SlideShare a Scribd company logo
PHYSICAL AND LOGICAL ACCESS CONTROLS
A PRE-REQUISITE FOR INTERNAL CONTROLS?
OUTLINE
Internal
Controls
Physical
Access
Controls
Logical
Access
Controls
Regulations
WHAT ARE INTERNAL CONTROLS?
INTERNAL CONTROLS
 The process designed, implemented and maintained
by those charged with governance, management
and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with
regards to reliability of financial reporting,
effectiveness and efficiency of operations,
safeguarding of assets and compliance of applicable
laws and regulations.
 The terms “control” refers to any aspect of one or
more of the components of the internal controls.
FORMULA OF INTERNAL CONTROL
General
Controls
IS
Controls
Internal
Controls
IS CONTROLS
IS Controls
Application
Controls
IT General
Controls
OBJECTIVE OF IS CONTROLS
Maintaining Confidentiality
Preserving Integrity
Ensuring Availability
INTERNAL CONTROLS
Physical Access
Controls
Logical Access
Controls
SOME TERMS
Risk
Risk is generally
defined as the
combination of
the probability
of an event and
its negative
consequence
Control
Control Objective
It is generally a
contention and
states a criteria
for
implementing
and evaluating
the entity’s
control
procedures in a
specific area.
Control Design
Documented
Blueprint of the
Control
Control Operation
Actual
Execution of the
Control which is
documented is
operating as
required.
PHYSICAL ACCESS
CONTROLS
GENERAL SECURITY
WHAT ARE PHYSICAL ACCESS CONTROLS?
ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES
 Enforcement of Policies and Procedures relating to
management and security.
 Restriction of access to sensitive areas.
 Proper execution of procedures for Visitor Management
 Revocation of access privileges on termination of
employment
 Constant monitoring of the premises
 Screening of baggage and frisking of employees and visitors
LOGICAL ACCESS
CONTROLS
APPLICATION AND GENERAL SECURITY
WHAT ARE LOGICAL ACCESS CONTROLS
 They refer to controls that provide relevant
authorization to appropriate personnel for the
applications.
 This area of controls include –
 Granting Access
 Monitoring Access
 Revoking Access
 Preventing Conflict of Roles – Segregation of duties
ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS
CONTROLS (SECURITY)
 Execution of security administration policies and procedures
 Avoidance of conflict of duties of personnel having security
roles
 Approvals, Authorization and Documentation of access of new
employees
 Revocation of access of terminated employees performed in
a timely manner
 Periodical Review of user access roles and rights
 Enforcement of access password complexity parameters in all
systems
WHAT ARE LOGICAL ACCESS CONTROLS?
WHAT ARE LOGICAL ACCESS CONTROL?
REGULATIONS
UNDER THE COMPANIES ACT PERSPECTIVE
REGULATIONS – COMPANIES ACT 2013
Section Reference Regulatory Requirement
Section - 134 The directors would provide a responsibility statement
have laid down internal financial controls to be followed
by the company and are adequate and were operating
effectively.
Section - 143 The auditor’s report shall state that whether the company
has adequate internal financial control system in place
and the operating effectiveness of such controls.
QUESTIONS AND THANK YOU 
Tarish Vasant
 tarishvasant@gmail.com
 /tarishvasant
Bharath Rao
 mailme@bharathraob.com
 /bharathraob
 Bharathraob.com

More Related Content

What's hot

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Cloud security
Cloud security Cloud security
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
Aujas
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
Dedi Dwianto
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
secdevmel
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 

What's hot (20)

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Cloud security
Cloud security Cloud security
Cloud security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
The information security audit
The information security auditThe information security audit
The information security audit
 
Security policies
Security policiesSecurity policies
Security policies
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 

Viewers also liked

8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
CloudIDSummit
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Smart ERP Solutions, Inc.
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
Jeffrey Wang , P.Eng
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
Mahsa Teimourikia
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
Pace IT at Edmonds Community College
 
Intro To Access Controls
Intro To Access ControlsIntro To Access Controls
Intro To Access Controls
Hari Pudipeddi
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource Authorization
Mark Niebergall
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
glickauf
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
Mohammad Abdul Matin Emon
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
Chandra Sharma
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
Ajit Dadresa
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
glickauf
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
Biswajit Bhattacharjee
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 

Viewers also liked (20)

8 Access Control
8 Access Control8 Access Control
8 Access Control
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
 
Intro To Access Controls
Intro To Access ControlsIntro To Access Controls
Intro To Access Controls
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource Authorization
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 

Similar to Physical and logical access controls - A pre-requsite for Internal Controls

Internal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdfInternal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdf
SBSGLOBAL1
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
Sharing Slides Training
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
Sharing Slides Training
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
sharing notes123
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
sharing notes123
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
Nimonik
 
Why do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdfWhy do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdf
marketing413921
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
Syed Osama Rizvi
 
Internal control
Internal controlInternal control
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
HeldaMaryA
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
vailethmwaisanila
 
Audit PPT.pdf
Audit PPT.pdfAudit PPT.pdf
Audit PPT.pdf
SPANDANPATIL1
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation   Leo WachiraInternal Audit And Internal Control Presentation   Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
Jenard Wachira
 
Controlling
ControllingControlling
Controlling
Waheed Iqbal Boss
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
David Julian
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
1111964
 
Elements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdfElements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdf
management28
 
Controlling
ControllingControlling
Controlling
pavan9393
 
Internal auditing for “one & all”
Internal auditing for “one & all”Internal auditing for “one & all”
Internal auditing for “one & all”
Mohammad Wahid Abdullah Khan
 
Controlling
ControllingControlling

Similar to Physical and logical access controls - A pre-requsite for Internal Controls (20)

Internal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdfInternal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdf
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
 
Why do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdfWhy do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdf
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
 
Internal control
Internal controlInternal control
Internal control
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
 
Audit PPT.pdf
Audit PPT.pdfAudit PPT.pdf
Audit PPT.pdf
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation   Leo WachiraInternal Audit And Internal Control Presentation   Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
Controlling
ControllingControlling
Controlling
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
 
Elements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdfElements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdf
 
Controlling
ControllingControlling
Controlling
 
Internal auditing for “one & all”
Internal auditing for “one & all”Internal auditing for “one & all”
Internal auditing for “one & all”
 
Controlling
ControllingControlling
Controlling
 

More from Bharath Rao

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
Bharath Rao
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Bharath Rao
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
Bharath Rao
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
Bharath Rao
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
Bharath Rao
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
Bharath Rao
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
Bharath Rao
 
Forex markets
Forex marketsForex markets
Forex markets
Bharath Rao
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
Bharath Rao
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
Bharath Rao
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
Bharath Rao
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
Bharath Rao
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
Bharath Rao
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
Bharath Rao
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
Bharath Rao
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
Bharath Rao
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
Bharath Rao
 

More from Bharath Rao (19)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 

Recently uploaded

buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
Susan Laney
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
thesiliconleaders
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
Chandresh Chudasama
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW:  Category Renewal and CreationIndustrial Tech SW:  Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 

Recently uploaded (20)

buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW:  Category Renewal and CreationIndustrial Tech SW:  Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 

Physical and logical access controls - A pre-requsite for Internal Controls

  • 1. PHYSICAL AND LOGICAL ACCESS CONTROLS A PRE-REQUISITE FOR INTERNAL CONTROLS?
  • 3. WHAT ARE INTERNAL CONTROLS?
  • 4. INTERNAL CONTROLS  The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regards to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets and compliance of applicable laws and regulations.  The terms “control” refers to any aspect of one or more of the components of the internal controls.
  • 5. FORMULA OF INTERNAL CONTROL General Controls IS Controls Internal Controls
  • 7. OBJECTIVE OF IS CONTROLS Maintaining Confidentiality Preserving Integrity Ensuring Availability
  • 9. SOME TERMS Risk Risk is generally defined as the combination of the probability of an event and its negative consequence Control Control Objective It is generally a contention and states a criteria for implementing and evaluating the entity’s control procedures in a specific area. Control Design Documented Blueprint of the Control Control Operation Actual Execution of the Control which is documented is operating as required.
  • 11. WHAT ARE PHYSICAL ACCESS CONTROLS?
  • 12. ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES  Enforcement of Policies and Procedures relating to management and security.  Restriction of access to sensitive areas.  Proper execution of procedures for Visitor Management  Revocation of access privileges on termination of employment  Constant monitoring of the premises  Screening of baggage and frisking of employees and visitors
  • 14. WHAT ARE LOGICAL ACCESS CONTROLS  They refer to controls that provide relevant authorization to appropriate personnel for the applications.  This area of controls include –  Granting Access  Monitoring Access  Revoking Access  Preventing Conflict of Roles – Segregation of duties
  • 15. ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS CONTROLS (SECURITY)  Execution of security administration policies and procedures  Avoidance of conflict of duties of personnel having security roles  Approvals, Authorization and Documentation of access of new employees  Revocation of access of terminated employees performed in a timely manner  Periodical Review of user access roles and rights  Enforcement of access password complexity parameters in all systems
  • 16. WHAT ARE LOGICAL ACCESS CONTROLS?
  • 17.
  • 18.
  • 19. WHAT ARE LOGICAL ACCESS CONTROL?
  • 21. REGULATIONS – COMPANIES ACT 2013 Section Reference Regulatory Requirement Section - 134 The directors would provide a responsibility statement have laid down internal financial controls to be followed by the company and are adequate and were operating effectively. Section - 143 The auditor’s report shall state that whether the company has adequate internal financial control system in place and the operating effectiveness of such controls.
  • 22. QUESTIONS AND THANK YOU  Tarish Vasant  tarishvasant@gmail.com  /tarishvasant Bharath Rao  mailme@bharathraob.com  /bharathraob  Bharathraob.com

Editor's Notes

  1. Control: It literally means Internal Controls that is present in an business environment. It can be IT Controls or non IT Controls. Design: It refers to the working part of the control which is a summary on paper/blue print. Basically a working model of the control on paper. Operation: Actual performance of the Control is assessed here. Risk: It is the rate at which there is a threat to the business which has arisen from a specific happening/non happening. Process: A set of tasks make a work flow. A set of work flows make a process. A process is controlled by a “Process owner” or “ Function head”. Eg. HR Process, Procurement Process