A recent analysis of control deficiencies disclosed in 2004—predating disclosures mandated by Sarbanes-Oxley—indicates companies probably are understating deficiencies in audit committee effectiveness and information technology controls.
The study reviewed and analyzed control deficiency disclosures by a sample of 329 companies in their filings with the Securities and Exchange Commission over a 12-month period. It found only one vague disclosure among nearly 1,000 that addressed a deficiency in the audit committee, and only about 5 percent of all disclosures relating to problems with information technology systems and applications.
