Management develops policies and practices to periodically assess and communicate deficiencies that result from the entity's monitoring activities and other sources. Management establishes a practice where all deficiencies in internal control over external financial reporting, regardless of materiality, are reported to the responsible manager and at least one level of management above, both of whom are positioned to take or oversee corrective action. Management also classifies deficiencies for the further reporting to senior management or the board based on criteria established by standard setters or regulators. ^{fn 31} The criteria could include the following:

The senior management of Adelie Telecom receives a quarterly report of deficiencies prepared by its internal audit department. On the third-quarter report this year, deficiencies were reported from several sources, including the following:

The management of Skea and Associates, an international insurance services organization, classifies financial reporting control deficiencies identified from its monitoring activities as deficiencies, significant deficiencies, or material weaknesses. The communication structure for reporting deficiencies is based on their potential impact on the organization.

For each level of deficiency, ^{fn 32} the company's internal reporting structure calls for certain reporting procedures:

Management establishes a practice to review the status of corrective actions taken to verify that reported deficiencies are remediated in a timely manner. The corrective action practice may include:

The senior management of Lwiski Manufacturing tracks all control deficiencies identified during monitoring activities and assesses their impact on the organization. These control deficiencies are reported to the management team responsible for the relevant business unit. If necessary, the management team works with internal audit to develop the remediation plan, and internal audit provides oversight to verify deficiencies are remediated in a timely manner.

Specifically, the plan calls for one individual within the business unit to be assigned responsibility for remediating specific control deficiencies. A time frame for remediation is assigned to each control deficiency, based on its ranking. Working together, management and internal audit verify that deficiencies are remediated within the specified time frame.

Mr. James, the chief audit executive of Puna Incorporated, has established a database that tracks management action plans related to issues coming from internal audit reports. Mr. James receives timely updates on the status of actions from business process owners, and also periodically reports to the audit committee summaries of the status of action plans. The reporting includes the percent of action plans implemented on time by business unit.

When sufficient action has not been able to be taken by the business on important internal audit issues by the original reported implementation date, the process owner for the area is invited to attend the audit committee and explain the issues associated with implementation of appropriate actions.

The board of directors develops a shared expectation with senior management on the types of control deficiencies that get reported to the board. The board of directors understands the facts and circumstances regarding internal control deficiencies that impact external financial reporting and provides oversight on management's conclusions and remediation plans.

Klemmens and Waters provide air transportation services. The management of the company periodically develops a report of significant deficiencies and material weaknesses, a summary of minor deficiencies, and a summary of past deficiencies. The purpose is to track whether deficiencies are being remediated in a timely manner. The reports are presented to the board for review.

Management has also developed with the audit committee a shared expectation, which states that regardless of the previous categorization, management will report all deficiencies resulting from:

The audit committee is briefed on the cause of the reported deficiencies and provides oversight of management's assessment of the deficiencies and the actions and status of remediation plans.