Guide for Management — Next Steps After Identifying a Deficiency in Internal Control Over Financial Reporting
Company management is responsible for evaluating the severity of a company’s deficiencies
in accordance with its local laws and regulations. It is important to evaluate whether a
deficiency constitutes a material weakness or significant deficiency at the time it is
identified, and not solely at the balance sheet date.
This Guide provides information relevant to entities when a deficiency has been
identified in internal control, including general information technology controls
(GITCs).
This Guide primarily focuses on activities that are performed after it has been concluded
that a deficiency exists.
This Guide generally applies to all companies, including SEC registrants, public interest
entities, and non-public interest entities. Throughout the Guide, to the extent that the
guidance is specific to SEC registrants, that has been specifically identified.