Subject: File No. S7-24-06
From: Faisal Danka
Affiliation: MBA, CISA, CISM, CISSP, PRINCE2, Post Grad Program in Finance - Harvard University

February 19, 2007

Page 77642

under d:

It states: " For purposes of the evaluation of ICFR, management only needs to evaluate those general IT controls that are necessary to adequately address financial reporting risks."

It would be helpful to clarify a bit more, ie. logical access and program change controls. Unless there is an expectation to have overkill of even physical security controls. SEC's view on it should be clarified to avoid excessive efforts with less fruition.