SlideShare una empresa de Scribd logo

Physical and logical access controls - A pre-requsite for Internal Controls

Descargar como PPTX, PDF
Bharath Rao
Bharath Rao

Internal Controls truly forms an integral part for the efficient functioning in any business. The use of information technology to operate business is picking up rapid pace. Physical and Logical Access Controls are the two areas to begin implementing internal controls. The objective of all IT related Internal controls is to protect confidentiality, integrity and availability of Data. This presentation was jointly presented by Tarish Vasant (tarishvasant@gmail.com) and myself (Bharath Rao, mailme@bharathraob.com) at the National Conclave held at Udupi on 6th January conducted by the Board of Studies of the Institute of Chartered Accountants of India and the Udupi Branch of SIRC of ICAI.

Empresariales
1 de 22
PHYSICAL AND LOGICAL ACCESS CONTROLS A PRE-REQUISITE FOR INTERNAL CONTROLS?
OUTLINE Internal Controls Physical Access Controls Logical Access Controls Regulations
WHAT ARE INTERNAL CONTROLS?
INTERNAL CONTROLS  The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regards to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets and compliance of applicable laws and regulations.  The terms “control” refers to any aspect of one or more of the components of the internal controls.
FORMULA OF INTERNAL CONTROL General Controls IS Controls Internal Controls
IS CONTROLS IS Controls Application Controls IT General Controls
OBJECTIVE OF IS CONTROLS Maintaining Confidentiality Preserving Integrity Ensuring Availability
INTERNAL CONTROLS Physical Access Controls Logical Access Controls
SOME TERMS Risk Risk is generally defined as the combination of the probability of an event and its negative consequence Control Control Objective It is generally a contention and states a criteria for implementing and evaluating the entity’s control procedures in a specific area. Control Design Documented Blueprint of the Control Control Operation Actual Execution of the Control which is documented is operating as required.
PHYSICAL ACCESS CONTROLS GENERAL SECURITY
WHAT ARE PHYSICAL ACCESS CONTROLS?
ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES  Enforcement of Policies and Procedures relating to management and security.  Restriction of access to sensitive areas.  Proper execution of procedures for Visitor Management  Revocation of access privileges on termination of employment  Constant monitoring of the premises  Screening of baggage and frisking of employees and visitors
LOGICAL ACCESS CONTROLS APPLICATION AND GENERAL SECURITY
WHAT ARE LOGICAL ACCESS CONTROLS  They refer to controls that provide relevant authorization to appropriate personnel for the applications.  This area of controls include –  Granting Access  Monitoring Access  Revoking Access  Preventing Conflict of Roles – Segregation of duties
ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS CONTROLS (SECURITY)  Execution of security administration policies and procedures  Avoidance of conflict of duties of personnel having security roles  Approvals, Authorization and Documentation of access of new employees  Revocation of access of terminated employees performed in a timely manner  Periodical Review of user access roles and rights  Enforcement of access password complexity parameters in all systems
WHAT ARE LOGICAL ACCESS CONTROLS?
WHAT ARE LOGICAL ACCESS CONTROL?
REGULATIONS UNDER THE COMPANIES ACT PERSPECTIVE
REGULATIONS – COMPANIES ACT 2013 Section Reference Regulatory Requirement Section - 134 The directors would provide a responsibility statement have laid down internal financial controls to be followed by the company and are adequate and were operating effectively. Section - 143 The auditor’s report shall state that whether the company has adequate internal financial control system in place and the operating effectiveness of such controls.
QUESTIONS AND THANK YOU  Tarish Vasant  tarishvasant@gmail.com  /tarishvasant Bharath Rao  mailme@bharathraob.com  /bharathraob  Bharathraob.com

Recomendados

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Data security
Data securityData security
Data securityForeSolutions
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 

Recomendados

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Data security
Data securityData security
Data securityForeSolutions
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Middleware Technologies ppt
Middleware Technologies pptMiddleware Technologies ppt
Middleware Technologies pptOECLIB Odisha Electronics Control Library
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineeringsoftware-engineering-book
 
Data security
Data securityData security
Data securityTapan Khilar
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Jyothishmathi Institute of Technology and Science Karimnagar
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsSmart ERP Solutions, Inc.
 

Más contenido relacionado

La actualidad más candente

Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
03.2 application control
03.2 application control03.2 application control
03.2 application controlMulyadi Yusuf
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 

La actualidad más candente (20)

Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Virtualization security
Virtualization securityVirtualization security
Virtualization security
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Middleware Technologies ppt
Middleware Technologies pptMiddleware Technologies ppt
Middleware Technologies ppt
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
Data security
Data securityData security
Data security
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Database security
Database securityDatabase security
Database security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacy
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 

Destacado

CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsSmart ERP Solutions, Inc.
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasMahsa Teimourikia
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPace IT at Edmonds Community College
 
Intro To Access Controls
Intro To Access ControlsIntro To Access Controls
Intro To Access ControlsHari Pudipeddi
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationMark Niebergall
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITMohammad Abdul Matin Emon
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access ControlChandra Sharma
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistIvan Piskunov
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 

Destacado (19)

CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Access Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk AreasAccess Control Privileges Management for Risk Areas
Access Control Privileges Management for Risk Areas
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
 
Intro To Access Controls
Intro To Access ControlsIntro To Access Controls
Intro To Access Controls
 
Access Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource AuthorizationAccess Control Models: Controlling Resource Authorization
Access Control Models: Controlling Resource Authorization
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
 

Similar a Physical and logical access controls - A pre-requsite for Internal Controls

Internal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdfInternal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdfSBSGLOBAL1
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Aissharing notes123
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1sharing notes123
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisSharing Slides Training
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Nimonik
 
Why do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdfWhy do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdfmarketing413921
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxHeldaMaryA
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxvailethmwaisanila
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt1111964
 
Elements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdfElements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdfmanagement28
 

Similar a Physical and logical access controls - A pre-requsite for Internal Controls (20)

Internal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdfInternal Financial Control Over Financial Reporting.pdf
Internal Financial Control Over Financial Reporting.pdf
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001Legal Register / Compliance Obligations ISO 14001
Legal Register / Compliance Obligations ISO 14001
 
Why do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdfWhy do we need internal control in an organization What is its purp.pdf
Why do we need internal control in an organization What is its purp.pdf
 
8. internal control new
8. internal control new8. internal control new
8. internal control new
 
Internal control
Internal controlInternal control
Internal control
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
 
Audit PPT.pdf
Audit PPT.pdfAudit PPT.pdf
Audit PPT.pdf
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
Controlling
ControllingControlling
Controlling
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
 
Elements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdfElements of Internal Control Structure � Identify the related intern.pdf
Elements of Internal Control Structure � Identify the related intern.pdf
 
Controlling
ControllingControlling
Controlling
 
Internal auditing for “one & all”
Internal auditing for “one & all”Internal auditing for “one & all”
Internal auditing for “one & all”
 
Controlling
ControllingControlling
Controlling
 

Más de Bharath Rao

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryBharath Rao
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceBharath Rao
 
Going global while being local
Going global while being localGoing global while being local
Going global while being localBharath Rao
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsBharath Rao
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBharath Rao
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit ShiftingBharath Rao
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going GlobalBharath Rao
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Bharath Rao
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBharath Rao
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionBharath Rao
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingBharath Rao
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thingBharath Rao
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextBharath Rao
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLCBharath Rao
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal ControlsBharath Rao
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningBharath Rao
 

Más de Bharath Rao (19)

Let the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming IndustryLet the games begin - Insights into the Gaming Industry
Let the games begin - Insights into the Gaming Industry
 
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based GuidanceInternal Controls for Indian Financial Reporting using COBIT 5 based Guidance
Internal Controls for Indian Financial Reporting using COBIT 5 based Guidance
 
Going global while being local
Going global while being localGoing global while being local
Going global while being local
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Big data, Machine learning and the Auditor
Big data, Machine learning and the AuditorBig data, Machine learning and the Auditor
Big data, Machine learning and the Auditor
 
Base Erosion and Profit Shifting
Base Erosion and Profit ShiftingBase Erosion and Profit Shifting
Base Erosion and Profit Shifting
 
Chartered Accountant going Global
Chartered Accountant going GlobalChartered Accountant going Global
Chartered Accountant going Global
 
Forex markets
Forex marketsForex markets
Forex markets
 
Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context Internal Controls over Financial Reporting in the Indian Context
Internal Controls over Financial Reporting in the Indian Context
 
Big Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered AccountantBig Data Analytics and a Chartered Accountant
Big Data Analytics and a Chartered Accountant
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
 
Internal Controls over Indian Financial Reporting
Internal Controls over Indian Financial ReportingInternal Controls over Indian Financial Reporting
Internal Controls over Indian Financial Reporting
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Standards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian ContextStandards of Auditing - Introduction and Application in the Indian Context
Standards of Auditing - Introduction and Application in the Indian Context
 
Life of the software - SDLC
Life of the software - SDLCLife of the software - SDLC
Life of the software - SDLC
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 

Último

Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 

Último (20)

Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 

Physical and logical access controls - A pre-requsite for Internal Controls

  • 1. PHYSICAL AND LOGICAL ACCESS CONTROLS A PRE-REQUISITE FOR INTERNAL CONTROLS?
  • 3. WHAT ARE INTERNAL CONTROLS?
  • 4. INTERNAL CONTROLS  The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regards to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets and compliance of applicable laws and regulations.  The terms “control” refers to any aspect of one or more of the components of the internal controls.
  • 5. FORMULA OF INTERNAL CONTROL General Controls IS Controls Internal Controls
  • 7. OBJECTIVE OF IS CONTROLS Maintaining Confidentiality Preserving Integrity Ensuring Availability
  • 9. SOME TERMS Risk Risk is generally defined as the combination of the probability of an event and its negative consequence Control Control Objective It is generally a contention and states a criteria for implementing and evaluating the entity’s control procedures in a specific area. Control Design Documented Blueprint of the Control Control Operation Actual Execution of the Control which is documented is operating as required.
  • 11. WHAT ARE PHYSICAL ACCESS CONTROLS?
  • 12. ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES  Enforcement of Policies and Procedures relating to management and security.  Restriction of access to sensitive areas.  Proper execution of procedures for Visitor Management  Revocation of access privileges on termination of employment  Constant monitoring of the premises  Screening of baggage and frisking of employees and visitors
  • 14. WHAT ARE LOGICAL ACCESS CONTROLS  They refer to controls that provide relevant authorization to appropriate personnel for the applications.  This area of controls include –  Granting Access  Monitoring Access  Revoking Access  Preventing Conflict of Roles – Segregation of duties
  • 15. ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS CONTROLS (SECURITY)  Execution of security administration policies and procedures  Avoidance of conflict of duties of personnel having security roles  Approvals, Authorization and Documentation of access of new employees  Revocation of access of terminated employees performed in a timely manner  Periodical Review of user access roles and rights  Enforcement of access password complexity parameters in all systems
  • 16. WHAT ARE LOGICAL ACCESS CONTROLS?
  • 17.
  • 18.
  • 19. WHAT ARE LOGICAL ACCESS CONTROL?
  • 21. REGULATIONS – COMPANIES ACT 2013 Section Reference Regulatory Requirement Section - 134 The directors would provide a responsibility statement have laid down internal financial controls to be followed by the company and are adequate and were operating effectively. Section - 143 The auditor’s report shall state that whether the company has adequate internal financial control system in place and the operating effectiveness of such controls.
  • 22. QUESTIONS AND THANK YOU  Tarish Vasant  tarishvasant@gmail.com  /tarishvasant Bharath Rao  mailme@bharathraob.com  /bharathraob  Bharathraob.com

Notas del editor

  1. Control: It literally means Internal Controls that is present in an business environment. It can be IT Controls or non IT Controls. Design: It refers to the working part of the control which is a summary on paper/blue print. Basically a working model of the control on paper. Operation: Actual performance of the Control is assessed here. Risk: It is the rate at which there is a threat to the business which has arisen from a specific happening/non happening. Process: A set of tasks make a work flow. A set of work flows make a process. A process is controlled by a “Process owner” or “ Function head”. Eg. HR Process, Procurement Process