Home Finance CrowdStrike and Carahsoft made a deal to sell software that the IRS did not purchase

CrowdStrike and Carahsoft made a deal to sell software that the IRS did not purchase

by trpliquidation
0 comment
CrowdStrike and Carahsoft made a deal to sell software that the IRS did not purchase

(Bloomberg) — Last fall, George Kurtz, the CEO of CrowdStrike Holdings, Inc., gave investors a quarterly financial update that sent shares soaring. Among the details Kurtz highlighted was a major deal to sell cybersecurity tools for use by the U.S. government. markets closed on Nov. 28, 2023. Kurtz was referring to a $32 million order from Carahsoft Technology Corp., which acts as an intermediary between technology companies and government agencies, that arrived on the last day of CrowdStrike’s fiscal third quarter. According to documents from both companies, it was for identity threat protection software intended for the US Internal Revenue Service.

But the IRS never purchased the software, according to records reviewed by Bloomberg News and people with knowledge of the situation.

Still, according to the cybersecurity company, Carahsoft paid the $32 million to CrowdStrike on time. When Bloomberg News reached out for comment, both companies explained that they had a “non-cancelable order” between them. They declined to say why that deal was made without a purchase from the IRS. Shares of CrowdStrike fell as much as 2.7% after Bloomberg News reported on the deal.

Some legal and accounting experts, who reviewed the scheme at Bloomberg’s request, say it raises red flags that deserve scrutiny from regulators. The deal also raised concerns within CrowdStrike — according to people familiar with the matter and the company itself — and many details of the transaction remain unclear.

Depending on how CrowdStrike accounted for the deal in its financial statements — the company didn’t explain those details — the deal was big enough to make the difference between beating or missing Wall Street projections for the period. The day after CrowdStrike reported results for its record quarter, shares rose 10%.

Jeremy Fielding, a spokesman for CrowdStrike, dismissed employee concerns as unfounded and the timing of the order as insignificant. The Austin, Texas-based cybersecurity company closes deals “throughout the quarter, starting on the first day and often through the last day,” he said.

“The Carahsoft deal has undergone a separate and comprehensive review,” he said, adding that it was “given a clean bill of health.” Fielding characterized the experts’ comments as “inaccurate speculation about a transaction that CrowdStrike confirmed was fully compliant” with an accounting standard for contract income. CrowdStrike “closed and acknowledged” the deal as soon as Carahsoft placed the order, and the revenue accounting is consistent with standard accounting principles, said Thomas Clare and Elizabeth Locke, attorneys representing the cybersecurity company.

A Carahsoft representative, Mary Lange, said in an email: “Carahsoft is a privately held company and we do not disclose financial information or customer data. That said, we placed a valid, non-cancellable order with CrowdStrike and stand behind that transaction.” The company declined to answer further questions.

The IRS did not answer detailed questions. The IRS said in a statement that it does not contract directly with CrowdStrike and, in accordance with federal procurement rules, acquires its software and services through third-party vendors.

No IRS contract or payments matching the deal appear in the government’s spending database USASPENDING.gov. The database excludes certain information, for example material that could endanger national security. But the tax authorities’ purchases of CrowdStrike products through suppliers total less than $10 million, according to a person familiar with the matter. This story is based on details of the transaction and interviews with five people familiar with the matter, who asked that their names not be published. are published because they are not authorized to talk about it.

“It raises eyebrows,” said Lawrence Cunningham, director of the University of Delaware’s John L. Weinberg Center for Corporate Governance.

“It appears on its face to be an uncompensated risk, and rational companies typically don’t accept uncompensated risk,” Cunningham said, referring to Carahsoft’s payments to CrowdStrike.

Carahsoft declined to answer questions about whether it made a loss on the deal or whether it found a way to recoup the money.

In recent months, separate issues at CrowdStrike and Carahsoft have attracted negative attention and government scrutiny.

CrowdStrike, with annual revenues of more than $3 billion, sells security software to thousands of companies and government agencies around the world. But in July, a flawed update from the company disabled millions of Windows computers around the world, disrupting air travel, medical care, banking and other businesses. Executives have repeatedly apologized, including to members of Congress; The company’s stock price plummeted after the outage and has yet to fully recover.

Carahsoft is a dominant player among resellers and distributors that helps technology companies navigate the complexities of selling to government agencies. In September, agents from the FBI and the U.S. Department of Defense searched the company’s headquarters in Reston, Virginia. Lange, Carahsoft’s spokesperson, previously said the company was cooperating with the FBI investigation and that it was “an investigation into a company with which Carahsoft has done business in the past.” The Justice Department is also conducting a civil investigation into Carahsoft and software giant SAP SE over possible price fixing on government contracts. The German company is cooperating with the civil investigation, a spokesperson said. SAP Chief Financial Officer Dominik Asam told Bloomberg News that SAP had “received written assurances from Carahsoft” that the FBI search was “completely unrelated” to SAP and a U.S. subsidiary.

There is no known connection between CrowdStrike and the civil investigation or the search of Carahsoft’s office. Fielding, the CrowdStrike representative, said neither investigation is linked to the cybersecurity company. A potential deal for the IRS dates back to early 2023, when CrowdStrike representatives began talking to agency officials about buying an identity verification tool to help prevent fraud in a new program. that will allow people to file their taxes directly with the government, according to three people familiar with the matter.

Work on a potential deal continued in the months that followed, but by mid-October it had become clear to at least some CrowdStrike employees that the IRS would not order the software until the company’s quarterly close at the end of the month closed, people said. .

Still, on Halloween, Carahsoft ordered $32.25 million worth of subscription access to CrowdStrike’s “Government National Identity Threat Protection” service for as many as 40 million users, according to data and two of the people. The order split the purchase into four $8 million payments, with the final payment due in late October. The order directs Carahsoft to be billed for the CrowdStrike software and sent to the IRS headquarters in Washington.

That day, CrowdStrike sent an automated email to dozens of employees stating, “Opportunity is Closed Won for Internal Revenue Service (IRS).”

The closing of the deal and Kurtz referencing it during the earnings call alarmed some employees who raised internal concerns that CrowdStrike “pre-booked” a transaction they viewed as incomplete because it was unclear whether the IRS would ever make the big purchase. according to three people. U.S. regulators have in some cases charged and fined companies for alleged pre-booking, also known as channel stuffing, claiming they misled investors by falsely recognizing revenue to inflate their financials.

Fielding said it was “demonstrably untrue” that advance booking had been made.

That quarter, $32 million was enough to make the difference between exceeding analyst expectations on two key financial measures (annual recurring revenue and net new annual recurring revenue) or falling short. CrowdStrike highlighted both figures in its earnings announcement for the quarter, but the company declined to answer questions about whether the deal was included.

Annual recurring revenue is widely used by software companies to track subscription revenue. CrowdStrike has consistently emphasized this to investors, writing in a 2019 regulatory filing that it is “an important metric to measure our business.”

Theresa Gabaldon, a professor at George Washington University Law School, said that in order to properly book the deal as revenue, CrowdStrike must have not only received payment but also delivered the product. Neither CrowdStrike nor Carahsoft answered questions about what became of the subscription software.

“I characterize it as raising red flags,” Gabaldon, who teaches securities regulation, law and accounting, said of the deal.

Whatever happened, Carahsoft was one of the companies that CrowdStrike highlighted during a “partner symposium” in June. There, Kurtz and other CrowdStrike personnel mingled with guests at a luxury resort on the Southern California coast. A video shows visitors enjoying drinks and live string music on a cliff overlooking the Pacific Ocean and receiving sushi-making lessons from a celebrity chef.

During the event, CrowdStrike named Carahsoft ‘Distributor of the Year’.

–With assistance from Charles Gorrivan.

(Updates with CrowdStrike stock drops in sixth paragraph.)

Most read from Bloomberg Businessweek

©2024 BloombergLP

You may also like

logo

Stay informed with our comprehensive general news site, covering breaking news, politics, entertainment, technology, and more. Get timely updates, in-depth analysis, and insightful articles to keep you engaged and knowledgeable about the world’s latest events.

Subscribe

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

© 2024 – All Right Reserved.