Last year, we discussed the rise in information technology-related disclosures in both effective and ineffective disclosure controls among the Russell 3000. In this post, we continue our analysis by taking a closer look at all 26 issues that were flagged in ineffective disclosure controls using Audit Analytics proprietary issues taxonomy over the last twelve years. Additionally, we looked at 28 accounting-related issues.1
Section 302 of the Sarbanes-Oxley Act (SOX 302) mandates that public companies establish a system of effective Disclosure Controls. The signing officers are required to certify that that they (1) are responsible for establishing and maintaining disclosure controls and procedures, (2) have designed, or supervised the design of, disclosure controls and procedures to ensure that all material information is made known and (3) identify any changes in internal controls that occurred during the given period.
As illustrated in the graph below, the number of ineffective disclosure controls has decreased by 10%, dropping from 273 in 2016 to 242 in 2017. Although some filings in this sample may be amended in the future, it is still likely that we will continue to see a downward trend for ineffective disclosure controls in 2017.2
We use two categories when analyzing disclosure controls: general control issues and accounting issues. For this post, we looked at various taxonomies in each category to better understand our sample of ineffective disclosure controls. It is important to note that for either category of issues – general controls or accounting-related controls – there can be numerous overlaps. Many ineffective disclosures will not only have multiple issues tagged in regards to general controls issues, but there may be an overlap with accounting-related issues as well.
First, we looked at over twenty taxonomies for general controls issues. The financial close process, including timeliness issues, is the most common general control issue cited with 240 disclosures. Personnel inadequacies and segregation of duty issues is the second most common general control issue with 158 disclosures in 2017.
Ineffective disclosure controls citing accounting issues have steadily increased since 2013, though the majority of taxonomies saw an overall dip in 2017. The two most commonly cited accounting-related issues in ineffective disclosure controls are taxes and revenue recognition.
Following this trend, there has been a gradual increase in IT-related issues in both effective and ineffective disclosure controls from 2011 to 2016.3 However, there was a drop in 2017, with ineffective IT disclosure controls seeing an 8% decrease.
This post summarizes just a few of our findings, as our analysis yielded more insights than we initially anticipated. Stay tuned for a longer, more detailed analysis of trends in disclosure controls provided in our upcoming report, Trends in Ineffective Disclosure Controls, expected to be released next month.
For more information on disclosure controls, please contact us at 508-476-7007 or email us at info@auditanalytics.com.
1. Audit Analytics maintains a database with every SOX 302 assessment analyzed back to 2002 categorized with our proprietary issues taxonomy ↩
2. Please note that the number of ineffective disclosure controls cited in 2015 and 2016 increased from last year’s post due, in part, to late or amended filings.↩
3. Effective controls with IT-related issues are controls that management reports are effective, but the disclosure includes an IT-related issue that does not constitute a material weakness. ↩