Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

Risk Factors - MMS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors
Our operations are subject to many risks that could adversely affect our future financial condition, results of operations, and cash flows, and, therefore, the market value of our securities. The risks described below highlight some of the factors that have affected and, in the future, could affect our operations. Additional risks we do not yet know of or that we currently think are immaterial may also affect our business operations. If any of the events or circumstances described in the following risks actually occurs, our business, financial condition, or results of operations could be materially adversely affected.
Risks Pertaining to the Performance of Our Business
If we fail to satisfy our contractual obligations or to meet performance standards, our contracts may be terminated, and we may incur significant costs or liabilities, including actual or liquidated damages and penalties, which could adversely impact our operating results, financial condition, cash flows, and our ability to compete for future contracts.
Our contracts may be terminated due to our failure to satisfy our contractual obligations or to meet performance standards and often require us to indemnify customers for their damages. In addition, some of our contracts contain substantial liquidated damages provisions and financial penalties related to performance failures. The policy coverage and limits in our errors and omissions insurance may not be adequate to provide protection against all potential liabilities. Although we have errors and omissions insurance, the policy coverage and limits may not be adequate to provide protection against all potential liabilities. Further, for certain contracts, we may post significant performance bonds or issue letters of credit to secure our performance, indemnification, and other obligations. If a claim is made against a performance bond or letter of credit, we may be required to reimburse the issuer for the amount of the claim. Consequently, we may incur significant costs or liabilities, including penalties, which could adversely impact our operating results, cash flows, financial condition, and our ability to compete for future contracts. Consequently, as a result of the above matters, we may incur significant costs or liabilities, including penalties, which could adversely impact our operating results, cash flows, financial condition, and our ability to compete for future contracts. We may also incur impairment costs on assets related to these contracts.
If we fail to accurately estimate the factors upon which we base our contract pricing, we may generate less profit than expected or incur losses on those contracts.
During fiscal year 2024, we derived approximately 55% of our revenue from performance-based contracts and 13% from fixed-price contracts.During fiscal year 2023, we derived approximately 49% of our revenue from performance-based contracts and 15% from fixed-price contracts. For performance-based contracts, we receive our fee on a per-transaction basis or upon meeting specified milestones. These contracts include workforce services contracts in which we receive a payment for performing an independent medical examination or placing a participant in sustained employment for a specified time period. These contracts include workforce services contracts in which we receive a payment based on a participant maintaining employment for a specified time period. For fixed-price contracts, we receive our fee based on services provided. Those services include operating a Medicaid enrollment center pursuant to specified standards, designing and implementing information systems or applications, or delivering a planning document under a consulting arrangement. Those services might include operating a Medicaid enrollment center pursuant to specified standards, designing and implementing information systems or applications, or delivering a planning document under a consulting arrangement. To earn a profit on these contracts, we must accurately estimate the likely volume of work that will occur, costs, and resource requirements involved, and assess the probability of completing individual transactions or milestones within the contracted time period. If our estimates prove to be inaccurate, we may not achieve the level of profit we expected, or we may incur a net loss on a contract.
Our growth initiatives could adversely affect our profitability.
We may encounter start-up challenges, new compliance requirements, unforeseen costs, and other risks as we enter new markets, including managing our ramp-up, recruiting and retaining appropriately experienced and qualified employees, managing customer expectations, and appropriately budgeting and pricing new work. If we are unable to manage the risks of operating in these new markets, our reputation and profitability could be adversely affected.
We may incur significant costs before receiving related contract payments, which could result in an increased use of cash and risk of impairment charges.
From time to time, when we are awarded a contract, we incur significant expenses before we receive any contract payments. These expenses include leasing and outfitting office space, purchasing office equipment, developing internal-use software, and hiring personnel. In other situations, contract terms provide for billing upon achievement of specified project milestones. In these situations, we are required to expend significant sums of money before receiving related contract payments. As a result, in these situations, we are required to expend significant sums of money before receiving related contract payments. In addition, payments due to us from government agencies may be delayed due to billing cycles or as a result of failures by the government to approve governmental budgets in a timely manner. In addition to these factors, poor execution on project start-ups could impact us by increasing our use of cash.
In certain circumstances, we may defer recognition of costs incurred at the inception of a contract. That deferral assumes we will be able to recover these costs over the life of the contract. To the extent that a project does not perform as anticipated, these deferred costs may not be considered recoverable, resulting in an impairment charge.
15

We may also make broad investments in resources, such as technology or personnel, to address new or adjacent markets. These investments may not be recovered if we are unsuccessful in our entrance into these markets.
We face competition from a variety of organizations, many of which have substantially greater financial resources than we do; we may be unable to compete successfully with these organizations.
We face competition from a number of different organizations depending upon the market and geographic location in which we are competing. Some of our most significant competitors are included in Item 1 of this Annual Report on Form 10-K.
Many of these companies are international in scope, larger than us, and have greater financial resources, name recognition, and larger technical staff. Substantial resources could enable certain competitors to initiate severe price cuts or take other measures in an effort to gain market share. In addition, we may be unable to compete for the limited number of large contracts because we may not be able to meet a Request For Proposal's (RFP) requirement to obtain and post a large performance bond. In some cases, competitors may choose to take greater risks or lower profit margins in order to enter a market or build market share. Also, in some geographic areas, we face competition from smaller firms with established reputations and political relationships. There can be no assurance that we will be able to compete successfully against our existing or any new competitors.
We use third parties to assist us in providing services to our customers, and these third parties may not perform as expected.
From time to time, we engage subcontractors, teaming partners, or other third parties to provide our customers with a single-source solution. We cannot guarantee that those parties will comply with the terms set forth in their agreements or remain financially sound. We may have disputes with our subcontractors, teaming partners, or other third parties arising from the quality and timeliness of their work, customer concerns about them, or other matters. Subcontractor or teaming partner performance deficiencies could result in a customer terminating our contract for default. We may be exposed to liability, and we and our clients may be adversely affected if a subcontractor or teaming partner fails to meet its contractual obligations.
Risks Pertaining to Data and Data Security
Our use of artificial intelligence (AI) involves risks such as potential liability, regulatory issues, competition, and reputational damage. AI technologies create specific risks that require tailored governance and use case specific review. Insufficient oversight could lead to legal liability, financial loss, and reputational harm.
We use artificial intelligence (AI) to sort, organize, analyze, and generate data for business purposes. AI encompasses machine learning, generative AI, and other standard techniques. The comprehensive lifecycle utilization of AI, whether implemented directly by us or in collaboration with third parties, will necessitate ongoing investment in governance and security resources to help ensure its responsible use of AI and to safeguard against potential risks and vulnerabilities.
The use of AI carries considerable risks, and we cannot guarantee the achievement of intended outcomes. As an evolving technology, AI may occasionally produce incomplete or misleading results. Despite training and risk management efforts, there is a possibility that employees might misuse AI, either intentionally or unintentionally. Additionally, given the nature of our citizen-facing services, we are vulnerable to potential adversarial attacks. Should our AI generate suboptimal or contentious outcomes, or if public perception of AI shifts negatively due to perceived risks, we may encounter operational challenges, competitive disadvantages, legal liabilities, reputational harm, or other business impacts.
AI-related legal and regulatory frameworks are evolving due to concerns about bias, discrimination, transparency, and security. The use of AI technologies involves issues associated with intellectual property, data privacy, consumer protection, competition, and equal opportunity, with potential for new regulations. AI is under review by U.S. Federal and State and international agencies, and the recent elections may influence the regulatory landscape in the United States. New or expanded AI laws could raise compliance costs and pose unpredictable risks, potentially affecting our operations and results.
Our systems and networks are and have been subject to cybersecurity breaches.
We are a trusted provider to government and other clients of critical health and human services that rely heavily upon technology systems, software, and networks to receive, input, maintain, and communicate participant and client data. The risk of a security breach, system disruption, ransom-ware attack, or similar cyber-attack or intrusion, including by computer hackers, cyber terrorists, or foreign governments, is persistent and substantial as the volume, intensity, and sophistication of attempted attacks, intrusions and threats from around the world increase daily. If our systems or networks are compromised, we could be adversely affected by losing confidential or protected information of program participants
16

and clients or by facing a demand for ransom to prevent disclosure of or to restore access to such information. The loss, theft, or improper disclosure of that information could subject us to sanctions under the relevant laws, breach of contract claims, contract termination, class action, or individual lawsuits from affected parties, negative press articles, reputational damage, and a loss of confidence from our government clients, all of which could adversely affect our existing business, future opportunities, and financial condition. Additionally, if our internal networks were compromised, we could suffer the loss of proprietary, trade secret, or confidential technical and financial data. That could make us less competitive in the marketplace and adversely affect our existing business, future opportunities, and financial condition.
We have experienced cybersecurity incidents in the past that were immaterial, and in the third quarter of fiscal year 2023, we experienced a material cybersecurity incident as the personal information of a significant number of individuals was accessed by an unauthorized third party by exploiting a zero-day vulnerability in a third-party vendor's file transfer application used by many organizations, including us. We have recorded expenses in connection with our investigation and remediation activities related to this incident; further details are included in "Note 15. Commitments and Contingencies" in Item 8 of this Annual Report on Form 10-K. We have recorded expenses in connection with the investigation and remediation activities related to this incident, but we are unable to predict other potential liabilities or consequences that may arise from this incident. We may continue to experience cybersecurity incidents in the future. There can be no guarantee that our preventative and remediation efforts will be sufficient to protect the company's information systems, information, and other assets from significant harm and that future cybersecurity incidents will not have a material adverse effect on the company or its results of operations or financial condition or cause reputational or other harm to the company. For more information regarding our cybersecurity risk management, see "Item 1C. Cybersecurity" of this Annual Report on Form 10-K.
Many of our projects handle protected health information or other forms of confidential personal information, the loss or disclosure of which has adversely affected, and in the future, could further adversely affect, our business, results of operations, and reputation.
As a provider of services under government health and human services programs, we often receive, maintain, and transmit protected health information or other types of confidential personal information. That information may be regulated by the Health Insurance Portability and Accountability Act (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), Internal Revenue Service regulations, the European Union General Data Protection Regulation (GDPR), or similar U.S. or foreign laws. The loss, theft, or improper use or disclosure of that information could subject us to sanctions under the relevant laws, breach of contract claims, class action or individual lawsuits from affected parties, negative press articles, and a loss of confidence from our government clients, all of which could adversely affect our existing business, future opportunities, and financial condition.
For instance, as a result of the cybersecurity incident described above, several class actions and lawsuits have been filed. The resolution of these matters may result in damages, costs, fines or penalties, which may adversely affect our existing business, future opportunities, and financial condition.
Risks Pertaining to Our Client Relationships
We obtain most of our business through competitive bidding in response to government RFPs. We may not be awarded contracts through this process at the same level in the future as in the past, and contracts we are awarded may not be profitable.
Substantially all of our customers are government agencies. To market our services to government customers, we are often required to respond to government RFPs, which may result in contract awards on a competitive basis. To do so effectively, we must accurately estimate our cost structure for providing the required services, the time required to establish operations, and likely terms of the proposals submitted by competitors. We must also assemble and submit a large volume of information within an RFP's rigid timetable. Our ability to respond successfully to RFPs will greatly impact our business. There is no assurance that we will continue to obtain contracts in response to government RFPs, and our proposals may not result in profitable contracts. In addition, competitors may protest contracts awarded to us through the RFP process that may cause the award to be delayed, overturned, or require the customer to reinitiate the RFP process.
Even where we are an incumbent, our ability to secure continued work or work at similar margins may be affected by competitive rebids or contract changes and cancellations. If we do not win certain recompetes, this may adversely affect our revenues and profitability, potentially resulting in impairment of goodwill and other intangible assets. Although it is difficult to track all the reasons for changes in our contracts, we believe that this contract erosion has typically affected approximately 7% to 10% of our business annually, with the erosion largely being replaced by new or expanded work elsewhere.

17

Our business could be adversely affected by future legislative or government budgetary and spending changes.
The market for our services depends largely on domestic and international legislative programs and the budgetary capability to support programs, including the continuance of existing programs. Many of our contracts are not fully funded at inception and rely upon future appropriations of funds. Accordingly, a failure to receive additional anticipated funding may result in early termination of a contract. In addition, many of our contracts include clauses that allow clients to unilaterally modify or terminate contracts with little or no recompense.
Changes in state or federal government initiatives or in the level of government spending due to budgetary or deficit considerations may have a significant impact on our future financial performance. For example, regulatory steps taken in response to the COVID-19 pandemic in the United States affected the level of work on many of our contracts.
Similarly, increased or changed spending on defense, security, or anti-terrorism threats may impact the level of demand or funding for the health and human services programs that we operate. Many state programs in the United States, such as Medicaid, are federally mandated and fully or partially funded by the U.S. Federal Government. Changes to those programs, such as program eligibility, benefits, or the level of federal funding, including a government shutdown, could reduce the level of demand for our services, which could materially adversely impact our future financial performance.
Government entities have in the past terminated and may, in the future, terminate their contracts with us earlier than we expect, which may result in revenue shortfalls and unrecovered costs.
Many of our government contracts contain base periods of one or more years, as well as option periods covering more than half of the contract's potential duration. Government agencies do not have to exercise these option periods, and they may elect not to exercise them for budgetary, performance, or any other reason. Our contracts also typically contain provisions permitting a government customer to terminate the contract on short notice, with or without cause. Termination without cause provisions generally allow the government to terminate a contract at any time and enable us to recover only our costs incurred or committed and settlement expenses and profit, if any, on the work completed prior to termination. We may or may not be able to recover all the costs incurred during the start-up phase of a terminated contract. The unexpected termination of significant contracts could result in significant revenue shortfalls. If revenue shortfalls occur and are not offset by corresponding reductions in expenses, our business could be adversely affected. We cannot anticipate if, when, or to what extent a customer might terminate their contracts with us.
If we fail to establish and maintain important relationships with government officials, entities and agencies, our ability to successfully bid under RFPs and retain existing work and secure new work on future procurements may be adversely affected.If we fail to establish and maintain important relationships with government entities and agencies, our ability to successfully bid under RFPs may be adversely affected.
To facilitate our ability to prepare bids in response to RFPs and retain existing work and secure new work on future procurements, we rely in part on establishing and maintaining relationships with officials of various government entities and agencies.To facilitate our ability to prepare bids in response to RFPs, we rely in part on establishing and maintaining relationships with officials of various government entities and agencies. These relationships enable us to provide informal input and advice to government entities and agencies prior to the development of an RFP and our capabilities to support government objectives. These relationships enable us to provide informal input and advice to government entities and agencies prior to the development of an RFP. We also engage marketing consultants and other third-party consultants to establish and maintain relationships with elected officials and appointed members of government agencies. We also engage marketing consultants, including lobbyists, to establish and maintain relationships with elected officials and appointed members of government agencies. The effectiveness of these consultants may be reduced or eliminated if a significant political change occurs. In that circumstance, we may be unable to successfully manage our relationships with government entities and agencies and with elected officials and appointees. Any failure to maintain positive relationships with government entities and agencies may adversely affect our business. Any failure to maintain positive relationships with government entities and agencies may adversely affect our ability to successfully bid in response to RFPs.
Our customers may limit or prohibit the outsourcing of certain programs or may refuse to grant consents and/or waivers necessary to permit contractors, such as us, to perform certain elements of government programs.
Governments could limit or prohibit private contractors like us from operating or performing elements of certain programs. Within the U.S., state or local governments could be required to operate such programs with government employees as a condition of receiving federal funding. Moreover, under current law, in order to privatize certain functions of government programs, the U.S. federal government must grant consent and/or waiver to the petitioning state or local agency. If the U.S. federal government does not grant a necessary consent or waiver, the state or local agency will be unable to outsource that function to a private entity, such as us. This situation could eliminate or reduce the value of an existing contract.
18

We rely on key contracts with state, local, and federal governments for a significant portion of our revenue. A substantial reduction in those contracts would materially adversely affect our operating results.
In fiscal year 2024, approximately 50% of our total revenue was derived from the U.S. federal government, and approximately 37% of our total revenue was derived from contracts with state and local government agencies. Any significant disruption or deterioration in our relationship with federal, state, and local governments and a corresponding reduction in these contracts would significantly reduce our revenue and could substantially harm our business.
In fiscal year 2024, approximately 55% of our revenue came from our ten largest contracts. If any of our current significant contracts or significant contracts we enter into in the future were terminated or our work under those contracts was decreased, our revenues and net income could significantly decline. Additional potential impacts of the loss of a significant contract or contracts might include impairment charges over tangible assets and intangible assets, including our goodwill balance. Our success will depend on our continued ability to develop and manage relationships with significant customers and there is no assurance that we will be able to diversify our customer base in the near future, if at all.
The markets in which we sell our products are served by a relatively small number of governmental agencies, which limits the number of potential customers. We cannot provide assurance that we will be able to retain our largest customers, that we will be able to attract additional customers, or that our customers will continue to buy our services in the same volume as in prior years. The loss of one or more of our largest customers, any reduction or delay in sales to these customers, our inability to successfully develop relationships with additional customers, or future price concessions could impact our business.
Our contracts typically run for a fixed number of years and may be extended for an additional specified number of years if the contracting entity or its agent elects to do so.17Table of ContentsOur contracts typically run for a fixed number of years and may be extended for an additional specified number of years if the contracting entity or its agent elects to do so. When these contracts expire, they may be opened for bidding by competing bidders, and there is no guarantee that the contracts will be renewed or extended. Our clients may elect to open bidding processes up earlier than anticipated, resulting in increased competition prior to the anticipated end of contracts.
Our reputation and relationships with our clients are key factors in maintaining our business. Negative press reports or publicity, regardless of accuracy, could harm our reputation. If our reputation is negatively affected, our clients may decrease or cease business with us. In addition, we are subject to various reviews, audits, and investigations to verify our compliance with the terms of our contracts, as well as compliance with applicable laws and regulations. Any adverse review, audit, or investigation could result in, among other things, cancellation of contracts; refunding of amounts that have been paid pursuant to contracts; imposition of fines, penalties, and other sanctions; loss of rights to participate on various programs; loss of licenses; lowered quality ratings; or changes to the way we do business. In addition, under government procurement regulations and practices, a negative determination from a government audit could result in a contractor being fined, debarred, and/or suspended from being able to bid on, or be awarded new government contracts for a period of time.
Within our U.S. Federal business, our ability to participate in many competitive bids in response to government RFPs is dependent on our Government-Wide Acquisition Contracts (GWACs), the most commonly used process by which agencies of the federal government purchase goods and services. Eligibility to remain on a GWAC changes over time. If we are unsuccessful and not awarded GWAC contracts, this would have a negative impact on future opportunities.
A GWAC is a pre-competed, multiple-award, indefinite-delivery, indefinite-quantity (IDIQ) contract that agencies can use to buy total IT solutions. All IDIQs, including GWACs, are regulated by the FAR, which sets forth rules and regulations that must be followed by federal agencies and providers of goods and services to the government in the procurement process. For instance, in 2018, Maximus Federal was named a recipient of the U.S. General Services Administration's (GSA) Alliant 2 GWAC. Alliant 2 is an unrestricted, IDIQ, multi-vendor award with a contract ceiling of $50 billion. If we are unable to adapt to changing eligibility requirements for strategic GWAC competitions, we would risk losing access to related contracts and awards.
19

Risks Related to our Acquisitions
We may experience difficulties in integrating our operations with those of acquired businesses and realizing the expected benefits of these acquisitions.
Our growth strategy includes a program to identify and execute acquisitions to enable long-term, sustainable, organic growth by continuing to expand the business, enhance our clinical and digital capabilities, and extend into new market areas. Although we anticipate that acquisitions will create long-term shareholder value, this expectation is based on assumptions about our acquisitions and preliminary estimates of their performance, which may change materially. The benefits of acquisitions depend, in part, on our ability to successfully integrate the acquired businesses and realize the anticipated benefits, including business opportunities and growth prospects from combining our businesses. We may not achieve these objectives within the anticipated time frame or may never realize these benefits, and the value of our common stock may be harmed. Integration of acquired businesses may result in material challenges, including, without limitation:
Our management might have its attention diverted from ongoing business concerns while trying to integrate these operations, and we could experience performance shortfalls within our existing or acquired businesses as a result of the devotion of management's attention to integration efforts.
The integration process could take longer than anticipated and could result in the loss of key employees, the disruption of each company's ongoing businesses, tax costs or inefficiencies, or inconsistencies in standards, controls, information technology systems, compliance requirements, procedures, and policies, any of which could materially adversely affect our ability to maintain relationships with customers, employees, or other third parties, or our ability to achieve the anticipated benefits of the transactions, and could harm our financial performance.
We could encounter unanticipated issues in integrating information technology, communications, and other systems that could harm our financial performance.
If we are unable to successfully or timely integrate our operations with those of our acquisitions, we may incur unanticipated liabilities and be unable to realize the revenue growth, synergies, and other anticipated benefits, and our business, results of operations, and financial condition could be materially adversely affected.
In connection with our acquisitions, we may be required to take write-downs, write-offs, restructuring, impairment, or other charges that could negatively affect our business, assets, liabilities, prospects, outlook, financial condition, and results of operations.18Table of ContentsIn connection with our acquisitions, we may be required to take write-downs, write-offs, restructuring, impairment, or other charges that could negatively affect our business, assets, liabilities, prospects, outlook, financial condition, and results of operations.
The due diligence we conduct on our acquisitions may not reveal all material issues that may be present, nor does it preclude factors outside of our control from arising later.Although we conduct due diligence on our acquisitions, this diligence may not reveal all material issues that may be present, nor does it preclude factors outside of our control from arising later. There is no assurance that our representations and warranties insurance policies that we purchase for certain acquisitions will cover any losses we might experience from breaches of the sellers' representations and warranties or otherwise arising from the acquisitions. We have also purchased representations and warranties insurance policies in connection with certain acquisitions, but there is no assurance that those policies will cover any losses we might experience from breaches of the sellers' representations and warranties or otherwise arising from the acquisitions. Even if our due diligence successfully identifies certain risks, unexpected risks may arise, and previously known risks may materialize in a manner not consistent with our preliminary risk analysis.
We are required to identify the fair value of assets acquired, such as customer relationships and technology, using estimates that are based upon factors such as expected future operations and the manner in which we will utilize these assets, which may be inaccurate or may change post-acquisition. In addition, we have recorded $1.78 billion of goodwill at September 30, 2024. This balance represents the difference between the amount paid for acquisitions and the identifiable assets acquired. Goodwill is allocated to reporting units, consistent with our segments, and is regularly reviewed to ensure that the value of those segments exceeds the carrying value of the assets held, including goodwill. If the carrying value of our assets, including goodwill, exceeds their fair value, we may be required to take write-offs, write-downs, restructuring, impairment, or other charges that could negatively affect business, assets, liabilities, prospects, outlook, financial condition, and results of operations.
20

Risks Pertaining to Legal Compliance
We are subject to review and audit by governments at their sole discretion and, if any improprieties are found, we may be required to refund revenue we have received or forego anticipated revenue, which could have a material adverse impact on our revenue and our ability to bid in response to RFPs.
We are subject to audits, investigations, and reviews relating to compliance with the laws and regulations that govern our role as a contractor to agencies and departments of the U.S. federal government, state, local, and foreign governments, and otherwise in connection with performing services in countries outside of the United States. Adverse findings could lead to criminal, civil, or administrative proceedings, and we could be faced with penalties, fines, suspension, or debarment. Adverse findings could also have a material adverse effect on us because of our reliance on government contracts. We are subject to periodic audits by U.S., federal, state, local, and foreign governments for taxes. We are also involved in various claims, arbitrations, and lawsuits arising in the normal conduct of our business, including but not limited to bid protests, employment matters, contractual disputes, and charges before administrative agencies.
We may be subject to fines, penalties, and other sanctions if we fail to comply with laws governing our business.
Our business operates within a variety of complex regulatory environments, including but not limited to the FAR, Federal Cost Accounting Standards, the Truth in Negotiations Act, the Fair Debt Collection Practices Act (and similar national, state, and foreign laws), the Foreign Corrupt Practices Act, the United Kingdom Bribery Act, as well as the regulations governing Medicaid and Medicare and accounting standards. If a government audit finds improper or illegal activities by us or we otherwise determine that these activities have occurred, we may be subject to civil and criminal penalties and administrative sanctions, including termination of contracts, forfeiture of profits, suspension of payments, fines, and suspension or disqualification from doing business with the government. Any such determination could adversely impact our ability to bid in response to RFPs in one or more jurisdictions. Further, as a government contractor subject to the types of regulatory schemes described above, we are subject to an increased risk of investigations, criminal prosecution, civil fraud, whistleblower lawsuits, and other legal actions and liabilities to which other private sector companies are not, the result of which could have a material adverse effect on our operating results, cash flows, and financial condition.
Adverse judgments or settlements in legal disputes could harm our operating results, cash flows, and financial condition.
From time to time, we are subject to a variety of lawsuits and other claims. These may include lawsuits and claims related to contracts, subcontracts, securities compliance, employment and wage claims, and compliance with Medicaid and Medicare regulations, as well as laws governing student loans and child support enforcement. Adverse judgments or settlements in some or all of these legal disputes may result in significant monetary damages or injunctive relief. In addition, litigation and other legal claims are subject to inherent uncertainties, and management's view of these matters may change in the future. Those uncertainties include, but are not limited to, costs of litigation, unpredictable court or jury decisions, and the differing laws and attitudes regarding damage awards among the states and countries in which we operate.
We may be precluded from bidding and performing certain work due to other work we currently perform.19Table of ContentsWe may be precluded from bidding and performing certain work due to other work we currently perform.
Various laws and regulations prohibit companies from performing work for government agencies that might be viewed as an actual or apparent conflict of interest. These laws limit our ability to pursue and perform certain types of work. For example, some of our businesses assist government agencies in developing RFPs for various government programs. In those situations, the divisions involved in operating such programs would likely be precluded from bidding on those RFPs. Similarly, regulations governing the independence of Medicaid enrollment brokers and Medicare appeal providers prevent us from providing services to other organizations such as health plans and providers.
We may face liabilities arising from divested or discontinued businesses.
We have divested a number of businesses. The transaction documents for those divestitures typically contain a variety of representations, warranties, and indemnification obligations. We have faced, and continue to face, indemnification claims and liabilities from alleged breaches of representations or warranties. We could face indemnification claims and liabilities from alleged breaches of representations or warranties.
21

Risks Pertaining to our Human Resources
We may lose executive officers and senior managers on whom we rely to generate business and execute projects successfully.
The ability of our executive officers and our senior managers to generate business and execute projects effectively is important to our success. The loss of an executive officer or senior manager, including those who joined us through acquisitions, could impair our ability to secure and manage engagements, which could harm our business, prospects, financial condition, results of operations, and cash flows.
We may be unable to attract and retain sufficient qualified personnel to sustain our business.
Our delivery of services is labor-intensive. When we are awarded a government contract, we must quickly hire project leaders and operational staff. Some larger projects have required us to hire and train thousands of operational staff in a short time period. That effort can be especially challenging in geographic areas with low unemployment rates. The additional operational staff also creates a concurrent demand for increased administrative personnel. Our success requires that we attract, develop, motivate, and retain:
experienced and innovative executive officers globally;
senior managers who have successfully managed or designed government services programs; and
information technology professionals who have designed or implemented complex information technology projects within and outside the U.S.
Innovative, experienced, and technically proficient individuals are in great demand and are likely to remain a limited resource. There can be no assurance that we will be able to continue to attract and retain desirable executive officers, senior managers, and management personnel. Our inability to hire sufficient personnel on a timely basis or the loss of significant numbers of executive officers and senior managers could adversely affect our business.
Unions may oppose outsourcing of government programs to outside vendors such as us, which could limit our market opportunities and could impact us adversely. In addition, our unionized workers outside the United States could disrupt our operations, and our non-unionized workers could attempt to unionize, which could disrupt our operations and impose higher costs on us.
Our success depends in part on our ability to win profitable contracts to administer and manage programs often previously administered by government employees. Many government employees, however, belong to labor unions with considerable financial resources and lobbying networks. Further, unions that have historically not represented government employees may seek to unionize our workforce. Unions have in the past applied, and are likely to continue to apply, political pressure on legislators and other officials responsible for outsourced government programs.
Union activity in the United States has seen a resurgence in recent years. Maximus has been the subject of union-initiated press reports and walk-outs, work disruptions and other actions designed to promote union membership. Non-unionized workers at several of our U.S. locations initiate organizing efforts from time to time to unionize. Even if unsuccessful, such organizing efforts could be disruptive to our business operations and can result in adverse publicity.
The potential for adverse media coverage may have a negative effect on the willingness of government agencies to outsource or cause them to seek contract terms that could impact us adversely.The potential for adverse media coverage as the unions seek to discredit Maximus through their network may have a negative effect on the willingness of government agencies to outsource or cause them to seek contract terms that could impact us adversely. A successful union organizing effort at one or more of our locations could substantially increase our costs and result in our inability to successfully recompete for existing business. A successful union organizing effort at one or more of our locations could substantially increase our 20Table of Contentscosts and result in our inability to successfully recompete for existing business.
Outside the United States, we currently operate outsourced programs with unionized employees in the U.K., and in the past we have operated programs with unionized employees in Canada. We experienced opposition from unions in Canada, which objected to the outsourcing of government programs. Our unionized workers outside the United States could declare a strike or could bargain in a manner that could adversely affect our performance and financial results.
General Risk Factors
A number of factors may cause our cash flows and results of operations to vary from quarter to quarter.
Factors that may cause our cash flows and results of operations to vary from quarter to quarter include:
the commencement of new contracts;
22

caseloads and other factors where revenue is derived on transactional volume on contracts;
the levels of revenue earned and profitability of fixed-price and performance-based contracts;
expenses related to certain contracts which may be incurred in periods prior to revenue being recognized;
increasing rates of inflation, which may increase our costs of labor and other goods and services;
the commencement, completion, or termination of contracts during any particular quarter;
the schedules of government agencies for awarding contracts;
government budgetary delays or shortfalls;
the timing of change orders being signed;
the terms of awarded contracts; and
potential acquisitions.
Changes in the volume of activity and the number of contracts commenced, completed, or terminated during any quarter may cause significant variations in our cash flows and results of operations because a large amount of our expenses are fixed.
Our profitability may be constrained by the effects of inflation.
Demand for talent in certain elements of our business can be highly competitive. To the extent actual wage inflation exceeds our estimates or we are not able to incorporate wage increases in our contracts that cover the actual wage inflation we experience, our operations and financial results may be adversely affected. Our portfolio includes fixed-price, performance-based, and cost-plus contracts for which employment requirements are contract-specific and have varying impacts to financial results.
In cost-plus contracts, we work with our customers to come to an agreement for wage increases to meet the current demand and hiring needs, which generally does not impact profitability of these contracts.In cost-plus contracts, we work with our customer to come to agreement for wage increases to meet the current demand and hiring needs, which generally does not impact profitability of these contracts. For fixed-price and performance-based contracts, large and/or sudden changes to the labor market may require us to hire talent at wage levels higher than budgeted, which can adversely impact results on what are often multi-year contracts. For example, our fixed-price and performance-based contracts typically include labor escalators but varying market conditions could require wage increases exceeding the priced escalators, which would adversely impact margins. This is one of many factors that may impact profitability on multi-year fixed-price and performance-based contracts. As contracts reach re-procurement milestones, we may have the ability to adjust our pricing to current and/or future expected market conditions.
Our indebtedness could adversely affect our business and our ability to meet our obligations.
At September 30, 2024, we owed $1.1 billion under our credit facilities. At September 30, 2024, our effective interest rate was 5.52%, compared to 5.97% at September 30, 2023. Our credit facilities are subject to variable rates that expose us to interest rate risk. When interest rates increase, our debt service obligations on the variable rate indebtedness increase even though the amount borrowed remains the same.
Our indebtedness contains financial or other covenants that limit our operational flexibility in a number of other ways, including:
causing us to be less able to take advantage of business opportunities, such as other acquisition opportunities, and to react to changes in market or industry conditions;
increasing our vulnerability to adverse economic, industry, or competitive developments;
affecting our ability to pay or refinance debts as they become due during adverse economic, financial market, and industry conditions;
requiring us to use a larger portion of cash flow for debt service, reducing funds available for other purposes;
decreasing our profitability and/or cash flow;
causing us to be disadvantaged compared to competitors with less leverage; and
23

limiting our ability to borrow additional funds in the future to fund working capital, capital expenditures, and other general corporate purposes.
Approximately half of our long-term debt is held at variable interest rates. Interest rates in the United States are currently close to their highest levels for over a decade. Higher interest rates have a detrimental effect on our profits and cash flows, as well as reducing the amount of cash we have available for servicing of debt or other transactions.
We may not be able to realize the full value of our backlog.
At September 30, 2024, our total backlog was $16.2 billion. This represents an estimate of potential revenue from our existing contract portfolio. We may not be able to realize all of this backlog or accurately estimate the timing of revenue from this backlog for a number of reasons.
Our backlog may be dependent upon continued funding of our contracts, which may be subject to legislative or executive approvals.
Almost all of our contracts may be canceled at the convenience of our customer, or might otherwise be reduced, modified, amended, or delayed.
Many of our contracts include option years, which our customers may choose not to exercise.
Where revenue is based upon factors tied to our performance, such as the number of transactions we perform, the quantity and type of personnel we provide, or the service penalties we incur, we may fall short of the amounts estimated within our current backlog and receive less revenue.
We are subject to the risks of doing business internationally.
For the year ended September 30, 2024, 12% of our revenue was driven from jurisdictions outside the U.S. As a result, a significant portion of our business operations are subject to foreign financial, tax, and business risks which could arise in the event of:
foreign currency exchange fluctuations, including unrealized foreign exchange gains and losses which may become realized in the event of a disposal or abandonment;
unexpected increases in tax rates or changes in U.S. or foreign tax laws;
non-compliance with international laws and regulations, such as data privacy, employment regulations, and trade barriers;
non-compliance with U.S. laws affecting the activities of U.S. companies in international locations, including the Foreign Corrupt Practices Act;
the absence in some jurisdictions of effective laws to protect our intellectual property rights;
new regulatory requirements or changes in local laws that materially affect the demand for our services or directly affect our foreign operations;
local economic and political conditions, including severe or protracted recessions in foreign economies and inflation risk;
the length of payment cycles and potential difficulties in collecting accounts receivable;
difficulty managing and communicating with teams outside the U.S.;
difficulty in maintaining our control environment, including controls over financial reporting;
unusual or unexpected monetary exchange controls, price controls, or restrictions on transfers of cash; or
civil disturbance, terrorism, or other geopolitical or catastrophic events that reduce business activity in other parts of the world.
These factors may lead to decreased revenues and profits, which could adversely affect our business, financial condition, and results of operations.
24

Our business could be materially and adversely impacted by natural or man-made factors outside of our control.
We face various risks related to disruptions of our operations due to natural disasters, pandemics, global conflicts, and similar events beyond our control. Despite precautions and business interruption and disaster recovery procedures we currently have in place, we could face disruption to our operations due to the impact of natural disasters such as earthquakes, hurricanes, fires, floods, epidemics, pandemics and public health crises, and other catastrophic events such as terrorism, war, or global or regional economic, political and social conditions.
For example, the COVID-19 pandemic negatively impacted worldwide economic activity and resulted in travel and work restrictions, commercial disruptions, and affected companies' operations around the world. We were affected by the COVID-19 pandemic, including operational disruptions and changes in working practices. If significant portions of our workforce are unable to work effectively, including because of illness, quarantines, government actions, facility closures resulting from a natural disaster or public health crisis, failures in key networks or communications systems resulting from a natural disaster, or other limitations or restrictions in connection with a natural disaster or public health crisis, our operations will likely be adversely impacted. If significant portions of our workforce are unable to work effectively, including because of illness, quarantines, government actions, facility closures, or other restrictions in connection with an outbreak, our operations will likely be adversely impacted. If our operations are materially restricted, we may be unable to perform fully on our contracts, and our costs may increase significantly. These cost increases may not be fully recoverable or adequately covered by insurance.
Inaccurate, misleading, or negative media coverage could adversely affect our reputation and our ability to bid for government contracts.22Table of ContentsInaccurate, misleading, or negative media coverage could adversely affect our reputation and our ability to bid for government contracts.
Because of the public nature of many of our business lines, the media frequently focuses their attention on our contracts with government agencies. If the media coverage is negative, it could influence government officials to slow the pace of outsourcing government services, which could reduce the number of RFPs. The media also focus their attention on the activities of political consultants engaged by us, and we may be tainted by adverse media coverage about their activities, even when those activities are unrelated to our business. Moreover, inaccurate, misleading, or negative media coverage about us could harm our reputation and, accordingly, our ability to bid for and win government contracts.
Our Articles of Incorporation and bylaws include provisions that may have anti-takeover effects.
Our Articles of Incorporation and bylaws include provisions that may delay, deter, or prevent a takeover attempt that shareholders might consider desirable. For example, our Articles of Incorporation provide that our shareholders may not take any action in writing without a meeting. This prohibition could impede or discourage an attempt to obtain control of us by requiring that any corporate actions initiated by shareholders be adopted only at properly called shareholder meetings.

Item 1B. Unresolved Staff Comments
None.

25

Item 1C. Cybersecurity
Risk Management and Strategy
Cybersecurity forms a critical component of the services we provide to our customers. We collect and utilize many different types of information, including financial, medical, human resources, and other personal information. Federal and state laws and regulations, contractual obligations, and national and international industry standards, impose obligations on us to protect the confidentiality, integrity, and availability of information relating to employees, clients, vendors, patients, and citizens. We maintain an Information Security Office (ISO), whose mission is to protect the confidentiality, integrity, and availability of data through administrative, technical, and physical safeguards.
Identifying, assessing, and managing cybersecurity related risks are integrated into our overall enterprise risk management (ERM) process, which is our approach to identifying, assessing, and mitigating major risks. Cybersecurity threats are evaluated based on our perceived vulnerability to a particular threat and the potential impact such a threat could have, with mitigation efforts focused on the highest risks. This risk assessment is updated no less than annually and reviewed by the Board of Directors.
We have experienced cybersecurity incidents that were immaterial and, as previously disclosed, in the third quarter of fiscal year 2023, we experienced a material cybersecurity incident as the personal information of a significant number of individuals was accessed by an unauthorized third-party exploiting a zero-day vulnerability in a third-party vendor's file transfer application used by many organizations, including us.We have experienced cybersecurity incidents in the past that were immaterial, and in the third quarter of fiscal year 2023, we experienced a material cybersecurity incident as the personal information of a significant number of individuals was accessed by an unauthorized third party by exploiting a zero-day vulnerability in a file transfer application used by many organizations, including us. We have recorded expenses in connection with the investigation and remediation activities related to this incident; further details are included in "Note 15. Commitments and Contingencies" in Item 8 of this Annual Report on Form 10-K. We have recorded expenses in connection with the investigation and remediation activities related to this incident, but we are unable to predict other potential liabilities or consequences that may arise from this incident. To date, we are not aware of any other cybersecurity incidents that have had a material effect on our business. Despite our preventative and remediation efforts, we may continue to experience cybersecurity incidents in the future. There can be no guarantee that such efforts will be sufficient to protect the company's information systems, information, and other assets from significant harm and that future cybersecurity incidents will not have a material adverse effect on the company or its results of operations or financial condition or cause reputational or other harm to the company. Refer to Item 1A of this Form 10-K, which includes a section on "Risks Pertaining to Data and Data Security," for further discussion of the associated risks.
We engage third parties to conduct independent cybersecurity assessments. The assessments include technical control reviews of new technologies, penetration testing, and ongoing monitoring of our security posture. We also rely on third parties to conduct annual audits to maintain cybersecurity certifications, such as ISO27001 and Cyber Essentials. As a government contractor, we are also subject to numerous Service Organization Control (SOC) audits each year to fulfill contractual requirements.
The ISO manages our security vendor risk management program. Each vendor’s cybersecurity risk is ranked using a risk tiering calculator. The calculator is designed to provide a consistent methodology for evaluating key risk factors, such as the type of service or product the vendor provides and the location and classification of data. For high- and moderate-risk vendors, an assessment is completed that includes reviewing external audits and certifications (e.g., SOC 2 Type 2 audit, ISO27001 and associated Statement of Applicability, FedRAMP authorization). As needed, an industry-standard questionnaire is completed by the vendor and the results assessed by ISO in an effort to ascertain information security maturity and overall posture. High-risk vendors are re-evaluated annually while moderate-risk vendors are evaluated every three years. Ongoing monitoring is in place for all high, moderate, and low risk vendors using an external service that rates the cybersecurity posture of corporate entities using a scored analysis of cyber threats.
We are in the process of implementing an enterprise-wide third-party risk management program that expands the review of vendors and includes financial and operational screening. This new solution is designed to help ensure compliance with the National Institute of Standards and Technology (NIST) supply chain risk framework that is required when supporting federal agencies.
Governance
Board's Roles and Responsibilities
Oversight for risk management and the overall enterprise risk management strategy of the Company, including cybersecurity, is the responsibility of the Board of Directors. Risks identified are monitored by the Board as a whole or the Board may delegate oversight to a specific subcommittee. Our Technology Committee, comprised of four board members possessing relevant background and experience, assists the Board of Directors in its oversight role with respect to strategy and risk management for our information systems, information technology, or IT, and IT security, including cybersecurity.
26

The Technology Committee is briefed at least quarterly, on the quality and effectiveness of our cybersecurity practices and policies, information security program and infrastructure, and data governance and security program, along with key initiatives in this area. The Technology Committee also assesses the cybersecurity risk management strategy. This assessment includes reviews of the results of audits, testing, and metrics, including reports of third-party reviewers.
In the event of a cybersecurity incident, we have an incident response process and an escalation process in place to promptly identify, notify and brief the Board, including the Chair of the Technology Committee, outside of the regular reporting process in the event of an emerging or potentially material cybersecurity incident. The Board of Directors may choose to delegate responsibility for oversight of a particular cybersecurity matter to the Technology Committee in its discretion.
Management's Roles and Responsibilities
Our cybersecurity response is handled by our information security team and managed by our Chief Information Security Officer (CISO), who reports to the Chief Financial Officer. Our CISO has over thirty years of business and technical experience in information risk, risk management, and regulatory compliance, including twelve years in a CISO role. Our information security team manages risks by establishing policies and procedures that manage information system access appropriately. These policies and procedures are tested through internal exercises and with external assistance and supplemented by training and communication to our employees and subcontractors.
Cybersecurity threats are constantly evolving, which drives the evolution of our responses. Typical activities for our information security team include system monitoring, new hire and annual training, testing and evaluation, including "phishing" exercises, and publication of tips and best practices. The results of this testing are communicated company-wide, including to the Technology Committee of the Board of Directors. Our CISO reports to the Technology Committee as requested, but no less than quarterly.

27

Recently Filed
Click on a ticker to see risk factors
Ticker * File Date
VVV 21 hours ago
GEOS 22 hours ago
HZEN 22 hours ago
CYAP 22 hours ago
GXLM 22 hours ago
MATW 1 day ago
DGII 1 day, 1 hour ago
NFG 1 day, 3 hours ago
IESC 1 day, 7 hours ago
TFSL 1 day, 20 hours ago
NINK 1 day, 21 hours ago
MMS 2 days ago
APD 2 days, 1 hour ago
TRXA 2 days, 1 hour ago
DSNY 2 days, 5 hours ago
WMG 2 days, 7 hours ago
JACK 2 days, 19 hours ago
ATKR 2 days, 20 hours ago
WAFD 2 days, 21 hours ago
WNDW 2 days, 22 hours ago
SBUX 2 days, 22 hours ago
MULG 2 days, 22 hours ago
JCTCF 2 days, 22 hours ago
CBT 2 days, 23 hours ago
MWA 2 days, 23 hours ago
POWL 2 days, 23 hours ago
AZEK 3 days, 2 hours ago
SR 3 days, 4 hours ago
SRDX 3 days, 6 hours ago
NTIC 4 days, 6 hours ago
OCSL 4 days, 21 hours ago
FFIV 4 days, 21 hours ago
ASH 4 days, 22 hours ago
ATO 4 days, 22 hours ago
ADNT 4 days, 22 hours ago
TWST 4 days, 22 hours ago
SONO 1 week ago
SWKS 1 week ago
CLFD 1 week, 1 day ago
POST 1 week, 1 day ago
SPB 1 week, 1 day ago
PLXS 1 week, 1 day ago
PTC 1 week, 1 day ago
SBH 1 week, 1 day ago
KNW 1 week, 1 day ago
UNF 1 week, 1 day ago
EPC 1 week, 1 day ago
HZO 1 week, 1 day ago
KLIC 1 week, 2 days ago
DIS 1 week, 2 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard