Post on 16-Jul-2015
PHYSICAL AND LOGICAL ACCESS CONTROLSA PRE-REQUISITE FOR INTERNAL CONTROLS?
OUTLINE
Internal Controls
Physical Access Controls
Logical Access Controls
Regulations
WHAT ARE INTERNAL CONTROLS?
INTERNAL CONTROLS
The process designed, implemented and maintained
by those charged with governance, management
and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with
regards to reliability of financial reporting,
effectiveness and efficiency of operations,
safeguarding of assets and compliance of applicable
laws and regulations.
The terms “control” refers to any aspect of one or
more of the components of the internal controls.
FORMULA OF INTERNAL CONTROL
General Controls
IS Controls
Internal Controls
IS CONTROLS
IS Controls
Application Controls
IT General Controls
OBJECTIVE OF IS CONTROLS
Maintaining Confidentiality
Preserving Integrity
Ensuring Availability
INTERNAL CONTROLS
Physical Access Controls
Logical Access Controls
SOME TERMS
Risk
Risk is generally defined as the combination of the probability
of an event and its negative
consequence
Control
Control Objective
It is generally a contention and states a criteria
for implementing
and evaluating the entity’s
control procedures in a specific area.
Control Design
Documented Blueprint of the
Control
Control Operation
Actual Execution of the Control which is documented is
operating as required.
PHYSICAL ACCESS
CONTROLSGENERAL SECURITY
WHAT ARE PHYSICAL ACCESS CONTROLS?
ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES
Enforcement of Policies and Procedures relating to
management and security.
Restriction of access to sensitive areas.
Proper execution of procedures for Visitor Management
Revocation of access privileges on termination of
employment
Constant monitoring of the premises
Screening of baggage and frisking of employees and visitors
LOGICAL ACCESS
CONTROLSAPPLICATION AND GENERAL SECURITY
WHAT ARE LOGICAL ACCESS CONTROLS
They refer to controls that provide relevant
authorization to appropriate personnel for the
applications.
This area of controls include –
Granting Access
Monitoring Access
Revoking Access
Preventing Conflict of Roles – Segregation of duties
ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS
CONTROLS (SECURITY) Execution of security administration policies and procedures
Avoidance of conflict of duties of personnel having security
roles
Approvals, Authorization and Documentation of access of new
employees
Revocation of access of terminated employees performed in
a timely manner
Periodical Review of user access roles and rights
Enforcement of access password complexity parameters in all
systems
WHAT ARE LOGICAL ACCESS CONTROLS?
WHAT ARE LOGICAL ACCESS CONTROL?
REGULATIONSUNDER THE COMPANIES ACT PERSPECTIVE
REGULATIONS – COMPANIES ACT 2013
Section Reference Regulatory Requirement
Section - 134 The directors would provide a responsibility statement
have laid down internal financial controls to be followed
by the company and are adequate and were operating
effectively.
Section - 143 The auditor’s report shall state that whether the company
has adequate internal financial control system in place
and the operating effectiveness of such controls.
QUESTIONS AND THANK YOU
Tarish Vasant
tarishvasant@gmail.com
/tarishvasant
Bharath Rao
mailme@bharathraob.com
/bharathraob
Bharathraob.com