ITEM 9A.
Controls and Procedures
(a)
Evaluation of Disclosure Controls and Procedures
.
The Company’s management, with the participation of the Company’s Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of the Company’s disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) of the Securities Exchange Act of 1934) as of December 31, 2017. Based on that evaluation, the Company’s management, including such officers, concluded that as of December 31, 2017 the Company’s disclosure controls and procedures were effective to provide reasonable assurance that information required to be disclosed by the Company in the reports that we file or submit under the Securities Exchange Act of 1934 is accumulated and communicated to the Company’s management, including the Chief Executive Officer and Chief Financial Officer, to allow timely decisions regarding required disclosure and is recorded, processed, summarized, and reported within the time periods specified in the rules and forms of the Securities and Exchange Commission.
(b)
Management’s Report on Internal Control Over Financial Reporting.
The Company’s management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Rule 13a-15(f) and 15d-15(f) under the Securities Exchange Act of 1934. Under the supervision and with the participation of the Company’s management, including our principal executive officer and principal financial officer, we conducted an evaluation of the effectiveness of our internal control over financial reporting based on the framework in
Internal Control - Integrated Framework (2013)
issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on our evaluation under the framework, our management concluded that our internal control over financial reporting was effective to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles as of December 31, 2017.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may
deteriorate.
The effectiveness of our internal control over financial reporting as of December 31, 2017 has been audited by KPMG LLP, an independent registered public accounting firm, as stated in their report, which is included below.
(c)
Changes in Internal Control Over Financial Reporting
.
There were no changes in our internal control over financial reporting during the fiscal quarter ended December 31, 2017 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
(d)
Report of Independent Registered Public Accounting Firm
.
To the Stockholders and Board of Directors
OraSure Technologies, Inc.:
Opinion on Internal Control Over Financial Reporting
We have audited OraSure Technologies, Inc. and subsidiaries’ (the Company) internal control over financial reporting as of December 31, 2017, based on criteria established in
Internal Control – Integrated Framework (2013)
issued by the Committee of Sponsoring Organizations of the Treadway Commission. In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2017, based on criteria established in
Internal Control – Integrated Framework (2013)
issued by the Committee of Sponsoring Organizations of the Treadway Commission.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of December 31, 2017 and 2016, the related consolidated statements of income, comprehensive income, stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2017, and the related notes (collectively, the consolidated financial statements), and our report dated February 28, 2018 expressed an unqualified opinion on those consolidated financial statements.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control Over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in
accordance with generally acce
pted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositi
ons of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of
the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s as
sets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/ KPMG, LLP
Philadelphia, Pennsylvania
February 28, 2018