As securities lawyers know, disclosure is generally regarded as the best disinfectant.  However, in a recent enforcement action, the SEC determined that disclosure is not always enough.  Specifically, when it comes to internal controls over financial reporting, or ICFR, companies need to actually fix the problems they disclose.

In the action, the SEC cited