CA Seeks $10 Million Settlement with SEC

Seeking to move beyond a US$2 billion accounting scandal, Computer Associates has offered to make a $10 million payment to put the probe to rest and has rolled out an information security product and services push designed to capitalize on what is already a strong growth area.

Against the backdrop of its annual customer confab in Las Vegas, Nevada, the company also reported quarterly earnings that showed a swing to profit in the first quarter but some weakness going forward.

The software firm said it earned $89 million on revenue of $850 million during the quarter ended in March. That is a dramatic turnaround from the same period last year, when CA posted a loss of $105 million.

Hanging Over

Executives are eager to get CA back on solid ground in the wake of the indictment of its former CFO and the resignation of longtime CEO Sanjay Kumar.

The company already has restated earnings for 2000 and 2001, the period being scrutinized by the U.S. Securities and Exchange Commission and the Justice Department, but said it hopes the offer of a $10 million payment will bring the matter to a close.

CA said it has set aside the money but has not heard from regulators whether the settlement will be accepted.

Calls to the SEC for comment on the CA investigation were not returned.

Within the Range

Analysts said the $10 million settlement offer is within the range of fines paid by some companies. Earlier this month, Lucent (NYSE: LU) Technologies settled an SEC inquiry with a $25 million payment. Lucent was accused of overstating revneue by more than $1 billion and also with not cooperating fully with the investigation, which likely drove up the final price tag.

"Cooperating with the SEC is not optional, and that's a message they're very eager to get out," said attorney Steve London of national firm Brown Rudnick Berlack Israels.

London noted that the Sarbanes-Oxley Act of 2003, which requires a senior-level executive to sign off on all accounting matters, is aimed at addressing the type of internal book cooking that CA is accused of carrying out. "The SEC is not giving companies a pass because their issues came before the new law," he said. "But as we've seen, they are willing to settle if they feel justice has been done."

Moving Forward

Interim CEO Kenneth Cron acknowledged CA has faced "a number of distractions" but said quarterly results show the company's employees remain focused on the future.

CA said business was up almost across the board in the quarter as revenue rose 10 percent over the year-ago period, with both new subscriptions and renewals rising. The company's enteprise management unit saw a 34 percent increase in bookings, while its security business expanded even faster, growing 46 percent year-over-year.

The company issued a relatively conservative forecast, however, based not only on an expectation that tech spending will increase, but also on the assumption "that customers will require immediate value for every dollar they spend."

Investors shook off those concerns, choosing to focus on the positive as CA shares rose nearly 2 percent in early trading Wednesday to $26.18.

Manage and Patch

Meanwhile, seeking to build on its growing security business, CA unveiled an ambitious plan that combines aspects of managed security services (MSS) with patch management services and a vulnerability assessment and remediation appliance.

Like full-scale MSS, the eTrust Managed Vulnerability Service offers round-the-clock access to security experts, but it does not turn over total control of systems to providers. Instead, companies use a Web portal to keep tabs on alerts and patches that affect their networks.

"Most IT organizations have become overwhelmed by the work associated with vulnerability awareness and remediation," said Marc Camm, vice president of the new service. CA is billing the new offering as "co-managed services," he added.

Seeing a Need

Gartner (NYSE: IT) analyst Mark Nicolett said enterprises understand the value of outsourcing security services, especially given the number of vulnerabilities discovered and patches issued by various software vendors.

"Most companies simply can't handle this in-house," Nicolett told the E-Commerce Times. However, because managed services are often quite costly, those same companies cannot afford full-scale, round-the-clock monitoring, he added.

CA also rolled out a new vulnerability manager appliance, which runs the company's own Unicenter Software Delivery application and vulnerability assessment software.

The eTrust Vulnerability Manager r8 is the "technology cornerstone" for the enhanced security services, CA said, combining vulnerability assessment, patch and configuration management, automated remediation and compliance analysis.