Share options exercised Disposal of EBT treasury shares Share-based payments – expense Share-based payments – deferred tax Cash dividend At 31 March 2017 – – – 483.1 – (21.4) (21.4) – (483.0) 1,018.2 – – – 552.6 (533.1) – 1.7 – 0.1 – – – – – 123.3 (8.6) 1.1 – – – – 21.3 115.9 – – 0.3 – – – – – – 2.5 – – – – 21.6 118.4 – – – – – – – (3.1) 993.7 (5.6) (5.6) – (0.1) – – (10.9) 977.1 The notes on pages 154 to 155 form an integral part of these financial statements. 153 Total $M – (21.4) (21.4) 1,035.7 2.1 – 125.0 (8.6) 1.2 – 15.0 4.0 (3.1) – – – – – – – – – – 15.0 4.0 – 19.0 1,149.9 – – – – 31.3 5.3 – (5.6) (5.6) 2.8 (0.1) 31.3 5.3 (10.9) 55.6 1,172.7 INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 154 NOTES TO THE COMPANY FINANCIAL STATEMENTS For the year-ended 31 March 2017 1 PRINCIPAL ACCOUNTING POLICIES The following accounting policies have been applied consistently in dealing with items which are considered material in relation to the Company’s financial statements. BASIS OF PREPARATION The Company and its trading subsidiaries have considerable financial resources and a large number of customer contracts across different geographic areas and industries. As a consequence, the Directors believe the Company is well placed to manage its business risks successfully. The Company operates as an investment company for the Sophos Group, holding investments in subsidiaries financed by Group companies. As the Company is an intrinsic part of the Group’s structure, the Directors have a reasonable expectation that Group companies will continue to support the Company through trading and cash generated from trading for the foreseeable future. Thus they continue to adopt the going concern basis in preparing the financial statements. The financial statements have been prepared in accordance with Financial Reporting Standard 102 (“FRS 102”) and under the historical cost accounting rules. Under section 408 of the Companies Act 2006, the Company is exempt from the requirement to present its own profit and loss account. The company is considered to be a qualifying entity for the purposes of FRS 102 and has applied the exemptions available under FRS 102 in respect of the cash flow statement and key management personnel compensation. As the consolidated financial statements of the Company include the equivalent disclosures, the Company has also taken the exemptions available under FRS 102 in respect of disclosures in respect of share-based payments, financial instruments and the requirements of Section 33 Related Party Disclosures paragraph 33.7. INVESTMENTS Investments in subsidiary undertakings are stated at cost less any provision for impairment. FOREIGN CURRENCIES Transactions in foreign currencies are recorded using the rate of exchange ruling at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies are translated using the rate of exchange ruling at the balance sheet date and the gains or losses on translation are included in the profit and loss account. Non-monetary assets and liabilities denominated in foreign currencies are stated at historical foreign exchange rates. INTEREST-BEARING LOANS AND BORROWINGS Obligations for loans and borrowings are recognised when the Company becomes party to the related contracts and are measured initially at fair value less directly attributable transactions costs. After initial recognition, interest bearing loans and borrowings are subsequently measured at amortised cost using the effective interest method. Gains and losses arising on the repurchase, settlement or otherwise cancellation of liabilities are recognised respectively in finance income and finance expense. GOING CONCERN BASIS The Company operates as an investment company for the Sophos Group, holding investments in subsidiaries financed by Group companies. As the Company is an intrinsic part of the Group’s structure, the Directors have a reasonable expectation that Group companies will continue to support the Company through trading and cash generated from trading for the foreseeable future. Thus they continue to adopt the going concern basis in preparing the financial statements. 155 2 PROFIT AND LOSS ACCOUNT The loss after tax dealt with in the books of the Company was $5.6M (2016: $21.4M). Under section 408 of the Companies Act 2006 the Company is exempt from the requirement to present its own profit and loss account. 3 INVESTMENTS Investment in Sophos Holdings Limited Investment in Sophos Limited Investment in employee benefit trust Total 31 March 2017 $M 31 March 2016 $M 1,035.8 1,035.8 32.6 – 9.4 0.1 1,068.4 1,045.3 The investment in Sophos Holdings Limited, a holding company for the Sophos Group, comprises 100% of the ordinary share capital. The investment in Sophos Limited comprises share-based payment expenses for equity awards granted to participants employed by Sophos Limited and its subsidiaries. 4 LOAN DUE FROM SUBSIDIARY As part of the re-financing of the Group on 1 July 2015, The Company lent $93.5M to Sophos Holdings Limited, a 100% owned subsidiary. The loan carries a variable interest rate based on the Group’s Senior Facility A loan plus a margin of 0.1% and is repayable in full at the end of a 60-month term on 1 July 2020 5 SHARE CAPITAL Allotted, called-up and fully-paid shares of £0.03 each On incorporation 26 May 2015 Share issuance Initial public offering Issued on exercise of share options At 31 March 2016 Issued on exercise of share options and release of RSU's At 31 March 2017 000's – 414,655 35,345 2,172 452,172 7,470 459,642 $M – 19.5 1.7 0.1 21.3 0.3 21.6 6 FUNCTIONAL CURRENCY Sophos Group plc is registered in England and Wales and has a functional currency of US Dollars. INTRODUCTIONSTRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS 156 GLOSSARY Adjusted operating profit Adjusted operating profit represents the Group’s operating profit/(loss) adjusted for amortisation charges, share option charges and exceptional items AES Americas APJ Billings Blue chip Board BYOD CAGR Cash EBITDA Advanced Encryption Standard North and South America Asia-Pacific & Japan Billings represents the value of products and services invoiced to customers after receiving a purchase order from the customer and delivering products and services to them, or for which there is no right to a refund Channel partners who transact five or more deals in a trailing six-month period The Board of Directors of Sophos Group plc Bring Your Own Device Compound annual growth rate Cash EBITDA is defined as the Group's operating profit adjusted for depreciation and amortisation charges, any gains or losses on the sale of tangible and intangible assets, share option charges, unrealised foreign exchange differences and exceptional items with billings replacing revenue Cash EBITDA margin Cash EBITDA margin is calculated as cash EBITDA as a percentage of billings Channel first Company Constant currency The distribution model used by the Group, where products are sold to end customers through a network of channel partners and distributors Sophos Group plc The group uses US Dollar-based constant currency models to measure performance. These are calculated by applying a single exchange rate to local currency transactions for both the current and prior year. This gives US Dollar denominated measures that exclude variances attributable to foreign exchange rate movements Directors The Executive and Non-Executive Directors of the Company DPI DMR EBITDA EMEA FIPS GHG Group HTML5 IASB IDP IFRS KPI Deep Packet Inspection Direct Market Reseller Earnings before interest, taxation, depreciation and amortisation Europe, Middle East and Africa US Federal Information Processing Standards Greenhouse gas The group of companies owned by Sophos Group plc The fifth revision of the HyperText Markup Language of the internet used for structuring and presenting content for the world wide web International Accounting Standards Board Intrusion Detection and Prevention International Financial Reporting Standards as adopted by the European Union Key Performance Indicator Like-for-like billings Like-for-like billings represent billings on a constant currency basis excluding disposals and including acquisitions from the point of acquisition plus the pre-acquisition billings of any acquired companies on a reported basis MSP OEM RED Renewal rate Secure SSL Managed Service Provider Original Equipment Manufacturer Remote Ethernet Device Renewal rates are calculated by comparing the actual US Dollar amount of contracts renewed into the following period (including instances of cross-sell and upsell) to the US Dollar amount of total contracts at the start of the period Secure Sockets Layer, a standard security technology for establishing an encrypted link between a server and a client Unlevered free cash flow Unlevered free cash flow represents cash EBITDA less purchases of property, plant and equipment and intangibles, plus cash flows in relation to changes in working capital and taxation UTM/NGFW Unified Threat Management/Next-Generation Firewall VAR VPN Value-Added Reseller Virtual Private Network 157 INVESTOR RELATIONS investors.sophos.com investor.relations@sophos.com AUDITOR KPMG LLP 15 Canada Square London E14 5GL COMPANY INFORMATION DIRECTORS Peter Gyenes Kris Hagerman Nick Bray Sandra Bergeron Edwin Gillis Salim Nathoo Roy Mackenzie Rick Medlock Steve Munford Vin Murria Paul Walker REGISTERED OFFICE Sophos Group plc The Pentagon, Abingdon Science Park Abingdon OX14 3YP Registered number: 09608658 www.sophos.com REGISTRAR SERVICES Capita Asset Services The Registry 34 Beckenham Road Beckenham BR3 4TU PUBLIC RELATIONS Tulchan Communications 85 Fleet Street London EC4Y 1AE
Continue reading text version or see original annual report in PDF format above