EX-23.0 2 exhibit230201810k.htm EXHIBIT 23.0 Exhibit


Exhibit 23.0
CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
The Board of Directors
OceanFirst Financial Corp.:
We consent to the incorporation by reference in the registration statements (No. 333-215270; No. 333-215269; No. 333-177243; No. 333-141746; and No. 333-222811) on Form S-8 in registration statements (No. 333-213307; and No. 333-209590) on Form S-4, as amended by Post-Effective Amendments No. 1 on Form S-8, the registration statement (No. 333-220235) on Form S-4, as amended by Post-Effective Amendment No. 1 on Form S-8 and Post-Effective Amendment No. 2 on Form S-3 and in registration statement (No. 333-213487) on Form S-3 of OceanFirst Financial Corp., of our reports dated March 15, 2019, with respect to the consolidated statements of financial condition of OceanFirst Financial Corp. and subsidiaries (the Company) as of December 31, 2018 and 2017, the related consolidated statements of income, comprehensive income, changes in stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2018, and the related notes (collectively, the "consolidated financial statements"), and the effectiveness of internal control over financial reporting as of December 31, 2018, which reports appear in the December 31, 2018 annual report on Form 10-K of the Company.
Our report dated March 15, 2019, on the effectiveness of internal control over financial reporting as of December 31, 2018, expresses our opinion that the Company did not maintain effective internal control over financial reporting as of December 31, 2018 because of the effect of material weaknesses on the achievement of the objective of the control criteria and contains explanatory paragraphs that state:
The Company did not have effective information technology general controls (“ITGCs”) related to user access over the core banking IT system used for financial reporting. As a result of improper risk assessment in deploying control activities around access policy, access to the core banking IT system was granted by IT personnel to retail and back office personnel that was not commensurate with assigned job responsibilities, and therefore created segregation of duties conflicts.
The Company also did not have effective monitoring controls that were designed to address the completeness and accuracy of daily reports generated by the core banking IT system that included data fields subject to these access deficiencies.
As a result, certain of the Company’s manual process level controls related to the loan and deposit account balances that are dependent upon the completeness and accuracy of data derived from the core banking IT systems were ineffective because they could have been adversely impacted by the ineffective ITGCs and monitoring controls.
/s/ KPMG LLP
Short Hills, New Jersey
March 15, 2019