February 19, 2007
It states: " For purposes of the evaluation of ICFR, management only needs to evaluate those general IT controls that are necessary to adequately address financial reporting risks."
It would be helpful to clarify a bit more, ie. logical access and program change controls. Unless there is an expectation to have overkill of even physical security controls. SEC's view on it should be clarified to avoid excessive efforts with less fruition.