This question came to my mind after hearing multiple companies state it is a Sarbanes-Oxley requirement that they perform a recovery audit every one, two, or three years. As a company that provides recovery audit services and solutions, you would think this would put a smile on my face. But many years ago I was also an external auditor and CPA. So, it got me thinking about Sarbanes-Oxley, the COSO framework, and the overall spirit of SOX...