Exhibit 99.1
for
SUMMARY DUE DILIGENCE
REPORT FOR PUBLIC
DISTRIBUTION
Date: 21.05.2012
© 2012 FK Partner Sp. z o.o.
|1
Summary Due Diligence Report for Public Distribution
A Due Diligence Report was delivered by FK Partner Sp. z o.o. to the Board of Directors of Helix BioPharma Corp. This Summary Due Diligence Report for Public Distribution contains the substance of what was reported to the Board of Directors with the exception of the exhibits and certain tables of historic financial information.
Caution Regarding Forward-Looking Statements
This Summary Due Diligence Report for Public Distribution (“Report”) contains certain forward-looking statements and information (collectively, “forward-looking statements”) within the meaning of applicable Canadian and U.S. securities laws, including, without limitation, forward-looking statements regarding the plans of Helix BioPharma Corp. (“Helix”) to complete a Phase I/II clinical trial for L-DOS47 and pursue further clinical studies for Topical Interferon Alpha-2b; Helix’s plans to seek strategic partnerships in connection with its clinical trials and/or commercialization of its potential products; the indications and therapeutic and market opportunities for Helix’s potential products; revenues from Helix’s drug distribution business and Helix’s plans for such business; a potential insurance claim; Helix’s plans for future strategy and operations; and Helix’s future economic performance and financial condition. Forward-looking statements, which may be identified by words including, without limitation, “expects”, “plans”, “will”, “intends”, “may”, “pending”, “objective”, “exploring”, “potential”, “projected”, “possible” and other similar expressions, are intended to provide information about management’s current plans and expectations regarding future operations.
Forward-looking statements involve risks and uncertainties that may cause actual results or events to differ materially from those anticipated and no assurance can be given that these expectations will be realized, and undue reliance should not be placed on such statements. Risk factors that could cause actual results or events to differ materially from the forward-looking statements include, without limitation: (i) deterioration in Helix’s cash balances or liquidity; (ii) need to secure additional financing in a timely manner on terms satisfactory to Helix; (iii) delay or inability to secure additional Interferon, complete current clinical trials, commercialize Helix’s potential products, secure strategic partnerships or develop Helix’s business in the manner expected or at all; and (iv) those risk factors identified in the Helix’s filings with the SEC at www.sec.gov and with the Canadian Securities Administrators at www.sedar.com (together, the “Helix Risk Factors”). The forward-looking statements contained in this Report are intended to provide information to Helix’s Board of Directors regarding management’s plans and expectations regarding Helix, and may not be appropriate for other purposes. Certain material factors or assumptions are applied in making the forward-looking statements, including, without limitation, that Helix’s assumptions and views on Helix’s business and operations and the potential market and performance of Helix’s potential products are correct, that Helix can obtain additional financial and strategic support, that Helix’s cost-cutting and cost-deferral initiatives will be successful; that Helix’s clinical studies are capable of proceeding, that third parties will continue to provide goods and services to Helix on a timely basis, and that the Helix Risk Factors will not cause Helix’s actual results or events to differ materially from the forward-looking statements.
Forward-looking statements and other information contained in this Report are based on the beliefs, assumptions and expectations of FK Partner sp. z o.o as at May 21, 2012. The statements made in this Report will not be updated to reflect events and circumstances affecting Helix occurring subsequent to May 21, 2012.
|2
TABLE OF CONTENTS
|INTRODUCTION
|5
|I. FINANCIAL ISSUES
|6
|
Financial statements analysis
|6
|
Fixed assets
|6
|
Receivables and inventory
|8
|
Liabilities, including off-balance sheet financing and contingent liabilities
|10
|
Review of unrecorded liabilities
|11
|
Third party financing - bank and other loans, leasing agreements
|12
|
Provisions for unused holiday and other provisions
|12
|
P&L
|13
|
Analysis of revenue streams
|13
|
Major cost categories in the Company
|13
|
Extraordinary costs
|15
|
Bank accounts and other bank arrangements
|16
|
Credit cards and other expense related charges
|17
|
Insurance coverage
|17
|
Historical analysis of warrants issued and executed
|18
|II. BUSINESS AND CONTRACTS
|18
|
Suppliers and Subcontractors
|19
|
Leasehold agreements
|19
|
Employees and management
|20
|
Indemnity agreements
|20
|
Escrow agreement
|21
|
Bank loans and credit agreements
|21
|III. ORGANISATION, PROCEDURES, INTERNAL CONTROL
|21
|
Organizational structure and scope of duties of key managers
|21
|
Financial procedures
|22
|
Internal control and compliance procedures
|22
|
HR Management
|23
|
Remuneration system – base wages, bonuses, option plans, benefits
|23
|
Stock exchange performance of Company shares
|25
|
Benefits
|27
|
Options granted to officers, employees and consultants to the company
|27
|
Hiring and terminations
|28
|
Severances
|28
|IV. IT ISSUES
|29
|3
|
General information
|29
|
IT administration
|29
|
IT network
|32
|
Hardware and other equipment
|32
|
E-Mail system
|35
|
Web applications
|35
|
Security and antivirus systems
|36
|
Backup system
|36
|
Costs of IT
|37
|
Risk analysis
|38
|4
INTRODUCTION
This due diligence report has been prepared based on an Engagement Letter signed between the Chairman of the Board of Directors of Helix and the company FK Partner sp. z o.o. and in accordance with the agreed scope of work. Four members of the FK Partner team have visited the headquarters of the Company for seven working days (12th of April until 18th of April, the IT expert from April 16th until the 18th) to collect data, documents, gather information and conduct interviews with top officers of the Company. The effort was supported by the Chairman of the Board of Directors with daily progress meetings and by some assistance from the Company legal counsel in the form of two conference calls regarding organizational matters and sourcing of data.
The team would like to confirm that throughout the assignment at the headquarters it has experienced full cooperation from all officers of the Company it had contact with and that practically all requested documents and data were provided as soon as technically possible. Some documents which were not readily available or, as in the case of documents not present in the Company, which were requested from outside sources, were provided at a later time. All interviews were conducted in a friendly and constructive atmosphere, facilitating information gathering and understanding of complex issues.
The main purpose of this report was to provide the Board of Directors with a snapshot of the organizational, financial and, to a limited extent, legal situation of the Company, with focus on the current fiscal year, but with some trend analysis going back several years. The report is primarily of illustrative nature rather than containing reviews, judgments or recommendations for the Board. Some risks for the Company were identified, mostly in the area of IT.
Helix BioPharma Corp., being a biopharmaceutical company developing drug candidates, with revenues coming only from one source of activity in form of drug distribution which are significantly insufficient to support the main activities, finances its operations primarily from equity capital raised on the market. In consequence, the main thrust of our report is on illustration and analysis of the cost side of the financial statements, showing the cost structure and its dynamics. Significant extraordinary costs incurred in the first quarters of the fiscal year 2012, which have visibly reduced the cash available in the Company for financing clinical trials and overhead, are illustrated in more detail.
Irrespective of the conclusions that may be drawn by members of the Board of Directors based on information gathered in this report, it is rather obvious that the Company’s future success and attaining of the goals of the Company shareholders will depend on the ability of the management to raise additional funding and to accelerate the drug candidate products’ development processes.
|5
|I.
|FINANCIAL ISSUES
Financial statements analysis
According to Canadian GAAP and rules applied in Canada each listed company has an obligation to audit all its annual financial statements by an independent chartered auditor. In Helix the annual audit works are performed by KPMG. In line with the Helix Board of Directors’ decision also quarterly financial statements are subject of reviews by KPMG. There is no mandatory requirement to perform quarterly reviews. The cost of annual audits, quarterly reviews, tax advisory services, services conducted during IFRS implementation and services related to filing a U.S. registration statement to bring the Company to the public market in the U.S. is shown in detail in the table below:
|Year
|Q1
|Q2
|Q3
|Total
reviews
|Total reviews
and annual
audit
|Tax
|Other
|TOTAL
|2005
|24 670
|16 256
|16 256
|57 182
|142 000
|11 000
|153 000
|2006
|20 787
|15 990
|15 990
|52 767
|134 000
|9 000
|143 000
|2007
|26 117
|19 447
|18 655
|64 219
|171 000
|8 000
|179 000
|2008
|30 140
|21 014
|21 014
|72 168
|89 000
|23 000
|180 500
|292 500
|2009
|21 762
|21 762
|21 762
|65 286
|110 000
|9 200
|348 000
|467 200
|2010
|22 400
|22 400
|22 400
|67 200
|249 500
|22 835
|14 300
|286 635
|2011
|25 760
|25 760
|25 760
|77 280
|288 300
|17 306
|14 500
|320 106
|2012
|33 040
|33 040
|66 080
|66 080
|66 080
|TOTAL
|522 182
|1 249 880
|100 341
|557 300
|1 907 521
The transition to IFRS in Canada was carried out in a two step approach. First, PWC assisted in preparing all appropriate documentation and establishing accounting policies, which cost the Company about 43 000 CAD. Secondly, KPMG performed the final review and approval at a cost of 50 000 CAD.
Balance Sheet
Fixed assets
The tables presented below show main groups of property, plant and equipment belonging to the Company. Up until the end of fiscal year 2011 the Company used the declining balance method of depreciation. In the current year the Company uses the straight line method of depreciation during the useful life of the asset (according to IFRS the declining balance method is not allowed). The Company’s fixed assets are located in its three operational offices / labs: Aurora, Edmonton and Saskatoon. Additionally fixed assets belonging to Helix are also held by third parties involved in the process of developing Interferon (CPL, HTI, Wellspring) and DOS47 (Biovectra).
Property, plant and equipment as of January 31st, 2012:
|6
|Group of fixed assets
|Cost value
|Accumulated
Depreciation
|Accumulated
Depreciation in %
|Net book
value (NBV)
|Share in NBV
|Research equipment
|1 810 600
|1 175 314
|65%
|635 285
|37%
|Manufacturing equipment
|1 662 025
|892 892
|54%
|769 133
|45%
|Computer equipment
|209 158
|132 753
|63%
|76 405
|4%
|Computer software
|72 465
|50 325
|69%
|22 140
|1%
|Furniture & fixtures
|20 882
|10 497
|50%
|10 385
|1%
|Leasehold improvements
|370 067
|181 859
|49%
|188 208
|11%
|TOTAL
|4 145 197
|2 443 641
|59%
|1 701 556
|100%
Property plant and equipment in division by locations as of January 31st, 2012:
|Location
|Cost value
|Accumulated
depreciation
|Accumulated
depreciation in %
|Net book
value (NBV)
|Share in NBV
|Edmonton
|1 383 866
|711 030
|51%
|672 835
|40%
|Biovectra (third party)
|396 005
|179 822
|45%
|216 183
|13%
|Saskatoon
|912 647
|736 884
|81%
|175 763
|10%
|CPL (third party)
|939 070
|444 669
|47%
|494 400
|29%
|HTI (third party)
|61 512
|33 635
|55%
|27 877
|2%
|Wellspring (third party)
|232 366
|202 434
|87%
|29 932
|2%
|Aurora
|219 731
|135 166
|62%
|84 565
|5%
|TOTAL
|4 145 197
|2 443 641
|59%
|1 701 556
|100%
Property, plant and equipment in division by locations and by groups as of January 31st, 2012:
|Assets by Location
|Computer
equipment
& software
|Research
equipment
|Manufacturing
equipment
|Leasehold
improvements
|Furniture
& fixtures
|TOTAL
|Edmonton
|23 294
|996 349
|0
|358 718
|5 505
|1 383 866
|Saskatoon
|58 167
|802 004
|49 382
|0
|3 094
|912 647
|Aurora
|200 162
|0
|-4 063
|11 349
|12 283
|219 731
|Biovectra (third party)
|0
|0
|396 005
|0
|0
|396 005
|CPL (third party)
|0
|0
|939 070
|0
|0
|939 070
|HTI (third party)
|0
|0
|61 512
|0
|0
|61 512
|Wellspring (third party)
|0
|12 247
|220 119
|0
|0
|232 366
|TOTAL
|281 623
|1 810 600
|1 662 025
|370 067
|20 882
|4 145 197
The Company has leasing agreements only for its facilities (Aurora, Edmonton and Saskatoon) and does not own land or other rights to real estate. The Company has no other capital or operating leases.
Useful life of all fixed assets is subject of annual analysis. Assessment of useful life is determined by the controller and later approved by the CFO. Fixed assets inventory and impairment tests are taken on yearly basis at the end of each fiscal year. The Company has a detailed Capital Assets Expenditure Policy which is described in the Company Policy Handbook in appendix VI.
|7
Receivables and inventory
Balance and ageing of account receivables as of March 31st, 2012 is as follows:
|Account receivables
|Total
|Current
receivables
|Due 1-30
days
|Due 31-60
days
|Due 61-90
days
|Overdue >
90 days
|Trade receivables
|461 964
|345 461
|98 490
|4 601
|9 084
|4 328
Trade receivables consist of current receivables from distribution, mainly with wholesalers. Overdue invoices are very rare and the Company has a strict policy of bad debt management. All debts overdue more than 61 day are subject of impairment (provisions are made).
ITC receivables (investment tax credits) consist of short and long term receivables from the government and are related to a partial refund of research and development expenditures. Balance of account receivables as of April 11th, 2012 related to ITC (refund on R&D) amounts to 935 887 CAD. Refundable ITC`s are only available at the provincial level for eligible R&D expenditures. The Company claims ITC in all three provinces where it has a permanent establishment and additionally presents claims in Quebec, where the Company does not have a permanent establishment (permanent establishment is not required in Quebec). As long as the R&D expenditures are made in Quebec, the Company can make refund claims there. The Company has 18 months to fill the tax return form, otherwise the right to refunds expires. The expected time of receiving a refund is 12 months from the date of submitting the tax return (the time of refund could be extended by the Government at any time). The ITC receivables are often subject of government inspections before the refund is made (both federal and provincial inspections are conducted). In the history of the Company there were no discrepancies found in such settlements. The refund is made to the selected expenditures. The rules of refunding are changing and currently, since 2012, it amounts to 65% of wages and overheads related to R&D.
Corporate income tax (CIT) is settled on yearly basis. The Company has losses to be settled in forthcoming fiscal years. The tax rate of CIT is a combination of both federal tax and provincial tax. The federal tax rate is 28%, while the provincial tax rate varies in different provinces (Ontario 11,5%, Alberta 10% and Saskatchewan 12%). The overall tax rate is therefore a blended tax rate, depending on volume of business a company generates in each province.
Balance of account receivables as of April 11th, 2012 of GST (sales tax reimbursement) amounts to 418 451 CAD. GST/HST receivables relate to the goods and services tax (harmonized sales tax –similar to European VAT). The filing of a tax return is due one month after the quarter and the government policy is to pay within 45 days of filing, otherwise it is obliged to pay interest. If any tax filings are not up to date, refunding of GST/HST is held up until filings are complete. The rate of GST/HST depends on the region, as shown below:
|8
|No
|Province
|GST or HST
|Rate
|1
|Ontario
|HST
|13%
|2
|British Columbia
|HST
|12%
|3
|New Brunswick
|HST
|13%
|4
|Newfoundland and Labrador
|HST
|13%
|5
|Nova Scotia
|HST
|15%
|6
|Territories and other provinces
|GST
|5%
Other receivables relate to accrued deposit interest and are settled in each following month.
Inventories are valued at standard cost. All inventories are stored and managed by an external supplier - Rivex. The orders are contractually specified based on the inventory purchase order authorized by the CEO or CFO. In the drug business the practice is to place received goods in a quarantine section for quality control inspection before placing them into inventory to be picked and sent to customers. Quarantine in this case does not mean the product is of inferior quality, it is just a procedural issue. If there is damage before inventories are placed into stock, company can go back to the supplier and ask for credit due to problems associated with shipping from the manufacturer. The quarantined inventories amounted on average to 10% of the stock.
The monthly average inventory level has been reduced from approximately 750 000 CAD in April 2011 to 550 000 in April 2012. The inventory inspections are taken on annual basis at each fiscal year-end. The last inventory inspection took place in July 2011. Inventory quality inspections are performed when goods are received and while in preparation for shipping and invoicing. Occasionally cycle counts and monthly inventory audit reports are performed. Regulatory compliance is performed by a third party. The inventory is also subject to KPMG audit procedures as a part of the fiscal year-end audit. There are 3 main product suppliers: Anika (Orthovisc and Monovisc), Helsinn (Klean Prep) and Kora (Immunovir). Distribution agreements are signed for specific drug products and the Company has no alternative sources of supply
Inventory as of March 31st, 2012:
|No
|Description
|Cost CAD
|Open stock
|Value at
standard cost
CAD
|1
|ORTHOVISC SODIUM HYALURONE 2ml (15 mg/m)
|27,17
|5 548
|150 739
|2
|MONOVISC INJECTION 4 ml
|81,08
|2 960
|239 997
|3
|KLEAN PREP
|3,58
|18 687
|66 899
|4
|IMUNOVIR TABLETS 100s / 500mg
|44,14
|697
|30 766
|TOTAL
|488 401
Impairment tests are performed as a part of margin analysis each quarter. In the past the Company had no problems with overdue inventories. All inventories have limited expiry dates. The table below shows the checked expiry dates for all inventories:
|9
|No
|Description
|Cost in
CAD
|Checked
stock
|Expiry dates
|Value at
standard cost
in CAD
|1
|ORTHOVISC SODIUM HYALURONE 2ml (15 mg/m)
|27,17
|5 548
|12/2013-2/2014
|150 739
|2
|MONOVISC INJECTION 4 ml
|81,08
|2 960
|8/2013-1/2014
|239 997
|3
|KLEAN PREP (MINIMUM 12)
|3,58
|18 687
|11/2014
|66 899
|4
|IMUNOVIR TABLETS 100s 500mg
|44,14
|697
|10/2014
|30 766
|TOTAL
|488 401
Liabilities, including off-balance sheet financing and contingent liabilities
Account payables are accounted in CAD, EUR and USD. At the balance sheet date account payables in foreign currencies are translated into CAD at the rates of exchange in effect at the financial statement dates. Impairment tests for account payables are conducted on quarterly basis at each fiscal quarter end.
Account payables as of April 16th, 2012:
|No
|Account payables
by currency
|Total
|Current
payables
|Due 31-60
days
|Due 61-90
days
|Overdue >
90 days
|1
|Trade payables CAD
|180 550
|32 246
|68 975
|84 941
|-5 613
|2
|Trade payables EURO
|13 017
|0
|12 564
|0
|453
|3
|Trade payables USD
|357 781
|241 919
|115 135
|642
|84
|TOTAL
|551 348
|274 166
|196 675
|85 583
|-5 075
Liabilities to Synergy Projects Limited relates to the leasehold inducement of the Aurora office until June 30th, 2014. The outstanding total amount of 60 240 CAD (2 077 CAD per month) till the end of the leasehold period is divided into short and long term payables.
Leasehold inducement as of 31st of January 2012:
|No
|Liability
|Number of
months
|Monthly
liabilities
|Total
|1
|Short-term leasehold
|12
|2 077
|24 927
|2
|Long-term leasehold
|17
|2 077
|35 313
The Company has no off-balance sheet financing. All contingent liabilities are presented only in the year-end financial statements:
|10
|No
|Title of commitment
|2012
|2013
|2014
|2015 and
beyond
|Total CAD
|1
|Royalty in-licensing
|10 000
|10 000
|10 000
|100 000
|130 000
|2
|Clinical research organizations
|2 020 000
|2 358 000
|2 290 000
|322 000
|6 990 000
|3
|Contract manufacturing organizations
|590 000
|590 000
|4
|Collaborative research organizations
|128 000
|104 000
|232 000
|5
|Purchases of inventory
|1 205 000
|1 311 000
|1 400 000
|620 000
|4 536 000
|6
|Operating leases
|260 000
|106 000
|97 000
|463 000
|7
|Share capital issuance
|89 000
|89 000
|8
|Consulting
|498 000
|235 000
|152 000
|885 000
|TOTAL
|4 800 000
|4 124 000
|3 949 000
|1 042 000
|13 915 000
The Company’s commitments are calculated at each financial year-end and are disclosed in the financial statements.
The Company has two separate Clinical Research Organization (CRO) supplier agreements, whereby the two CRO’s provide clinical research services related to the management of clinical trials / studies which are at various stages of development. As of July 31st, 2011 the Company accrued 221 000 CAD for CRO services it had received and is contractually committed to pay the amount of 6 990 000 CAD for additional future CRO services.
The Company has two separate Contract Manufacturing Organization (CMO) supplier agreements related to the Company’s Topical Interferon Alpha-2b program. The one CMO agreement relates to the manufacturing of clinical trial kits while the second CMO agreement relates to the GMP scale-up manufacturing program. The Company has three separate CMO supplier agreements related to the Company’s L-DOS47 program, all of which are inter-related in the scale-up of L-DOS47 in preparation for human clinical trials. As of July 31st, 2011 the Company accrued 207 000 CAD for CMO services it had received and is committed to pay 590 000 CAD for additional services not yet rendered.
The Company has three collaborative research agreements relating to the Company’s L-DOS47 program. The nature of the services includes assay development, animal studies and imaging as well as ongoing future clinical sample analysis. As of July 31st, 2011 the Company has accrued 37 000 CAD for Collaborative Research Organizations services it had received and is committed to pay 232 000 CAD for additional collaborative research services.
The Company has entered into various consulting service arrangements with commitments of 885 000 CAD through to fiscal 2014.
Review of unrecorded liabilities
Subsequent payments tests are performed and reviewed by KPMG as a part of the quarterly reviews. The Company is carrying out completeness checks by reviewing purchase and sales invoices after the reporting date. Finance staff follows-up with employees responsible for money transfers about confirmation of completeness of sales and purchases, conducts cut-off tests and checks the continuity of ongoing costs.
|11
Sales invoices are issued when the risk and rewards of ownership are transferred to the buyers and the seller has no more control over sold goods.
There are no extraordinary liabilities that are outstanding.
Third party financing - bank and other loans, leasing agreements
The Company has no bank or other loans and leasing agreements. Helix has several bank accounts with HSBC Account Balances as of 16th of April, 2012 totaled $5785078 CAD and 286352 Euro.
The Company has comparable rates to those available for Bankers Acceptances, T-Bills, etc. Since rates have only been negligibly higher than rates the Company have been receiving from Company’s current bank, due to a tiered structure on how much interest the Company receives. In addition, during the financial crisis, the Company had concerns over how safe commercial paper was and felt it was safer to keep its cash in bank accounts under a tiered structure for interest income.
Provisions for unused holiday and other provisions
Accrued liabilities as of April 14th, 2012:
|No
|Desription
|Amount in CAD
|1
|Vacation pay
|317 557
|2
|Severance
|1 071 938
|3
|Deals, discounts and allowances
|10 000
|4
|Sale commisions
|7 107
|TOTAL
|1 406 602
Company employees are entitled to 12 days up to 30 days of annual vacation. As of January 31st, 2012, there were a number of vacation days from 2011 and 2012 remaining to be taken with the total accrued value of 278 802 CAD. Unused holiday and vacation levels taken by employees are reported and tracked by the finance controller. There is no formal policy for unused holiday. Any unused vacation is paid out upon resignation or termination as per statutory law. The Company uses a roll-forward method from every quarter of accrued vacation and adds up the balances at the end of the fiscal quarter or earlier in the event of a termination. At the end of Q3 2012 the estimated amount will be ca. 317 557 CAD. The Company creates and updates the provisions for unused holiday on quarterly basis. They are also subject of the quarterly review by KPMG. It is expected that there will be c.a. 480 days of unused holiday at the end of Q3 2012.
Salaries are paid twice a month and as of April 11th, 2012 there were no overdue amounts related to base salaries.
The severance related to resignation of Don Segal (former CEO) amounted to 1 071 938 CAD and was paid in March 2012. As of date of the analysis the Company did not delete the liability in the books the CFO expects that it will be done at the end of Q3, as a part of the quarterly closing. The other outstanding liabilities toward Don Segal are related to health benefits and insurance, as well as accrued vacation pay (described in detail in section Severance).
|12
As of January 31st, 2012, the Ontario formula accrual amounts to 6 188 CAD. As of April 14th, 2012 it was fully paid and settled. The Ontario formula accrual relates to the obligatory local fee for distribution of drugs and it is charged on quarterly basis. The ODBF is an Ontario Government department that provides drugs to indigent patients and those over 65 years of age. There is a list (formulary) of products that it reimburses. For many years they have not allowed price increases for any products on the formulary. If the Company has applied an increase, then it is obliged to rebate the ODBF the difference between the listed price and the new price, plus a 10% mark-up. If the Company does not rebate them it is de-listed. Currently approximately 15% of the Klean Prep business is from the ODBF.
The TSX annual listing fee consist of a base fee of 20 500 CAD and a variable fee of 0,00003% of total share value. As of January 31st, 2012, the TSX annual listing fee accrual amounted to the 24 332 CAD. As of April 14th, 2012 it was fully paid and settled.
As of January 31st, 2012, Mastercard transactions amounted to 15 328 CAD. Mastercard transaction relate to unbilled costs from HSBC Bank Statements.
As at January of 31st, 2012 the accrued sales commissions amounted to 18 791 CAD. Sales commissions are paid on the 15th day of the following month. Each commission is calculated on accumulated on month by month basis:
sales up to 1 500 000 CAD – 1,5%
sales of more than 1 500 000 CAD – 2%
Each month the Company creates general provisions for potential returns, claims and discounts of goods sold. As of April 11th, 2012 they amounted to 10 000 CAD.
P&L
Analysis of revenue streams
The net results including distribution costs for the products sold for the years 2009 - 2011 and for end of Q2 2012 were as follows:
|No
|Net margin
|2009
|2010
|2011
|Q1-Q2 2012
|1
|Total product revenue
|3 244 817
|3 925 306
|4 405 938
|2 148 463
|2
|Total cost of goods sold
|1 333 125
|1 449 761
|1 379 520
|751 704
|3
|Distribution costs
|181 356
|220 425
|261 824
|117 691
|NET MARGIN
|1 728 446
|2 255 120
|2 764 594
|1 279 069
Major cost categories in the Company
Major cost categories for the years 2009 - 2011 and at the end of Q2 2012 were as follows:
|13
|No
|Cost category
|2009
|2010
|2011
|Q1-Q2 2012
|1
|
Cost of Sales
|1 516 371
|1 670 186
|1 641 344
|869 395
|2
|
Research and development
|10 232 801
|10 714 212
|7 323 194
|3 473 898
|3
|
Operating, general and administration
|3 871 673
|3 122 997
|4 418 489
|2 012 388
|4
|
Special committee and settlement agreement
|0
|0
|0
|6 403 092
|5
|
Sales and marketing
|968 794
|1 125 593
|1 124 310
|524 434
|6
|
Amortization of intangible assets
|12 026
|0
|0
|0
|7
|
Amortization of capital assets
|274 684
|429 699
|403 434
|347 621
|8
|
Stock based compensation
|1 023 049
|1 273 525
|2 091 067
|1 227 758
|9
|
Interest income or expense
|-312 224
|-51 925
|-189 649
|-79 595
|10
|
Foreign exchange loss (gain)
|1 153
|415 230
|47 606
|46 470
|11
|
Impairment of intangible assets
|97 721
|0
|0
|0
|12
|
Loss (gain) on disposal of assets
|0
|-47 635
|59 029
|0
|TOTAL
|17 686 049
|18 651 883
|16 918 824
|14 825 461
Operating, general and administrative costs for the years 2009 - 2011 and for the end of Q2 2012 were as follows:
|No
|Operating, general and administrative
|2009
|2010
|2011
|Q1-Q2 2012
|1
|Wages+benefits
|866 954
|1 020 582
|1 187 673
|484 031
|2
|Rent + LHWTS
|118 392
|118 804
|111 187
|57 866
|3
|Audit/Acctg/Tax
|689 876
|398 155
|383 754
|205 100
|4
|Legal
|586 508
|438 907
|739 059
|292 837
|5
|IR
|651 484
|507 376
|1 086 953
|473 653
|6
|Insurance
|222 101
|140 520
|134 898
|93 603
|7
|Listing Fees
|171 821
|105 664
|260 315
|63 452
|8
|Director Fees
|157 000
|168 000
|168 000
|86 730
|9
|All Other
|407 537
|224 989
|346 651
|255 116
|TOTAL
|3 871 673
|3 122 997
|4 418 489
|2 012 388
* Light, heat, water, telephone, security
Sales and marketing costs for years 2009–2011 and for the end of Q2 2012 were as follows:
|No
|Sales and marketing
|2009
|2010
|2011
|Q1-Q2 2012
|1
|Wages+benefits
|183 600
|225 070
|241 666
|116 065
|2
|Rent + LHWTS
|7 636
|1 099
|4 069
|2 094
|3
|Sales/Agents
|526 560
|534 905
|491 569
|230 921
|4
|Quality/compliance
|78 243
|95 322
|136 680
|53 252
|5
|All Other
|172 755
|269 197
|250 326
|122 102
|TOTAL
|968 794
|1 125 593
|1 124 310
|524 434
|14
R&D costs divided by locations for years 2009 - 2011 and for the end of Q2 2012 were as follows:
|No
|Aurora
|2009
|2010
|2011
|Q1-Q2 2012
|1
|Wages+Benefits
|800 362
|899 518
|1 203 741
|525 026
|2
|Rent + LHWTS*
|13 156
|14 795
|29 833
|14 087
|3
|All Other
|860 795
|732 063
|640 287
|249 201
|TOTAL
|1 674 313
|1 646 376
|1 873 861
|788 313
|No
|Saskatoon (Interferon)
|2009
|2010
|2011
|Q2 2012
|1
|Wages+Benefits
|850 816
|888 101
|957 850
|452 753
|2
|Rent + LHWTS*
|230 676
|283 987
|253 575
|131 728
|3
|All Other
|216 584
|280 324
|297 417
|149 817
|4
|3rd party CRO/CMO/CSO** - LSIL***
|1 578 370
|2 031 784
|691 899
|214 983
|5
|3rd party CRO/CMO/CSO** - AGW****
|2 219 224
|1 425 497
|140 342
|0
|TOTAL
|5 095 670
|4 909 693
|2 341 083
|949 281
|No
|Edmonton (L-DOS47)
|2009
|2010
|2011
|Q2 2012
|1
|Wages+Benefits
|447 679
|508 587
|411 082
|200 206
|2
|Rent + LHWTS*
|59 096
|134 949
|134 336
|28 328
|3
|All Other
|101 611
|110 069
|83 103
|40 899
|4
|CRO/CMO/CSO** - DOS47
|2 943 090
|4 470 751
|4 108 452
|1 459 354
|TOTAL
|3 551 475
|5 224 356
|4 736 973
|1 728 787
|TOTAL R&D
|10 321 459
|11 780 424
|8 951 917
|3 466 381
* Light, heat, water, telephone, security
** Clinical Research Organization (CRO), Contract Manufacturing Organization (CMO), Collaborative Scientific Research Organization (CSO)
*** Low-grade squamous intraepithelial lesions
**** Ano-genital warts
Research and development costs listed above do not include the ITC requested refund on R&D amounting to 1 066 212 CAD in 2010 and 1 628 723 CAD in 2011.
Extraordinary costs
As there are extraordinary costs appearing in 2012 which were related to activities of the Special Committee, it is necessary to demonstrate this cost category in more detail.
The Special Committee, consisting of two persons, Mr. Jack Kay and Mr. Tom Hodgson, was formally established by the Company Directors on November 16th 2011 by board resolution and dissolved on March 13th 2012, as confirmed in the minutes of the Committee dated the same day. The minutes of the Special Committee were received by the acting CEO of the Company only on May 10th, 2012, from Norton Rose LLP, legal advisors to the Special Committee, via Osler, Hoskin and Harcourt LLP, current legal advisors of the Company.
|15
It is not the task of the due diligence team to make a judgment in this report on the business and legal rationale of creating the Special Committee and the activities it has carried out. We are noticing however, that the gross value of legal and other advisory services expenses directly related to the activities of the Committee amounted to over 3.2 million CAD, which appears to be an extraordinarily high amount spent in such a short period of time and in a company which is running out of financial resources needed to conduct its research and product development activities. We have also noticed that, as confirmed in a letter from Norton Rose legal advisors, dated December 14th, 2011, and in other documents, that the rendering of legal services by this company for the Committee had begun already in October, the mandate letter engaging Norton Rose LLP was signed on January 27th 2012 while the invoices for the services were accepted by the Committee on January 29th 2012, and on March 13th 2012. In addition, a first invoice on legal advisory services rendered to the Company pertaining to establishing a Special Committee, is dated early September 2011.
The table below presents details of expenditures related directly to activities of the Special Committee and the consequences of the Settlement Agreement signed on March 14th, 2012:
|No
|Vendor
|Q1
|Q2
|Q3
|Total
|1
|Norton Rose
|0,00
|1 063 008,95
|583 006,93
|1 646 015,88
|2
|Torys
|210 820,67
|343 829,15
|210 130,39
|764 780,21
|3
|Kingsdale
|0,00
|265 672,85
|0,00
|265 672,85
|4
|Cawkell Brodie Glaister
|31 000,00
|143 000,00
|28 000,00
|202 000,00
|5
|E&Y Canada
|0,00
|185 108,55
|7 277,74
|192 386,29
|6
|E&Y Europe
|0,00
|107 918,09
|9 914,61
|117 832,70
|7
|SKS
|3 752,54
|9 103,81
|1 456,03
|14 312,38
|8
|Concerned S/H reimbursement
|0,00
|0,00
|2 073 701,49
|2 073 701,49
|9
|Don Segal - severance
|0,00
|0,00
|1 071 937,50
|1 071 937,50
|TOTAL
|245 573,21
|2 117 641,40
|3 985 424,69
|6 348 639,30
Total Special Committee and settlement costs are estimated as of today at 6 348 639 CAD. Figures shown in the table above are approximate, because they partly come from Journal vouchers not from account payables distribution.
Such expenditure rise in the Company costs as of the end of Q2 2012 to over 14 825 461 CAD, brings costs of two quarters of fiscal 2012 to an amount almost t equal in value to all costs incurred by Helix for the whole fiscal 2011.
Bank accounts and other bank arrangements
Rules of banking and cheques signature approvals are defined in the Company Policy Handbook in a general manner. Any changes to banking arrangements must have the approval of the Board of Directors. Signing officers are the CEO, COO, CSO and CFO. Cheques require 2 signatures and at least one signature must be either of the CEO or of the CFO. Wire transfers are performed on a preparer approver basis with the final wire release by the CFO.
|16
The Debit Limit can be changed at any time by the CFO of the Company. The Company has no credit arrangements related to its bank accounts.
Credit cards and other expense related charges
Rules of the Company credit cards use are defined in Company Policy Handbook in a very general manner. It is stated only that issuance of the Company credit cards must be approved by the CEO and that credit cards must be used for Company purposes only.
The Company has advised that there are no material credit cards expenses that are not covered with expense receipts, as of April 2012.
Detailed rules of expense management and control are defined in the Expense Policy Guidelines (Appendix V to the Company Policy Handbook). These rules cover expense reporting and reimbursement, business travel expense, travel policy, air travel, taxi / limousine expense, car rentals, hotels, meals, entertainment, laundry service, travel advances, cell phones, internet access outside the office and format of expense reports.
Insurance coverage
The Company holds insurance policies covering all major risks related to its activity. Copies of current insurance policies / agreements were presented. Details of insurance policies held by the Company as of April 2012 are presented below:
|No
|Type of insurance
|Insurer
|Risks covered
|From
|To
|Coverage
value CAD
|Premium
CAD
|1
|D & O insurance
|197 091
|2
|GCAN Insurance Company
|primary D&O
|March 01, 2011
|March 01, 2012
|10 000 000
|89 650
|3
|ACE INA Insurance
|excess D&O
|March 01, 2011
|March 01, 2012
|5 000 000
|25 000
|4
|Great American Insurance Group
|excess D&O
|March 01, 2011
|March 01, 2012
|5 000 000
|40 000
|5
|extension of D&O insurance till June 01, 2012
|42 441
|6
|Transportation
|Lloyd's - Favley Cargo Underwriting
|shipments of goods, merchandise, property
|July 31, 2011
|July 31, 2012
|6 375 000
|11 590
|7
|Product Liability
|HKMB HUB International
|products & completed operations
|May 28,2011
|May 28,2012
|5 000 000
|35 200
|8
|Comerical Package
|HKMB HUB International
|property, computers, EDP property, business income
|May 28,2011
|May 28,2012
|10 000 000
|23 112
|9
|Clinical Trial
|Compensa - Vienna Insurance Group
|clinical trial liability - L- DOS47 - Poland - Phase I/II
|January 31, 2011
|June 30, 2014
|Euro 5 000 000
|14 754
|TOTAL
|281 747
The D&O insurance policies expired on March 1st, 2012. By the end of February they were extended till June 1st, 2012. The total premium paid for this extension was CAD 42 440,76. The Company historically has never made an insurance claim. However, on February 17th and 24th, 2012 the Company delivered to D&O insurers letters (constituting formal notice) and is pursuing a potential claim related to discussion between dissident shareholders and the Company.
|17
Historical analysis of warrants issued and executed
In the period from December 2007 till March 31st 2011, for which information was provided to us by the Company, and in connection with six consecutive private placements, in which 32 326 084 shares were sold, the Company issued 17 126 084 share warrants.
Out of the 17 126 084 warrants issued in the period 3 400 000 have expired on October 1st, 2011.
|II.
|BUSINESS AND CONTRACTS
It is not the purpose of this due diligence report to formulate recommendations to the Board of Directors with regard to future actions pertaining to the three main lines of Company activity, especially that it is our understanding that all members of the Board have been thoroughly informed about the development state of both product candidates of the Company and about the condition of the drug distribution activity of the Company. For that reason we are limiting ourselves here to providing a few brief comments based on document reviews and interviews with senior officers responsible for each activity.
Topical Interferon Alpha-2b. To date there has been no willingness to supply more Interferon, needed to launch Phase III clinical studies by the Merck company, which has merged with the heretofore product development partner Schering, or to enter into a new cooperation agreement to co-finance further clinical studies and jointly bring the product to the market. One possible reason for that could be, but it is only a supposition, that the cannibalization risk for the Gardasil vaccine sales of Merck. Furthermore, the market potential of the product outside the U.S. is difficult to estimate as the price of the raw material Interferon is unknown to the Company as it has not been communicated by Schering/Merck. According to the Company it will require additional raw material support in order to commence any clinical trial involving Topical Interferon Alpha-2b. In addition part of the patent protection on the proprietary technology of Helix is expiring next year, which the Company is trying to remedy through a new, “expanded” patent application, now in processing by U.S. patent authorities. As a result of the passive stance of Merck, and assuming there is no solution found to this situation, the Company is considering substituting the Merck Interferon with Interferon produced by other manufacturers, of unknown quality and purity, which could involve carrying out bio-similarity/ bridging studies and possibly a repetition of the clinical studies performed so far, in result possibly setting the product development process several years back. Assuming that the potential of the product in terms of medical efficacy and future profitability exists, it appears that new efforts need to be undertaken in terms of acquiring financing and a strategic partner in order to continue the development process and avoid losing all the time, efforts and sizable resources devoted to this potential product by the Company so far.
DOS47/L-DOS47. The proprietary technology owned by the Company for this lung cancer drug candidate appears to have significant medical efficacy potential with possible further potential for treatment of other types of cancer. The Company has obtained approvals from regulatory authorities to conduct two clinical studies, a European phase I/II study and a U.S. phase I study. Due to the current difficult financial situation of the Company a decision was made to launch the European phase
|18
I/II study only, and according to the latest information available from the Company the launching process has begun. Again, the successful development of this drug candidate appears to depend on acquiring new funding and/or a strategic partner for the Company and on hands-on quality management of the process.
Rivex. This drug distribution business developed by the Company is a relatively high margin activity of captive nature, well organized, based on long term partnerships and with a relatively stable cash flow (description of revenues and income in section Analysis of revenues streams, above). According to the VP of the Company in charge of the activity, there is a more than a fair chance that this business is likely to continue bringing a stable income to the Company in the nearest years. It appears that this activity of the Company is an asset which could possibly be sold for cash in case such a decision would be considered by the Company.
Suppliers and Subcontractors
Contractual agreements of Helix currently in place with service providers, including cooperation agreements pertaining to development of the Company’s main potential products, Topical Interferon Alpha-2b and L-DOS47 were reviewed by the due diligence team and discussed with officers of the Company. Contracts are mostly of longer term nature, have been negotiated with the assistance of specialized legal counsel and appear to be of appropriate standard in terms of protecting the interest of the Company. Both the COO and the CSO have confirmed that in all agreements with partners where sharing of technology is involved the Company is not at risk of undue technology transfer and possible leakage of proprietary intellectual property.
Agreements and mandates for provision of legal and investor relations services also appear to be of standard format and content, although rates and prices charged are certainly on the high-end level.
Contractual supply, service and distribution of products sold by Rivex have been reviewed and discussed with the Vice President responsible for the Company. All agreements now in place are of long term, captive nature and on standard terms.
Leasehold agreements
The Company runs its activity in three locations, which are Aurora (Ontario), Saskatoon (Saskatchewan) and Edmonton (Alberta). Lease agreements of all three offices were presented. Details are listed below:
|Lease cost CAD
|No
|Location
|Landlord
|From
|To
|m2
|premises
type
|monthly
|total
|monthly
/ m2
|1
|Aurora
|Beswick Group Holdings
|March 01, 2012
|February 28, 2013
|552
|ofiice
|4 404
|52 848
|7,98
|2
|Saskatoon
|Saskatchewan Opportunity Corp
|February 01, 2012
|January 31, 2012
|780
| office (381)
lab (399)
|20 705
|248 462
|26,55
|3
|Edmonton
|1065995 Alberta Ltd.
|July 01, 2009
|June 30, 2014
|372
|office
|8 500
|102 000
|22,85
|TOTAL
|33 609
|403 310
|19
Although the lease agreement on Saskatoon premises expired January 31st, 2012, the lease is continued on month to month terms. The amendment for the next 12 months starting February 01, 2012 is prepared, but not signed, due to the uncertainty of strategic decisions of Company Board of Directors related to further development of the Interferon based product candidate. This should be considered as an important risk. In case the landlord finds another client, the Company will be forced to find new premises for the Saskatoon team, which will take time and bring about additional costs.
Employees and management
The top management officers at the Company hold employment agreements similar in structure, both in terms of duties as well as it terms of remuneration and benefits, with the level of remuneration and bonuses set by the Compensation Committee.
All agreements contain change of control clauses, very precisely defined, clauses pertaining to confidentiality, intellectual property, including ownership of works and keeping of records, termination plus clauses standard in other employment agreements. As for remuneration and benefits, apart from base salary and bonus, agreements include reimbursement of business expenses, insurance coverage (group life, long-term disability, extended medical and dental as well as directors’ and officers’ liability insurance). Severance payments are present in all agreements, with a year’s (two years in the case of CEO) compensation payable plus pro-rata bonus of last year calculated in accordance with the period of employment in the fiscal year before termination.
Agreements were signed in 2008 but every year amendments have been concluded, primarily in result of base salary increases.
In course of analysis of employment contracts it was found that many of the Company employees have neither valid employment contracts nor signed NDA’s. This should be regarded as a legal risk to the Company.
Indemnity agreements
Following a decision of the Board of Directors taken on December 2nd 2011, the Company has signed on December 19th 2011, newly prepared Indemnity Agreements with all top officers of the Company the wording of all Agreements is the same in case of all officers covered. Under these agreements, the top officers of the Company are indemnified “to the full extent permitted by law, including, but not limited to the full extent permitted under the Canada Business Corporation Act…”, in addition the Company “shall upon demand, make advances (Expense Advances) to the Indemnitee for the reasonable costs, charges and expenses in connection with the conduct of an action or proceeding, including legal fees, for which the Indemnitee seeks Indemnification under this Agreement….” and on top of that the Company shall ensure that all liabilities (excluding a reasonable deductible) of the Corporation under this agreement relating to actions and proceedings are at all times “….. “covered by directors’ and officers’ liability insurance with a responsible insurer…”.
This decision coincided with a decision of the Board of Directors to renew the Directors’ and Officers’ Liability insurance and with another decision to sign an Escrow Agreement (described below) with the same management officers, as confirmed in the minutes of the Company Board of Directors.
|20
Escrow agreement
On January 19th, 2012, the Company has signed an Escrow Agreement with five top officers of the Company (Don Segal, John Docherty, Heman Chao, Photios Michalargias and Praveen Kumar) based on which applicable severance amounts totaling 2 639 321 CAD were deposited in escrow. In case of a change of control event defined in the Agreement the funds would be paid out to the officers if their employment agreements were terminated. The authors of the Agreement go as far as predicting a settlement agreement to be entered into during the Company’s Annual General Meeting scheduled for January 30th, 2012, between the Company and one or more dissident shareholders (Article 2 par. 2.4), in which case upon notice of the Company or any of the officers to the Escrow Agent the funds would be returned to the Company.
Bank loans and credit agreements
The Company does not use credit lines from banks and does not borrow money from other financial institutions.
|III.
|ORGANISATION, PROCEDURES, INTERNAL CONTROL
Organizational structure and scope of duties of key managers
The Company presented organization charts of the whole company (dated March 8th, 2012), for the Saskatoon location (dated January 15th, 2012) and for the Edmonton location (no date). The charts clearly describe the structure of the Company, relations among different positions and provide names of individual employees holding each position. Company structure does not include departments or divisions due to its size, an organization unit is simply the named position.
The Company presented scopes of duty of the management team members, including the CEO, COO, CFO and CSO (all dated December 2008). According to information received from the CFO, they were not updated since 2008, however the actual duties performed by those persons are compatible with those defined in December 2008. Analysis of the scope of duties of the Management Team shows that duties are clearly defined and eliminate potential conflicts of interest, i.e. there are no duties overlapping, unless explicitly stated. The Company has written scopes of duties for other positions, but not for all of them.
The Company presented several documents regulating the activity of the Board of Directors and Board Committees, including:
Board of Directors Mandate and Corporate Governance Guidelines (approved on October 20th, 2010)
Governance Committee Charter (approved on October 20th, 2010)
Compensation Committee Charter (approved on October 20th, 2010)
Audit Committee Charter (approved on October 20th, 2010)
Disclosure Policy and Confidentiality of Information (approved on October 24th, 2011)
Whistleblower Policy (approved on October 24th, 2011)
Code of Business Conduct and Ethics (approved on October 24th, 2011)
|21
Insider Trading and Insider Information Policy & Procedures (approved on October 24th, 2011)
Analysis of content of these documents and analysis of the adequacy of Board of Directors performance in the adherence of the Board of Directors, its committees and of Company officers to these charters, codes and guidelines may be subject of legal due diligence, which falls outside of the scope of this Report.
Financial procedures
Although there are no separate written instructions / guidelines for financial procedures, the most important rules of conduct in the area of financial administration are described in the Company Policy Handbook. The Financial Administration Section includes rules related to:
Purchasing approvals
Credit approvals
Banking and cheque signing
Management expense accounts
Capital expenditures
Product pricing and promotion
Division of duties in financial administration
It has to be stated that these rules are rather general and do not provide specific and detailed instructions as to how to proceed. This does not relate to the Expense Policy Guidelines (Appendix V to Company Policy Handbook) and Capital Asset Expenditure Policy (Appendix VI to Company Policy Handbook), both dated July 2011. These two appendices define in more detail the way of proceeding in these respective areas.
Internal control and compliance procedures
Due to scale of the Company and its activity the Company does not have a separate position of an Internal Controller or a Compliance Officer. There are also no written instructions/guidelines for internal control procedures.
The Company has engaged professional advisors – Experis Finance, to assist management with the Control Operating Effectiveness Assessment Phase of their Sarbanes Oxley Section 404 compliance, in order to fulfill the management requirement to certify as to the operating effectiveness of Internal Controls over Financial Reporting (ICFR). The approach taken was based on testing of key controls in significant business processes, as determined in scope by Helix management. The review, which related to the financial year ending July 31st, 2011, included:
Entity Level Controls
Financial Closing, Statements, Notes & Disclosures
IT
R&D Expenses
Revenue & Accounts Receivable
Purchasing & Accounts Payable
Inventory and Cost of Sales
|22
Capital Assets and Depreciation
Payroll
Banking and Treasury
Income Taxes
Stock Based Compensation
Results of the review were positive. 75 control processes were tested and no deficiencies of any type were found. The report stated that there is no risk that control does not prevent or detect misstatements on a timely basis and there is no reasonable possibility that a material misstatement of the reporting issuer’s financial statements will not be prevented or detected on a timely basis.
HR Management
The Company does not have a separate position of an HR Manager. All functions and duties related to HR are divided among several positions in the following manner:
1. Payroll and employee files administration – Mary Reynolds, responsible for accounting
2. Recruitments and terminations – CEO
3. Legal service for HR issues – external legal advisor
4. Trainings – external suppliers.
The Company currently employs 28 persons, including the acting CEO.
Employment structure by locations:
|No.
|Location
|No of employees
|Structure %
|1
|Aurora
|10
|36
|2
|Saskatoon
|14
|50
|3
|Edmonton
|4
|14
|TOTAL
|28
|100
Employment structure by area of duties:
|No.
|Location
|No of
employees
|Structure %
|1
|R&D
|23
|82
|2
|Distribution
|1
|4
|3
|Administration
|4
|14
|TOTAL
|28
|100
Remuneration system – base wages, bonuses, option plans, benefits
Base salaries of the top management team have changed substantially over the last 3 years for the four highest paid positions from a total of $805,000 CAD to $1.250000 in August of 2010 constituting a 55% percent cumulative increase.
|23
Annual cash bonuses are applicable for certain employees and Senior Management, based on decisions of the Compensation Committee of the Board of Directors. Annual Key Criteria (AKC) are set for paying bonuses and consist typically of short term conditions. Before any bonuses are paid the AKC are analyzed by the employee’s supervisor and the Board of Directors to determine if the AKC were achieved. The bonuses paid do not appear to correlate with the Company’s performance. It is not the purpose of this report to make a second judgment on the resolutions of the Compensation Committee as such analysis would require an in-depth review of each decision in view of all circumstances present at the time.
Salaries and bonuses of Management Team paid for fiscal years 2009, 2010 and 2011, on the basis of resolutions of the Compensation Committee:
|No
|Name
|Position
|F 2009
|TOTAL
2009
|F 2010
|TOTAL
2010
|F 2011
|TOTAL
2011
|Total
2009-2011
|Base salary
|Bonus
|Base salary
|Bonus
|Base salary
|Bonus
|1
|Don Segal
|CEO
|297 500
|122 500
|420 000
|377 083
|113 146
|490 229
|415 000
|100 223
|515 223
|1 425 452
|2
|Frank Michalargias
|CFO
|177 500
|57 500
|235 000
|242 500
|63 750
|306 250
|260 000
|65 000
|325 000
|866 250
|3
|John Doherty
|COO
|175 000
|77 000
|252 000
|253 333
|59 340
|312 673
|300 000
|85 313
|385 313
|949 986
|4
|Heman Chao
|CSO
|170 000
|70 000
|240 000
|231 250
|53 277
|284 527
|275 000
|81 813
|356 813
|881 340
|Management TOTAL
|820 000
|327 000
|1 147 000
|1 104 167
|289 513
|1 393 680
|1 250 000
|332 348
|1 582 348
|4 123 027
|HBC Total
|2 923 854
|3 274 184
|3 680 412
|9 878 450
|% of Management in HBC Total
|39,23%
|42,57%
|42,99%
|41,74%
As of 31st of January 2012 there were a number of vacation days for 2011 and 2012 remaining to be taken, with total accrued value of 278 802 CAD, out of which 121 307,69 CAD relates to vacation pay accrual for Don Segal (former CEO). As of April 17th, 2012 this amount was not paid yet.
|24
Stock exchange performance of Company shares
The trade volume of Company shares on TSX and especially on NYSE AMEX (which in fact hardly exists at all) between January 2009 and April 2012 was very low. When taking into account the costs of floating shares of Helix on NYSE AMEX and costs of IR related to U.S. listing, and the fact that there is no analyst coverage of Helix in U.S. capital market it appears that the goals of listing the Company shares in U.S. where not achieved. The incremental costs of the dual listing, according to data presented by CFO, are c.a. 280 000 CAD.
|25
Details of data used in charts above are presented in the table below:
|Date
|TSX
|NYSE AMEX
|Avg Close in CAD
|Avg Daily Vol in 000
|Avg Daily Vol in 000
|January-09
|1,70
|13,1
|February-09
|1,58
|5,4
|March-09
|1,55
|16,5
|April-09
|1,33
|15,5
|May-09
|1,38
|34,7
|June-09
|1,51
|24,5
|July-09
|2,14
|115,1
|August-09
|2,30
|27,3
|September-09
|3,14
|44,8
|October-09
|2,33
|44,3
|November-09
|2,87
|37
|0
|December-09
|3,21
|60,2
|0,2
|January-10
|2,76
|28,4
|0,6
|February-10
|2,80
|72,7
|0
|March-10
|2,75
|53,9
|0,2
|April-10
|2,35
|36,5
|2,8
|May-10
|2,45
|22,2
|0,9
|June-10
|2,40
|26,8
|0,1
|July-10
|2,40
|22
|1,2
|August-10
|2,40
|31,5
|0
|September-10
|2,53
|56,1
|0,7
|October-10
|2,54
|29,4
|3,4
|November-10
|2,65
|9
|10,8
|December-10
|2,57
|36,2
|4,7
|January-11
|2,85
|28,3
|2
|February-11
|3,04
|16,9
|1,4
|March-11
|3,30
|16,4
|0,7
|April-11
|3,00
|15,2
|0,6
|May-11
|3,03
|15,6
|1,5
|June-11
|2,86
|36,7
|0,3
|July-11
|2,90
|27,2
|0,7
|August-11
|2,30
|16,2
|1,9
|September-11
|1,99
|32,2
|9,1
|October-11
|2,08
|20,6
|1,5
|November-11
|1,61
|5,6
|6,8
|December-11
|1,90
|17,7
|2,4
|January-12
|1,79
|19,7
|2,4
|February-12
|1,97
|8,9
|0,9
|March-12
|1,67
|9,5
|0
|April-12
|1,7
|29,6
|0,3
|http://finance.yahoo.com
|26
Benefits
The Company provides employees with several additional non-cash benefits to enhance their motivation, including medical and dental coverage, sickness / disability coverage and life insurance. Details are presented below:
|Employee insurance benefits as of April 2012:
|No
|Insurance company
|Insurance
|Monthly CAD
|Annualy CAD
|1
|RBC
|Accidental Death & Dismemberment
|117,69
|1 412,28
|2
|RBC
|Critical Illness
|1 175,96
|14 111,52
|3
|Empire Life
|Life insurance, including dental, EHB and dependant life
|14 425,65
|173 107,80
|TOTAL
|15 719,30
|188 631,60
The Company guarantees to all employees medical and life insurance during the employment period, which usually expires upon leaving the Company or within 1 month thereafter. Certain senior management have a clause in their employment contract that specifically stipulates the expiration date.
The Company has in place an Equity Compensation Plan and stock options are granted to employees. The costs to the company of vesting of the options is shown above in the table containing all major cost categories. The Company’s equity compensation plan reserves up to 10% of the Company’s outstanding common stock for granting to directors, officers, employees and other consultants of the Company or any person or company engaged to provide ongoing management or consulting services. Share awards can be used as additional compensation to a grantee or can be granted instead of cash or other compensation that the grantee is entitled to. Each granted series of stock options have a limited time to expiration determined by the Compensation Committee.
The retirement program conditions are set by the Canadian Pension Plan that is required and led by the Canadian federal government. It is obligatory for all employees. The contributions are made as a reduction of salary amounts and are paid by the Company.
Options granted to officers, employees and consultants to the company
In the period between June 2005 and July 2011 the Company granted 7 144 450 options to officers, employees and consultants to the Company (183 cases of grants) in accordance with the rules and on the terms and conditions established by the Compensation Committee. The highest recipients of the option grants were the CEO Don Segal (ca. 925 000 options), COO John Docherty (ca. 800 000 options), CSO Heman Chao (ca. 800 000 options) and CFO Photios Michalargias (ca. 750 000) options.
|27
During the meeting of the Board of Directors dated December 27th, 2011, the Board concluded that the vesting of all outstanding options had been accelerated, as illustrated by minutes of that meeting provided for review.
It appears that at least in part because of the fact that “certain other shareholders, collectively representing 50% of the issued and outstanding securities of the Company, had entered into voting and support agreements…’’, “... the Board concluded that all the outstanding options had vested as at November 8, 2011, pursuant to the provisions of the Plan, however certain senior management and continuing directors...” “would be asked to waive such acceleration and agree to an amendment to the definition of “change of control” for purposes of their options….”.
The company performs valuations of these options using the Black Scholes formula and in accordance with the last calculation the value of each option as of July 2011 was equal to ca. 1.44 CAD.
Hiring and terminations
Hiring and termination procedures are defined in the Company Policy Handbook. In general, all hiring and terminations, as well salary increases and participation in incentive plan must be approved by the CEO. The Company does not retain recruitment companies. The company used to employ or cooperate on business-to-business basis with relatives of management. The examples include employing of daughters two of the former CEO Don Segal.
Severances
The company paid CAD 1 530 537 as severance obligations for 5 severances in the years 2006-2011 and between 01.01.2012 and 12.04.2012.
Due to termination of the employment contract by Don Segal (former CEO) and in accordance with section 7.3 of his employment contract, the disability, medical and other insurance or benefit plans in which Don Segal participated, continue to be covered by the company for 24 months following termination. The anticipated value of all this coverage for the 24 months period is CAD 54 794,32. Details are presented below:
|No
|Insurance company
|Insurance
|Monthly CAD
|Annualy CAD
|Total for 24
months CAD
|1
|Trans American
|Life insurance
|183,15
|4 395,60
|2
|Canada Life
|Life insurance
|329,34
|7 904,16
|3
|IHI Denmark
|Health Benefits
|15 971,00
|31 942,00
|4
|RBC
|Accidental Death & Dismemberment
|15,69
|376,56
|5
|RBC
|Critical Illines
|94,34
|2 264,16
|6
|Empire Life
|Life insurance, including dental, EHB and dependant life
|329,66
|7 911,84
|TOTAL
|54 794,32
|28
|IV.
|IT ISSUES
General information
The IT audit was conducted in the period of 16th - 18th of April 2012 at the Helix headquarters with the aim of preparing a detailed description of IT solutions implemented in the Company, together with an IT risk analysis, as part of the general due diligence analysis carried out by FK Partner.
The IT part consists of information collected during meetings with the Vice President of R&D, and an IT specialist from the outsourcing company Impact Business Systems (IBS) providing remote and in-house IT support for HBP. In addition a number of documents, forms and check lists were provided to give a better picture of the current situation.
The report is divided into several sections to facilitate understanding of each part of the IT system, allowing for a comprehensive view of the situation - beginning with organizational aspects through human resources, types of data collected and finally possible risk analysis.
Locations of offices
IT infrastructure is present at the current office locations:
Aurora, Ontario
In the headquarters of the Company there currently are 10 active users of the computer network present on location and 3 suspended users in the process of contract termination. The main server room is located in the HQ and therefore all important maintenance operations are conducted in Aurora.
Saskatoon, Saskatchewan
The main laboratory of the Company is located in Saskatoon - it currently employs 15 active users, who mainly perform laboratory tasks, in many cases based on devices connected to their computers. The audit of the Saskatoon’s branch office is based on oral and written information given by the IT support administrators.
Edmonton, Alberta
It is a location of another laboratory with 4 active users conducting lab tasks on their computers equipped with special devices. In this case the audit is also based on information given by the IT support administrators.
IT administration
Administrators
There are 2 administrators managing the IT infrastructure in the HQ: the Vice President of R&D and an IT Specialist from IBS. They have full access to all information stored and processed in the company, which is not an unusual situation. They are responsible for data backup, computer system maintenance, failure removal and helpdesk for users. There is a Non-Disclosure Agreement signed by both administrators which legally prevents them from disclosing Company data. In addition there is an
|29
external IT company (PC Perfect) working for the Saskatoon office providing hardware help but having no access to the Company data.
Procedures
There are 6 written procedures formalizing IT processes:
|1.
|
Helix Nightly Backup Tape Process
|2.
|
Helix Off-Site Media Storage
|3.
|
Backup And Review Process
|4.
|
Review of Backup Logs
|5.
|
Server Performance and Capacity Review
|6.
|
Verification of Server Tape Restore
The last update of above documents was carried out on June 24th, 2010 as a result of the SOX 404 Certification Key Control Test Program, in particular caused by written recommendations for the IT department given by the SOX 404 Certification auditor in June 2010.
In addition a Helix Computing Resources Policy was prepared to describe the overview, purpose, scope and security policy of the IT system as well as possible consequences of non-compliance. Employees were informed via email of the content of the handbook with the policy included, but no signature was required to confirm their compliance. The last update was performed on June 30th, 2010 and the full content was presented as a part of the Company Policy Handbook.
There is a Helix Technology Equipment Disposal Policy related to devices that are out of order or broken. It is generally used to prevent data from being exposed to unprivileged parties. It was confirmed that the disposal procedure is being followed appropriately.
The company was audited in 2011 by KPMG and there were no additional recommendations for the IT department.
Procedure compliance
According to the documentation shown there exists a procedure no. 5 with results written down on a weekly basis. The remaining procedures are carried out manually without any written confirmation of performance. Procedure no. 6 was executed when a new server arrived, to make sure the backup allows setting up the new system supporting Hyper-V technology. The test was performed successfully. On the question of test frequency of other procedures, it was said that they are checked on random basis.
Procedures are followed by the IT Specialist from IBS and are confirmed by the Vice President of R&D and in rare important cases by a member of the Company Board of Directors.
Routine tasks and actions
According to the information given by the Vice President of R&D, administrators are responsible for:
|30
computer hardware maintenance,
hardware disposal at its failure,
software installation and upgrade,
backup execution and control,
following procedures,
solving problems submitted by users in tickets.
The ticket system is installed on a Lync server, first introduced in the middle of 2010, and actively used thereafter.
On April 17th, 2012 the current state of the helpdesk software was presented and there were 314 tickets registered. On the question whether the ticket system is the only way of getting IT help, the Company said there are tasks that are processed following a phone call - administrators add new tickets for users to keep the register complete and up-to-date. However, it is not possible to assure that all IT tasks are indeed in the helpdesk system.
Users and groups
The updated list of Domain Controller users is included in an attachment named Helix I.T. User Control List - in addition to the list of users there is a complete list of assigned privileges divided into branch offices. Users are divided into groups according to their locations: domain members are from Aurora while Saskatoon and Edmonton users have access to their own Domain Controllers located in their offices. More detailed information on servers can be found in the section dedicated to Servers.
Working habits
Users work on Windows operating systems with no irregular software installed - according to IT administrators. The main applications used are coming with the Office suite. More information can be found in the Workstation section.
Users are given recommendations for data storing and processing and it applies to all locations. As is it mentioned in the Servers section each branch office has its own file server to keep the data secured. It is recommended to keep all files and documents in a shared folder located in the location where the user works: HBP Server for Aurora users, Pserver for Saskatoon and Edmonton server for Edmonton users.
Users update their operating system manually and there are no limitations on new software installations. The limitations and consequences of using the computer system inappropriately were provided to employees as a part of the Company Policy Handbook.
Remote access
Users can access files remotely through the VPN connection which are set up by the IT administrators on the company computers. Active Directory credentials are confirmed as soon as the user logs in to the profile. After making a VPN connection the same rules are applied as if the user was directly in the local network. The technical details are provided in the VPN section of this report. Most of the employees have signed Non-Disclosure Agreements.
|31
IT network
Below is a detailed description of the Aurora network and security used together with an overall view of network solutions in branch office.
Router, firewall and Internet connections
A hardware router and firewall Watch guard E510 is used in Aurora to provide Internet access, run the VPN server and route a number of services installed behind. It balances the access to the Internet between two independent Internet providers to optimize the Internet bandwidth consumption and in case of a failure to have an instant backup connection.
DNS records of domains which direct to the Aurora HQ infrastructure was designed to allow for an immediate switch in case of a network problem. It allows maintaining services behind the router up and running in case of ISP failure.
Saskatoon and Edmonton have their own routers with firewall and ISP companies. The security levels in branch offices are said to be on the same level as in Aurora HQs.
Wireless network
A wireless hot spot is operating in the Aurora office to share the Internet access to mobile devices. However, it is in a separate sub-network with a different addressing pool to prevent its accessing the servers. It is confirmed that there is no routing possible between the wireless sub-network and the cable local area network.
Saskatoon and Edmonton have access points installed, with password protection available. There is no information whether the WiFi access point is in a separated subnetwork.
VPN
The following is a configuration set up in the Aurora network for VPN connections:
IPSec preshared key,
Key Exp after 8 hours or 128 Mbytes,
256 AES Encryption SHA1 authentication.
The permanent connection between HQs and other offices is configured, with subnetworks set up for each connection.
According to information given by Saskatoon management there is a VPN server installed in Saskatoon for easy accessing of data stored on the Pserver.
Hardware and other equipment
Servers
Below is a detailed description of servers used in the company. Servers have SCSI drives installed, mostly 72GB disks, with some spare disks on the shelf in case of a failure. Servers support hot-swap to keep the system running while replacing the failed device. As procedure no. 5 states, every week
|32
the administrator writes down the state of drives, the space free to use and the memory usage to analyze the progress of data storage use. All servers are claimed to have „safe fall” power systems installed to shut down the computer and keep the RAID partitions safe in case of power failure.
Servers located in Aurora are in a secured place with limited physical access, air-conditioned and equipped with a dry chemical fire extinguisher. There is a fire sprinkler installed in the ceiling, which in case of fire could spread water onto servers.
Servers located in Saskatoon and in Edmonton are in a dedicated server room, lockable with no electronic entry monitoring. Only authorized personnel are allowed to enter the room.
Details of servers used by the Company:
|
|
HBPServer - 3 years old
|o
|
1 Xeon, 16GB memory
|o
|
C: 72GB (2 drives of 72GB in RAID 1)
|o
|
D: 273GB (5 drives of 72GB in RAID 5)
|o
|
Windows 2008 SBS 64-bit English
|
|
Finance server - 5 years old
|o
|
1 Xeon, 3.5GB memory
|o
|
C: 72GB (2 drives of 72GB in RAID 1)
|o
|
D: 136GB (3 drives of 72GB in RAID 5)
|o
|
Windows 2003 32-bit English
|o
|
Microsoft Dynamics GP 10.0 Accounting software
|o
|
Microsoft SQL 2008 (mixed auth mode)
|
|
Archive server - 3 years old
|o
|
1 Xeon, 12GB memory
|o
|
C: 410GB (7 drives of 72 GB in RAID 5)
|o
|
Windows 2008 64 Standard English
|o
|
GFI Backup System
|o
|
GFI Event Manager
|
|
Lync Server - HP - less than 1 year
|o
|
1 Xeon, 22GB memory
|o
|
C: 250GB - mirrored SATA
|o
|
D: 1 TB - mirrored SATA
|o
|
Windows 2008 R2 Standard
|o
|
SQL Server 2008 Express
|
|
Saskatoon Pserver - DELL - less than 2 years
|o
|
2 Xeons, 8GB memory
|o
|
C: 72GB ()
|33
|o
|
D: 409GB of 5GB free ()
|o
|
Server 2003 SBS 32 bits English
|o
|
SQL 2005 Server (mixed auth mode)
|
|
Edmonton Server - 3 years
|o
|
1 Xeon, 3.5GB memory
|o
|
C: 273GB (5 drives of 72GB in RAID 5)
|o
|
Windows 2003 SBS 32 bit English
Mass storage
The company has Drobo devices installed in Aurora and in Saskatoon. Drobo is a hardware with a proprietary RAID matrix with up to 8 SATA disk slots, hot swap and a fast iSCSI link with the HBP Server. It currently has about 15 TB of storage room and only about 25% is actually utilized. A similar device is used in the Saskatoon office and is connected to the Pserver to keep data backup.
Workstations
Hewlett Packard is the common brand of workstations used, but there are also Lenovo and DELL computers as well as some local producers. Workstations are both desktop computers and laptops. Computers are replaced when the lifetime of the device is out of limit, with administrators deciding whether the unit should be replaced or upgraded. Computers are replaced either when the system is broken and repair is not reasonable or when the performance is not sufficient for carrying out regular tasks. There is no mass upgrade planned in the near future.
Software
There are two operating systems used: Windows XP and Windows 7. The version depends on the computer’s age and no version upgrades are made during the lifetime of the device.
Mostly Microsoft Office 2003, 2007 or 2010 is used depending on the computer’s age. Each installation consists of Outlook, Powerpoint, Word and Excel. Employees also use free for commercial use 3rd party software such as zip software, pdf viewer, etc.
There is a group of 3 officers in finance who have access to the accounting software Microsoft Dynamics GP 10.0 to carry out accounting, payroll and fixed asset management operations.
The HSBC Bank accounting system can be accessed by the financial staff using special tokens, one token for each person accessing the bank account. There is a 2-level authorisation used so that money transfers are prepared by one of the financial staff members, but the final acceptance is given by the CFO personally.
There is also CCH Tax application to support the tax form filling process for tax calculations. It is supported by a 3rd party company, which installs and upgrades it.
|34
E-Mail system
Solution description
HBP uses Microsoft Exchange Server to support e-mail communication. The server is based on the Domain Controller to synchronize accounts and passwords of e-mail accounts with Domain accounts. E-mails are downloaded via the company VPN network. Some users have their company Blackberry telephones configured to operate with the Exchange server. It is done with a 3rd party software to make the connection between telephones and the Exchange server secure.
Synchronization of users and passwords assures appropriate password policy and frequent changes.
Server access
It is declared that users access their mailboxes via the VPN network but it is possible to connect to it via POP3 protocol on a non-standard port 1110. Users can get e-mails via the Exchange protocol, via 3rd party Blackberry software or via standard web access application.
Web applications
Centraldesktop.com
It is reported that users exchange information and documents using an external application hosted by centraldesktop.com. It is not under the company backup routine, and files located in the application are not synchronized with files located on the company server.
According to information given by the administrators there are non-critical data shared and hosted there, and an application has been deployed to share data with external, 3rd party companies. User accounts are independent and password policy does not apply to it. However, there is information there about different products and projects, incl. the L-DOS47 hosted there, and it was not possible to assess if the data stored there are non-critical or not.
Company websites
Company owns a number of domains - some of them run a separate website, the rest have been registered but are not yet used. All the domains can be administered via the networksolutions.com portal. These are the following:
pharmadermlabs.com
helixbiopharma.com
dos47.ca, dos47.com, dos47.net
rivexpharma.com
sensiumtechnologies.com
All running websites are built and maintained by a 3rd party company which in addition hosts it on an external server at Wiredsolutions.ca.
|35
Security and antivirus systems
Passwords
According to recommendations given by the SOX 404 auditor in 2010 there is a Windows Domain Group Policy configuration set up for password strength to prevent unprivileged access to the resources. According to the Company Policy Handbook the following rules are applied:
minimum length: 6 characters, alphanumeric, one capped, one special character
force password change every 90 days for both Active Directory and GP application,
password uniqueness required, with a history of at least 10 passwords maintained,
15 minutes watch dog after 4 attempts.
This applies to the Aurora Domain Controller. The same policy is implemented in other HBP offices.
Break-in Attempts
A basic procedure was created to eliminate the occurrence of default passwords and guest access to servers installed in a network. There was no insecure configuration discovered during a 5 minutes test. However, it is not possible to eliminate fully possible risk of break-in.
Antivirus scanners
HBP computers are protected with Symantec centralized antivirus protection. The virus definition updates are kept on one server and all machines in a network synchronize with it by acquiring the most recent definition and update own virus definitions. There was no occurrence of virus problems in the past few years.
Despite the centralized protection there is a Symantec Mail Security installed to prevent infected messages spreading in the network, as well as an anti-spam solution applied to remove spam messages before they reach the e-mail server.
Backup system
Description
There are different types of data stored and processed in the Company - general management, financial management, product information and laboratory data. General, financial and product files are kept in HQs in Aurora, while laboratory data are located mostly in Saskatoon, due to the number of users working there, and also in Edmonton. Users are recommended to keep all documents on the HBP server to have the backup plan applied.
Servers
According to the detailed description of the backup scheme the following tasks are completed automatically to keep data secured and prepared for fast and easy restore of servers located in Aurora:
|36
system backups (whole disk image backups) are performed weekly and placed on Drobo mass storage.
once a week the system image backup files are transferred to the external drive (USB disk) and brought to an external place: bank deposit with high-level security available.
Second external disk returns to the company and is prepared for the next week - disks rotate between the server room and the external place,
in addition, the vhd files (Hyper-V) of the HBPServer, Finance, and HBPArchive system backups are being created monthly and stored to the Drobo and external USB drive to expedite machine recovery in case of a failure.
files located on the Aurora servers are backed up using a daily tape backup routine on two sets of weekly tapes. The tapes are replaced whenever they report too many errors to be used safely. According to records there are file backups from the last 14 days and after that time the tape with the oldest backup is overwritten with the newest backup. There is no other file backup and the file repository is not synchronized to keep all files even if they are deleted. This implies that only the last 14 days could be restored, which means that whatever is deleted and the lack of which is not discovered before the 14th day after deletion, it is lost permanently and cannot be recovered.
The Saskatoon server is under the same image backup and daily file backup routine as the Aurora office. The image backups are not copied from the Drobo mass storage for off-site storage.
Workstations
Symantec Backup Exec System Recovery is installed across Aurora computers, and it is possible for users to make the backup of their own laptop systems. The backup is carried out manually with no schedules.
E-mails - mirroring and backup
Company has a GFi Backup System installed for easy mail backup. Standard backup of mailboxes is done while the system state backup is carried out. However, the GFi solution does archive tasks even before e-mails are delivered or sent to the recipient. This is called a transparent mail repository to keep all information in and out in a separate place.
Users may access their archived mailboxes via the GFi Outlook plug-in. They are permitted to open and copy messages to their local mailbox. Deleting messages is not possible.
Costs of IT
The cost of the IT system operation appears to be rather for a company this size which does not perform high volume electronic data processing and exchange.
|37
Risk analysis
Hardware
Servers located in Aurora are well managed, the policy is applied properly and the server room is locked and secured in an appropriate way. Hardware redundancy is well organized, with spare hard disks located in the server room for immediate replacement in case of failure.
File systems are built with RAID-1 (mirroring) or RAID-5 matrices to eliminate data loss on a single disk failure.
It is reported that Saskatoon and Edmonton servers are locked in dedicated server rooms, and appropriate RAID solutions are also used to keep the data secured.
Server passwords are under the strict policy, but it does not apply to other network devices - the router / firewall password has not been changed for a long time, which could result in network brake-in. There is no strict policy for VPN passwords, too.
The fire extinguishing system existing in the Aurora office includes water sprinklers which should not be used with electrical devices. It could cause the damage to the system and possible data loss.
Workstations used in HBP are of a different quality and state - it is said that there is no planned upgrade of hardware if the workstation is causing no problems. When it does, the administrator decides to either repair it or replace it.
Users are running the system backup manually and are not obliged to carry out the backup in a scheduled time - more risks related to that in the Data section, below.
Software
Operating systems used in Aurora are standard, well maintained systems. Server systems are upgraded manually, which is a proper choice, and workstation computers are upgraded automatically when new patches come up.
Users use the Office suite, but there is no evidence or procedure to check whether illegal software is installed - users are privileged to carry out installation without administrator acknowledgment.
Only the Company Policy Handbook statements prohibit inappropriate use of personal computers. Illegal use of software – if this would occur in HBP – may cause risk of legal and financial actions of third parties against the Company and the Company’s image and reputation may suffer.
Remote access
Users can access company data remotely. A firewall device registers log-in time and duration.
According to information gathered from the IT Specialist from IBP there are users with terminated contracts who still have external access to the network, and, as it is evidenced in the VPN log, they still actively use it. On the question as to why those users still have access and use the network, there was no logical answer provided.
|38
The access to the network allows users to add, edit and delete documents, receive e-mails, send e-mails and access other files and data stored on servers. This should be regarded as possibly a critical risk for the Company.
Data resources
Users work with documents that are kept either on a shared folder, on their personal desktops or on the “my documents” folder.
There is a high risk of critical data loss in case the file is kept on a personal computer, while the system backup is not performed frequently and no hardware solutions are used to prevent data loss.
Administrators recommend users to keep data on the shared drive, but it is common practice that data is kept on the personal computers. Laptops are not configured with an automatic back up process and files created and worked on by employees can be easily lost in a single computer failure.
The backup history was provided to analyse the main data storage containing company critical documents, and the following issues were discovered during data set growth analysis:
on January 28th, 2012 there were 111 878 files and 12 298 directories, with total size of 154 545 MB, while on January 30th, 2012 only 103 813 files and 12 006 directories were registered in the log. The total size of the backup was only 143 451 MB, which gives about 8000 files missing with about 11 000 MB of data. Administrators explained that on January 28th, 2012, one of employee’s contract was terminated and that caused the decrease in the data set. Such an explanation cannot be taken into consideration as an employee should not have right to delete files created during the period of employment in the company. During the same conversation the administrator pointed out that between March 1st, 2012 and March 30th, 2012, there was an unusual data increase again, but it was not recorded that some of data was just moved for a month and was brought back to the server. However, the number of files recorded on April 17th, 2012, was still smaller than that recorded on January 28th, 2012.
In response to the question whether it is possible to restore backup from January 28th, 2012 to restore missing files, it was said that only the last 14 days could be restored.
This implies that whatever is deleted and the lack of which is not discovered before the 14th day after deletion, the file is lost permanently and cannot be recovered. This should be considered as critical risk to Company.
|backup HBPServer
|file / dir count
|bytecount
|17-04-2012
|110 525 / 13 217
|159 258 MB
|16-04-2012
|110 476 / 13 217
|159 396 MB
|13-04-2012
|110 408 / 13 216
|158 827 MB
|12-04-2012
|110 315 / 13 209
|158 851 MB
|39
|backup HBPServer
|file / dir count
|bytecount
|11-04-2012
|110 202 / 13 197
|159 088 MB
|10-04-2012
|110 144 / 13 192
|158 639 MB
|09-04-2012
|109 101 / 13 089
|158 323 MB
|05-04-2012
|109 026 / 13 098
|157 797 MB
|04-04-2012
|108 641 / 12 948
|157 263 MB
|03-04-2012
|108 617 / 12 948
|157 303 MB
|02-04-2012
|108 601 / 12 947
|157 621 MB
|30-03-2012
|108 592 / 12 947
|157 259 MB
|01-03-2012
|104 936 / 12 158
|145 238 MB
|...
|01-02-2012
|103 826 / 12 008
|143 543 MB
|30-01-2012
|103 813 / 12 006
|143 451 MB
|28-01-2012
|111 878 / 12 298
|154 545 MB
|27-01-2012
|111 878 / 12 298
|154 545 MB
|26-01-2012
|111 776 / 12 280
|153 851 MB
|...
|19-01-2012
|111 403 / 12 133
It was also found that some of the company data are shared via a cloud application hosted by Centraldesktop - it is administered by one of administrators and files are shared with 3rd party companies. According to the information received from Heman Chao there is no critical data shared and stored there.
IT support
The administrators are well organized and highly educated professionals ready to solve problems and undertake actions to prevent problems from occurring.
The analysis was carried out in a friendly atmosphere of cooperation, all questions were answered with no doubt and giving a clear view of the situation, while the documents and descriptions provided only confirmed earlier statements.
It is strongly recommended, however, to separate the company core business professionals from the function of IT administration. Giving administrator duties to Company professionals is highly unsafe, as
|40
it could potentially cause risk problems for key Company data. It is critically important for the company to change the internal administrator. The Vice President of R&D is one of the most valuable officers of the company and apparently a key ‘asset’, controlling critical resources and knowledge in possession of the company. In our view the administration tasks should be performed by an IBS administrator, maximizing his availability to the company. If a need arises for a technical person to be available on daily basis, there should be either an external employee onsite or an internal employee hired dedicated to carry out IT tasks for the company.
|41