SlideShare ist ein Scribd-Unternehmen logo

Physical and logical access controls - A pre-requsite for Internal Controls

Als PPTX, PDF herunterladen
Bharath Rao
Bharath Rao

Internal Controls truly forms an integral part for the efficient functioning in any business. The use of information technology to operate business is picking up rapid pace. Physical and Logical Access Controls are the two areas to begin implementing internal controls. The objective of all IT related Internal controls is to protect confidentiality, integrity and availability of Data. This presentation was jointly presented by Tarish Vasant (tarishvasant@gmail.com) and myself (Bharath Rao, mailme@bharathraob.com) at the National Conclave held at Udupi on 6th January conducted by the Board of Studies of the Institute of Chartered Accountants of India and the Udupi Branch of SIRC of ICAI.

Business
1 von 22
PHYSICAL AND LOGICAL ACCESS CONTROLS A PRE-REQUISITE FOR INTERNAL CONTROLS?
OUTLINE Internal Controls Physical Access Controls Logical Access Controls Regulations
WHAT ARE INTERNAL CONTROLS?
INTERNAL CONTROLS  The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regards to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets and compliance of applicable laws and regulations.  The terms “control” refers to any aspect of one or more of the components of the internal controls.
FORMULA OF INTERNAL CONTROL General Controls IS Controls Internal Controls
IS CONTROLS IS Controls Application Controls IT General Controls
OBJECTIVE OF IS CONTROLS Maintaining Confidentiality Preserving Integrity Ensuring Availability
INTERNAL CONTROLS Physical Access Controls Logical Access Controls
SOME TERMS Risk Risk is generally defined as the combination of the probability of an event and its negative consequence Control Control Objective It is generally a contention and states a criteria for implementing and evaluating the entity’s control procedures in a specific area. Control Design Documented Blueprint of the Control Control Operation Actual Execution of the Control which is documented is operating as required.
PHYSICAL ACCESS CONTROLS GENERAL SECURITY
WHAT ARE PHYSICAL ACCESS CONTROLS?
ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES  Enforcement of Policies and Procedures relating to management and security.  Restriction of access to sensitive areas.  Proper execution of procedures for Visitor Management  Revocation of access privileges on termination of employment  Constant monitoring of the premises  Screening of baggage and frisking of employees and visitors
LOGICAL ACCESS CONTROLS APPLICATION AND GENERAL SECURITY
WHAT ARE LOGICAL ACCESS CONTROLS  They refer to controls that provide relevant authorization to appropriate personnel for the applications.  This area of controls include –  Granting Access  Monitoring Access  Revoking Access  Preventing Conflict of Roles – Segregation of duties
ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS CONTROLS (SECURITY)  Execution of security administration policies and procedures  Avoidance of conflict of duties of personnel having security roles  Approvals, Authorization and Documentation of access of new employees  Revocation of access of terminated employees performed in a timely manner  Periodical Review of user access roles and rights  Enforcement of access password complexity parameters in all systems
WHAT ARE LOGICAL ACCESS CONTROLS?
WHAT ARE LOGICAL ACCESS CONTROL?
REGULATIONS UNDER THE COMPANIES ACT PERSPECTIVE
REGULATIONS – COMPANIES ACT 2013 Section Reference Regulatory Requirement Section - 134 The directors would provide a responsibility statement have laid down internal financial controls to be followed by the company and are adequate and were operating effectively. Section - 143 The auditor’s report shall state that whether the company has adequate internal financial control system in place and the operating effectiveness of such controls.
QUESTIONS AND THANK YOU  Tarish Vasant  tarishvasant@gmail.com  /tarishvasant Bharath Rao  mailme@bharathraob.com  /bharathraob  Bharathraob.com

Empfohlen

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
rahul kundu
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
Elimity
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Data security
Data securityData security
Data security
ForeSolutions
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 

Empfohlen

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
rahul kundu
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
Elimity
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Data security
Data securityData security
Data security
ForeSolutions
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
JamesDempsey1
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
software-engineering-book
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Virtualization security
Virtualization securityVirtualization security
Virtualization security
Ahmed Nour
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
Middleware Technologies ppt
Middleware Technologies pptMiddleware Technologies ppt
Middleware Technologies ppt
OECLIB Odisha Electronics Control Library
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
arun alfie
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
software-engineering-book
 
Data security
Data securityData security
Data security
Tapan Khilar
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication
Jyothishmathi Institute of Technology and Science Karimnagar
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
tmather
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
Vikram Khanna
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
CloudIDSummit
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Smart ERP Solutions, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 

Was ist angesagt? (20)

Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Virtualization security
Virtualization securityVirtualization security
Virtualization security
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Middleware Technologies ppt
Middleware Technologies pptMiddleware Technologies ppt
Middleware Technologies ppt
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
Data security
Data securityData security
Data security
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Database security
Database securityDatabase security
Database security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 

Andere mochten auch

Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
Mahsa Teimourikia
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
Biswajit Bhattacharjee
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 

Andere mochten auch (19)

CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
 
Intro To Access Controls
Intro To Access ControlsIntro To Access Controls
Intro To Access Controls
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource Authorization
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
 

Ähnlich wie Physical and logical access controls - A pre-requsite for Internal Controls

Why do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdfWhy do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdf
marketing413921
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
1111964
 
Elements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdfElements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdf
management28
 

Ähnlich wie Physical and logical access controls - A pre-requsite for Internal Controls (20)

Internal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdfInternal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdf
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
 
Why do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdfWhy do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdf
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
 
Internal control
Internal controlInternal control
Internal control
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
 
Audit PPT.pdf
Audit PPT.pdfAudit PPT.pdf
Audit PPT.pdf
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
Controlling
ControllingControlling
Controlling
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
 
Elements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdfElements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdf
 
Controlling
ControllingControlling
Controlling
 
Internal auditing for “one & all”
Internal auditing for “one & all”Internal auditing for “one & all”
Internal auditing for “one & all”
 
Controlling
ControllingControlling
Controlling
 

Mehr von Bharath Rao

Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Bharath Rao
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
Bharath Rao
 

Mehr von Bharath Rao (19)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 

Kürzlich hochgeladen

0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Abortion pills in Kuwait Cytotec pills in Kuwait
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
anilsa9823
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
Roland Driesen
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
discovermytutordmt
 

Kürzlich hochgeladen (20)

The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 

Physical and logical access controls - A pre-requsite for Internal Controls

  • 1. PHYSICAL AND LOGICAL ACCESS CONTROLS A PRE-REQUISITE FOR INTERNAL CONTROLS?
  • 3. WHAT ARE INTERNAL CONTROLS?
  • 4. INTERNAL CONTROLS  The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regards to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets and compliance of applicable laws and regulations.  The terms “control” refers to any aspect of one or more of the components of the internal controls.
  • 5. FORMULA OF INTERNAL CONTROL General Controls IS Controls Internal Controls
  • 7. OBJECTIVE OF IS CONTROLS Maintaining Confidentiality Preserving Integrity Ensuring Availability
  • 9. SOME TERMS Risk Risk is generally defined as the combination of the probability of an event and its negative consequence Control Control Objective It is generally a contention and states a criteria for implementing and evaluating the entity’s control procedures in a specific area. Control Design Documented Blueprint of the Control Control Operation Actual Execution of the Control which is documented is operating as required.
  • 11. WHAT ARE PHYSICAL ACCESS CONTROLS?
  • 12. ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES  Enforcement of Policies and Procedures relating to management and security.  Restriction of access to sensitive areas.  Proper execution of procedures for Visitor Management  Revocation of access privileges on termination of employment  Constant monitoring of the premises  Screening of baggage and frisking of employees and visitors
  • 14. WHAT ARE LOGICAL ACCESS CONTROLS  They refer to controls that provide relevant authorization to appropriate personnel for the applications.  This area of controls include –  Granting Access  Monitoring Access  Revoking Access  Preventing Conflict of Roles – Segregation of duties
  • 15. ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS CONTROLS (SECURITY)  Execution of security administration policies and procedures  Avoidance of conflict of duties of personnel having security roles  Approvals, Authorization and Documentation of access of new employees  Revocation of access of terminated employees performed in a timely manner  Periodical Review of user access roles and rights  Enforcement of access password complexity parameters in all systems
  • 16. WHAT ARE LOGICAL ACCESS CONTROLS?
  • 17.
  • 18.
  • 19. WHAT ARE LOGICAL ACCESS CONTROL?
  • 21. REGULATIONS – COMPANIES ACT 2013 Section Reference Regulatory Requirement Section - 134 The directors would provide a responsibility statement have laid down internal financial controls to be followed by the company and are adequate and were operating effectively. Section - 143 The auditor’s report shall state that whether the company has adequate internal financial control system in place and the operating effectiveness of such controls.
  • 22. QUESTIONS AND THANK YOU  Tarish Vasant  tarishvasant@gmail.com  /tarishvasant Bharath Rao  mailme@bharathraob.com  /bharathraob  Bharathraob.com

Hinweis der Redaktion

  1. Control: It literally means Internal Controls that is present in an business environment. It can be IT Controls or non IT Controls. Design: It refers to the working part of the control which is a summary on paper/blue print. Basically a working model of the control on paper. Operation: Actual performance of the Control is assessed here. Risk: It is the rate at which there is a threat to the business which has arisen from a specific happening/non happening. Process: A set of tasks make a work flow. A set of work flows make a process. A process is controlled by a “Process owner” or “ Function head”. Eg. HR Process, Procurement Process