PHYSICAL AND LOGICAL ACCESS CONTROLSA PRE-REQUISITE FOR INTERNAL CONTROLS?

OUTLINE

Internal Controls

Physical Access Controls

Logical Access Controls

Regulations

WHAT ARE INTERNAL CONTROLS?

INTERNAL CONTROLS

The process designed, implemented and maintained

by those charged with governance, management

and other personnel to provide reasonable assurance

about the achievement of the entity’s objectives with

regards to reliability of financial reporting,

effectiveness and efficiency of operations,

safeguarding of assets and compliance of applicable

laws and regulations.

The terms “control” refers to any aspect of one or

more of the components of the internal controls.

FORMULA OF INTERNAL CONTROL

General Controls

IS Controls

Internal Controls

IS CONTROLS

IS Controls

Application Controls

IT General Controls

OBJECTIVE OF IS CONTROLS

Maintaining Confidentiality

Preserving Integrity

Ensuring Availability

INTERNAL CONTROLS

Physical Access Controls

Logical Access Controls

SOME TERMS

Risk

Risk is generally defined as the combination of the probability

of an event and its negative

consequence

Control

Control Objective

It is generally a contention and states a criteria

for implementing

and evaluating the entity’s

control procedures in a specific area.

Control Design

Documented Blueprint of the

Control

Control Operation

Actual Execution of the Control which is documented is

operating as required.

PHYSICAL ACCESS

CONTROLSGENERAL SECURITY

WHAT ARE PHYSICAL ACCESS CONTROLS?

ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES

Enforcement of Policies and Procedures relating to

management and security.

Restriction of access to sensitive areas.

Proper execution of procedures for Visitor Management

Revocation of access privileges on termination of

employment

Constant monitoring of the premises

Screening of baggage and frisking of employees and visitors

LOGICAL ACCESS

CONTROLSAPPLICATION AND GENERAL SECURITY

WHAT ARE LOGICAL ACCESS CONTROLS

They refer to controls that provide relevant

authorization to appropriate personnel for the

applications.

This area of controls include –

Granting Access

Monitoring Access

Revoking Access

Preventing Conflict of Roles – Segregation of duties

ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS

CONTROLS (SECURITY) Execution of security administration policies and procedures

Avoidance of conflict of duties of personnel having security

roles

Approvals, Authorization and Documentation of access of new

employees

Revocation of access of terminated employees performed in

a timely manner

Periodical Review of user access roles and rights

Enforcement of access password complexity parameters in all

systems

WHAT ARE LOGICAL ACCESS CONTROLS?

WHAT ARE LOGICAL ACCESS CONTROL?

REGULATIONSUNDER THE COMPANIES ACT PERSPECTIVE

REGULATIONS – COMPANIES ACT 2013

Section Reference Regulatory Requirement

Section - 134 The directors would provide a responsibility statement

have laid down internal financial controls to be followed

by the company and are adequate and were operating

effectively.

Section - 143 The auditor’s report shall state that whether the company

has adequate internal financial control system in place

and the operating effectiveness of such controls.

QUESTIONS AND THANK YOU

Tarish Vasant

tarishvasant@gmail.com

/tarishvasant

Bharath Rao

mailme@bharathraob.com

/bharathraob

Bharathraob.com