SOX Professionals Group

Hey Community,

As I understand it, while there's no requirement to disclose control deficiencies to the Audit Committee (no SD or MW), we include them in our slides for transparency and in line with best practices. How do you all handle this? Do your external auditors play a role in this decision?

Thank you so much for your attention and participation. 

Tati

------------------------------
Tatiane Souza
Internal Audit Manager / SOX Compliance
------------------------------

Tatiane,

From what I've heard from others over the years, I think it is general practice to share at least a summary of deficiencies by process with the Audit Committee. 

I know when I had responsibility for SOX we always provided a summary to them and they knew they could get additional details if they wanted. From my 20 years reporting to Audit Committees, I found they didn't want to get into the details, but wanted to know that management was familiar with the issues and had plans and processes in place to get them resolved.

Hey Community,

As I understand it, while there's no requirement to disclose control deficiencies to the Audit Committee (no SD or MW), we include them in our slides for transparency and in line with best practices. How do you all handle this? Do your external auditors play a role in this decision?

Thank you so much for your attention and participation. 

Tati

------------------------------
Tatiane Souza
Internal Audit Manager / SOX Compliance
------------------------------

Hey Community,

As I understand it, while there's no requirement to disclose control deficiencies to the Audit Committee (no SD or MW), we include them in our slides for transparency and in line with best practices. How do you all handle this? Do your external auditors play a role in this decision?

Thank you so much for your attention and participation. 

Tati

------------------------------
Tatiane Souza
Internal Audit Manager / SOX Compliance
------------------------------

Hi Tatiane, 

I provide an appendix to my quarterly reporting of outstanding items at a summary level, including the executive owner, date the item was found, managements remediation date, and current status. I include "Information Purposes Only" in the title of the appendix and a the following note:

These items are presented for informational purposes only, and in combination they are not considered a significant deficiency and do not merit attention by the Audit Committee. According to the PCAOB's AS 1305, a significant deficiency is one that is less severe than a material weakness, yet important enough to merit attention by those responsible for the company's financial reporting. In line with PCAOB guidelines. Management is managing all deficiencies, irrespective of their severity. 

I wanted to ensure that I was not creating a situation where my auditors could say I brought an attention to the level of AC attention, and imply an SD or worse. I discussed with our EA's prior to including and they were satisfied with the approach. 

I hope this is helpful. 

Hey Community,

As I understand it, while there's no requirement to disclose control deficiencies to the Audit Committee (no SD or MW), we include them in our slides for transparency and in line with best practices. How do you all handle this? Do your external auditors play a role in this decision?

Thank you so much for your attention and participation. 

Tati

------------------------------
Tatiane Souza
Internal Audit Manager / SOX Compliance
------------------------------