AKAO 2017 Annual Report

57 these materials and/or interrupt our business operations. In addition, if an accident or environmental discharge occurs, or if we discover contamination caused by prior operations, including by prior owners and operators of properties we acquire, we could be liable for cleanup obligations, damages and fines. If such unexpected costs are substantial, this could significantly harm our financial condition and results of operations. Risks associated with a company-wide implementation and management of crucial IT systems may adversely affect our business and results of operations or the effectiveness of our control environment. We have implemented and are implementing company-wide systems to handle the business and financial processes within our operations and corporate functions. These systems include, for example, Enterprise Resource Planning (“ERP”) and Human Resource Information Systems (“HRIS”). Implementations are complex and time- consuming projects that involve substantial expenditures on system software and implementation activities. These implementations also require transformation of business and financial processes in order to reap the benefits of them. Our business and results of operations may be adversely affected if we experience operating problems or cost overruns during the implementation process, or if the systems and the associated process changes do not give rise to the benefits that we expect. If we do not effectively implement, maintain or integrate the ERP and HRIS systems as planned or if the systems do not operate as intended, it may adversely affect our ability to manage and run our business operations, file reports with the SEC in a timely manner, and/or otherwise affect our controls environment. Any of these consequences could have an adverse effect on our results of operations and financial condition. Our internal computer systems, or those of our CROs or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our business operations. Despite the implementation of security measures, our internal computer systems and those of our CROs and other contractors and consultants are vulnerable to damage or disruption from computer viruses, software bugs, unauthorized access, natural disasters, terrorism, war, and telecommunication, equipment and electrical failures. While we have not, to our knowledge, experienced any significant system failure, accident or security breach to date, if such an event were to occur and cause interruptions in our operations, it could result in a material disruption of our programs. For example, the loss of clinical trial data from completed or ongoing clinical trials for any of our product candidates could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data. To the extent that any disruption or security breach results in a loss of or damage to our data or applications, or inappropriate disclosure or theft of confidential or proprietary information, we could incur liability, or adversely affect our business operations and/or financial condition. We rely significantly on information technology and services that utilize the cloud computing environment and any failure, inadequacy, interruption or security lapse of that technology, including any cybersecurity incidents, could harm our ability to operate our business effectively. We rely significantly on our information technology to effectively manage and maintain our clinical records, internal infrastructure systems and internal reports. Any failure, inadequacy or interruption of that infrastructure or security lapse of that technology, including cybersecurity incidents, could harm our ability to operate our business effectively. Cybersecurity attacks in particular are evolving and include, but are not limited to, malicious software, attempts to gain unauthorized access to data and other electronic security breaches that could lead to disruptions in systems, misappropriation of our confidential or otherwise protected information and corruption of data. A breach in security, unauthorized access resulting in misappropriation, theft, or sabotage with respect to our proprietary and confidential information, including research or clinical data, could require significant capital investments to remediate and could adversely affect our business, financial condition and results of operations. Our employees, independent contractors, principal investigators, CROs, consultants and vendors may engage in misconduct or other improper activities, including noncompliance with regulatory standards and requirements. We are exposed to the risk that our employees, independent contractors, principal investigators, CROs, consultants and vendors may engage in fraudulent or other illegal activity. Misconduct by these parties could include intentional, reckless and/or negligent conduct or disclosure of unauthorized activities to us that violates: (1) FDA regulations, including those laws requiring the reporting of true, complete and accurate information to the FDA; (2) manufacturing standards; (3) federal and state healthcare fraud and abuse laws and regulations; or (4) laws that require the true, complete and accurate reporting of financial information or data. Specifically, sales, marketing and business arrangements in the healthcare industry are subject to extensive laws and regulations intended to prevent