Report of Independent Registered Public Accounting Firm
The Board of Directors
TerraForm Power, Inc.:
We have audited TerraForm Power, Inc.’s (the Company) internal control over financial reporting as of December 31, 2016, based on criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). TerraForm Power, Inc.’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit.
We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. The following material weaknesses have been identified and included in Management’s Report on Internal Control over Financial Reporting:
Ineffective (a) process to ensure that all employees, including management, and outsourced service providers, annually confirm their compliance with the Company’s Code of Business Conduct and that deviations from the expected standards of conduct are identified and remedied in a timely manner and (b) maintenance of a whistleblower hotline;
Ineffective Board oversight and management monitoring activities over financial reporting processes and internal controls;
Insufficient number of trained resources with assigned responsibility and accountability for financial reporting processes and the effective design and operation of internal controls;
Ineffective documented and continuous risk assessment process (a) to identify and analyze risks of financial misstatement due to error and/or fraud; (b) to identify and assess necessary changes in generally accepted accounting principles and financial reporting processes and internal controls impacted by changes in the business model resulting from growth from acquisitions, changes in information systems, changes at SunEdison and transition of key personnel; and (c) to ensure appropriate control activities were established through policies and procedures to carry out management's directives to mitigate risks to the Company's financial reporting objectives;
Ineffective information and communication processes to ensure that appropriate and accurate information is available to financial reporting personnel on a timely basis;