Avaya Holdings disclosed its assessment of internal control over financial reporting (ICFR) in its fiscal year 2021 annual report can’t be relied upon, along with acknowledging weaknesses in its ethics and compliance program.

The deficiencies in ICFR represented “material weaknesses,” the cloud technology company said in a filing with the Securities and Exchange Commission (SEC) on Wednesday. While Avaya contends with the control lapses, the company will file late its annual report for the year ended Sept. 30, 2022, it disclosed separately.

The announcements follow internal investigations and audits the company launched after learning its financial results for the quarter ended June 30, 2022, would be “significantly lower than previous expectations,” according to a late filing notice Avaya delivered to the SEC on Aug. 9.

One of the investigations focused on the circumstances surrounding the company’s lower financial results, while another looked at how a whistleblower tip came to be mishandled.

The whistleblower tip was sent to a board member via email, and the board undertook an independent investigation, with the help of outside counsel, before concluding the claims were unsubstantiated. The board failed to inform others, including the company’s outside accounting firm PricewaterhouseCoopers (PwC), about the email and the investigation, the company said.

The investigations, which reviewed the effectiveness of Avaya’s ICFR as of Sept. 30, 2021, found the company didn’t design and maintain effective controls over the communication component of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework.

The company also did not design and maintain effective controls over its ethics and compliance program, it concluded.

PwC’s opinion in the Nov. 22, 2021, Form 10-K relating to the effectiveness of the company’s ICFR as of Sept. 30, 2021, “should no longer be relied upon,” Avaya added.

The company’s audit committee is creating a remediation plan that will include “broadening its policies and procedures related to appropriate maintenance of its whistleblower log and the proper dissemination of related information and materials, including those received by members of the board, and providing additional and continuing training for employees and members of management to ensure information is appropriately communicated to all relevant personnel in connection with SEC filings and/or the preparation of our consolidated financial statements or other matters,” Avaya said.

The audit committee is continuing to investigate other possible material weaknesses, the company said.

On Nov. 7, Avaya announced General Counsel Vito Carnevale, who oversees the company’s legal, compliance, and security functions, would report to Chief Executive Alan Masarek. Masarek, the former CEO of Vonage, joined the company Aug. 1, after former CEO Jim Chirico was removed from his positions.

Avaya Chief Financial Officer Kieran McGrath retired Thursday.

Avaya declined a request for further comment.

Editor’s note: This story was updated Dec. 5 to reflect Avaya’s assessment of ICFR could not be relied upon in the opening sentence.