Recently, the SEC’s Office of Inspector General issued this report summarizing its audit of Corp Fin’s disclosure review program. The purpose of the audit was two-fold as to whether the review program:
- Concentrated its resources on critical disclosures by implementing a risk-based process for selecting and reviewing filers’ periodic reports and transactional filings, and;
- Met its statutory requirements for reviewing filers’ financial statements within the most recent three-year period under Section 408 of Sarbanes-Oxley.
The audit found:
1. Documentation and guidance on annual report selection and scoping were lacking. Over the last two years, Corp Fin’s rationale for selecting companies for elective annual report reviews was often unclear. Scoping decisions for both required and elective reviews lacked clarity.
2. Inconsistent documentation stemmed from a lack of comprehensive guidance for selecting and scoping reviews. Internal guidance has remained in draft form since May 2017. And that draft guidance fails to address five of the six required risk factors for company review selection.
The Inspector General made these five recommendations and suggestions:
- Document important information about how annual reports are selected for elective review and scoped, including any relevant risk factors,
- Coordinate with the SEC’s Office of the General Counsel to finalize Section 408 guidance, including a description of all six factors to be considered and an interpretation of the minimum review period mandate.
- Develop a plan that prioritizes the disclosure review program goals and requirements in the event of significant staffing decreases and/or significant workload increases.
- Consider automating aspects of the disclosure review program.
- Consider consolidating the disclosure review IT systems.
Authored by

Broc Romanek