Guide for Management — Next Steps After Identifying a Deficiency in Internal Control Over Financial Reporting
Entity management is responsible for
evaluating the severity of its deficiencies in accordance with its local laws and
regulations. It is important to evaluate whether a deficiency constitutes a material
weakness or significant deficiency1 at the time it is identified.
This guide provides information relevant
to entities when a deficiency has been identified in internal control over financial
reporting, including general information technology controls (GITCs ). It includes
considerations to help entities navigate challenges related to evaluating the severity
of a deficiency and communicating, disclosing, and remediating a material weakness or
significant deficiency. Practical examples are also provided, along with considerations
for certain unique scenarios.
Applicability: All companies globally,
including SEC registrants, public interest entities, and non-public interest
entities.
Footnotes
1
For purposes of this guide, the terms “material weakness” and
“significant deficiency” refer to a deficiency, or a combination of
deficiencies, in internal control that represent the most significant level of
severity in accordance with applicable laws and regulations in your particular
geography.