Sometime last February, the IIA released the Guide to the Assessment of IT (GAIT) General Controls Scope Based on Risk, a guidance on identifying IT General Controls that should be tested as a part of an annual assessment of internal controls over financial reporting. The objective of this guidance is to help reduce SOX compliance costs incurred by auditors through a more efficient risk based approach in doing annual SOX compliance assessments. Read more...