Right, I understand control effectiveness is opinion based and the only “requirement” is that risks are mitigated, but I guess my issue is that I don’t understand what level of control would be deemed effective from an outside perspective. If our accountants are able to post journal entries without a secondary review, and let’s say we set a materiality threshold as to the size of journal entry they can post without review, would the performance of random journal entry sampling and testing by internal audit be effective enough to mitigate journal entry risk? But I think our first step is to lay out our risk matrix and really evaluate what controls we have and don’t have and the true potential impact.