http://www.theiia.org/intAuditor/itaudit/archives/2006/november/introducing-new-it-systems-into-a-sarbanes-oxley-compliant-environment/ Blogen-us Thu, 01 Dec 2011 08:31:53 AMThu, 01 Dec 2011 08:31:53 AM http://www.theiia.org/intAuditor/itaudit/archives/2006/november/introducing-new-it-systems-into-a-sarbanes-oxley-compliant-environment/2011-11-24This article has been pretty usefull for our day to day duties, however I'd like to know whether you´ve got a more updated version of this information due that this one corresponds to 2006. As per my understanding, the table 1 refers better when you are in a remediation process rather than testing your controls. If you consider that frequency of the control you might also take into consideration the risk associated due that it'd not be the same a a low risk control with a high risk level control