Internal Controls truly forms an integral part for the efficient functioning in any business. The use of information technology to operate business is picking up rapid pace.
Physical and Logical Access Controls are the two areas to begin implementing internal controls. The objective of all IT related Internal controls is to protect confidentiality, integrity and availability of Data.
This presentation was jointly presented by Tarish Vasant (tarishvasant@gmail.com) and myself (Bharath Rao, mailme@bharathraob.com) at the National Conclave held at Udupi on 6th January conducted by the Board of Studies of the Institute of Chartered Accountants of India and the Udupi Branch of SIRC of ICAI.
4. INTERNAL CONTROLS
The process designed, implemented and maintained
by those charged with governance, management
and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with
regards to reliability of financial reporting,
effectiveness and efficiency of operations,
safeguarding of assets and compliance of applicable
laws and regulations.
The terms “control” refers to any aspect of one or
more of the components of the internal controls.
9. SOME TERMS
Risk
Risk is generally
defined as the
combination of
the probability
of an event and
its negative
consequence
Control
Control Objective
It is generally a
contention and
states a criteria
for
implementing
and evaluating
the entity’s
control
procedures in a
specific area.
Control Design
Documented
Blueprint of the
Control
Control Operation
Actual
Execution of the
Control which is
documented is
operating as
required.
12. ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES
Enforcement of Policies and Procedures relating to
management and security.
Restriction of access to sensitive areas.
Proper execution of procedures for Visitor Management
Revocation of access privileges on termination of
employment
Constant monitoring of the premises
Screening of baggage and frisking of employees and visitors
14. WHAT ARE LOGICAL ACCESS CONTROLS
They refer to controls that provide relevant
authorization to appropriate personnel for the
applications.
This area of controls include –
Granting Access
Monitoring Access
Revoking Access
Preventing Conflict of Roles – Segregation of duties
15. ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS
CONTROLS (SECURITY)
Execution of security administration policies and procedures
Avoidance of conflict of duties of personnel having security
roles
Approvals, Authorization and Documentation of access of new
employees
Revocation of access of terminated employees performed in
a timely manner
Periodical Review of user access roles and rights
Enforcement of access password complexity parameters in all
systems
21. REGULATIONS – COMPANIES ACT 2013
Section Reference Regulatory Requirement
Section - 134 The directors would provide a responsibility statement
have laid down internal financial controls to be followed
by the company and are adequate and were operating
effectively.
Section - 143 The auditor’s report shall state that whether the company
has adequate internal financial control system in place
and the operating effectiveness of such controls.
22. QUESTIONS AND THANK YOU
Tarish Vasant
tarishvasant@gmail.com
/tarishvasant
Bharath Rao
mailme@bharathraob.com
/bharathraob
Bharathraob.com
Hinweis der Redaktion
Control: It literally means Internal Controls that is present in an business environment. It can be IT Controls or non IT Controls.
Design: It refers to the working part of the control which is a summary on paper/blue print. Basically a working model of the control on paper.
Operation: Actual performance of the Control is assessed here.
Risk: It is the rate at which there is a threat to the business which has arisen from a specific happening/non happening.
Process: A set of tasks make a work flow. A set of work flows make a process. A process is controlled by a “Process owner” or “ Function head”. Eg. HR Process, Procurement Process