Internal Controls and Disclosure Procedures Assessment Report
Overall Control Status Summary
Management concluded that both the company's disclosure controls and procedures, as well as its internal control over financial reporting (ICFR), were effective as of December 31, 2021. However, the report highlights significant operational changes and risks stemming from a major cyber-attack and ongoing system modernization efforts, which represent noteworthy challenges to the control environment.
Management Conclusions on Controls
Disclosure Controls Effectiveness
- Conclusion: The Chief Executive Officer and Chief Financial Officer concluded that disclosure controls and procedures were effective as of the reporting period at the reasonable assurance level.
- Evidence: "Based upon that evaluation, the Chief Executive Officer and Chief Financial Officer concluded that our disclosure controls and procedures were effective as of the end of the period covered by this report at the reasonable assurance level."
Internal Control Over Financial Reporting (ICFR) Effectiveness
- Conclusion: Management assessed ICFR based on the COSO framework and concluded that internal control over financial reporting was effective as of December 31, 2021.
- Evidence: "Based on this assessment, management has concluded that, as of December 31, 2021, our internal control over financial reporting was effective."
Material Weaknesses and Control Deficiencies
- No material weaknesses or significant deficiencies in ICFR were identified during the period covered by the report. The filing explicitly states there were no changes to internal controls that materially affected ICFR in the most recent fiscal quarter.
Changes, Remediation, and New Controls (Noteworthy Events)
The reporting period included several noteworthy operational shifts and risks:
System Modernization and Transition
- New Control/Procedure: The company is developing a new accounting system, which will be implemented globally over the next several years. This transition inherently affects existing ICFR processes and requires ongoing testing for operating effectiveness.
- Impact: This modernization effort represents an ongoing change to the control environment designed to improve efficiency in financial and transactional processes.
Cyber-Attack Incident and Remediation Efforts (Critical Change)
- Change/Event: A critical event occurred on February 20, 2022, when a cyber-attack forced the company to shut down most of its global operating systems, including accounting systems, to ensure system safety. This represents a major disruption and change in operational controls.
- Remediation/New Controls: The company is currently bringing enterprise systems back online and plans to implement enhancements to existing cybersecurity systems and processes beginning in the first quarter of 2022.
Inherent Limitations and Scope
Management provided standard disclosures regarding the inherent limitations of any internal control system:
- Limitations: Management noted that no system can provide absolute assurance against all errors or intentional fraud, due to resource constraints and the nature of controls.
- Scope: The ICFR system is designed to provide reasonable assurance regarding the reliability of financial reporting, including ensuring transactions are recorded accurately and preventing unauthorized use of assets.