Though the 30%-plus decline seen in Symantec's (SYMC) - Get Report shares on Friday has much to do with the audit committee probe it just disclosed, it's by no means the only factor.

Disappointing guidance for the company's enterprise security software and services business is also weighing, and it does much to raise fresh questions about the company's standing in a very competitive IT security market.

After the bell on Thursday, Symantec reported March quarter (fiscal fourth quarter) revenue of $1.23 billion and non-GAAP EPS of $0.46, beating consensus estimates of $1.19 billion and $0.39. The company's Enterprise Security revenue rose 1% annually to $620 million after adjusting for currency swings and the Oct. 2017 sale of Symantec's website security certificate business. Its Consumer Digital Safety revenue rose 6% to $614 million after adjusting for forex and the Feb. 2017 acquisition of ID theft-protection firm LifeLock.

But Symantec also guided for June quarter revenue of $1.135 billion to $1.165 billion and EPS of $0.31 to $0.35, below a consensus of $1.18 billion and $0.41. And it guided for fiscal 2019 (ends in March 2019) revenue of $4.76 billion to $4.9 billion and EPS of $1.50 to $1.65, below a consensus of $4.93 billion and $1.80.

Of course, the outlook is being overshadowed right now by Symantec's disclosure that its board's audit committee "has commenced an internal investigation in connection with concerns raised by a former employee."

The company adds the audit committee "has retained independent counsel and other advisors" to aid its investigation, that its results and guidance "may be subject to change based on the outcome of the Audit Committee investigation" and that it's unlikely that the probe will be finished in time for Symantec to file its fiscal 2018 annual report "in a timely manner."

Symantec's stock plunged more than $9 to below $20 following the news. Shares are now at their lowest levels since mid-2016, and are also back at levels first reached in 2004. At least eight sell-side research firms have issued downgrades.

Image placeholder title

While it's easy to put all of the blame for this on a whistleblower probe whose consequences could very well be serious, to do so would be to let Symantec off the hook for sales guidance that looks pretty disappointing. Particularly when one looks at the specifics.

On its earnings call, which notably featured no question-and-answer session, Symantec said its guidance implied flat June quarter and fiscal 2019 revenue growth on an organic basis. It also forecast that Enterprise Security revenue would be down by 2% on an organic basis in fiscal 2019, and an unspecified percentage in the June quarter. This will be offset by modest organic for the Consumer Digital Safety segment, which last quarter offset a small subscriber decline by growing its average revenue per user (ARPU).

In a vacuum, the Enterprise Security guidance would already look weak. But it looks worse when one remembers that corporate IT spending has been pretty strong this year, with quite a few big-name enterprise tech firms posting solid earnings reports. And it looks worse still when one remembers that security spending continues growing faster than IT spending in general, as enterprise scared of being the next victim of a major data breach make sign off on big investments in network, endpoint and cloud security products.

For a while, there was optimism among investors that Symantec could hold its own in this environment, even if its organic Enterprise Security growth wasn't exactly stellar. The company's $4.65 billion 2016 purchase of peer Blue Coat (a major player in the secure web gateway hardware/software market) was well-received, and a salesforce restructuring carried out last year appeared to be paying dividends.

But it's safe to say that much of this optimism is gone following Symantec's latest guidance, which suggests the company will lose meaningful enterprise share between now and March 2019. BTIG's Joel Fishbein, who downgraded Symantec to Neutral last night, says the outlook makes his firm wonder "what, beyond accounting changes, is going on in the [Enterprise Security] business."

From the outside looking in, it seems as if a lack of focus could be hurting Symantec. The company's security product line is enormous, covering everything from gateways to e-mail encryption to malware analysis to forensics to risk analytics. This puts Symantec in competition with many security pure-plays that have been growing rapidly (think Palo Alto Networks (PANW) - Get Report or Proofpoint (PFPT) - Get Report ), as well as IT giants who have made growing security sales a major priority (think IBM  (IBM) - Get Report or Cisco Systems (CSCO) - Get Report ).

Possibly making the situation worse: There has been a deluge of funding for security tech startups in recent years -- startups who have been using that capital to aggressively hire salespeople and compete for enterprise deals. This year has already seen two notable security tech IPOs -- Zscaler (ZS) - Get Report and Carbon Black  (CBLK) - Get Report -- and more are likely on the way.

There don't seem to be any easy fixes that Symantec can apply to put its Enterprise Security business on better footing in such a competitive environment. And the fact that management has to deal with an audit committee probe while it looks for answers is bound to make things even harder.