Skip to Content
Rule

Definition of the Term Significant Deficiency

Action

Final Rule.

Summary

We are defining the term “significant deficiency” for purposes of the Commission's rules implementing Section 302 and Section 404 of the Sarbanes-Oxley Act of 2002.

 

Table of Contents Back to Top

DATES: Back to Top

Effective Date: September 10, 2007.

FOR FURTHER INFORMATION CONTACT: Back to Top

N. Sean Harrison, Special Counsel, Division of Corporation Finance, at (202) 551-3430, or Josh K. Jones, Professional Accounting Fellow, Office of the Chief Accountant, at (202) 551-5300, U.S. Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549.

SUPPLEMENTARY INFORMATION: Back to Top

We are adopting amendments to Rule 12b-2 [1] under the Securities Exchange Act of 1934 (the “Exchange Act”) [2] and Rule 1-02 [3] of Regulation S-X. [4]

I. Background Back to Top

On June 27, 2007, the Commission issued interpretive guidance and rule amendments to help public companies strengthen their evaluations and assessments of internal control over financial reporting (“ICFR”) while reducing unnecessary costs. [5] The Interpretive Release provides guidance for management on how to conduct an evaluation of the effectiveness of a company's ICFR under the Commission's rules implementing Section 404 of the Sarbanes-Oxley Act of 2002. [6] The guidance sets forth an approach by which management can conduct a top-down, risk-based evaluation of ICFR. The rule amendments, among other things, provide that an evaluation that complies with the interpretive guidance is one way to satisfy the annual evaluation requirement in Exchange Act Rules 13a-15(c) and 15d-15(c). [7] The Interpretive Release also added a definition of the term “material weakness” to the Commission's rules. The term is defined as “a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the registrant's annual or interim financial statements will not be prevented or detected on a timely basis.” [8]

As part of the Commission's efforts to provide more guidance to management on ICFR, the Commission initially sought comment on both the terms “significant deficiency” and “material weakness” in a concept release on ICFR requirements, [9] and then proposed and adopted a definition of the term “material weakness.” [10] Several commenters pointed out that while the proposing release for the interpretive guidance [11] referenced the term “significant deficiency,” the Commission did not include a definition of the term in the proposal. [12] Certain commenters indicated that the Commission should include a definition of significant deficiency in the Interpretive Release. [13]

In light of the comments received in response to the proposed interpretive guidance, and because Commission rules implementing Section 302(a) of the Sarbanes-Oxley Act require senior management to certify they have communicated significant deficiencies to the audit committee and the external auditors, the Commission solicited additional comment on a definition for “significant deficiency.” In a release issued on June 27, 2007, the Commission requested additional comment on the following definition of the term “significant deficiency:” [14]

A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of a registrant's financial reporting.

We received 22 comment letters in response to the request for additional comment. [15] These letters came from accounting firms, professional associations, corporations and other interested parties. We have reviewed and considered all of the comments that we received on the proposed definition. We discuss our conclusions with respect to the comments in more detail in this release.

II. Discussion Back to Top

A company's principal executive officer and principal financial officer must certify that they have disclosed significant deficiencies in the design or operation of ICFR that are reasonably likely to adversely affect the company's ability to record, process, summarize and report financial information, to the external auditor and the audit committee, with the intended result that these parties can more effectively carry out their respective responsibilities with regard to the company's financial reporting. [16] Including a definition of “significant deficiency” in Commission rules, in addition to the definition of “material weakness,” will enable management to refer to Commission rules and guidance for information on the meaning of these terms rather than referring to the auditing standards.

In developing the definition of “significant deficiency,” we considered comments received in response to the Public Company Accounting Oversight Board's proposed auditing standard for audits of internal control over financial reporting. In its proposed auditing standard, the PCAOB proposed to define significant deficiency as “a control deficiency, or combination of control deficiencies such that there is a reasonable possibility that a significant misstatement of the company's annual or interim financial statements will not be prevented or detected.” [17] Further, the PCAOB proposed to define a significant misstatement as “a misstatement that is less than material yet important enough to merit attention by those responsible for oversight of the company's financial reporting.” In response to the comments received on its proposal, the PCAOB, working with the Commission staff, decided to modify its proposed definition to focus the auditor on the communication requirement surrounding the term “significant deficiency” and to clarify that auditors should not scope their audit procedures to search for deficiencies that are less severe than a material weakness.

In proposing the definition, we believed that the focus of the term “significant deficiency” should be on the communications required to take place among management, audit committees and independent auditors. Therefore, we believed that the framework for the definition of “significant deficiency” should vary from that recently adopted for “material weakness.” Unlike the definition of the term “material weakness,” we did not believe it was necessary for the proposed definition of “significant deficiency” to include a likelihood component (that is, reasonable possibility). Rather, we believed that a definition focused on matters that are important enough to merit attention would allow for, and indeed encourage, sufficient and appropriate judgment by management to determine the deficiencies that need to be reported to the independent auditor and the audit committee.

Comments on the Proposal

A majority of commenters expressed their support for the proposed definition, [18] noting that it would further the Commission's objective of improving implementation of the provisions of the Sarbanes-Oxley Act of 2002. These commenters also noted that the definition would permit the exercise of appropriate judgment by management and independent auditors to determine those deficiencies in ICFR that are important enough to merit attention by those responsible for oversight of financial reporting. In addition, they noted that a consistent definition of significant deficiency in the Commission's rules and in the PCAOB's standards was imperative to promoting effective and efficient compliance by management and auditors with respect to their responsibilities to communicate and respond to significant deficiencies in internal control. Some of these commenters also supported the Commission's inclusion of the term within its rules so that management could look to the Commission's rules for the definition. [19]

A number of commenters agreed that the proposed definition of “significant deficiency” should not include a likelihood component. [20] However, a few commenters stated the definition should include a likelihood component because they believed that the addition of such a component would enhance management's ability to evaluate deficiencies that need to be communicated to the audit committee. [21] We agree with the commenters who stated that it was not necessary for the definition to include a likelihood component, as it could have the unintended effect of diminishing the use of appropriate judgment by management and independent auditors in performing the evaluation. We believe that excluding a likelihood component from the definition reduces the chance that management or independent auditors will design and implement evaluations or audits for the purpose of identifying deficiencies that are less severe than material weaknesses. Further, we believe the guidance provided in our Interpretive Release and in the PCAOB's Auditing Standard No. 5 , An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of the Financial Statements (“Auditing Standard No. 5”), appropriately outlines that the scope of each evaluation is to detect material weaknesses, which is also consistent with comments the Commission received related to Auditing Standard No. 5. [22] Therefore, we decided not to add a likelihood component to the definition as adopted.

Many commenters believed the definition allowed for the appropriate exercise of management and auditor judgment regarding what is important enough to merit attention based on each company's particular facts and circumstances, and that some variability in the nature of items reported to the audit committee and auditors may result. [23] However, these commenters believed that this would be acceptable based on the specific facts and circumstances of the individual registrants, and the fact that significant deficiencies are not required to be disclosed publicly.

Some commenters also requested that further clarification be provided by the Commission related to the proposed definition. One commenter suggested that it should be clarified to allow for management, at its discretion, to communicate deficiencies to the audit committee and the auditor that it does not believe are significant deficiencies in order to provide management with the appropriate flexibility to communicate other matters as it deems appropriate. [24] Other commenters requested additional guidance on determining whether a deficiency is a significant deficiency. [25] Some of these commenters suggested that additional guidance such as providing qualitative and quantitative thresholds to consider in the evaluation, would provide management and auditors a basis to agree on whether a deficiency is a significant deficiency and would minimize unnecessary costs. [26] One of these commenters noted that further guidance with regards to materiality generally was important to provide management and auditors with more clarity when evaluating deficiencies, which would enable a more effective and efficient process.

With respect to the communication requirements associated with significant deficiencies, we note that the definition of significant deficiency is used in the context of evaluating the minimum required communications under Sections 302 and 404 of the Sarbanes-Oxley Act of 2002. Neither this definition nor the Commission's rules preclude management from communicating additional deficiencies to the audit committee or the independent auditor. Finally, with regards to requests for additional guidance noted above, including on materiality when evaluating the significance of deficiencies and quantitative and qualitative guidance, we believe that the definition allows management and auditors to appropriately utilize their judgment in determining those deficiencies that are important enough to merit the attention of those responsible for oversight based on their individual facts and circumstances. Further, we do not believe that the definition of significant deficiency is the appropriate forum to address broader questions about materiality, which are fundamental to the federal securities laws.

Final Rule

We are adopting the definition of “significant deficiency” substantially as proposed. We believe the definition appropriately emphasizes the communication requirements between management, the audit committee and independent auditors on those matters that are important enough to merit attention and will allow management to use its judgment to determine the deficiencies that need to be reported to the audit committee and the independent auditor. In addition, we believe that it is important that management and auditors use the same definition of “significant deficiency.” Therefore, our final rules define a significant deficiency as:

A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the registrant's financial reporting. [27]

III. Paperwork Reduction Act Back to Top

Certain provisions of our ICFR requirements contain “collection of information” requirements within the meaning of the Paperwork Reduction Act of 1995 (“PRA”). We submitted these collections of information to the Office of Management and Budget (“OMB”) for review in accordance with the PRA and received approval for the collections of information. We do not believe the adoption of the definition of “significant deficiency” will impose any new recordkeeping or information collection requirements, or other collections of information requiring OMB's approval.

IV. Cost-Benefit Analysis Back to Top

A detailed analysis of the benefits and costs was included in our releases proposing and adopting amendments to rules regarding management's reports on ICFR. [28] The amendments that we are adopting in this release define the term “significant deficiency.” We requested comment on whether the amendments would impose any additional benefits or costs on public companies or small entities. No commenter identified any additional costs or burdens that would result from the proposed definition.

Three commenters suggested that the definition would not result in any additional costs, [29] while a number of commenters suggested that the definition may reduce the amount of time needed by management and auditors to evaluate whether or not deficiencies are significant. [30] Several commenters also noted that one of the significant benefits of the proposed definition was the flexibility provided, which allows management and auditors to utilize their judgment to focus on those matters that are important enough to merit attention by those responsible for oversight of financial reporting. [31]

Two commenters expressed concern that companies would have difficulty in applying the definition because they believed more guidance was necessary to allow management and independent auditors to define and calibrate their procedures in order to minimize any unnecessary costs. [32] Most commenters, however, noted that the definition would permit the exercise of appropriate judgment by management and independent auditors to determine those deficiencies in ICFR that are important enough to merit attention by those responsible for oversight of financial reporting. We believe that, on balance, the amendments will allow management to use sufficient and appropriate judgment to determine whether any identified deficiencies need to be reported to the auditor and the audit committee. The flexibility allowed by the definition will enable management and auditors to more efficiently and effectively perform their evaluations based on a company's individual facts and circumstances. In addition, many commenters noted that a consistent definition between the Commission's rules and the PCAOB's standards was imperative to promote effective and efficient compliance by management and auditors with respect to their responsibility to communicate and respond to significant deficiencies in internal control over financial reporting. [33] A consistent definition between the Commission's rules and the PCAOB's audit standards will enable management and independent auditors to more efficiently and effectively perform their responsibilities to communicate significant deficiencies in internal control over financial reporting. Finally, eight commenters expressed their view that the definition would not have any special impact on smaller public companies. [34] We do not believe that these amendments will have much, if any, added impact on the costs to public companies or small entities.

V. Effect on Efficiency, Competition and Capital Formation Back to Top

Section 3(f) of the Exchange Act [35] requires the Commission, whenever it engages in rulemaking and is required to consider or determine if an action is necessary or appropriate in the public interest, also to consider whether the action will promote efficiency, competition and capital formation. Section 23(a)(2) of the Exchange Act [36] also requires the Commission, when adopting rules under the Exchange Act, to consider the impact that any new rule would have on competition. In addition, Section 23(a)(2) prohibits the Commission from adopting any rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act.

The Commission's releases proposing and adopting amendments to rules regarding management's reports on ICFR contained a detailed discussion of the effects of the rule amendments on efficiency, competition and capital formation. [37] We received some comments on the effects of the rule on efficiency. Four commenters on the proposal believed the proposed definition of “significant deficiency” would facilitate more efficient certifications of quarterly and annual reports by allowing management to use its judgment in evaluating the severity of an identified deficiency. [38] The flexibility allowed by the definition will enable management and auditors to more efficiently and effectively perform their evaluations based on a company's individual facts and circumstances, which will promote efficiency. In addition, a consistent definition between the Commission's rules and the PCAOB's audit standards will enable management and independent auditors to more efficiently perform their responsibilities to communicate significant deficiencies in internal control over financial reporting. We did not receive any comments on capital formation or competition. We do not believe that the rule amendment will impact capital formation or competition.

VI. Regulatory Flexibility Act Certification Back to Top

The Commission hereby certifies pursuant to 5 U.S.C. 605(b) that the definition of “significant deficiency” will not have a significant economic impact on a substantial number of small entities. We requested comments on the anticipated impact and seven commenters stated that the definition would not have any special impact on smaller public companies. [39] No commenter suggested that there would be a significant impact on any small entities.

VII. Statutory Authority and Text of Rule Amendments Back to Top

The amendments described in this release are being adopted under the authority set forth in Sections 12, 13, 15, 23 of the Exchange Act, and Sections 3(a) and 404 of the Sarbanes-Oxley Act.

List of Subjects Back to Top

begin regulatory text

Text of Amendments Back to Top

For the reasons set out in the preamble, the Commission amends title 17, chapter II, of the Code of Federal Regulations as follows:

PART 210—FORM AND CONTENT OF AND REQUIREMENTS FOR FINANCIAL STATEMENTS, SECURITIES ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934, PUBLIC UTILITY HOLDING COMPANY ACT OF 1935, INVESTMENT COMPANY ACT OF 1940, INVESTMENT ADVISERS ACT OF 1940, AND ENERGY POLICY AND CONSERVATION ACT OF 1975 Back to Top

1.The authority citation for Part 210 continues to read as follows:

Authority:

15 U.S.C. 77f, 77g, 77h, 77j, 77s, 77z-2, 77z-3, 77aa(25), 77aa(26), 78c, 78j-1, 78 l, 78m, 78n, 78o(d), 78q, 78u-5, 78w(a), 78 ll, 78mm, 80a-8, 80a-20, 80a-29, 80a-30, 80a-31, 80a-37(a), 80b-3, 80b-11, 7202 and 7262, unless otherwise noted.

2.Amend § 210.1-02 by:

a. Adding paragraph (a)(4);

b. Removing paragraph (p); and

c. Redesignating paragraphs (q) through (cc) as paragraphs (p) through (bb).

The addition reads as follows:

§ 210.1-02 Definitions of terms used in Regulation S-X (17 CFR part 210).

* * * * *

(a) * * *

(4) Definitions of terms related to internal control over financial reporting. Material weakness means a deficiency, or a combination of deficiencies, in internal control over financial reporting (as defined in § 240.13a-15(f) or 240.15d-15(f) of this chapter) such that there is a reasonable possibility that a material misstatement of the registrant's annual or interim financial statements will not be prevented or detected on a timely basis. Significant deficiency means a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the registrant's financial reporting.

* * * * *

PART 240—GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Back to Top

3.The authority citation for Part 240 continues to read, in part, as follows:

Authority:

15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3, 77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i, 78j, 78j-1, 78k, 78k-1, 78 l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5, 78w, 78x, 78 ll, 78mm, 80a-20, 80a-23, 80a-29, 80a-37, 80b-3, 80b-4, 80b-11, and 7201 et seq., and 18 U.S.C. 1350, unless otherwise noted.

* * * * *

4.Amend § 240.12b-2 by adding the definition of “Significant deficiency” in alphabetical order to read as follows:

§ 240.12b-2 Definitions.

* * * * *

Significant deficiency. The term significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the registrant's financial reporting.

* * * * *

end regulatory text

By the Commission.

Dated: August 3, 2007.

Nancy M. Morris,

Secretary.

[FR Doc. E7-15556 Filed 8-8-07; 8:45 am]

BILLING CODE 8010-01-P

Footnotes Back to Top

5. See Release No. 33-8809 (Jun. 20, 2007) [72 FR 35310, Jun. 27, 2007] and Release No. 33-8810 (Jun. 20, 2007) [72 FR 35324, Jun. 27, 2007] (hereinafter “Interpretive Release”).

Back to Context

7. 17 CFR 240.13a-15(c) and 15d-15(c).

Back to Context

8. See Rule 1-02(p) of Regulation S-X [17 CFR 210.1-02(p)] and Exchange Act Rule 12b-2 [17 CFR 240.12b-2]. In this release, we are moving the definitions to new paragraph (a)(4) of Rule 1-02.

Back to Context

9. Release No. 34-54122 (Jul. 11, 2006) [71 FR 40866, Jul. 18, 2006] available at http://www.sec.gov/rules/concept/2006/34-54122.pdf.

10. See Release No. 33-8809 (Jun. 20, 2007) [72 FR 35310, Jun. 27, 2007].

11. Release No. 33-8762 (Dec. 20, 2006) [71 FR 77635, Dec. 27, 2006].

12. See, for example, letters from Cardinal Health, Inc. (“Cardinal”), Edison Electric Institute, and Protiviti to Release No. 33-8762, File No. S7-24-06.

13. See, for example, letters from Cardinal and Protiviti to Release No. 33-8762, File No. S7-24-06.

Back to Context

14. Release No. 33-8811 (Jun. 20, 2007) [72 FR 35346, Jun. 27, 2007].

Back to Context

15. The comment letters are available for inspection in the Commission's Public Reference Room at 100 F Street, NE., Washington, DC 20549 in File No. S7-24-06, or may be viewed at http://www.sec.gov/comments/s7-24-06/s72406.shtml.

Back to Context

16. See Section 302(a)(4) of the Sarbanes-Oxley Act (requiring signing officers to certify that they are responsible for establishing and maintaining internal controls and have designed the internal controls to ensure that material information relating to the issuer is made known to the signing officers, and have disclosed any significant deficiencies in internal control to the independent auditors and audit committee) [15 U.S.C 7241].

Back to Context

17. See PCAOB Proposed Auditing Standard, An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements and Related Other Proposals (PCAOB Release No. 2006-007, Dec. 19, 2006).

Back to Context

18. See, for example, letters from BDO Seidman, LLP; Center for Audit Quality; Committees on Federal Regulation of Securities and Law and Accounting of the Section of Business Law of the American Bar Association; Deloitte Touche LLP; Ernst Young LLP; Financial Executives International—Small Public Company Task Force; Grant Thornton LLP; KPMG LLP; PepsiCo; PricewaterhouseCoopers LLP; The Internal Auditors Division of the Securities Industry and Financial Markets Association; Sprint Nextel Corporation; and The Institute of Internal Auditors.

Back to Context

19. See, for example, letters from BDO Seidman LLP; Center for Audit Quality; Committees on Federal Regulation of Securities and Law and Accounting of the Section of Business Law of the American Bar Association; Deloitte Touche LLP; Ernst Young LLP; Grant Thornton LLP; KPMG LLP; and PricewaterhouseCoopers LLP.

Back to Context

20. See, for example, letters from BDO Seidman, LLP; Committees on Federal Regulation of Securities and Law and Accounting of the Section of Business Law of the American Bar Association; Deloitte Touche LLP; Ernst Young LLP; Grant Thornton LLP; PepsiCo; Society of Corporate Secretaries and Governance Professionals; U.S Chamber Center for Capital Market Competitiveness; and The Institute of Internal Auditors.

Back to Context

21. See, for example, letters from Financial Executives International—Small Public Company Task Force; PricewaterhouseCoopers LLP; and Simone Heidema and Erick Noorloos.

Back to Context

22. See comments received for Releases 34-55912 and 34-55876.

Back to Context

23. See, for example, letters from BDO Seidman, LLP; Deloitte Touche LLP; Ernst Young LLP; Financial Executives International—Small Public Company Task Force; Grant Thornton LLP; PepsiCo; and PricewaterhouseCoopers LLP.

Back to Context

24. See letter from The Society of Corporate Secretaries and Governance Professionals.

Back to Context

25. See, for example, letters from Keith Bishop; New York State Society of Certified Public Accountants; Sprint Nextel Corporation; and U.S. Chamber Center for Capital Market Competitiveness.

Back to Context

26. See, for example, letters from New York State Society of Certified Public Accountants; U.S. Chamber Center for Capital Market Competitiveness.

Back to Context

27. Rule 1-02(a)(4) of Regulation S-X [17 CFR 210.1-02(a)(4)]. We are adding a new paragraph (a)(4) to the rule to define both the terms “material weakness” and “significant deficiency.” “Material weakness” was previously added to paragraph (p) of Rule 1-02.

Back to Context

28. See Release No. 33-8762 (December 20, 2006) [71 FR 77635, Dec. 27, 2006] and Release No. 33-8809 (Jun. 20, 2007) [72 FR 35310, Jun. 27, 2007].

Back to Context

29. See, for example, letters from BDO Seidman, LLP; Committees on Federal Regulation of Securities and Law and Accounting of the Section of Business Law of the American Bar Association; and Deloitte Touche LLP.

Back to Context

30. See, for example, letters from BDO Seidman, LLP; PepsiCo; Society of Corporate Secretaries and Governance Professionals; and The Institute of Internal Auditors.

Back to Context

31. See, for example, letters from BDO Seidman, LLP; Grant Thornton LLP; PricewaterhouseCoopers LLP; and The Institute of Internal Auditors.

Back to Context

32. See letter from U.S. Chamber Center for Capital Market Competitiveness and New York State Society of Certified Public Accountants.

Back to Context

33. See, for example, letters from BDO Seidman, LLP; Center for Audit Quality; Deloitte Touche LLP; Ernst Young LLP; Grant Thornton LLP; PepsiCo; PricewaterhouseCoopers LLP; and Sprint Nextel Corporation.

Back to Context

34. See, for example, letters from BDO Seidman, LLP; Committees on Federal Regulation of Securities and Law and Accounting of the Section of Business Law of the American Bar Association; Deloitte Touche LLP; Ernst Young LLP; Grant Thornton LLP; PepsiCo; PricewaterhouseCoopers LLP; and The Institute of Internal Auditors.

Back to Context

37. See Release No. 33-8762 (December 20, 2006) [71 FR 77635, Dec. 27, 2006] and Release No. 33-8809 (Jun. 20, 2007) [72 FR 35310, Jun. 27, 2007].

Back to Context

38. See, for example, letters from BDO Seidman, LLP; Grant Thornton LLP; PepsiCo; and PricewaterhouseCoopers LLP.

Back to Context

39. See for example, letters from BDO Seidman, LLP; Deloitte Touche LLP; Ernst Young LLP; Grant Thornton LLP; PepsiCo; PricewaterhouseCoopers LLP; and The Institute of Internal Auditors.

Back to Context
Site Feedback