ITEM 1A. RISK FACTORS
Investing in our securities involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information in this report, including the condensed consolidated financial statements and the related notes included elsewhere in this report, before making an investment decision. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that materially and adversely affect our business. If any of the following risks actually occurs, our business operations, financial condition, operating results, and prospects could be materially and adversely affected. The market price of our securities could decline due to the materialization of these or any other risks, and you could lose part or all of your investment.
Summary of Risk Factors
The below summary risks provide an overview of the material risks we are exposed to in the normal course of our business activities. The below summary risks do not contain all of the information that may be important to you, and you should read these together with the more detailed discussion of risks set forth following this section, as well as elsewhere in this report under the heading “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Additional risks beyond those summarized below, or discussed elsewhere in “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” may apply to our activities or operations as currently conducted or as we may conduct them in the future, or to the markets in which we currently operate or may in the future operate. Consistent with the foregoing, we are exposed to a variety of risks, including those associated with the following:
•the ongoing COVID-19 pandemic, the continuing global economic and geopolitical volatility, and measures taken in response to such events may materially and adversely affect our business, financial condition, operating results, and earnings guidance that we may issue from time to time;
•if our information technology systems or the security measures of our service partners are compromised or unauthorized access to customer or user data is otherwise obtained, our applications may be perceived as not being secure, our operations may be disrupted, our applications may become unavailable, customers and end users may reduce the use of or stop using our applications, and we may incur significant liabilities;
•if we fail to properly manage our technical operations infrastructure, including our data centers and computing infrastructure operated by third parties, experience service outages or delays in the deployment of our applications, or our applications fail to perform properly, we may be subject to liabilities and our reputation and operating results may be adversely affected;
•privacy concerns and evolving domestic or foreign laws and regulations may reduce the adoption of our applications, result in significant costs and compliance challenges, and adversely affect our business and operating results;
•we may lose key employees or be unable to attract, train, and retain highly skilled employees, which may adversely affect our business and future growth prospects;
•the markets in which we participate are intensely competitive, and if we do not compete effectively, our operating results could be adversely affected;
•our quarterly results may fluctuate significantly as a result of a variety of factors, many of which are outside of our control, and such fluctuations and related impacts to any earnings guidance we may issue from time to time, or any modification or withdrawal thereof, may negatively impact the value of our securities;
•our brand promotion activities may not generate the customer awareness or increased revenues we anticipate, and even if they do, any increase in revenues may not offset the significant expenses we incur in building our brand;
•if we are not able to realize a return on our current development efforts or offer new features, enhancements, and modifications to our products and services, our business and operating results could be adversely affected; additionally, if we are not able to realize a return on the investments we have made toward entering new markets and new lines of business, including as a result of unfavorable laws, regulations, interpretive positions, or standards governing new and evolving technologies we incorporate into our products and services, our business and operating results could be adversely affected;
•if we are unable to establish or maintain our strategic relationships with third parties, or fail to successfully integrate our applications with a variety of third-party technologies, our ability to compete or grow our revenues may be impaired and our operating results may suffer;
•we have acquired, and may in the future acquire, other companies, employee teams, or technologies, which could divert our management’s attention, result in additional dilution to our stockholders, and otherwise disrupt our operations and adversely affect our operating results;
•if we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service and operational controls, or adequately address competitive challenges;
•if we cannot maintain our corporate culture, we may lose the innovation, teamwork, and passion that we believe contribute to our success, and our business may be harmed;
•because we encounter long sales cycles when selling to large customers and we recognize subscription services revenues over the term of the contract, downturns or upturns in new sales will not be immediately reflected in our operating results and it may be difficult to predict a negative impact on our operating and financial results; additionally, our ability to predict the rate of customer subscription renewals or adoptions is limited;
•our business could be adversely affected if our users are not satisfied with the deployment, training, and support services provided by us and our partners, and such dissatisfaction could damage our ability to expand the applications subscribed to by our current customers and negatively impact our ability to compete for new business;
•sales to customers outside the United States or with international operations expose us to risks inherent in global operations;
•we have a history of cumulative losses and we may not achieve or sustain profitability on a GAAP basis in the future;
•any failure to protect our intellectual property rights domestically and internationally could impair our ability to protect our proprietary technology and our brand; additionally, we may be sued by third parties for alleged infringement of their proprietary rights or in connection with our use of open source software;
•risks related to government contracts and related procurement regulations, including risks of fines and termination of such contracts by the government at any time, may adversely impact our business and operating results;
•adverse litigation results could have a material adverse impact on our business;
•the dual class structure of our common stock has the effect of concentrating voting control with David Duffield and Aneel Bhusri (our “Co-Founders”), as well as with other executive officers, directors, and affiliates, which gives our Co-Founders and other members of management control over key decisions and limits or precludes the ability of non-affiliates to influence corporate matters;
•our substantial indebtedness may adversely affect our financial condition and operating results;
•our convertible note hedge and warrant transactions may adversely affect the value of our Class A common stock;
•Delaware law and provisions in our restated certificate of incorporation and amended and restated bylaws could make a merger, tender offer, or proxy contest sought by third parties difficult, thereby depressing the market price of our Class A common stock; and
•the exclusive forum provision in our organizational documents may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, or other employees, which may discourage lawsuits with respect to such claims.
Risks Related to Our Business and Industry
The extent to which the ongoing COVID-19 pandemic, the continuing global economic and geopolitical volatility, and measures taken in response to such events will continue to impact our business, financial condition, and operating results will depend on future developments, which are highly uncertain and difficult to predict.
The COVID-19 pandemic has negatively impacted the global economy, disrupted global supply chains, and created significant volatility and disruption of financial markets. In addition, the Russian invasion of Ukraine in early fiscal 2023 has led to further economic disruption. While we do not operate in Russia and while our extended workforce in Ukraine is not a material part of our workforce, the conflict has increased inflationary cost pressures and supply chain constraints which have negatively impacted the global economy. In response to the concerns over inflation risk, the U.S. Federal Reserve raised interest rates in March and July 2022, and has signaled they expect additional rate increases throughout the year and into calendar year 2023. It is especially difficult to predict the impact of such events on the global economic markets, which have been and will continue to be highly dependent upon the actions of governments, businesses, and other enterprises in response to such events, and the effectiveness of those actions. As a result of these and other recent macroeconomic events, we have experienced volatility in the trading prices for our Class A common stock, and such volatility may continue in the long term. Any sustained adverse impacts from these and other recent macroeconomic events could materially and adversely affect our business, financial condition, operating results, and earnings guidance that we may issue from time to time, which could have a material effect on the value of our Class A common stock.
At the beginning of the COVID-19 pandemic, we temporarily closed the majority of our global offices; required most of our employees to work remotely; implemented travel restrictions; and postponed or canceled certain of our customer, industry, implementation partner, analyst, investor, and employee events, and converted other events to virtual-only experiences. If we reinstate these measures due to a resurgence of COVID-19 or otherwise, these measures could have increasingly negative effects on our employee productivity and morale, sales and marketing efforts, customer success efforts, and revenue growth rates or other financial metrics, or create operational or other challenges, any of which could adversely impact our business, financial condition, and operating results in any given period.
As of July 31, 2022, our offices have reopened and we have begun permitting travel and in-person events, taking into consideration government restrictions, employee safety, and health risks. Our approach may vary among geographies depending on appropriate health protocols, and may change at any time. Additionally, reopening our offices could expose our employees to health risks, and could involve additional costs or liability. While vaccines have become widely available in certain countries, and businesses and economies have reopened, the status of global economic recovery remains uncertain and unpredictable, and will continue to be impacted by developments in the pandemic including any subsequent waves of outbreak or new variant strains of the COVID-19 virus which may require re-closures or other preventative measures. The COVID-19 pandemic may also have long-term effects on the nature of the office environment and remote working, which may present risks for our real estate portfolio, as well as strategy, operational, talent recruiting and retention, and workplace culture challenges that may adversely affect our business. The COVID-19 pandemic and recent macroeconomic events could also impact our data center and computing infrastructure operations, including potential disruptions to, among other things, the supply chain required to maintain these systems, construction projects designed to expand our data center capacity, and primary vendors who provide critical products and services.
Our future revenues rely on continued demand by existing customers and the acquisition of new customers who may be subject to labor shortages and global supply chain disruptions due to recent macroeconomic events. In connection with recent macroeconomic events, we have experienced and may continue to experience delays in purchasing decisions from prospective customers and a reduction in customer demand, particularly in the industries most impacted by the COVID-19 pandemic, such as travel and hospitality. Similarly, we experienced a reduction in renewal rates, particularly within our subset of small and medium-sized planning customers, as well as reduced customer spend and delayed payments. Our business, financial condition, and operating results may be negatively impacted in future periods due to a resurgence of COVID-19 or on account of recent macroeconomic events. While our subscription services revenues are relatively predictable in the near term as a result of our subscription-based business model, the effect of recent macroeconomic events may not be fully reflected in our operating results and overall financial performance until future periods.
It is not possible for us to estimate the duration or magnitude of the adverse results of recent macroeconomic events and their effect on our business, financial condition, or operating results at this time, as the impact will depend on future developments, which are highly uncertain and difficult to predict. To the extent recent macroeconomic events adversely affect our business, financial condition, and operating results, it may also have the effect of heightening many of the other risks described in this “Risk Factors” section.
If we fail to properly manage our technical operations infrastructure, experience service outages, undergo delays in the deployment of our applications, or our applications fail to perform properly, we may be subject to liabilities and our reputation and operating results may be adversely affected.
We have experienced significant growth in the number of users, transactions, and data that our operations infrastructure supports. We seek to maintain sufficient excess capacity in our operations infrastructure to meet the needs of all of our customers and users, as well as our own needs, and to ensure that our services and solutions are accessible within an acceptable load time. We also seek to maintain excess capacity to facilitate the rapid provision of new customer deployments and the expansion of existing customer deployments. In addition, we need to properly manage our technological operations infrastructure in order to support version control, changes in hardware and software parameters, updates, and the evolution of our applications, and to reduce infrastructure latency associated with dispersed geographic locations. However, the provision of new hosting infrastructure requires significant lead time. If we do not accurately predict our infrastructure requirements, we may experience service outages. Furthermore, if our operations infrastructure fails to scale, we may experience delays in providing service as we seek to obtain additional capacity, and no assurance can be made that we will be able to secure such additional capacity on the same or similar terms as we currently have, which could result in a significant increase in our operating costs. Moreover, any failure to scale and secure additional capacity could result in delays in new feature rollouts, reduce the demand for our applications, result in customer and end user dissatisfaction, and adversely affect our business and operating results.
We have experienced, and may in the future experience, defects, system disruptions, outages, and other performance problems, including the failure of our applications to perform properly. These problems may be caused by a variety of factors, including infrastructure and software or code changes, vendor issues, software and system defects, human error, viruses, worms, security attacks (internal and external), fraud, spikes in customer usage, and denial of service issues. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. Because of the large amount of data that we collect and process in our systems, it is possible that these issues could result in significant disruption, data loss or corruption, or cause the data to be incomplete or contain inaccuracies that our customers and other users regard as significant. Additionally, such issues have, and may in the future, result in vulnerabilities that could inadvertently result in unauthorized access to data. Furthermore, the availability or performance of our applications could also be adversely affected by our customers’ and other users’ inability to access the internet. For example, our customers and other users access our applications through their internet service providers. If a service provider fails to provide sufficient capacity to support our applications or otherwise experiences service outages, such failure could interrupt our customers’ and other users’ access to our applications, which could adversely affect their perception of our applications’ reliability and our revenues. In addition, certain countries have implemented or may implement legislative and technological actions that either do or can effectively regulate access to the internet, including the ability of internet service providers to limit access to specific websites or content. Other countries have attempted or are attempting to change or limit the legal protections available to businesses that depend on the internet for the delivery of their services.
Our customer agreements typically provide for monthly service level commitments. If we are unable to meet the stated service level commitments or suffer extended periods of unavailability for our applications as a result of the foregoing or otherwise, we may be contractually obligated to issue service credits or refunds to customers for prepaid and unused subscription services, our customers may make warranty or other claims against us, or we could face contract terminations, which would adversely affect our attrition rates. Any extended service outages could result in customer losses and adversely affect our reputation, business, and operating results.
Furthermore, our financial management application is essential to our and our customers’ financial planning, reporting, and compliance programs. Any interruption in our service may affect the availability, accuracy, or timeliness of such programs and as a result could damage our reputation, cause our customers to terminate their use of our applications, require us to issue refunds for prepaid and unused subscription services, require us to compensate our customers for certain losses, and prevent us from gaining additional business from current or future customers. In addition, because we use Workday’s financial management application, any problems that we experience with financial reporting and compliance could be negatively perceived by prospective or current customers and negatively impact demand for our applications.
Our errors and omissions insurance may be inadequate or may not be available in the future on acceptable terms, or at all, to protect against claims and other legal actions. In addition, our policy may not cover all claims made against us and defending a suit, regardless of its merit, could be costly and divert management’s attention.
We depend on data centers and computing infrastructure operated by third parties, and any disruption in these operations could adversely affect our business and operating results.
We host our applications and serve our customers from data centers located in the United States, Canada, and Europe. While we control and have access to our servers and all of the components of our network that are located in these data centers, we do not control certain aspects of these facilities, including their operation and security. The owners of these data center facilities have limited or no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew these agreements on commercially reasonable terms, or if any of these data center operators are acquired, cease to do business, or stop providing contracted services, we may be required to transfer our servers and other infrastructure to new data center facilities, and we may incur significant costs and experience possible service interruptions in connection with doing so.
In addition, we rely upon third-party hosted infrastructure partners globally, including AWS, Google LLC, and Microsoft Corporation, to serve customers and operate certain aspects of our services. Any disruption of or interference at our hosted infrastructure partners would impact our operations and our business could be adversely impacted. For example, in July 2022, we experienced a disruption at certain of our hosted data centers in two of our U.S. locations due to high temperatures and power outages that resulted in a brief temporary outage of our services for a subset of our customers. Problems faced by these data center operators or hosted infrastructure partners, with the telecommunications network providers with whom we or they contract, or with the systems by which our telecommunications providers allocate capacity among their customers, including us, could adversely affect the experience of our customers or other users. In addition, any financial difficulties, such as bankruptcy, faced by these data center operators, our hosted infrastructure partners, or any of the other service providers with whom we or they contract may have negative effects on our business, the nature and extent of which are difficult to predict. These facilities may also be subject to break-ins, sabotage, intentional acts of vandalism and similar misconduct, natural catastrophic events, as well as local administrative actions, changes to legal or permitting requirements, and litigation to stop, limit or delay operation.
Additionally, if these data center operators or hosted infrastructure partners are unable to keep up with our needs for capacity, this could have an adverse effect on our business. Any changes in third-party service levels at these data centers or at our hosted infrastructure partners, or any errors, defects, disruptions, or other performance problems with our applications or the infrastructure on which they run, including those related to cybersecurity threats or attacks, could adversely affect our reputation and may damage our customers’ or other users’ stored files or result in lengthy interruptions in our services. Interruptions in our services might adversely affect our reputation and operating results, cause us to issue refunds or service credits to customers for prepaid and unused subscription services, subject us to potential liabilities, result in contract terminations, or adversely affect our renewal rates.
We may lose key employees or be unable to attract, train, and retain highly skilled employees.
Our success and future growth depend largely upon the continued services of our executive officers, other members of senior management, and other key employees. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period, and they could terminate their employment with us at any time. From time to time, there may be changes in our executive management team and to other key employee roles resulting from organizational changes or the hiring or departure of executives or other employees, which could have a serious adverse effect on our business and operating results.
To execute our growth plan, we must attract, train, and retain highly qualified personnel. Our ability to compete and succeed in a highly competitive environment is directly correlated to our ability to recruit and retain highly skilled employees, especially in the areas of product development, engineers with significant experience in designing and developing software and internet-related services, including in the areas of machine learning and artificial intelligence (“AI”); for cybersecurity professionals; and for senior sales executives. The market for skilled personnel in the software industry is very competitive, and we have seen these pressures increase significantly through the COVID-19 pandemic and due to other macroeconomic factors. As we are headquartered in the San Francisco Bay Area, we face intense competition among large and small firms in the Silicon Valley market. In addition, the expansion of our sales infrastructure, both domestically and internationally, is necessary to grow our customer base and business. Identifying and recruiting qualified personnel and training them in our sales methodology, our sales systems, and the use of our software requires significant time, expense, and attention. Our business may be adversely affected if our efforts to attract and train new members of our direct sales force do not generate a corresponding increase in revenues. We have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications, and we may not be able to fill positions in desired geographic areas or at all.
Many of the companies with which we compete for experienced personnel have greater resources than we have and may offer more lucrative compensation packages than we offer. Our business may be adversely affected if we are unable to retain our highly skilled employees, especially our senior sales executives. Job candidates and existing employees carefully consider the value of the equity awards they receive in connection with their employment. If the perceived or actual value of our equity awards declines, or if the mix of equity and cash compensation that we offer is not sufficiently attractive, it may adversely affect our ability to recruit and retain highly skilled employees. The challenges we face in recruiting and hiring qualified personnel may be compounded by a decreased willingness of candidates to leave their current employment due to various factors including economic uncertainty caused by recent macroeconomic factors. As market volatility continues with the ongoing COVID-19 pandemic and other macroeconomic factors, we may face additional challenges in recruiting and retaining qualified personnel. Additionally, job candidates may be threatened with legal action under agreements with their existing employers if we attempt to hire them, which could have an adverse effect on hiring and result in a diversion of our time and resources. We must also continue to retain and motivate existing employees through our compensation practices, company culture, and career development opportunities. Further, our current and future office environments, such as our current hybrid work policies, may not meet the expectations of our employees or prospective employees, and may amplify challenges in recruiting. If we fail to attract new personnel or to retain our current personnel, our business and future growth prospects could be adversely affected.
If we cannot maintain our corporate culture, we could lose the innovation, teamwork, and passion that we believe contribute to our success, and our business may be harmed.
We believe that a critical component of our success has been our corporate culture, as reflected in our core values: employees, customer service, innovation, integrity, fun, and profitability. We also believe that our commitment to our corporate culture, as well as our commitment to building products and services that help provide our customers with information regarding their own workforce and corporate culture, is part of the reason why our customers choose us. As we continue to grow, both organically and through acquisitions of employee teams, and develop the infrastructure associated with being a more mature public company, we will need to maintain our corporate culture among a larger number of employees who are dispersed throughout various geographic regions. Additionally, we and our stakeholders increasingly expect to have a corporate culture that embraces diversity and inclusion, and any inability to attract and retain diverse and qualified personnel may harm our corporate culture and our business. Moreover, our hybrid work policies require significant action to preserve our culture. Furthermore, we substantially grew our employee base in fiscal 2022, and we must be able to effectively integrate, develop, and motivate a large number of new employees, while maintaining the effectiveness of our business execution and the beneficial aspects of our corporate culture. Any failure to maintain or adapt our culture could negatively affect our future success, including our ability to retain and recruit personnel and to achieve our corporate objectives, including our ability to quickly develop and deliver new and innovative products.
Our business could be adversely affected if our users are not satisfied with the deployment, training, and support services provided by us and our partners.
Our business depends on our ability to satisfy our customers and end users, both with respect to our application offerings and the professional services that are performed to help them use features and functions that address their business needs. High customer satisfaction requires that our customers undergo a successful implementation and be properly trained on our applications to effectively implement and increase their level of adoption of such applications. Implementation of our applications may be technically complicated because they are designed to enable complex and varied business processes across large organizations, integrate data from a broad and complex range of workflows and systems, and may involve deployment in a variety of environments. Incorrect or improper implementation or use of our applications could result in customer and user dissatisfaction and harm our business and operating results.
In order for our customers to successfully implement our applications, they need access to highly skilled and trained service professionals. Professional services may be performed by our own staff, by a third party, or by a combination of the two. Our strategy is to work with third parties to increase the breadth of capability and depth of capacity for delivery of these services to our customers, and third parties provide a majority of deployment services for our customers. The work performed by us or these third parties that we rely on, including any work related to the on-site components of deployment services requested by a customer, might be adversely impacted directly or indirectly by the ongoing COVID-19 pandemic, including as a result of restrictions in accessing customer sites, and by increased attrition. Additionally, if our customers’ personnel are unable to participate in deployment activities as a direct or indirect result of the ongoing COVID-19 pandemic, this could result in delays in customer go-live dates for our applications. If customers are not satisfied with the quality and timing of work performed by us or a third party or with the type of professional services or applications delivered, or if we or a third party have not fully delivered on certain commitments made to our customers, then we could incur additional costs to address the situation, the revenue recognition of the contract could be impacted, and the dissatisfaction with our services could damage our ability to expand the applications subscribed to by our customers. We must also align our product development and professional services operations in order to ensure that customers’ evolving needs are met. Negative publicity related to our customer relationships, regardless of its accuracy, may further damage our business by affecting our ability to compete for new business with current and prospective customers both domestic and abroad.
Additionally, in order to maximize the value of our applications, we must continue to educate and train our customers and end users to develop the skills necessary to harness the power of our applications. If we are not able to effectively educate and train our users, they may choose not to renew their subscriptions, market perceptions of our company and our applications may be impaired, and our reputation and brand may suffer. Customers and other users also depend on our support organization to provision the environments used by our customers and to resolve technical issues relating to our applications. We may be unable to respond quickly enough to accommodate short-term increases in demand for support services. We may also be unable to modify the format of our support services to compete with changes in support services provided by our competitors. Increased demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. Failure to maintain high-quality technical support and training, or a market perception that we do not maintain high-quality support or training, could adversely affect our reputation, our ability to offer and sell our applications, our renewal rates, and our business and operating results.
Our future success depends on the rate of customer subscription renewals or adoptions, and our revenues or operating results could be adversely impacted if we do not achieve renewals and adoptions at expected rates or on anticipated terms.
As the markets for our applications mature, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers at the same pace or based on the same pricing model as we have used historically. From time to time, we may also change our pricing structure, which could adversely impact demand for our products. Moreover, large customers, which are a primary focus of our sales efforts, have and may continue to request greater price concessions and delayed payment terms. As a result of the COVID-19 pandemic, some of our existing and potential customers deferred purchasing decisions, requested price concessions and delayed payment terms, and requested other terms and conditions. If these conditions were to return, whether as a result of a resurgence of COVID-19 or otherwise, we may be required to reduce our prices or accept onerous terms and conditions, including delayed payment terms, which could adversely affect our revenues, profitability, financial position, and cash flows in any given period. Restrictions on travel and in-person meetings have interrupted, and could continue to interrupt, our sales activity, and we cannot predict whether, for how long, or the extent to which the COVID-19 pandemic may continue to have an impact. Our sales force has historically met with our customers and potential customers face-to-face when selling our solutions, and while the majority of our deployment activities are completed remotely, many of our customers may prefer to have certain deployment activities such as project initiation and go-live activities completed on-site. Attrition of key personnel at our customers has impacted and may continue to impact our direct sales efforts. Furthermore, because our future revenue growth relies, in large part, on new customer acquisition, any inability of our sales force to establish relationships with potential customers during the current environment or prospects deferring buying decisions due to the economic uncertainty, is likely to have a negative impact on our future revenue growth and other financial measures.
In addition, our customers have no obligation to renew their subscriptions for our applications after the expiration of either the initial or renewed subscription period. If we are unable to successfully educate our customers on the benefits and features of our applications, or if our customers are aware of those benefits and features but do not use them, our customers may renew for fewer elements of our applications or on different pricing terms. Our customers’ renewal rates may also decline or fluctuate as a result of a number of other factors, including their level of satisfaction with our applications and pricing, their ability to continue their operations and spending levels, and the evolution of their business. If our customers do not renew their subscriptions for our applications on similar pricing terms, our revenues may decline, and we may not be able to meet our revenue projections, which could negatively impact our business and the market price of our Class A common stock. In addition, over time the average term of our contracts could change based on renewal rates or for other reasons.
Our future success also depends, in part, on our ability to sell additional products to our current customers, and the success rate of such endeavors is difficult to predict, especially with regard to any new lines of business that we may introduce from time to time. This may require increasingly costly marketing and sales efforts that are targeted at senior management, and if these efforts are not successful, our business and operating results may suffer. Additionally, acquisitions of our customers by other companies have led, and could continue to lead, to cancellation of our contracts with those customers, thereby reducing the number of our existing and potential customers.
Our quarterly results may fluctuate significantly and may not fully reflect the underlying performance of our business.
Our quarterly operating results, including our revenues, subscription revenue backlog, operating margin, profitability, and cash flow, may vary significantly in the future and period-to-period comparisons of our operating results may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. As discussed above, the extent to which the ongoing COVID-19 pandemic, the resulting global economic uncertainty, and measures taken in response to the pandemic, as well as recent macroeconomic events, could continue to impact our operating results will depend on future developments, which are highly uncertain and difficult to predict. Fluctuations in our quarterly results and related impacts to any earnings guidance we may issue from time to time, including any modification or withdrawal thereof, may negatively impact the value of our securities. Additionally, as we typically sign a significantly higher percentage of agreements with new customers as well as renewal agreements with existing customers in the fourth quarter of each year, we may experience a greater impact on our business and quarterly results due to the prolonged uncertainty.
Additional factors that may cause fluctuations in our quarterly financial results include, without limitation, those listed below:
•our ability to attract new customers, customer renewal rates, the financial condition and creditworthiness of our customers, and the timing and rate at which we sign agreements with customers;
•the addition or loss of large customers, including through acquisitions or consolidations;
•regulatory compliance costs, including research and development costs incurred to add functionality to help our customers comply with evolving privacy and data security laws;
•the timing of recognition of revenues and operating expenses, including expenses related to acquisitions and potential future charges for impairment of goodwill;
•the amount and timing of operating expenses related to the maintenance and expansion of our business, operations, and infrastructure;
•network outages or security breaches;
•general economic, market, and geopolitical conditions, including the impact of the ongoing COVID-19 pandemic, the Russia-Ukraine conflict, inflation, and rising interest rates;
•increases or decreases in the number of elements of our services or pricing changes upon any renewals of customer agreements;
•the changes in payment terms and timing of customer payments and payment defaults by customers, including those impacted by the ongoing COVID-19 pandemic;
•changes in our pricing policies or those of our competitors and the mix of applications sold during a period;
•seasonal variations in sales of our applications, which have historically been highest in our fiscal fourth quarter;
•the timing and success of new application and service introductions by us or our competitors;
•changes in the competitive dynamics of our industry, including consolidation among competitors, customers, or strategic partners, and the impact of strategic partnerships, acquisitions, or equity investments;
•expenses related to our real estate portfolio, including our leases and data center expansion; and
•changes in laws and regulations that impact our business or reported financial results, including changes in accounting principles generally accepted in the United States.
We have experienced rapid growth, and if we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service and operational controls, or adequately address competitive challenges.
We have experienced rapid growth in our customers, headcount, and operations and anticipate that we will continue to expand our customer base, headcount, and operations. This growth has placed, and future growth will place, a significant strain on our management, administrative, operational, and financial infrastructure. Our success will depend in part on our ability to manage this growth effectively and to scale our operations appropriately. To manage the expected growth of our operations and personnel, we will need to continue to improve our operational, financial, and management controls as well as our reporting systems and procedures. Failure to effectively manage growth could result in difficulty or delays in deploying products and services to customers, declines in quality or customer satisfaction, increases in costs, difficulties in introducing new features, or other operational difficulties, and any of these difficulties could adversely impact our business performance and operating results.
If we fail to develop widespread brand awareness cost-effectively, our business may suffer.
We believe that developing and maintaining widespread positive awareness of our brand is critical to achieving widespread acceptance of our applications, retaining and attracting customers, and hiring and retaining employees. However, brand promotion activities may not generate the customer awareness or increased revenues we anticipate, and even if they do, any increase in revenues may not offset the significant expenses we incur in building our brand. Moreover, the ongoing COVID-19 pandemic has made it more difficult to develop and maintain positive awareness of our brand. For example, we held a virtual event, Conversations for a Changing World, in both fiscal 2021 and 2022, in place of our two largest annual customer conferences, Workday Rising and Workday Rising Europe. We have returned to in-person events, but if due to a resurgence of COVID-19 or otherwise, we reinstate our shift to virtual customer, industry, partner, analyst, investor and employee events, these measures may not be as successful or showcase our products as well, and ultimately generate lower levels of customer interest, opportunities, and leads. In addition, we have and may in the future delay certain corporate advertising programs. These measures, if adopted, particularly if extended for prolonged periods, could have negative effects on our ability to develop and maintain widespread positive awareness of our brand, which could harm our business, financial condition, and operating results.
If we fail to successfully promote and maintain our brand, or we fail to expand awareness of our newer solutions or products, we may fail to attract or retain customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our applications. Additionally, the loss of one or more of our key customers, or a failure to renew our subscription agreements with one or more of our key customers, could significantly impair our ability to market our applications which, in turn, could have a negative impact on our revenues, reputation, and our ability to obtain new customers. In addition, if our brand is negatively impacted, it may be more difficult to hire and retain employees.
We have acquired, and may in the future acquire, other companies, employee teams, or technologies, which could divert our management’s attention, result in additional dilution to our stockholders, and otherwise disrupt our operations and adversely affect our operating results.
We have acquired, and may in the future acquire, other companies, employee teams, or technologies to complement or expand our applications, enhance our technical capabilities, obtain personnel, or otherwise offer growth opportunities. For example, we acquired Scout in fiscal 2020 and Peakon, Zimit, and VNDLY in fiscal 2022. The pursuit of acquisitions may divert the attention of management, disrupt ongoing business, and cause us to incur various expenses in identifying, investigating, and pursuing suitable acquisitions, whether or not they are consummated.
These impacts may continue through integration activities. Moreover, we may be unable to complete proposed transactions timely or at all due to the failure to obtain regulatory or other approvals, litigation, or other disputes, which may obligate us to pay a termination fee. We also may not achieve the anticipated benefits from an acquisition due to a number of factors, including:
•inability to integrate the intellectual property, technology infrastructure, personnel, and operations of the acquired business, including difficulty in addressing security risks of the acquired business, or benefit from an acquisition in a profitable manner;
•acquisition-related costs, liabilities, or tax impacts, some of which may be unanticipated;
•difficulty in leveraging the data of the acquired business if it includes personal data;
•ineffective or inadequate controls, procedures, or policies at the acquired company and increased risk of non-compliance;
•multiple product lines or service offerings as a result of our acquisitions that are offered, priced, and supported differently, as well as the potential for such acquired product lines and service offerings to impact the profitability of existing products;
•the opportunity cost of diverting management and financial resources away from other products, services, and strategic initiatives;
•difficulties and additional expenses associated with synchronizing product offerings, customer relationships, and contract portfolio terms and conditions between Workday and the acquired business;
•unknown liabilities or risks associated with the acquired businesses, including those arising from existing contractual obligations or litigation matters;
•adverse effects on our brand or existing business relationships with business partners and customers as a result of the acquisition;
•potential write-offs of acquired assets and potential financial and credit risks associated with acquired customers;
•inability to maintain relationships with key customers, suppliers, and partners of the acquired business;
•difficulty in predicting and controlling the effect of integrating multiple acquisitions concurrently;
•lack of experience in new markets, products, or technologies;
•difficulty in integrating operations and assets of an acquired foreign entity with differences in language, culture, or country-specific regulatory risks;
•the inability to obtain (or a material delay in obtaining) regulatory approvals necessary to complete transactions or to integrate operations, or potential remedies imposed by regulatory authorities as a condition to or following the completion of a transaction, which may include divestitures, ownership or operational restrictions or other structural or behavioral remedies;
•the failure of strategic acquisitions to perform as expected or to meet financial projections; and
•use of substantial portions of our available cash to consummate the acquisition.
In addition, a significant portion of the purchase price of companies we acquire may be allocated to acquired goodwill and other intangible assets, which must be assessed for impairment at least annually. In the future, if our acquisitions do not yield expected returns, we may be required to take charges to our operating results based on this impairment assessment process, which could adversely affect our operating results.
Acquisitions could also result in dilutive issuances of equity securities or the issuance of debt, which could adversely affect our operating results. In addition, if an acquired business fails to meet our expectations, our business, operating results, and financial position may suffer.
Sales to customers outside the United States or with international operations expose us to risks inherent in global operations.
A key element of our growth strategy is to further develop our worldwide customer base. Operating globally requires significant resources and management attention and subjects us to regulatory, economic, and political risks that are different from those in the United States. Our efforts to further expand internationally may not be successful in creating additional demand for our applications outside of the United States or in effectively selling subscriptions to our applications in all of the markets we enter. Foreign regulations, including privacy, data localization, and import/export regulations, are subject to change and uncertainty, including as a result of geopolitical developments, which may be amplified by the COVID-19 pandemic, macroeconomic conditions, or events such as the Russia-Ukraine conflict. In addition to navigating the challenges related to the ongoing COVID-19 pandemic in foreign jurisdictions, we face other risks in doing business on a global scale that could adversely affect our business, including:
•the need to develop, localize, and adapt our applications and customer support for specific countries, including translation into foreign languages, localization of contracts for different legal jurisdictions, and associated expenses;
•the need to successfully develop and execute on a go-to-market strategy that aligns application management efforts and the development of supporting infrastructure;
•stricter data privacy laws including requirements that customer data be stored and processed in a designated territory and obligations on us as a data processor;
•difficulties in appropriately staffing and managing foreign operations and providing appropriate compensation for local markets;
•difficulties in leveraging executive presence and company culture globally;
•different pricing environments, longer sales cycles, and longer trade receivables payment cycles, and collections issues;
•new and different sources of competition;
•potentially weaker protection for intellectual property and other legal rights than in the United States and practical difficulties in enforcing intellectual property and other rights;
•laws, customs, and business practices favoring local competitors;
•restrictive governmental actions focused on cross-border trade, such as import and export restrictions, duties, quotas, tariffs, trade disputes, and barriers or sanctions, including due to the Russia-Ukraine conflict, that may prevent us from offering certain portions of our products or services to a particular market, may increase our operating costs or may subject us to monetary fines or penalties in case of unintentional noncompliance due to factors beyond our control;
•compliance challenges related to the complexity of multiple, conflicting, and changing governmental laws and regulations, including employment, tax, privacy, intellectual property, and data protection laws and regulations;
•increased compliance costs related to government regulatory reviews or audits, including those related to international cybersecurity requirements;
•increased financial accounting and reporting burdens and complexities;
•restrictions on the transfer of funds;
•ensuring compliance with anti-corruption laws, including the Foreign Corrupt Practices Act and United Kingdom (“UK”) Bribery Act;
•the effects of currency fluctuations on our revenues and expenses and customer demand for our services;
•the cost and potential outcomes of any international claims or litigation;
•adverse tax consequences and tax rulings; and
•unstable economic and political conditions.
Any of the above factors may negatively impact our ability to sell our applications and offer services globally, reduce our competitive position in foreign markets, increase our costs of global operations, and reduce demand for our applications and services from global customers. Additionally, the majority of our international costs are denominated in local currencies and we anticipate that over time an increasing portion of our sales contracts may be outside the U.S. and will therefore be denominated in local currencies. Additionally, global events, as well as geopolitical developments such as the Russia-Ukraine conflict, fluctuating commodity prices, trade tariff developments, and inflation have caused, and may in the future cause, global economic uncertainty, and uncertainty about the interest rate environment, which could amplify the volatility of currency fluctuations. Therefore, fluctuations in the value of foreign currencies may impact our operating results when translated into U.S. dollars. Such fluctuations may also impact our ability to predict our future results accurately. Although we have a hedging program to help mitigate some of this volatility and related risks, there can be no assurance that the hedging program will be effective in offsetting the adverse financial impacts that may result from unfavorable movements in foreign currency exchange rates, including any such movements caused by the COVID-19 pandemic.
The markets in which we participate are intensely competitive, and if we do not compete effectively, our operating results could be adversely affected.
The markets for enterprise cloud applications are highly competitive, with relatively low barriers to entry for some applications or services. Some of our competitors are larger and have greater name recognition, significantly longer operating histories, access to larger customer bases, larger marketing budgets, and significantly greater resources to devote to the development, promotion, and sale of their products and services than we do. This may allow our competitors to respond more effectively than us to new or emerging technologies and changes in market conditions.
Our primary competitors are Oracle Corporation and SAP SE, well-established providers of financial management and HCM applications, which have long-standing relationships with many customers. Some customers may be hesitant to switch vendors or to adopt cloud applications such as ours and may prefer to maintain their existing relationships with competitors. We also face competition from other enterprise software vendors, from regional competitors that only operate in certain geographic markets, and from vendors of specific applications that address only one or a portion of our applications, some of which offer cloud-based solutions. These vendors include, without limitation: UKG Inc. (formerly The Ultimate Software Group, Inc.), Automatic Data Processing, Inc., Infor, Inc., Ceridian HCM Holding Inc., Microsoft Corporation, Anaplan, Inc., and Coupa Software Inc. In order to take advantage of customer demand for cloud applications, legacy vendors are expanding their cloud applications through acquisitions, strategic alliances, and organic development. In addition, other cloud companies that provide services in different target markets may develop applications or acquire companies that operate in our target markets, and some potential customers may elect to develop their own internal applications. As the market matures and as existing and new market participants introduce new types of technologies and different approaches that enable organizations to address their HCM and financial needs, we expect this competition to intensify in the future.
Furthermore, our current or potential competitors may be acquired by, or merge with, third parties with greater available resources and the ability to initiate or withstand substantial price competition, such as the merger between Kronos Incorporated and The Ultimate Software Group, Inc. Our competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their offerings or resources. Many of our competitors also have major distribution agreements with consultants, system integrators, and resellers. If our competitors’ products, services, or technologies become more accepted than our products, if they are successful in bringing their products or services to market earlier than ours, or if their products or services are more technologically capable than ours, then our revenues could be adversely affected. In addition, our competitors may offer their products and services at a lower price, or, particularly during the ongoing COVID-19 pandemic, may offer price concessions, delayed payment terms, financing terms, or other terms and conditions that are more enticing to potential customers. Pricing pressures and increased competition could result in reduced sales, reduced margins, losses, or a failure to maintain or improve our competitive market position, any of which could adversely affect our business and operating results.
If we are not able to realize a return on our current development efforts or offer new features, enhancements, and modifications to our services that are desired by current or potential customers, our business and operating results could be adversely affected.
Developing software applications and related enhancements, features, and modifications is expensive, and the investment in product development often involves a long return on investment cycle. Accelerated application introductions and short application life cycles require high levels of expenditures that could adversely affect our operating results if not offset by revenue increases, and we believe that we must continue to dedicate a significant amount of resources to our development efforts to maintain our competitive position. However, we may not receive significant revenues from these investments for several years, if at all. Furthermore, the COVID-19 pandemic could have a continuing impact on our plans to offer certain new features, enhancements, and modifications of our applications in a timely manner, particularly if we experience impacts to productivity due to our employees or their family members experiencing health issues, or as our employees continue to work remotely, or if there are continuing delays in our hiring and onboarding of new employees. If we are unable to provide new features, enhancements, and modifications in a timely and cost-effective manner that achieve market acceptance or that keep pace with rapid technological developments and changing regulatory landscapes, our business and operating results could be adversely affected. For example, we are focused on enhancing the features and functionality of our applications to improve their utility to larger customers with complex, dynamic, and global operations, or we may be required to develop new features, enhancements, or modifications to our products to support our customers’ evolving compliance obligations. Some of our larger customers may also require features and functions unique to their business processes that we do not currently offer. In order to help ensure we meet these requirements, we may devote a significant amount of technology support and professional service resources to such customers. The success of enhancements, new features, and applications depends on several factors, including their timely completion, introduction, and market acceptance as well as access to development resources and the technologies required to build and improve our applications, such as the datasets required to train our machine learning models. If we are not successful in developing these new features, enhancements, modifications, and applications, and bringing them to market timely, it may negatively impact our customer renewal rates, limit the market for our solutions, or impair our ability to attract new customers.
Our growth depends on the success of our strategic relationships with third parties as well as our ability to successfully integrate our applications with a variety of third-party technologies.
We depend on relationships with third parties such as deployment partners, technology and content providers, and other key suppliers, and are also dependent on third parties for the license of certain software and development tools that are incorporated into or used with our applications. If the operations of these third parties are disrupted, including as a direct or indirect result of recent macroeconomic conditions, our own operations may suffer, which could adversely impact our operating results. In addition, we rely upon licensed third-party software to help improve our internal systems, processes, and controls. Identifying partners, and negotiating and documenting relationships with them, requires significant time and resources. We may be at a disadvantage if our competitors are effective in providing incentives to third parties to favor their products or services or to prevent or reduce subscriptions to our services, or in negotiating better rates or terms with such third parties. In addition, acquisitions of our partners by our competitors could end our strategic relationship with the acquired partner and result in a decrease in the number of our current and potential customers, or the support services available for third-party technology may be negatively affected by mergers and consolidation in the software industry. If we are unsuccessful in establishing or maintaining our relationships with these third parties, or in monitoring the quality of their products or performance, our ability to compete in the marketplace or to grow our revenues could be impaired and our operating results may suffer.
To the extent that our applications depend upon the successful integration and operation of third-party software in conjunction with our software, any undetected errors or defects in this third-party software, as well as cybersecurity threats or attacks related to such software, such as the Log4j (as defined below) vulnerability, could prevent the deployment or impair the functionality of our applications, delay new application introductions, result in a failure of our applications, result in increased costs, including warranty and other related claims from customers, and injure our reputation. Furthermore, software may not continue to be available to us on commercially reasonable terms. Although we believe that there are commercially reasonable alternatives to the third-party software we currently license, this may not always be the case, or it may be difficult or costly to replace. Integration of new software into our applications may require significant work and require substantial investment of our time and resources.
We also need to continuously modify and enhance our applications to keep pace with changes in third-party internet-related hardware, iOS, Android, other mobile-related technologies, and other third-party software, communication, browser, and database technologies. We must also appropriately balance the application capability demands of our current customers with the capabilities required to address the broader market. Furthermore, uncertainties about the timing and nature of new network platforms or technologies, or modifications to existing platforms or technologies, could increase our product development expenses. Any failure of our applications to operate effectively with future network platforms and other third-party technologies could reduce the demand for our applications, result in customer and end user dissatisfaction, and adversely affect our business and operating results. We may experience difficulties in managing improvements to our systems, processes, and controls or in connection with third-party software, which could materially impair our ability to provide solutions or professional services to our customers in a timely manner, cause us to lose customers, limit us to smaller deployments of our solutions, or increase our technical support costs.
If we are not able to realize a return on the investments we have made toward entering new markets and new lines of business, our business and operating results could be adversely affected.
We continue to seek opportunities to enter into new markets and/or new lines of business, some of which we may have very limited or no experience in. As an entrant to new markets and new lines of business, we may not be effective in convincing prospective customers that our solutions will address their needs, and we may not accurately estimate our infrastructure needs, human resource requirements, or operating expenses with regard to these new markets and new lines of business. We may also fail to accurately anticipate adoption rates of these new lines of business or their underlying technology. For example, machine learning and AI are propelling advancements in technology, but if they are not widely adopted and accepted or fail to operate as expected, our business and reputation may be harmed. Also, we may not be able to properly price our solutions in these new markets, which could negatively affect our ability to sell to customers. Furthermore, customers in these new markets or of the new lines of business may demand more features and professional services, which may require us to devote even greater research and development, sales, support, and professional services resources to such customers. If we fail to generate adequate revenues from these new markets and lines of business, or if we fail to do so within the envisioned timeframe, it could have an adverse effect on our business, financial condition, and operating results.
Social and ethical issues relating to the use of new and evolving technologies, such as machine learning and AI, in our offerings may result in reputational harm and liability.
Social and ethical issues relating to the use of new and evolving technologies, such as machine learning and AI, in our offerings may result in reputational harm and liability, and may cause us to incur additional research and development costs to resolve such issues. We are increasingly building AI into many of our offerings. As with many innovations, machine learning and AI present additional risks and challenges that could affect their adoption and therefore our business, operations, and results. For example, the development of machine learning and AI present emerging ethical issues, and if we enable or offer solutions on this front that are controversial, due to their impact, or perceived impact, on human rights, privacy, employment, or in other social contexts, we may experience brand or reputational harm, competitive harm, or legal liability. Potential government regulation related to AI ethics may also increase the burden and cost of research and development in this area. Failure to address AI ethics issues by us or others in our industry could undermine public confidence in AI, which could slow adoption of AI in our products and services.
Our aspirations and disclosures related to environmental, social, and governance (“ESG”) matters expose us to risks that could adversely affect our reputation and performance.
The positions we take on ESG and ethical issues from time to time may impact our brand, reputation, or ability to attract or retain customers. In particular, our brand and reputation are associated with our public commitments to environmental sustainability (including our science-based targets), equality, inclusivity, and ethical use, and any perceived changes in our dedication to these commitments could impact our relationships with potential and current customers, employees, stockholders, and other stakeholders. These commitments reflect our current plans and aspirations and are not guarantees that we will be able to achieve them. Our failure to accomplish or accurately track and report on these goals on a timely basis, or at all, could adversely affect our reputation, financial performance, and growth, and expose us to increased scrutiny from the investment community as well as enforcement authorities.
Our ability to achieve any ESG objective is subject to numerous risks, many of which are outside of our control. Examples of such risks include:
•the availability and cost of low- or non-carbon-based energy sources;
•the evolving regulatory requirements affecting ESG standards or disclosures;
•the availability of suppliers that can meet our sustainability, diversity and other ESG standards;
•our ability to recruit, develop and retain diverse talent in our labor markets;
•the availability and cost of high-quality verified emissions reductions and renewable energy credits;
•the ability to renew existing or execute on new virtual power purchase agreements; and
•the success of our organic growth and acquisitions or dispositions of businesses or operations.
Standards for tracking and reporting ESG matters continue to evolve. In addition, our processes and controls may not always comply with evolving standards for identifying, measuring, and reporting ESG metrics, including ESG-related disclosures that may be required of public companies by the SEC, and such standards may change over time, which could result in significant revisions to our current goals, reported progress in achieving such goals, or ability to achieve such goals in the future. Further, we may rely on data provided by third parties to measure and report our ESG metrics and if the data input is incorrect or incomplete, our brand, reputation, and financial performance may be adversely affected.
If our ESG practices do not meet evolving investor or other stakeholder expectations and standards, then our reputation, our ability to attract or retain employees, and our attractiveness as an investment, business partner, acquirer, or service provider could be negatively impacted. Further, our failure or perceived failure to pursue or fulfill our goals and objectives or to satisfy various reporting standards on a timely basis, or at all, could have similar negative impacts or expose us to government enforcement actions and private litigation.
Risks Related to Cybersecurity, Data Privacy, and Intellectual Property
If our information technology systems are compromised or unauthorized access to customer or user data is otherwise obtained, our applications may be perceived as not being secure, our operations may be disrupted, our applications may become unavailable, customers and end users may reduce the use of or stop using our applications, and we may incur significant liabilities.
Our applications involve the storage and transmission of our customers’ sensitive and proprietary information, including personal or identifying information regarding our customers, their employees, customers, and suppliers, as well as financial, accounting, health, and payroll data. Additionally, our operations and the availability of the services we provide customers also depend on our information technology systems. As a result, a compromise of our applications or systems, or unauthorized access to, acquisition, use, tampering, release, alteration, theft, loss, or destruction of sensitive data, or unavailability of data, could disrupt our operations or impact the availability or performance of our applications; expose us and our customers to regulatory obligations and actions, litigation, investigations, remediation and indemnity obligations, or supplemental disclosure obligations; damage our reputation and brand; or result in loss of customer, consumer, and partner confidence in the security of our applications, an increase in our insurance premiums, loss of authorization under the Federal Risk and Authorization Management Program (“FedRAMP”) or other authorizations, impairment to our business, and other potential liabilities or related fees, expenses, loss of revenues.
The financial and personnel resources we employ to implement and maintain security measures, including our information security risk insurance policy, may not be sufficient to address our security needs. The security measures we have in place may not be sufficient to protect against security risks, preserve our operations and services and the integrity of customer and personal information, and prevent data loss, misappropriation, and other security breaches. Our information systems may be compromised by computer hackers, employees, contractors, or vendors, as well as software bugs, human error, technical malfunctions, or other malfeasance.
Cybersecurity threats and attacks are often targeted at companies such as ours and may take a variety of forms ranging from individuals or groups of security researchers and hackers, including those who appear to offer a solution to a vulnerability, to sophisticated organizations, including state-sponsored actors who may launch coordinated attacks, such as retaliatory cyber attacks stemming from the Russia-Ukraine conflict. In the normal course of business, we are and have been the target of malicious cyber-attack attempts and have experienced other security events. As our market presence grows, we may face increased risks of cybersecurity attack or other security threats. Key cybersecurity risks range from viruses, worms, ransomware, and other malicious software programs, to phishing attacks, to exploitation of software bugs or other defects, to targeted attacks against cloud services and other hosted software, any of which can result in a compromise of our applications or systems and the data we store or process, disclosure of Workday confidential information and intellectual property, production downtimes, reputational harm, and an increase in costs to the business. As the techniques used to obtain unauthorized access or sabotage systems change frequently, are becoming increasingly sophisticated and complex, and generally are not identified until they are launched against a target, we may be unable to anticipate these attacks or to implement adequate preventative measures. Future cyber-attacks and other security events may have a significant or material impact on our business and operating results.
There may also be attacks targeting any vulnerabilities in our applications, internally built infrastructure, enhancements, and updates to our existing offerings, or in the many different underlying networks and services that power the internet that our products depend on, most of which are not under our control or the control of our vendors, partners, or customers. Systems and processes designed to protect our applications, systems, software, and data, as well as customer data and other user data, and to prevent data loss and detect security breaches, may not be effective against all cybersecurity threats or perceived threats. We have been subject to such incidents, including through third-party service providers and in connection with acquisitions we have made. In addition, our software development practices have not and may not identify all potential privacy or security issues, and inadvertent disclosures of data have occurred and may occur. For example, in August 2022, we applied a fix in Workday Recruiting to address an issue that temporarily made certain information discoverable to unintended parties. We took immediate action to fix the issue, notify affected customers, and confirm this issue had not impacted Workday’s other environments or applications. We have no indication that the data was accessed maliciously. We also performed an internal investigation and engaged a third party to penetration test the systems at issue, which caused, and may continue to cause, expense and business disruption. These efforts may not be completely effective or eliminate potential risks from this and similar incidents.
In December 2021, a critical remote code execution vulnerability was identified in the Apache Software Foundation’s Log4j software library (“Log4j”). Log4j is an open source software broadly used in Java-based applications to log security and performance information. According to public information, a bad actor can exploit the Log4j vulnerability to remotely access a vulnerable system, allowing the bad actor to then steal information, launch ransomware, or conduct other malicious activity. We use Log4j in a number of our environments although to date we have found no indication that customer data or environments containing customer data have been affected. This required us to identify, test, and deploy mitigation techniques and currently available remediation patches against this vulnerability in our environments, as well as to upgrade our firewalls and the Log4j library directly used by Workday, which caused expense and business disruption. We expect continued risk from the Log4j and additional vulnerabilities and potential attacks to continue for several months given the complexity of the situation and the widespread nature of the Log4j vulnerability.
Additionally, during the ongoing COVID-19 pandemic, and potentially beyond as remote work and resource access expand, there is an increased risk of cybersecurity-related events such as phishing attacks, exploitation of any cybersecurity flaws that may exist, an increase in the number cybersecurity threats or attacks, and other security challenges as a result of most of our employees and our service providers continuing to work remotely from non-corporate managed networks.
Furthermore, we have acquired or partnered with a number of companies, products, services, and technologies over the years, and incorporated third-party products, services, and technologies into our own products and services. Addressing security issues associated with acquisitions, partnerships, incorporated technologies, and our supply chain requires significant resources, and we may still inherit additional risks upon integration with or use by Workday. In addition, if a high-profile security breach occurs with respect to an industry peer, our customers and potential customers may generally lose trust in the security of financial management, spend management, human capital management, planning, or analytics applications, or in cloud applications for enterprises in general. Any or all of these issues could negatively affect our ability to attract new customers, cause existing customers to elect to terminate or not renew their subscriptions, result in reputational damage, cause us to pay remediation and indemnity costs and/or issue service credits or refunds to customers for prepaid and unused subscription services, or result in lawsuits, regulatory fines, or other action or liabilities, any of which could adversely affect our business and operating results.
We rely on sophisticated information systems and technology, including those provided by third parties, for the secure collection, processing, transmission, storage of confidential, proprietary, and personal information, and to support our business operations and the availability of our applications. In the past several years, supply chain attacks have increased in frequency and severity. As we are both a provider and consumer of information systems and technology, we are at higher risk of being impacted either directly or indirectly by these attacks. The control systems, cybersecurity program, infrastructure, physical facilities of, and personnel associated with third parties that we rely on are beyond our control. The audits we periodically conduct of some of our third parties vendors may not guarantee the security of and may be unable to prevent security events impacting the information technology systems of third parties that are part of our supply chain or that provide valuable services to us, which could result in the unauthorized access to, acquisition, destruction, alteration, use, tampering, release, unavailability, theft or loss of confidential, proprietary, or personal data of Workday, our employees, our customers, or our third party partners, which could in turn disrupt our operations and ability to conduct our business or the availability of our applications, or otherwise adversely affect our business, operating results, reputation, or financial condition.
Privacy concerns, evolving regulation of cloud computing, cross-border data transfer, and other domestic or foreign laws and regulations may reduce the adoption of our applications, result in significant costs and compliance challenges, and adversely affect our business and operating results.
Legal requirements related to collecting, storing, handling, and transferring personal data are rapidly evolving at both the national and international level in ways that require our business to adapt to support customer compliance. As the regulatory focus on privacy intensifies worldwide, and jurisdictions increasingly consider and adopt privacy laws, the potential risks related to managing personal data by our business may grow. In addition, possible adverse interpretations of existing privacy-related laws and regulations by governments in countries where our customers operate, as well as the potential implementation of new legislation, could impose significant obligations in areas affecting our business or prevent us from offering certain services in jurisdictions where we operate.
Following the European Union’s (“EU”) passage of the General Data Protection Regulation (“GDPR”), which became effective in May 2018, the global data privacy compliance landscape outside of the EU has grown increasingly complex, fragmented, and financially relevant to business operations. As a result, our business faces current and prospective risks related to increased regulatory compliance costs, government enforcement actions and/or financial penalties for non-compliance, and reputational harm. For example, in July 2020, the Court of Justice of the EU invalidated a framework called Privacy Shield for companies to transfer data from the European Economic Area to the United States. This decision led to uncertainty about the legal requirements for transferring customer personal data to and from Europe, an integral process of our business that remains governed by, and subject to, GDPR requirements. Failure to comply with the GDPR data processing requirements by either ourselves or our subcontractors could lead to regulatory enforcement actions, which can result in monetary penalties of up to 4% of worldwide revenue, private lawsuits, reputational damage, and loss of customers. The UK government is considering amending its data protection legislation. If UK data protection changes significantly from EU norms, new data flow barriers could emerge, creating costs and complexity for companies. Other countries such as Russia, China, and India have also passed or are considering passing laws imposing varying degrees of restrictive data residency requirements. Regulatory developments in the United States present additional risks. For example, the California Consumer Privacy Act (“CCPA”) took effect on January 1, 2020, and the California Privacy Rights Act (“CPRA”), which expands upon the CCPA, was passed in November 2020 and comes into effect on January 1, 2023, with a “lookback” period to January 1, 2022. The CCPA and CPRA give California consumers certain rights similar to those provided by the GDPR, and also provide for statutory damages or fines on a per violation basis that could be very large depending on the severity of the violation. Other states have enacted, or are considering, privacy laws as well. Furthermore, the U.S. Congress is considering numerous privacy bills, and the U.S. Federal Trade Commission continues to fine companies for unfair or deceptive data protection practices and may undertake its own privacy rulemaking exercise. In addition to government activity, privacy advocacy and other industry groups have established or may establish various new, additional, or different self-regulatory standards that customers may require us to adhere to and which may place additional burdens on us. Increasing sensitivity of individuals to unauthorized processing of personal data, whether real or perceived, and an increasingly uncertain trust climate may create a negative public reaction to technologies, products and services such as ours.
Taken together, the costs of compliance with and other obligations imposed by data protection laws and regulations may require modification of our services, limit use and adoption of our services, reduce overall demand for our services, lead to significant fines, penalties, or liabilities for noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business. The perception of privacy concerns, whether or not valid, may inhibit the adoption, effectiveness, or use of our applications. Compliance with applicable laws and regulations regarding personal data may require changes in services, business practices, or internal systems that result in increased costs, lower revenue, reduced efficiency, or greater difficulty competing with foreign-based firms which could adversely affect our business and operating results.
Any failure to protect our intellectual property rights domestically and internationally could impair our ability to protect our proprietary technology and our brand.
Our success and ability to compete depend in part upon our intellectual property. We rely on patent, copyright, trade secret and trademark laws, trade secret protection, and confidentiality or license agreements with our employees, customers, suppliers, partners, and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may be inadequate. We have patent applications pending in the United States and throughout the world, but we may be unable to obtain patent protection for the technology covered in our patent applications. In addition, any patents issued to us in the future may not provide us with competitive advantages or may be successfully challenged by third parties. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties, including those affiliated with state-sponsored actors, to copy or reverse engineer our applications, including with the assistance of insiders, and use information that we regard as proprietary to create products and services that compete with ours. Some license provisions protecting against unauthorized use, copying, transfer, and disclosure of our technology may be unenforceable under the laws of jurisdictions outside the United States. In addition, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States.
We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances. No assurance can be given that these agreements will be effective in controlling access to and distribution of our applications and proprietary information. Further, these agreements do not prevent our competitors or partners from independently developing technologies that are substantially equivalent or superior to our applications.
We may be required to spend significant resources to monitor and protect our intellectual property rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our failure to secure, protect, and enforce our intellectual property rights could have a serious adverse effect on our brand and business.
We may be sued by third parties for alleged infringement of their proprietary rights.
There is considerable patent and other intellectual property development activity in our industry. Our competitors, as well as a number of other entities and individuals, may own or claim to own intellectual property relating to our industry. From time to time, third parties may claim that our applications and underlying technology infringe or violate their intellectual property rights, even if we are unaware of the intellectual property rights that others may claim cover some or all of our technology or services, and we may be found to be infringing such rights. Any claims or litigation could cause us to incur significant expenses and, if successfully asserted against us, could require that we pay substantial damages or ongoing royalty payments, prevent us from offering our services, require us to change our products, technology, or business practices, or require that we comply with other unfavorable terms. We may also be obligated to indemnify our customers or business partners or pay substantial settlement costs, including royalty payments, in connection with any such claim or litigation and to obtain licenses, modify applications, or refund fees, which could be costly. In addition, we may be sued by third parties who seek to target us for actions taken by our customers, including through the use or misuse of our products. Even if we were to prevail in an intellectual property dispute, any litigation regarding our intellectual property could be costly and time-consuming and divert the attention of our management and key personnel from our business operations. Furthermore, from time to time we may introduce or acquire new products, including in areas where we historically have not competed, which could increase our exposure to patent and other intellectual property claims.
Some of our applications utilize open source software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.
Some of our applications include software covered by open source licenses, which may include, by way of example, GNU General Public License and the Apache License. The terms of various open source licenses have not been interpreted by United States courts, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market our applications. We attempt to avoid adverse licensing conditions in our use of open source software in our products and services. However, there can be no assurance that our efforts have been or will be successful. By the terms of certain open source licenses, we could be required to release the source code of our proprietary software, and to make our proprietary software available under open source licenses, if we combine our proprietary software with open source software in a certain manner. In the event that portions of our proprietary software are determined to be impacted by an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our technologies, or otherwise be limited in the licensing of our technologies, each of which could reduce or eliminate the value of our technologies and services. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of the software. Many of the risks associated with usage of open source software cannot be eliminated and could negatively affect our business.
Risks Related to Legal and Regulatory Matters
Unfavorable laws, regulations, interpretive positions or standards governing new and evolving technologies that we incorporate into our products and services could result in significant cost and compliance challenges and adversely affect our business and operating results.
Some of our products and services, such as Workday’s People Experience and Talent Optimization product suites, currently utilize or will utilize new and evolving technologies such as machine learning, AI, and blockchain. While existing laws and regulations may apply to these types of technologies, the overall regulatory environment governing these types of technologies is still currently undeveloped and likely to evolve as government interest in these technologies increases. Regulation of these technologies, as well as other technologies that we utilize in our products and services, also varies greatly among international, federal, state, and local jurisdictions and is subject to significant uncertainty. Governments and agencies domestic and abroad may in the future change or amend existing laws, or adopt new laws, regulations, or guidance, or take other actions which may severely impact the permitted uses of our technologies. Any failure by us to comply with applicable laws, regulations, guidance, or other rules could result in costly litigation, penalties, or fines. In addition, these regulations and any related enforcement actions could establish and further expand our obligations to customers, individuals, and other third parties with respect to our products and services, limit the countries in which such products and services may be used, restrict the way we structure and operate our business, require us to divert development and other resources, and reduce the types of customers and individuals who can use our products and services. Furthermore, our customers may operate in foreign jurisdictions, including countries in which we don't operate, and may be subject to additional laws and regulations outside the scope of our products. Increased regulation and oversight of products or services which utilize or rely on these technologies may result in costly compliance burdens or otherwise increase our operating costs, detrimentally affecting our business. These new technologies could subject us to additional litigation brought by private parties, which could be costly, time-consuming, and distracting to management and could result in substantial expenses and losses.
We are subject to risks related to government contracts and related procurement regulations, which may adversely impact our business and operating results.
Our contracts with federal, state, local, and foreign government entities are subject to various procurement regulations and other requirements relating to their formation, administration, performance, and termination, which could adversely impact our business and operating results. Government certification requirements applicable to our platform, including FedRAMP, may change and, in doing so, restrict our ability to sell into the governmental sector until we have attained the full or revised certification. These laws and regulations provide public sector customers various rights, many of which are not typically found in commercial contracts. For instance, these regulations may require the certification and disclosure of cost and pricing data and other sensitive information in connection with contract negotiations under certain contract types. Any public disclosure of such information may adversely impact our competitive position and our operating results.
Additionally, we have obtained authorization under FedRAMP, which allows us to enter into the U.S. federal government market. Such certification is subject to rigorous compliance and if we lose our certification, it could inhibit or preclude our ability to contract with certain U.S. federal government customers. In addition, some customers may rely on our authorization under FedRAMP to help satisfy their own legal and regulatory compliance requirements and our failure to maintain FedRAMP authorization would result in a breach under public sector contracts obtained on the basis of such authorization. This could subject us to liability, result in reputational harm, and adversely impact our results of operations and financial condition.
We may be subject to audits and investigations relating to our government contracts, and any violations could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, refunding or suspending of payments, forfeiture of profits, payment of fines, and suspension or debarment from future government business. In addition, such contracts may provide for delays, interruptions, or termination by the government at any time, without cause, which activities may adversely affect our business and operating results and impact other existing or prospective government contracts.
Adverse litigation results could have a material adverse impact on our business.
We are regularly involved with claims, suits, purported class or representative actions, and may be involved in regulatory and government investigations and other proceedings, involving competition, intellectual property, data security and privacy, bankruptcy, tax and related compliance, labor and employment, commercial disputes, and other matters. Such claims, suits, actions, regulatory and government investigations, and other proceedings can impose a significant burden on management and employees, could prevent us from offering one or more of our applications, services, or features to others, could require us to change our technology or business practices, or could result in monetary damages, fines, civil or criminal penalties, reputational harm, or other adverse consequences. Adverse outcomes in some or all of these claims may result in significant monetary damages or injunctive relief that could adversely affect our ability to conduct our business. The litigation and other claims are subject to inherent uncertainties and management’s view of these matters may change in the future. A material adverse impact in our condensed consolidated financial statements could occur for the period in which the effect of an unfavorable outcome becomes probable and reasonably estimable.
We may not be able to utilize a portion of our net operating loss or research tax credit carryforwards, which could adversely affect our profitability.
As of July 31, 2022, we had federal and state net operating loss carryforwards due to prior period losses. If not utilized, the pre-fiscal 2018 federal and the state net operating loss carryforwards expire in varying amounts between fiscal 2023 and 2043. The federal net operating losses generated in and after fiscal 2018 do not expire and may be carried forward indefinitely. We also have federal research tax credit carryforwards, which if not utilized will begin to expire in fiscal 2023. These net operating loss and research tax credit carryforwards could expire unused and be unavailable to reduce future income tax liabilities, which could adversely affect our profitability. In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, our ability to utilize net operating loss carryforwards or other tax attributes, such as research tax credits, in any taxable year may be limited if we experience an “ownership change.” A Section 382 “ownership change” generally occurs if one or more stockholders or groups of stockholders who own at least 5% of our stock increase their ownership by more than 50 percentage points over their lowest ownership percentage within a rolling three-year period. Similar rules may apply under state tax laws. It is possible that an ownership change, or any future ownership change, could have a material effect on the use of our net operating loss carryforwards or other tax attributes, which could adversely affect our profitability.
Unanticipated tax laws or any change in the application of existing tax laws to us or our customers, especially those limiting our ability to utilize our net operating loss and research tax credit carryforwards, may increase the costs of our services and adversely impact our profitability and business.
We operate and are subject to taxes in the United States and numerous other jurisdictions throughout the world. Changes to federal, state, local, or international tax laws on income, sales, use, indirect, or other tax laws, statutes, rules, regulations, or ordinances on multinational corporations are currently being considered by the United States and other countries where we do business. These contemplated legislative initiatives include, but are not limited to, changes to transfer pricing policies and definitional changes to permanent establishment that could be applied solely or disproportionately to services provided over the internet. These contemplated tax initiatives, if finalized and adopted by countries, may ultimately impact our effective tax rate and could adversely affect our sales activity resulting in a negative impact on our operating results and cash flows.
In addition, existing tax laws, statutes, rules, regulations, or ordinances could be interpreted, changed, modified, or applied adversely to us (possibly with retroactive effect), which could require us to pay additional tax amounts, fines or penalties, and interest for past amounts. Existing tax laws, statutes, rules, regulations, or ordinances could also be interpreted, changed, modified, or applied adversely to our customers (possibly with retroactive effect), which could require our customers to pay additional tax amounts with respect to services we have provided, fines or penalties, and interest for past amounts. If we are unsuccessful in collecting such taxes from our customers, we could be held liable for such costs, thereby adversely impacting our operating results and cash flows. If our customers must pay additional fines or penalties, it could adversely affect demand for our services.
Risks Related to Financial Matters
Our historic revenue growth rates should not be viewed as indicative of our future performance.
Our revenue growth rates have declined and may decline again in the future as the size of our customer base and market penetration increases. In addition, our future rate of growth is subject to a number of uncertainties, including general economic and market conditions, including those caused by the ongoing COVID-19 pandemic, as well as risks associated with growing companies in rapidly changing industries. Other factors may also contribute to declines in our growth rates, including slowing demand for our services, increasing competition, a decrease in the growth of our overall market, our failure to continue to capitalize on growth opportunities, and the maturation of our business, some of which may be magnified by the COVID-19 pandemic. As our growth rates decline, investors’ perceptions of our business and the trading price of our securities could be adversely affected.
Additionally, our ability to accurately forecast our future rate of growth is limited. It is difficult to predict customer and other user adoption rates and demand for our applications, the future growth rate and size of the cloud computing market for our services, or the entry of competitive applications. Moreover, it has been, and due to recent macroeconomic events, we expect it will continue to be even more difficult for us to forecast our operating results. We plan our expense levels and investments on estimates of future revenues and anticipated rates of growth. If our growth does not meet estimates, we may not be able to adjust our spending quickly enough to avoid an adverse impact on our financial results as a consequence of spending that is not aligned with our actual performance.
Moreover, we have encountered and will encounter risks and uncertainties frequently experienced by growing companies in rapidly changing industries, including the risks and uncertainties described herein. If our assumptions regarding these risks and uncertainties (which we use to plan our business) are incorrect or change due to changes in our markets, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations and our business could suffer.
Because we encounter long sales cycles when selling to large customers and we recognize subscription services revenues over the term of the contract, downturns or upturns in new sales will not be immediately reflected in our operating results and may be difficult to discern.
We generally recognize subscription services revenues over time as services are delivered to the customer, which typically occurs over a period of three years or longer. As a result, most of the subscription services revenues we report in each quarter are derived from the recognition of unearned revenue relating to subscriptions entered into during previous quarters. Consequently, a decline in new or renewed subscription contracts in any single quarter will likely have a minor impact on our revenue results for that quarter. However, such a decline will negatively affect our revenues in future quarters. Additionally, because much of our sales efforts are targeted at large enterprise customers, our sales cycles involve greater costs, longer sales cycles, the provision of greater levels of education regarding the use and benefits of our applications, less predictability in completing some of our sales, and varying deployment timeframes based on many factors including the number, type, and configuration of applications being deployed, the complexity, scale, and geographic dispersion of the customers’ business and operations, the number of integrations with other systems, and other factors, many of which are beyond our control.
Our typical sales cycles are six to twelve months but can extend for eighteen months or more, including as a result of recent macroeconomic events, and we expect that this lengthy sales cycle may continue or expand as customers increasingly adopt our applications beyond human capital management. Longer sales cycles could cause our operating and financial results to suffer in a given period. Accordingly, the effect of significant downturns in sales and market acceptance of our applications, as well as potential changes in our pricing policies or rate of renewals, may not be fully reflected in our operating results until future periods. Additionally, we may be unable to adjust our cost structure to reflect any such changes in revenues. In addition, a majority of our costs are expensed as incurred, while revenues are recognized over the life of the customer agreement. As a result, increased growth in the number of our customers could result in our recognition of more costs than revenues in the earlier periods of the terms of our agreements. Our subscription model also makes it difficult for us to rapidly increase our revenues through additional sales in any period, as subscription services revenues from new customers generally are recognized over the applicable subscription term. Furthermore, our subscription-based model is largely based on the size of our customers’ employee headcount. Therefore, the addition or loss of employees by our customers, including any significant reductions in force by our customers, or customer insolvencies resulting from severe economic hardship, could have an impact on our subscription services revenues in any given period. Although we have downside protection in our customer agreements in the form of base minimums, should there be any prolonged decrease in our customers’ headcounts, we could experience reduced subscription services revenues upon renewal or potentially outside of the renewal period, which could materially impact our business and operating results in any given period.
We have a history of cumulative losses, and we may not achieve or sustain profitability on a GAAP basis in the future.
Until recently, we had incurred significant net losses on a GAAP basis in each period since our inception in 2005 and our quarterly operating results may fluctuate in the future. We expect our operating expenses to increase in the future due to substantial investments we have made and continue to make to acquire new customers and develop our applications, anticipated increases in sales and marketing expenses, employee headcount growth expenses, product development expenses, operations costs, and general and administrative costs, and therefore we expect we may incur losses on a GAAP basis in the future. Furthermore, to the extent we are successful in increasing our customer base, we also expect to incur increased net losses in the acquisition period because costs associated with acquiring customers are generally incurred up front, while subscription services revenues are generally recognized ratably over the terms of the agreements, which are typically three years or longer. You should not consider any prior period GAAP-profitability and growth in revenues as indicative of our future performance. We cannot ensure that we will achieve GAAP profitability in the future or that, if we become GAAP-profitable in a certain period, we will sustain such profitability.
We have substantial indebtedness which may adversely affect our financial condition and operating results.
In September 2017, we completed an offering of $1.15 billion of our 0.25% Convertible Senior Notes due October 1, 2022. In April 2022, we issued $3.0 billion aggregate principal amount of senior notes, consisting of $1.0 billion aggregate principal amount of 3.500% notes due April 1, 2027, $750 million aggregate principal amount of 3.700% notes due April 1, 2029, and $1.25 billion aggregate principal amount of 3.800% notes due April 1, 2032. Additionally, in April 2022, we entered into our 2022 Credit Agreement which provides for a revolving credit facility in an aggregate principal amount of $1.0 billion.
We may incur substantial additional debt in the future, some of which may be secured debt. There can be no assurance that we will be able to repay this indebtedness when due, or that we will be able to refinance this indebtedness on acceptable terms or at all. Our ability to pay cash upon conversion or repurchase of the 2022 Notes may be limited by law, regulatory authority, or agreements governing our future indebtedness and is dependent on our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. Any future debt may also contain limitations on our ability to pay cash upon a conversion request or repurchase upon a fundamental change.
In addition, our indebtedness could, among other things:
•make it difficult for us to pay other obligations;
•make it difficult to obtain favorable terms for any necessary future financing for working capital, capital expenditures, debt service requirements, or other purposes;
•adversely affect our liquidity and result in a material adverse effect on our financial position upon repayment of the indebtedness;
•require us to dedicate a substantial portion of our cash flow from operations to service and repay the indebtedness, reducing the amount of cash flow available for other purposes;
•limit our flexibility in planning for and reacting to changes in our business; and
•negatively impact our credit rating, which could limit our ability to obtain additional financing in the future and adversely affect our business.
Our 2022 Notes, Senior Notes, and 2022 Credit Agreement also impose restrictions on us and require us to maintain compliance with specified covenants. For example, our 2022 Credit Agreement includes a financial covenant that requires us to maintain a specific leverage ratio. Our ability to comply with these covenants may be affected by events beyond our control. If we breach any of the covenants and do not obtain a waiver from the lenders, then, subject to applicable cure periods, any outstanding indebtedness may be declared immediately due and payable. Any required repayment of our debt as a result of a fundamental change or other acceleration would lower our current cash on hand such that we would not have those funds available for use in our business.
Our convertible note hedge and warrant transactions may affect the value of our Class A common stock.
In connection with the sale of our convertible notes, we entered into convertible note hedge transactions with institutions that we refer to as the option counterparties. We also entered into warrant transactions with the option counterparties pursuant to which we sold warrants for the purchase of our Class A common stock. The convertible note hedge transactions are expected to offset the potential dilution to our Class A common stock upon any conversion of the convertible notes. The warrant transactions could separately have a dilutive effect to the extent that the market price per share of our Class A common stock exceeds the exercise price of the relevant warrants.
The option counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our Class A common stock and/or purchasing or selling our Class A common stock or other securities of ours in secondary market transactions prior to the maturity of the convertible notes. This activity could suppress or inflate the market price of our Class A common stock.
We will also be subject to the risk that these option counterparties may default under the convertible note hedge transactions. Our exposure to the credit risk of the option counterparties will not be secured by any collateral. If one or more of the option counterparties to one or more of our convertible note hedge transactions becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at the time under those transactions. Our exposure will depend on many factors but, generally, the increase in our exposure will be correlated to the increase in the market price of our Class A common stock during the related settlement period. In addition, upon a default by one of the option counterparties, we may suffer dilution with respect to our Class A common stock as well as adverse financial consequences.
We are subject to risks associated with our equity investments, including partial or complete loss of invested capital, and significant changes in the fair value of this portfolio could adversely impact our financial results.
We invest in early to late stage companies for strategic reasons and to support key business initiatives, and we may not realize a return on our equity investments. Many such companies generate net losses and the market for their products, services, or technologies may be slow to develop or never materialize. These companies are often dependent on the availability of later rounds of financing from banks or investors on favorable terms to continue their operations. The financial success of our investment in any company is typically dependent on a liquidity event, such as a public offering, acquisition, or other favorable market event reflecting appreciation to the cost of our initial investment. The capital markets for public offerings and acquisitions are dynamic and the likelihood of liquidity events for the companies we have invested in could deteriorate, which could result in a loss of all or a substantial part of our investment in these companies.
Further, valuations of non-marketable equity investments are inherently complex due to the lack of readily available market data. In addition, we may experience additional volatility to our results of operations due to changes in market prices of our marketable equity investments and the valuation and timing of observable price changes or impairments of our non-marketable equity investments. This volatility could be material to our results in any given quarter and may cause our stock price to decline. In addition, our ability to mitigate this volatility and realize gains on investments may be impacted by our contractual obligations to hold securities for a set period of time. For example, to the extent a company we have invested in undergoes an IPO, we may be subject to a lock-up agreement that restricts our ability to sell our securities for a period of time after the public offering or otherwise impedes our ability to mitigate market volatility in such securities.
Risks Related to Ownership of Our Class A Common Stock
Our Co-Founders have control over key decision making as a result of their control of a majority of our voting stock.
As of July 31, 2022, our Co-Founder and CEO Emeritus David Duffield, together with his affiliates, held voting rights with respect to approximately 46 million shares of Class B common stock and 0.3 million shares of Class A common stock. As of July 31, 2022, our Co-Founder, Co-CEO, and Chairman Aneel Bhusri, together with his affiliates, held voting rights with respect to approximately 8 million shares of Class B common stock and 0.3 million shares of Class A common stock. In addition, Mr. Bhusri holds 0.1 million RSUs, which will be settled in an equivalent number of shares of Class A common stock. Further, Messrs. Duffield and Bhusri have entered into a voting agreement under which each has granted a voting proxy with respect to certain Class B common stock beneficially owned by him effective upon his death or incapacity as described in our registration statement on Form S-1 filed in connection with our IPO. Messrs. Duffield and Bhusri have each initially designated the other as their respective proxies. Accordingly, upon the death or incapacity of either Mr. Duffield or Mr. Bhusri, the other would individually continue to control the voting of shares subject to the voting proxy. Collectively, the shares described above represent a substantial majority of the voting power of our outstanding capital stock. As a result, Messrs. Duffield and Bhusri have the ability to control the outcome of matters submitted to our stockholders for approval, including the election of directors and any merger, consolidation, or sale of all or substantially all of our assets. As stockholders, even as controlling stockholders, they are entitled to vote their shares in their own interests, which may not always be in the interests of our stockholders generally.
In addition, Mr. Bhusri has the ability to control the management and affairs of our company as a result of his position as a member of our board of directors and an officer of Workday. Mr. Bhusri, in his capacity as a board member and officer, owes a fiduciary duty to our stockholders and must act in good faith in a manner he reasonably believes to be in the best interests of our stockholders.
The dual class structure of our common stock has the effect of concentrating voting control with our Co-Founders, as well as with other executive officers, directors, and affiliates, which limits or precludes the ability of non-affiliates to influence corporate matters.
Our Class B common stock has 10 votes per share and our Class A common stock, which is the stock that is publicly traded, has one vote per share. Stockholders who hold shares of Class B common stock, including our executive officers, directors, and other affiliates, together hold a substantial majority of the voting power of our outstanding capital stock as of July 31, 2022. Because of the ten-to-one voting ratio between our Class B and Class A common stock, the holders of our Class B common stock collectively will continue to control a majority of the combined voting power of our common stock and therefore be able to control all matters submitted to our stockholders for approval until the conversion of all shares of all Class A and Class B shares to a single class of common stock on the date that is the first to occur of (i) October 17, 2032, (ii) such time as the shares of Class B common stock represent less than 9% of the outstanding Class A and Class B common stock, (iii) nine months following the death of both Mr. Duffield and Mr. Bhusri, or (iv) the date on which the holders of a majority of the shares of Class B common stock elect to convert all shares of Class A common stock and Class B common stock into a single class of common stock. This concentrated control will limit or preclude the ability of non-affiliates to influence corporate matters for the foreseeable future.
Future transfers by holders of Class B common stock will generally result in those shares converting to Class A common stock, subject to limited exceptions, such as certain transfers effected for estate planning purposes. The conversion of Class B common stock to Class A common stock will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term. If, for example, Mr. Duffield and Mr. Bhusri retain a significant portion of their holdings of Class B common stock for an extended period of time, they could, in the future, continue to control a majority of the combined voting power of our Class A common stock and Class B common stock.
Our stock price has been volatile in the past and may be subject to volatility in the future.
The trading price of our Class A common stock has historically been volatile and could be subject to wide fluctuations in response to various factors such as those described below. These factors, as well as the volatility of our Class A common stock, could also impact the price of our convertible senior notes. Further, the trading price of our Class A common stock has fluctuated significantly and may continue to fluctuate as a result of the COVID-19 pandemic, other macroeconomic factors, and associated economic downturn. Additional risk factors that may affect the trading price of our securities, some of which are beyond our control and further magnified by the ongoing COVID-19 pandemic and other macroeconomic factors, include:
•overall performance of the equity markets;
•fluctuations in the valuation of companies perceived by investors to be comparable to us, such as high-growth or cloud companies, or in valuation metrics, such as our price to revenues ratio;
•guidance, as well as our ability to give guidance, as to our operating results and other financial metrics that we provide to the public, differences between our guidance and market expectations, our failure to meet our guidance, any withdrawal of previous guidance or changes from our historical guidance;
•the research and reports that securities or industry analysts publish about us or our business, and whether analysts who cover us downgrade our Class A common stock or publish unfavorable or inaccurate research about our business;
•variations in, and limitations of, the various financial and other metrics and modeling used by analysts in their research and reports about our business;
•announcements of technological innovations, new applications or enhancements to services, acquisitions, strategic alliances, or significant agreements by us or by our competitors;
•announcements of negative corporate developments by us or by our competitors and other high-growth or cloud companies including, among other things, any announcements related to security incidents;
•disruptions in our services due to computer hardware, software, or network problems;
•announcements of customer additions and customer cancellations or delays in customer purchases;
•recruitment or departure of key personnel;
•the economy as a whole, political and regulatory uncertainty, and market conditions in our industry and the industries of our customers;
•trading activity by directors, executive officers, and significant stockholders, or the perception in the market that the holders of a large number of shares intend to sell their shares;
•the size of our market float and significant stock option exercises;
•any future issuances of our securities;
•environmental, social, governance, ethical, and other issues impacting our brand;
•sales and purchases of any Class A common stock issued upon conversion of our convertible senior notes or in connection with the convertible note hedge and warrant transactions related to such convertible senior notes;
•our operating performance and the performance of other similar companies; and
•the sale or availability for sale of a large number of shares of our Class A common stock in the public market.
Additionally, the stock markets have at times experienced extreme price and volume fluctuations that have affected and may in the future affect the market prices of equity securities of many companies. These fluctuations have, in some cases, been unrelated or disproportionate to the operating performance of these companies. Further, the trading prices of publicly traded shares of companies in our industry have been particularly volatile and may be very volatile in the future.
In the past, some companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management’s attention from other business concerns, which could harm our business.
Delaware law and provisions in our restated certificate of incorporation and amended and restated bylaws could make a merger, tender offer, or proxy contest difficult, thereby depressing the market price of our Class A common stock.
Our status as a Delaware corporation and the anti-takeover provisions of the Delaware General Corporation Law (“DGCL”) may discourage, delay, or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the person becomes an interested stockholder, even if a change of control would be beneficial to our existing stockholders. In addition, our restated certificate of incorporation and amended and restated bylaws contain provisions that may make the acquisition of Workday more difficult, including the following:
•any transaction that would result in a change in control of our company requires the approval of a majority of our outstanding Class B common stock voting as a separate class;
•our dual class common stock structure, which provides our Co-Founders with the ability to control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the shares of our outstanding Class A and Class B common stock;
•our Board of Directors is classified into three classes of directors with staggered three-year terms and directors are only able to be removed from office for cause;
•when the outstanding shares of our Class B common stock represent less than a majority of the combined voting power of common stock:
◦certain amendments to our restated certificate of incorporation or amended and restated bylaws will require the approval of two-thirds of the combined vote of our then-outstanding shares of Class A and Class B common stock;
◦our stockholders will only be able to take action at a meeting of stockholders and not by written consent; and
◦vacancies on our Board of Directors will be able to be filled only by our Board of Directors and not by stockholders;
•only our chairman of the board, co-chief executive officers, co-presidents, or a majority of our Board of Directors are authorized to call a special meeting of stockholders;
•certain litigation against us can only be brought in Delaware;
•we will have two classes of common stock until the date that is the first to occur of (i) October 17, 2032, (ii) such time as the shares of Class B common stock represent less than 9% of the outstanding Class A and Class B common stock, (iii) nine months following the death of both Mr. Duffield and Mr. Bhusri, or (iv) the date on which the holders of a majority of the shares of Class B common stock elect to convert all shares of Class A common stock and Class B common stock into a single class of common stock;
•our restated certificate of incorporation authorizes undesignated preferred stock, the terms of which may be established, and shares of which may be issued, without the approval of the holders of Class A common stock; and
•advance notice procedures apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders.
In addition, Section 203 of the DGCL imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock, which may discourage, delay, or prevent a change in control of our company.
Furthermore, the fundamental change provisions of our 2022 Notes or change in control repurchase event provisions of our Senior Notes may delay or prevent a change in control of our company, because those provisions allow note holders to require us to repurchase such notes upon the occurrence of a fundamental change or change in control repurchase event.
These anti-takeover defenses could discourage, delay, or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and to cause us to take other corporate actions they desire, any of which, under certain circumstances, could depress the market price of our securities.
The exclusive forum provision in our organizational documents may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, or other employees, which may discourage lawsuits with respect to such claims.
Our restated certificate of incorporation, to the fullest extent permitted by law, provides that the Court of Chancery of the State of Delaware is the exclusive forum for: any derivative action or proceeding brought on our behalf; any action asserting a breach of fiduciary duty; any action asserting a claim against us arising pursuant to the DGCL, our restated certificate of incorporation, or our amended and restated bylaws; or any action asserting a claim against us that is governed by the internal affairs doctrine. There is uncertainty as to whether a court would enforce this exclusive forum provision with respect to claims under the Securities Act. If a court were to find the choice of forum provisions contained in our restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, financial condition, and operating results.
Our bylaws include a provision providing that the federal district courts of the United States of America will, to the fullest extent permitted by law, be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act (“Federal Forum Provision”). Our decision to adopt a Federal Forum Provision followed a decision by the Supreme Court of the State of Delaware holding that such provisions are facially valid under Delaware law. While there can be no assurance that federal or state courts will follow the holding of the Delaware Supreme Court or determine that the Federal Forum Provision should be enforced in a particular case, application of the Federal Forum Provision means that suits brought by our stockholders to enforce any duty or liability created by the Securities Act must be brought in federal court and cannot be brought in state court.
In addition, neither the exclusive forum provision in our restated certificate of incorporation nor the Federal Forum Provision applies to suits brought to enforce any duty or liability created by the Exchange Act. Accordingly, actions by our stockholders to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder must be brought in federal court, and our stockholders will not be deemed to have waived our compliance with the federal securities laws and the regulations promulgated thereunder.
Any person or entity purchasing or otherwise acquiring or holding any interest in any of our securities shall be deemed to have notice of and consented to our exclusive forum provisions, including the Federal Forum Provision. These provisions may limit a stockholders’ ability to bring a claim in a judicial forum of their choosing for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other employees.
We do not intend to pay dividends for the foreseeable future.
We have never declared nor paid cash dividends on our capital stock. We currently intend to retain any future earnings to finance the operation and expansion of our business, and we do not expect to declare or pay any dividends in the foreseeable future. Consequently, stockholders must rely on sales of their common stock after price appreciation as the only way to realize any future gains on their investment.
General Risk Factors
Adverse economic conditions may negatively impact our business.
Our business depends on the overall demand for enterprise software and on the economic health of our current and prospective customers. Any significant weakening of the economy in the United States or abroad, limited availability of credit, reduction in business confidence and activity, decreased government spending, or economic uncertainty, all of which are being impacted by the ongoing COVID-19 pandemic, the Russia-Ukraine conflict, and other macroeconomic factors, may continue to affect one or more of the sectors or countries in which we sell our applications. These economic conditions can arise suddenly and the full impact of such conditions can be difficult to predict. In addition, geopolitical and domestic political developments, such as existing and potential trade wars and other events beyond our control, can increase levels of political and economic unpredictability globally and increase the volatility of global financial markets. Alternatively, a strong dollar could reduce demand for our applications and services in countries with relatively weaker currencies.
The impact of Brexit on EU-UK political, trade, economic and diplomatic relations continues to be uncertain and such impact may not be fully realized for several years or more. Continued uncertainty and friction may result in regulatory, operational, and cost challenges to our UK and global operations.
These adverse conditions could continue to result in reductions in sales of our applications, longer sales cycles, reductions in subscription duration and value, customer bankruptcies, slower adoption of new technologies, and increased price competition. Any of these events would likely have an adverse effect on our business, operating results, and financial position.
Catastrophic or climate-related events may disrupt our business.
Our corporate headquarters are located in Pleasanton, California, and we have data centers located in the United States, Canada, and Europe. The west coast of the United States contains active earthquake zones and the southeast is subject to seasonal hurricanes or other extreme weather conditions. Additionally, we rely on internal technology systems, our website, our network, and third-party infrastructure and enterprise applications, which are located in a wide variety of regions, for our development, marketing, operational support, hosted services, and sales activities. In the event of a major earthquake, hurricane, or other natural disaster, or a catastrophic event such as fire, power loss, telecommunications failure, vandalism, civil unrest, cyber-attack, geopolitical instability (including the Russia-Ukraine conflict), war, terrorist attack, insurrection, pandemics or other public health emergencies (including the ongoing COVID-19 pandemic), or the effects of climate change (such as drought, flooding, heat waves, wildfires, increased storm severity, and sea level rise), we may be unable to continue our operations and have, and may in the future, endure system interruptions, and may experience delays in our product development, lengthy interruptions in our services, breaches of data security, and loss of critical data, all of which could cause reputational harm or otherwise have an adverse effect on our business and operating results. In addition, the impacts of climate change on the global economy and our industry are rapidly evolving. We may be subject to increased regulations, reporting requirements, standards, or expectations regarding the environmental impacts of our business.
We may discover weaknesses in our internal controls over financial reporting, which may adversely affect investor confidence in the accuracy and completeness of our financial reports and consequently the market price of our securities.
As a public company, we are required to design and maintain proper and effective internal controls over financial reporting and to report any material weaknesses in such internal controls. Section 404 of the Sarbanes-Oxley Act of 2002 requires that we evaluate and determine the effectiveness of our internal controls over financial reporting and provide a management report on the internal controls over financial reporting, which must be attested to by our independent registered public accounting firm. If we have a material weakness in our internal controls over financial reporting, we may not detect errors on a timely basis and our financial statements may be materially misstated.
The process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404 is challenging and costly. In the future, we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion. If we identify material weaknesses in our internal controls over financial reporting, if we are unable to comply with the requirements of Section 404 in a timely manner, if we are unable to assert that our internal controls over financial reporting are effective, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal controls over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our securities could be negatively affected, and we could become subject to investigations by the Financial Industry Regulatory Authority, the SEC, or other regulatory authorities, which could require additional financial and management resources. In addition, because we use Workday’s financial management application, any problems that we experience with financial reporting and compliance could be negatively perceived by prospective or current customers, and negatively impact demand for our applications.