Definitions[edit | edit source]

Financial reporting[edit | edit source]

A material weakness is

a deficiency, or combination of deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected.[1]

Information system controls[edit | edit source]

A material weakness is

a deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis.[2]

Overview[edit | edit source]

"Weakness in control is considered ‘material’ if the absence of the control results in failure to provide reasonable assurance that the control objective will be met. A weakness classified as material implies that: — Controls are not in place and/or controls are not in use and/or controls are inadequate — Escalation is warranted There is an inverse relationship between materiality and the level of audit risk acceptable to the IS audit or assurance professional, i.e., the higher the materiality level, the lower the acceptability of the audit risk, and vice versa."[3]

References[edit | edit source]

  1. Cybersecurity: Actions Needed to Address Challenges Facing Federal Systems]], at 9 n.7.
  2. Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data, at 2 n.4.
  3. ISACA, Interactive Glossary & Term Translations (full-text).
Community content is available under CC-BY-SA unless otherwise noted.