Defining material weaknesses, failures, and errors within information processes, information systems, and IT assets

Status: Live

The organization and audit team will define what constitutes material weaknesses, failures, and errors within information processes, information systems, and IT assets. [UCF ID 01240]

Supporting and supported controls

This control directly supports:

There are no supporting controls.

Authority documents complied with:

The Sarbanes-Oxley Act of 2002, § 302(a)(5)(A); Clinger-Cohen Act (Information Technology Management Reform Act), App III § 5; Federal Information System Controls Audit Manual (FISCAM), February 2009, App VII; GAO/PCIE Financial Audit Manual (FAM), § 260.55, § 580.33; The Standard of Good Practice for Information Security, NW2.3.5(a); Turnbull Guidance on Internal Control, UK FRC, October 2005, ¶ 24; Corporate Governance in listed Companies – Clause 49 of the Listing Agreement, § V; OMB Circular A-123 Management’s Responsibility for Internal Control, § III (IG Act)

Sarbanes Oxley Guidance

All significant deficiencies or material weaknesses of the internal controls that affect the organization's ability to record, process, summarize, and report financial data must be disclosed to the auditors. [§ 302(a)(5)(A), The Sarbanes-Oxley Act of 2002]

The organization should use audit recommendations to identify and correct problems. [§ III (IG Act), OMB Circular A-123 Management’s Responsibility for Internal Control]

US Federal Security Guidance

[App III § 5, Clinger-Cohen Act (Information Technology Management Reform Act)]

[App VII, Federal Information System Controls Audit Manual (FISCAM), February 2009]

[§ 260.55, § 580.33, GAO/PCIE Financial Audit Manual (FAM)]

General Guidance

Manual audits should be conducted on all external connections to identify any unauthorized connections by comparing all actual external connections with the inventory of known external connections. [NW2.3.5(a), The Standard of Good Practice for Information Security]

UK and Canadian Guidance

[¶ 24, Turnbull Guidance on Internal Control, UK FRC, October 2005]

Asia and Pacific Rim Guidance

The CEO and CFO must certify to the Board of Directors that they have disclosed to the audit committee and auditors any deficiencies in the design or operation of internal controls and the steps that have been taken to correct the deficiencies. [§ V, Corporate Governance in listed Companies – Clause 49 of the Listing Agreement]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.