Internal Controls and Procedures Assessment Summary
EXPEDITORS INTERNATIONAL OF WASHINGTON INC.
This report synthesizes management's disclosures regarding the effectiveness of Disclosure Controls and Procedures (DCP) and Internal Control Over Financial Reporting (ICFR) as of December 31, 2025. The assessment indicates a transition from previously identified material weaknesses to an effective control environment following significant remediation efforts.
Management Conclusions on Effectiveness
Disclosure Controls and Procedures (DCP)
Management concluded that the company's disclosure controls and procedures were effective as of December 31, 2025. This conclusion was reached specifically "as a result of actions taken to remediate the previously reported material weaknesses." Consequently, management asserts that the consolidated financial statements fairly present the company’s financial position in all material respects.
Internal Control Over Financial Reporting (ICFR)
Management concluded that ICFR was effective as of December 31, 2025. This assessment utilized the criteria set forth by COSO (2013). The system is designed to provide reasonable assurance regarding the reliability of financial reporting and adherence to U.S. GAAP.
Identified Weaknesses and Deficiencies
Previous Material Weakness (As of December 31, 2024)
The company previously disclosed material weaknesses in ICFR related to logical access and change management within certain IT systems. The root cause was identified as personnel lacking specific training and experience required for internal control responsibilities concerning information technology general controls.
Current Status Assessment (Strength)
A key strength noted is that the previous control deficiencies did not result in any identified misstatements to the consolidated financial statements, nor were there changes to previously released financial results.
Changes and Remediation Efforts
The most significant portion of the disclosure focuses on the comprehensive remediation plan implemented following the prior material weaknesses.
Noteworthy Remediation Actions (Strengths)
Management undertook extensive actions under the oversight of the Audit Committee:
- External Assistance: Engaged PwC US Consulting, LLP to assist with entity-wide risk assessment and the overall remediation process.
- Personnel & Training: Hired additional qualified personnel and conducted ongoing training for staff fulfilling IT control responsibilities.
- Risk Management: Maintained a continuous process of ongoing entity-wide risk assessments.
New Controls and Procedures Introduced (Noteworthy Changes)
To address the deficiencies in logical access and change management, several new controls were implemented:
- Software Implementation: Implemented additional third-party industry-standard software solutions designed to aid in tracking changes to databases and related applications, thereby improving controls over system access and monitoring.
- Process Strengthening: Implemented specific systems, procedures, and controls designed to strengthen IT change management and logical access processes.
Changes During Reporting Period (Weakness/Limitation)
Aside from the remediation of the previously reported material weaknesses, there were no other changes in ICFR that materially affected or are reasonably likely to affect the control environment during the most recent fiscal quarter.