Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Physical and logical access controls - A pre-requsite for Internal Controls

2,398 views

Published on

Internal Controls truly forms an integral part for the efficient functioning in any business. The use of information technology to operate business is picking up rapid pace.

Physical and Logical Access Controls are the two areas to begin implementing internal controls. The objective of all IT related Internal controls is to protect confidentiality, integrity and availability of Data.

This presentation was jointly presented by Tarish Vasant (tarishvasant@gmail.com) and myself (Bharath Rao, mailme@bharathraob.com) at the National Conclave held at Udupi on 6th January conducted by the Board of Studies of the Institute of Chartered Accountants of India and the Udupi Branch of SIRC of ICAI.

Published in: Business
  • Be the first to comment

Physical and logical access controls - A pre-requsite for Internal Controls

  1. 1. PHYSICAL AND LOGICAL ACCESS CONTROLS A PRE-REQUISITE FOR INTERNAL CONTROLS?
  2. 2. OUTLINE Internal Controls Physical Access Controls Logical Access Controls Regulations
  3. 3. WHAT ARE INTERNAL CONTROLS?
  4. 4. INTERNAL CONTROLS  The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regards to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets and compliance of applicable laws and regulations.  The terms “control” refers to any aspect of one or more of the components of the internal controls.
  5. 5. FORMULA OF INTERNAL CONTROL General Controls IS Controls Internal Controls
  6. 6. IS CONTROLS IS Controls Application Controls IT General Controls
  7. 7. OBJECTIVE OF IS CONTROLS Maintaining Confidentiality Preserving Integrity Ensuring Availability
  8. 8. INTERNAL CONTROLS Physical Access Controls Logical Access Controls
  9. 9. SOME TERMS Risk Risk is generally defined as the combination of the probability of an event and its negative consequence Control Control Objective It is generally a contention and states a criteria for implementing and evaluating the entity’s control procedures in a specific area. Control Design Documented Blueprint of the Control Control Operation Actual Execution of the Control which is documented is operating as required.
  10. 10. PHYSICAL ACCESS CONTROLS GENERAL SECURITY
  11. 11. WHAT ARE PHYSICAL ACCESS CONTROLS?
  12. 12. ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES  Enforcement of Policies and Procedures relating to management and security.  Restriction of access to sensitive areas.  Proper execution of procedures for Visitor Management  Revocation of access privileges on termination of employment  Constant monitoring of the premises  Screening of baggage and frisking of employees and visitors
  13. 13. LOGICAL ACCESS CONTROLS APPLICATION AND GENERAL SECURITY
  14. 14. WHAT ARE LOGICAL ACCESS CONTROLS  They refer to controls that provide relevant authorization to appropriate personnel for the applications.  This area of controls include –  Granting Access  Monitoring Access  Revoking Access  Preventing Conflict of Roles – Segregation of duties
  15. 15. ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS CONTROLS (SECURITY)  Execution of security administration policies and procedures  Avoidance of conflict of duties of personnel having security roles  Approvals, Authorization and Documentation of access of new employees  Revocation of access of terminated employees performed in a timely manner  Periodical Review of user access roles and rights  Enforcement of access password complexity parameters in all systems
  16. 16. WHAT ARE LOGICAL ACCESS CONTROLS?
  17. 17. WHAT ARE LOGICAL ACCESS CONTROL?
  18. 18. REGULATIONS UNDER THE COMPANIES ACT PERSPECTIVE
  19. 19. REGULATIONS – COMPANIES ACT 2013 Section Reference Regulatory Requirement Section - 134 The directors would provide a responsibility statement have laid down internal financial controls to be followed by the company and are adequate and were operating effectively. Section - 143 The auditor’s report shall state that whether the company has adequate internal financial control system in place and the operating effectiveness of such controls.
  20. 20. QUESTIONS AND THANK YOU  Tarish Vasant  tarishvasant@gmail.com  /tarishvasant Bharath Rao  mailme@bharathraob.com  /bharathraob  Bharathraob.com

×