Very recently, one of the Big 4 accounting firms cited its client with a SOX Significant Deficiency in controls due to excessive use of Privileged Accounts. I can't say that this is the first time, but the implications are tremendous. Historically, financial auditors have been uneasy with the relationship between infrastructure security and the integrity of financial applications and data. They also need to be a bit courageous with their clients, as they have likely not made an issue of this in the past.
A Significant Deficiency in control is defined as: A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of a registrantÔÇÖs financial reporting. That is to say, the deficiency(ies) could have an adverse impact on the ability of a company to record, process, summarize and report financial information.