Helix BioPharma Corp. Actions Taken in Response to
FK Partner Sp. z o.o Due Diligence Report
The following lists key observations taken by Management at Helix BioPharma Corp. from the FK Partner Due Diligence report and actions underway or under consideration.
Observation: Audit costs relatively high for a company of Helix’s size
Action: Auditors are no longer reviewing quarterly financial statements, starting with Q3 2012 quarterly financials. Deregistering as a public company in the U.S. is expected to reduce audit costs.
Observation: Accounts Receivable – significant unreimbursed investment tax credits (“ITCs”)
Action: CFO actively manages collection of these from the provinces to get reimbursed as soon as possible. Reimbursement of ITCs from Ontario and Saskatchewan for 2011 received this month. Still actively engaging with Québec for reimbursement of ITCs for 2010 and 2011, as Québec continues to be slow.
Observation: Liability of unused vacation is high
Action: Significant portion of recorded liability related to Don Segal for prior years, which he was not entitled to receive on termination in accordance with employment arrangements negotiated with the Board of Directors. Saskatoon carry over is being managed down by requiring employees to take vacation during slower times.
Observation: High costs of Special Committee and settlement
Action: Reviewed with current counsel the high costs of legal services. While there is a case to be made that the costs incurred, particularly Norton Rose LLP fees, were too high, pursuing recovery would result in additional legal costs and the undefined probability of any recovery militates against doing so. CFO is working with the insurers on a possible insurance claim for some of these costs.
Observation: Topical Interferon Alpha-2b program at risk due to lack of progress on relationship with Merck
Action: Some progress with Merck has now been made.
Observation: Risk of some employees not having non-disclosure agreements
Action: All employees being contacted to sign NDAs.
Observation: Job descriptions of senior positions have not been updated since 2008
Action: Job descriptions will be updated by new CEO when in place.
Observation: Compensation is not consistent with company performance
Action: New CEO compensation to be consistent with benchmark companies and linked to performance metrics and impact on shareholder value. New CEO will align other positions similarly with a view toward reduced management cost.
Information Technology (IT) Risk analysis
Observation: It was identified that Don Segal accessed computer information remotely several times in April after the announcement of his resignation
Action: CIO spoke with Don Segal about these sessions. Dr. Segal stated that he was accessing e-mail to wind down his activities with Helix. As part of retention policy, All Helix email is stored and cannot be deleted by user. Dr. Segal e-mails for the period are available for auditing if necessary. His server file folder remains intact and is available for audit. CIO will revise Helix’s IT policy with respect to user termination and server access. Will add language to reflect departure and/or termination terms, enforce account closure rule and tighten process within IT administration.
Observation: Data resources provide insufficient back-up storage duration to allow recovery of lost files. A significant reduction in server file size was recorded during the weekend of Jan 29-30 2012. Restoration of removed files was not possible as the length of time server backup tape is kept is only 14 days.
Action: IT administrators reviewed available log files to examine the issue. According to Windows server security logs, there were no unauthorized intrusions into Helix’s server. It is not possible to list the files that were removed but according to user logon logs, there were no unusual activities. Critical systems files are intact and the following critical data files are also verified to be present:
1. IFN clinical files (hard copy in secured data room)
2. All contracts (web based electronic database)
3. LDOS47 US IND and Europe CTA files
4. DOS47 research data (Edmonton server)
5. IFN research data (Saskatoon server)
6. Finance sever (restricted access, no security modification)
7. Email archive (restricted access, no security modification)
According to the performance and capacity log, there were also hardware related events around the stated time period (Jan 25 event T282, Feb 1 event T288, Feb 8 event T294). These events are recorded for the Archive and Finance servers. IT repaired those incidences (server restart and hard drive replacement.) It is possible that some of the ‘lost files’ are temp files as the main server was trying to cope with these hardware events, although this is not confirmed. The CIO will:
1. revise Helix’s user policy to enforce the segregation of personal and company files
2. implement a specific auditing system on company files to monitor addition, deletion and modification of files
3. assign the task of reviewing audit logs to an employee other than IT administrator to identify unusual file activities
4. extend archive storage beyond 14-days for ease of file recovery
Observation: Segregation of duties - FK Partner recommended that IT duties be delegated from current co-administrator (CIO) to another dedicated IT employee or else increase use of contracted IT administrator.
Action: Recommendation is being formulated to address this issue. Discussion is underway to see if Helix can increase IT contractor availability.