Our company went public in 2018, we have been diligently working to get up to SOX404 standards. In 2019 one of our major requirements was creating a repository and baseline testing of all of our Key Reports (ITDCs). We are now looking for the most efficient way to manage the baseline as we go forward and were wondering what other companies do as a best practice (ie. Test all reports every year or put on a rotation? Did you add one SOX Control to your RCM to cover all reports, add a control by system to cover reports generated by the system, a control by process, etc... Are they tested by IT or by the business?) Any information you could share would be greatly appreciated.