DXC Technology (DXC) Risk Analysis

The Sarbanes-Oxley Act of 2002 and the related regulations require we maintain effective disclosure controls and procedures and require our management to report on, and our independent registered public accounting firm to attest to, the effectiveness of our internal control over financial reporting. Effective internal controls are necessary for us to provide reliable financial reports and effectively prevent fraud. However, a control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. There can be no assurance that all control issues or fraud will be detected. Any failure to maintain effective controls could prevent us from timely and reliably reporting financial results and may harm our operating results. In addition, if we are unable to conclude that we have effective internal control over financial reporting or, if our independent registered public accounting firm is unable to provide an unqualified report as to the effectiveness of our internal control over financial reporting, as of each fiscal year end, we may be exposed to negative publicity, which could cause investors to lose confidence in our reported financial information. Any failure to maintain effective internal controls and any such resulting negative publicity may negatively affect our business and stock price. Additionally, the existence of any material weaknesses or significant deficiencies would require management to devote significant time and incur significant expense to remediate any such material weaknesses or significant deficiencies and management may not be able to remediate any such material weaknesses or significant deficiencies in a timely manner. The existence of any material weakness in our internal control over financial reporting could also result in errors in our financial statements that could require us to restate our financial statements, cause us to fail to meet our reporting obligations, subject us to litigation or regulatory scrutiny and cause stockholders to lose confidence in our reported financial information, all of which could materially and adversely affect us and the market price of our common stock.

As noted in Note 20 - "Commitments and Contingencies," we are currently party to a number of disputes that involve or may involve litigation or arbitration, including securities litigation in which we and certain of our current or former officers and directors have been named as defendants. The result of these and any other future legal proceedings cannot be predicted with certainty. Regardless of their subject matter or merits, such legal proceedings may result in significant cost to us, including in the form of legal fees and/or damages, which may not be covered by insurance, may divert the attention of management or may otherwise have an adverse effect on our business, financial condition and results of operations. Negative publicity from litigation, whether or not resulting in a substantial cost, could materially damage our reputation and could have a material adverse effect on our business, financial condition, results of operations, and the price of our common stock. In addition, such legal proceedings may make it more difficult to finance our operations. We are also subject to continuous examinations of our income tax returns by tax authorities. Although we believe our tax estimates are reasonable, the final results of any tax examination or related litigation could be materially different from our related historical income tax provisions and accruals. Adverse developments in an audit, examination or litigation related to previously filed tax returns, or in the relevant jurisdiction's tax laws, regulations, administrative practices, principles and interpretations could have a material effect on our results of operations and cash flows in the period or periods for which that development occurs, as well as for prior and subsequent periods. For more details, including on current tax examinations of our income tax returns by tax authorities, see Note 14 – "Income Taxes."

We, as with other companies, are facing increasing scrutiny related to our ESG practices and disclosures from certain investors, capital providers, shareholder advocacy groups, other market participants, customers, and other stakeholder groups. With this increased focus, public reporting regarding ESG practices is becoming more broadly expected. Such increased scrutiny may result in increased costs, enhanced compliance or disclosure obligations, or other adverse impacts on our business, financial condition or results of operations. While we have in the past and may at times continue to engage in voluntary initiatives (such as voluntary disclosures, certifications, or goals, among others), such initiatives may be costly and may not have the desired effect. For example, expectations around company's management of ESG matters continue to evolve rapidly, in many instances due to factors that are out of our control. In addition, we may commit to certain initiatives or goals and we may not ultimately achieve such commitments or goals due to cost, technological constraints, or other factors that are within or outside of our control. Certain of our commitments, goals and other ESG-related disclosures are based on estimates, including, for example, our risk cost estimates disclosed in our voluntary climate change disclosures, and, even though we currently do not expect such costs to be material, they may attract regulatory or stakeholder attention or result in additional disclosure requirements in the future. Moreover, actions or statements that we may take based on expectations, assumptions, or third-party information that we currently believe to be reasonable may subsequently be determined to be erroneous, or not in keeping with particular standards or best practices or be subject to misinterpretation. Even if this is not the case, our current actions may subsequently be determined to be insufficient by various stakeholders. If our ESG practices and reporting do not meet investor, consumer, employee, or other stakeholder expectations, which continue to evolve, our brand, reputation and customer retention may be negatively impacted, and we may be subject to investor or regulator engagement regarding such matters, even if they are currently voluntary. Certain market participants, including major institutional investors, use third-party benchmarks or scores to measure our ESG practices in making investment and voting decisions. As ESG best practices, reporting standards and disclosure requirements continue to develop, we may incur increasing costs related to ESG monitoring and reporting. Simultaneously, there are efforts by some stakeholders to reduce companies' efforts on certain ESG-related matters. Both advocates and opponents to certain ESG matters are increasingly resorting to a range of activism forms, including media campaigns and litigation, to advance their perspectives. In addition, new sustainability rules and regulations have been adopted and may continue to be introduced in various jurisdictions. Sustainability and ESG-related regulations are evolving rapidly, and operating in more than one jurisdiction is likely to make our compliance with ESG and sustainability-related rules more complex and expensive, and potentially expose us to greater levels of legal risks associated with our compliance. Our failure or inability to comply with any applicable rules or regulations could lead to penalties and adversely impact our reputation, customer attraction and retention, access to capital and employee retention. Such ESG matters may also impact our suppliers and customers, which may augment or cause additional impacts on our business, financial condition or results of operations.

Our products and services are highly technical and complex and may contain errors, defects or security vulnerabilities that cannot be discovered before a product or service is released, installed and used by customers. If errors, malfunctions, defects or disruptions in service are experienced by customers or in our operations, they could impact customers' business operations and harm our operating results and reputation, which harm may not be fully cured by our subsequent remediation efforts. In addition, our liability insurance may not adequately cover liabilities incurred, and uncovered losses could be large and harm our financial condition.

Our commercial contracts are typically awarded on a competitive basis. Our bids are based upon, among other items, the expected cost to provide the services. We generally provide services under time and materials contracts, unit-price contracts, fixed-price contracts, and multiple-element software sales. We are dependent on our internal forecasts and predictions about our projects and the marketplace and, to generate an acceptable return on our investment in these contracts, we must be able to accurately estimate our costs to provide the services required by the contract and to complete the contracts in a timely manner. We face a number of risks when pricing our contracts, as many of our projects entail the coordination of operations and workforces in multiple locations and utilizing workforces with different skill sets and competencies across geographically diverse service locations. In addition, revenues from some of our contracts are recognized using the percentage-of-completion method, which requires estimates of total costs at completion, fees earned on the contract, or both. This estimation process, particularly due to the technical nature of the services being performed and the long-term nature of certain contracts, is complex and involves significant judgment. Adjustments to original estimates are often required as work progresses, experience is gained, and additional information becomes known, even though the scope of the work required under the contract may not change. If we fail to accurately estimate our costs or the time required to complete a contract, the profitability of our contracts may be materially and adversely affected. Some ITO services agreements contain pricing provisions that permit a customer to request a benchmark study by a mutually acceptable third party. The benchmarking process typically compares the contractual price of services against the price of similar services offered by other specified providers in a peer comparison group, subject to agreed-upon adjustment, and normalization factors. Generally, if the benchmarking study shows that the pricing differs from the peer group outside a specified range, and the difference is not due to the unique requirements of the customer, then the parties will negotiate in good faith appropriate adjustments to the pricing. This may result in the reduction of rates for the benchmarked services performed after the implementation of those pricing adjustments, which could harm the financial performance of our services business. Some IT service agreements require significant investment in the early stages that is expected to be recovered through billings over the life of the agreement. These agreements often involve the construction of new IT systems and communications networks and the development and deployment of new technologies. Substantial performance risk exists in each agreement with these characteristics, and some or all elements of service delivery under these agreements are dependent upon successful completion of the development, construction, and deployment phases. Failure to perform satisfactorily under these agreements may expose us to legal liability, result in the loss of customers or harm our reputation, which could harm the financial performance of our IT services business.

We generally provide services under time and materials contracts, unit-price contracts, fixed-price contracts, and multiple-element software sales. In many of our contracts, we bear the risk of cost overruns, completion delays, resource requirements, wage inflation and adverse movements in exchange rates in connection with these contracts. Certain, but not all, of these contracts provide for price adjustments for inflation or abnormal escalation. However, if one or more raw materials or components for our products (e.g., semiconductors) were to experience an isolated price increase without inflationary impacts on the broader economy, we may not be entitled to inflation protection under those contracts. Additionally, inflation has risen worldwide and the United States has recently experienced historically high levels of inflation. If the inflation rate continues to increase, it can also push up the costs of labor and our employee compensation expenses. There is no assurance that our revenues will increase at the same rate to maintain the same level of profitability. Inflation and government efforts to combat inflation, such as raising benchmark interest rate, could increase market volatility and have an adverse effect on the financial market and general economic conditions. In a time of uncertainty, our customers may reduce spending or have difficulty in budgeting for external IT services, delay procurement of products and services from us or delay their payment for products and services we have already provided, and we may have difficulty closing new deals in the event of an economic slowdown, all of which could adversely affect our profitability, results of operations and cash flow.

Our exposure to currencies other than the U.S. dollar may impact our results, as they are expressed in U.S. dollars. Currency variations also contribute to variations in sales of products and services in affected jurisdictions. While historically we have partially mitigated currency risk, including exposure to fluctuations in currency exchange rates by matching costs with revenues in a given currency, our exposure to fluctuations in other currencies against the U.S. dollar increases, as revenue in currencies other than the U.S. dollar increases. Approximately 71% of revenues earned during fiscal 2024 were derived from sales denominated in currencies other than the U.S. dollar and are expected to continue to represent a significant portion of our revenues. Also, we believe that our ability to match revenues and expenses in a given currency will decrease as more work is performed at offshore locations that use a different currency from where we generate our revenue. We may use forward and option contracts to protect against currency exchange rate risks. The effectiveness of these hedges will depend on our ability to accurately forecast future cash flows, which may be particularly difficult during periods of uncertain demand and highly volatile exchange rates. We may incur significant losses from our hedging activities due to factors such as demand volatility and currency variations. In addition, certain or all of our hedging activities may be ineffective, may expire and not be renewed or may not offset the adverse financial impact resulting from currency variations. Losses associated with hedging activities may also impact our revenues and to a lesser extent our cost of sales and financial condition. Our future business and financial performance could suffer due to a variety of international factors, including: - ongoing instability or changes in a country's or region's economic or geopolitical and security conditions, including inflation, recession, interest rate fluctuations, and actual or anticipated military or political conflict, civil unrest, crime, political instability, human rights concerns, and terrorist activity;- natural or man-made disasters, industrial accidents, public health issues, cybersecurity incidents, interruptions of service from utilities, transportation or telecommunications providers, or other catastrophic events;- longer collection cycles and financial instability among customers;- trade regulations and procedures and actions affecting production, pricing and marketing of products, including policies adopted by countries that may champion or otherwise favor domestic companies and technologies over foreign competitors;- local labor conditions and regulations;- managing our geographically dispersed workforce;- changes in the international, national or local regulatory and legal environments;- differing technology standards or customer requirements;- difficulties associated with repatriating earnings generated or held abroad in a tax-efficient manner and - changes in tax laws.

Our ability to implement solutions for our customers, incorporating new developments and improvements in technology that translate into productivity improvements for our customers, and our ability to develop digital and other new service offerings that meet current and prospective customers' needs, as well as evolving industry standards are critical to our success. The markets we serve are highly competitive and characterized by rapid technological change, which has resulted in deflationary pressure in the price of services that in turn can adversely impact our margins. Our competitors may develop solutions or services that make our offerings obsolete or may force us to decrease prices on our services which can result in lower margins. Our ability to develop and implement innovative technology solutions that meet evolving customer needs in analytics, software engineering, applications, business process services, digital cloud, information technology ("IT") outsourcing and consulting, and in areas such as AI, automation, Internet of Things and software as-a-service solutions, in a timely or cost-effective manner, will impact our ability to retain and attract customers and our future revenue growth and earnings. If we are unable to continue to execute our strategy and grow our GBS business and expand margins while stabilizing our GIS business in a highly competitive and rapidly evolving environment or if we are unable to commercialize such services and solutions, expand and scale them with sufficient speed and versatility, our growth, productivity objectives and profit margins could be negatively affected. Technological developments may materially affect the cost and use of technology by our customers. Some of these technologies have reduced and replaced some of our traditional services and solutions and may continue to do so in the future. For example, our competitors may introduce new product and service offerings that utilize AI and machine learning. Such offerings could render some of our offerings obsolete or harm our ability to negotiate for favorable terms. This has caused, and may in the future cause, customers to delay spending under existing contracts and engagements and to delay entering into new contracts while they evaluate new technologies. Such delays can negatively impact our results of operations if the pace and level of spending on new technologies by some of our customers are not sufficient to make up any shortfall by other customers. In addition, we face significant competition from competitors, new players and our own customers in developing AI capabilities. The AI algorithms that we use may be flawed or may be based on datasets that are biased or insufficient, and our AI features may not achieve sufficient levels of accuracy or may have unintended consequences, including allegations of bias, discrimination, legal and regulatory violations, or violation of third-party intellectual property rights. There is no guarantee that our products or services that integrate AI capabilities will achieve market acceptance and help us maintain or enhance our competitive position. Our growth strategy focuses on responding to these types of developments by driving innovation that will enable us to expand our business into new growth areas. However, market for new technologies, such as AI, may not develop as we have anticipated. If we do not sufficiently invest in new technology and adapt to industry developments, or evolve and expand our business at sufficient speed and scale, or if we do not make the right strategic investments to respond to these developments and successfully drive innovation, our services and solutions, our results of operations, and our ability to develop and maintain a competitive advantage and to execute on our growth strategy could be negatively affected.

The solutions we provide to our customers may inadvertently infringe on the intellectual property rights of third parties, resulting in claims for damages against us or our customers. Our contracts generally indemnify our customers from claims for intellectual property infringement for the services and equipment we provide under the applicable contracts. We also indemnify certain vendors and customers against claims of intellectual property infringement made by third parties arising from the use by such vendors and customers of our software products and services and certain other matters. Some of the applicable indemnification arrangements may not be subject to maximum loss clauses. The expense and time of defending against these claims may have a material and adverse impact on our profitability. In addition, there is also uncertainty around the validity and enforceability of intellectual property rights related to our use, development, and deployment of AI. Our use of AI technologies, whether created by us or incorporated from external sources into our offerings, could lead to violation of third-party intellectual property rights, and could require us to incur significant expenses to modify our solutions or otherwise engage in efforts to remain in compliance with the law. If we lose our ability to continue using any such services and solutions because they are found to infringe the rights of others, we will need to obtain substitute solutions or seek alternative means of obtaining the technology necessary to continue to provide such services and solutions. Our inability to replace such solutions, or to replace such solutions in a timely or cost-effective manner, could materially adversely affect our results of operations. Additionally, the publicity resulting from infringing intellectual property rights may damage our reputation and adversely impact our ability to develop new business. From time to time, we may discover that third parties are infringing, misappropriating or otherwise violating our intellectual property rights. However, policing unauthorized use of our intellectual property is difficult and expensive, and we may therefore not always be aware of such unauthorized use or misappropriation, or have adequate resources to enforce our intellectual property rights. Despite our efforts to protect our intellectual property rights, unauthorized third parties may attempt to use, copy, market or distribute our intellectual property rights or technology, and our competitive position and results of operations could be harmed and our legal costs could increase.

As a provider of IT services to private and public sector customers operating in a number of industries and countries, we store and process increasingly large amounts of data for our customers, including sensitive and personally identifiable information. We possess valuable proprietary information, including copyrights, trade secrets and other intellectual property and we collect and store certain personal and financial information from customers and employees. We also rely on and manage IT infrastructure and systems (collectively, "IT Systems") of our own and of customers, and we rely on third parties who provide various critical hardware, software and services to support our IT Systems and business operations. We face numerous and evolving cybersecurity risks that threaten the confidentiality, integrity and availability of our IT Systems and data. Cybersecurity incidents can result from unintentional events or deliberate attacks by insiders such as employees, contractors or service providers or third parties, including criminals, competitors, nation-states, and hacktivists. These incidents can result in disruption to our business (for example, due to ransomware or denial-of-service) through an impact on our IT Systems and/or the compromise, corruption or loss of data belonging to us or our clients, employees, vendors or other partners. Because our products and services in some instances are integrated with our customers' systems and processes, a successful attack on us could compromise the confidentiality, integrity, and availability of our customers' IT Systems and sensitive data, despite our monitoring efforts and tools in place designed to prevent such attacks. A successful cyberattack may cause us to incur costs and liability (whether contractual or otherwise), such as monetary damages resulting from litigation, remediation costs, and regulatory actions, fines or penalties. Any of the foregoing, or a combination of the foregoing, could have a material impact on our results of operations or financial condition. We regularly experience cyber events and sometimes have security incidents, including unauthorized efforts to access our IT Systems, and we expect such attacks and incidents to continue in varying degrees. While incidents experienced thus far have not resulted in material disruption to our business, it is possible that we or a critical service provider could suffer a severe attack or incident, with potentially material adverse effects on our business, reputation, customer relations, results of operations or financial condition. There can be no assurance that our cybersecurity risk management strategy and processes will be fully complied with or effective in protecting any IT Systems, data or business operations. Threat actors are increasingly sophisticated and using tools and techniques, including artificial intelligence ("AI"), designed to circumvent security controls, to evade detection and to remove or obfuscate forensic evidence, which makes it more difficult for us to detect, identify, investigate, contain or recover from, future cyberattacks and security incidents. Advances in computer capabilities, new discoveries in the field of cryptography or other events or developments increase the likelihood that our encryption and other algorithms that we use to protect our data and that of customers, including sensitive customer transaction data, may fail. Computer programmers and hackers have deployed and may continue to develop and deploy ransomware, malware and other malicious software programs through phishing and other methods that attack our products. Given the nature of complex systems, hardware, software and services like ours, and the scanning tools that we deploy across our infrastructure, environment and products, we regularly identify and track security vulnerabilities. We cannot guarantee that, in all instances, we can comprehensively apply patches or confirm that measures are in place to mitigate or otherwise manage vulnerabilities before they can be exploited by a threat actor. In other situations, vulnerabilities persist even after we have issued security patches because our customers may fail to apply patches or update their systems to newer software versions. If threat actors are able to exploit critical vulnerabilities before patches are installed or mitigating measures are implemented, compromises could impact our and our customers' IT Systems and data. From time to time, we also identify security vulnerabilities and deficiencies to our IT Systems from risk assessments, penetration testing, internal audit activities and third-party reports. Remediation of such vulnerabilities and deficiencies is a continuous process, and there is no guarantee that such remediation efforts will be successful. Sophisticated hardware, software and applications produced or procured from third parties, notwithstanding our third-party risk management process and our efforts to test and remediate cyber vulnerabilities before integrating them into our IT systems, may still contain defects in design or manufacture, including "bugs" or other vulnerabilities that may be exploited. We have acquired and may continue to acquire companies with cybersecurity vulnerabilities and/or unsophisticated security measures, which exposes us to cybersecurity, operational, and financial risks. In addition, continued remote and hybrid working arrangements post-COVID present potentially increased risk associated with security vulnerabilities present in non-corporate and home networks. And, as we and various third parties continue to explore and integrate AI into various products and services, we are likely exposed to new and unknown cybersecurity risks and threats. A party, whether an insider or a third party operating outside the Company, who is able to circumvent our security measures or those of our contractors, partners or vendors could access our IT Systems, or those of a critical third party, and misappropriate proprietary information, the confidential data of our customers, employees or business partners or cause interruption in our or their operations. The costs to eliminate or alleviate cyber or other security problems, including ransomware, malware, bugs, malicious software programs and other security vulnerabilities, could be significant, and our efforts to address these problems may not be successful and could result in interruptions, delays, cessation of service and loss of existing or potential customers, which may impede our sales, distribution or other critical functions. In the event of a cyberattack or security incident, we could be exposed to regulatory actions, customer attrition due to reputational concerns or otherwise, containment and remediation expenses, and claims brought by our customers or others for breaching contractual confidentiality and security provisions or data protection or privacy laws. We must expend capital and other resources to protect against security incidents, including attempted security breaches and cyber-attacks, and to alleviate problems caused by successful breaches or attacks. The cost, potential monetary damages, and operational consequences of responding to security incidents and implementing remediation measures could be significant and may be in excess of insurance policy limits or not be covered by our insurance at all. Moreover, failure to maintain effective internal accounting controls related to data security breaches and cybersecurity in general could impact our ability to produce timely and accurate financial statements and could subject us to regulatory scrutiny. Finally, portions of our infrastructure and IT Systems also may experience interruptions, delays or cessations of service or produce errors in connection with systems integration or migration work that takes place from time to time. We may not be successful in implementing new systems and transitioning data, which could cause business disruptions and be expensive, time-consuming, disruptive and resource intensive. Such disruptions could adversely impact our ability to fulfill orders and respond to customer requests and interrupt other processes. Delayed sales, lower margins or loss of customers resulting from these disruptions could reduce our revenues, increase our expenses, damage our reputation, and adversely affect our stock price.