On June 20, the Securities and Exchange Commission issued an interpretive release to provide guidance for management regarding the evaluation and assessment of internal control over financial reporting required under Section 404 of the Sarbanes-Oxley Act of 2002, providing a procedure to conduct a top-down, risk-based evaluation of internal controls. The evaluation process guidance explains the identification of financial reporting risks and the evaluation of whether the controls management has implemented adequately address those risks, as well as an approach for making judgments about the methods and procedures for evaluating whether the operation of internal control over financial reporting is effective.

On June 20, the SEC also issued a final rule (i) providing that an evaluation that complies with its new interpretive guidance is one way (but not the only way) to satisfy the requirement for management’s report assessing internal controls under Section 404, (ii) defining the term “material weakness,” and (iii) revising the requirements regarding the auditor’s attestation report on the effectiveness of internal control over financial reporting to clarify that the auditor must directly express an opinion on the effectiveness of internal control over financial reporting, not simply on management’s assessment of such controls. “Material weakness” is defined by the new rule as a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the registrant’s annual or interim financial statements will not be prevented or detected on a timely basis.