EXPEDITORS INTERNATIONAL OF WASHINGTON INC · FY 2024 

Controls & Procedures

Internal controls over financial reporting at Expeditors International were determined to be ineffective as of December 31, 2024, a conclusion supported by independent auditors. The deficiencies involve material weaknesses stemming primarily from IT general controls, which allowed unauthorized changes in databases and applications to occur without proper detection. Although management has launched a comprehensive remediation process involving external consultants, these critical control failures remain unaddressed as of the reporting period.

EXPD L1 Synthesis
  SYMBOLOGY.ONLINE l1 SYNTHESIS 

Expeditors International Of Washington Inc Controls & Procedures Synthesis

Internal Controls and Procedures Assessment: EXPEDITORS INTERNATIONAL OF WASHINGTON INC.

Management Conclusions on Control Effectiveness

Management has concluded that both its disclosure controls and procedures, as well as its internal control over financial reporting (ICFR), were not effective as of December 31, 2024. This conclusion was supported by the company's independent auditor, KPMG LLP, which issued an adverse opinion on the effectiveness of ICFR.

Key Findings and Weaknesses
  • Material Weakness: The primary finding is the existence of material weaknesses in ICFR. These deficiencies created a reasonable possibility that a material misstatement to the consolidated financial statements would not be prevented or detected on a timely basis, even though no actual misstatements were identified during the period.
  • Root Cause (IT Controls): The weaknesses stem from IT general controls over systems and processes. Specifically, unauthorized access and changes to databases and related applications could go undetected because system logic excluded certain changes from review or capture.
  • Personnel Deficiency: These control deficiencies are linked to personnel lacking specific training and experience required to fulfill internal control responsibilities related to information technology.

Remediation Efforts and Control Enhancements

Management has initiated a comprehensive remediation process under the oversight of the Audit Committee, demonstrating an active commitment to strengthening controls.

Ongoing Remediation Actions
  • External Assistance: The company engaged PwC US Consulting, LLP to assist with entity-wide risk assessment, control design assessment, and the overall remediation process.
  • Personnel & Assessment: Management is continuing to hire additional qualified personnel and conduct ongoing entity-wide risk assessments to identify relevant IT systems and process risks.
  • System Improvements (Noteworthy): The company is actively examining third-party developed software solutions designed to improve controls over system access and tracking changes to databases. Furthermore, management continues to implement enhancements specifically designed to strengthen IT change management and logical access processes.
Status of Remediation
  • Weakness: Despite these efforts, the material weaknesses are not yet fully remediated. Management noted that additional control deficiencies were identified during the remediation review process. Full remediation remains uncertain due to the complexity and interdependencies of legacy and current systems, and the time required for third-party software implementation.

Changes in Internal Controls During Reporting Period

Control Modifications
  • General Status: Except for the ongoing remedial actions related to the material weaknesses, there were no other changes in ICFR that materially affected or are reasonably likely to affect internal control during the most recent fiscal quarter.
  • Noteworthy Oversight Increase (Strength): The Audit Committee has significantly increased its oversight of remediation efforts by requiring monthly reports and formal comprehensive presentations from the Chief Information Officer, Chief Information Security Officer, and Chief Technology Officer at all Audit Committee meetings.