CJ 2017 Annual Report

Item 9. Changes in and Disagreements With Accountants on Accounting and Financial Disclosure None. 118 Item 9A. Controls and Procedures Evaluation of Disclosure Controls and Procedures. As required by Rule 13a-15(b) under the Exchange Act, the Company has evaluated, under the supervision and with the participation of its management, including its principal executive officer and principal financial officer, the effectiveness of the design and operation of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) and internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) as of the end of the period covered by this Annual Report. The Company’s disclosure controls and procedures are designed to provide reasonable assurance that information required to be disclosed by the Company in reports that it files under the Exchange Act is accumulated and communicated to its management, including its principal executive officer and principal financial officer, as appropriate, to allow timely decisions regarding required disclosure and is recorded, processed, summarized and reported within the time periods specified in the rules and forms of the SEC. Based upon that evaluation, the Company’s principal executive officer and principal financial officer concluded that its disclosure controls and procedures were effective as of December 31, 2017. Management’s Report Regarding Internal Control. Management is responsible for establishing and maintaining adequate internal control over financial reporting. The Company’s internal control over financial reporting is a process designed under the supervision of its Chief Executive Officer and Chief Financial Officer to provide reasonable assurance regarding the reliability of financial reporting and the preparation of the Company’s financial statements for external purposes in accordance with generally accepted accounting principles . As of December 31, 2017, management , including the Company’s Chief Executive Officer and Chief Financial Officer , assessed the effectiveness of its internal control over financial reporting. Based on their assessment, management determined that the Company maintained effective internal control over financial reporting as of December 31, 2017. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Management’s report on internal control over financial reporting is included in Part II, Item 8 “Financial Statements and Supplementary Data” of this Annual Report. Changes in Internal Controls Over Financial Reporting. D uring January 2017, immediately following the Company’s emergence from the Chapter 11 Proceeding, we implemented a new enterprise resource planning (ERP) system, SAP, as part of our plan to enhance functionality and to support our existing and future operations. During 2017, we identified control deficiencies in the design and operating effectiveness of general information technology controls (GITCs) after the implementation of the ERP system. Specifically, we did not establish effective systems development controls, program change controls and user access controls over our new ERP system. Accordingly, the automated process-level controls and manual controls dependent upon the accuracy and completeness of information derived from our new ERP system were deemed ineffective during the first six months of 2017 and into the third quarter of 2017. These GITC control deficiencies created a reasonable possibility that a material misstatement to our consolidated financial statements would not have been prevented or detected on a timely basis, and therefore we concluded that the deficiencies represented a material weakness in our internal control over financial reporting during the first six months of 2017 and into the third quarter of 2017. The control deficiencies described above did not result in any misstatements in our consolidated financial statements as of and for the year ended December 31, 2017. Upon identification of the deficiencies, management designed and implemented additional GITCs around our new ERP system to remediate the items noted above including: (i) assessment of IT roles and responsibilities to align individuals’ access rights commensurate with their job descriptions, (ii) periodic reviews of access rights granted to users to ensure appropriate segregation of duties, (iii) additional monitoring to track and validate changes performed by critical IT functions, (iv) change management controls around locking the new ERP system production environment and (v) implementing review and approval requirements for users with access to develop and migrate program changes. We also performed additional procedures designed to ensure the reliability of our financial reporting and related financial statements as of December 31, 2017, which included extensive monitoring controls and comprehensive look-back procedures to identify and mitigate the risk of any errors as a result of the ERP system implementation. No errors in financial information were identified through these monitoring and look-back activities.   We have determined that the actions described above have sufficiently improved the Company’s internal control over financial reporting such that as of December 31, 2017, there is not a reasonable possibility that a material misstatement of