![Page 1: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/1.jpg)
PHYSICAL AND LOGICAL ACCESS CONTROLSA PRE-REQUISITE FOR INTERNAL CONTROLS?
![Page 2: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/2.jpg)
OUTLINE
Internal Controls
Physical Access Controls
Logical Access Controls
Regulations
![Page 3: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/3.jpg)
WHAT ARE INTERNAL CONTROLS?
![Page 4: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/4.jpg)
INTERNAL CONTROLS
The process designed, implemented and maintained
by those charged with governance, management
and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with
regards to reliability of financial reporting,
effectiveness and efficiency of operations,
safeguarding of assets and compliance of applicable
laws and regulations.
The terms “control” refers to any aspect of one or
more of the components of the internal controls.
![Page 5: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/5.jpg)
FORMULA OF INTERNAL CONTROL
General Controls
IS Controls
Internal Controls
![Page 6: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/6.jpg)
IS CONTROLS
IS Controls
Application Controls
IT General Controls
![Page 7: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/7.jpg)
OBJECTIVE OF IS CONTROLS
Maintaining Confidentiality
Preserving Integrity
Ensuring Availability
![Page 8: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/8.jpg)
INTERNAL CONTROLS
Physical Access Controls
Logical Access Controls
![Page 9: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/9.jpg)
SOME TERMS
Risk
Risk is generally defined as the combination of the probability
of an event and its negative
consequence
Control
Control Objective
It is generally a contention and states a criteria
for implementing
and evaluating the entity’s
control procedures in a specific area.
Control Design
Documented Blueprint of the
Control
Control Operation
Actual Execution of the Control which is documented is
operating as required.
![Page 10: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/10.jpg)
PHYSICAL ACCESS
CONTROLSGENERAL SECURITY
![Page 11: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/11.jpg)
WHAT ARE PHYSICAL ACCESS CONTROLS?
![Page 12: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/12.jpg)
ILLUSTRATIVE PHYSICAL ACCESS CONTROL OBJECTIVES
Enforcement of Policies and Procedures relating to
management and security.
Restriction of access to sensitive areas.
Proper execution of procedures for Visitor Management
Revocation of access privileges on termination of
employment
Constant monitoring of the premises
Screening of baggage and frisking of employees and visitors
![Page 13: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/13.jpg)
LOGICAL ACCESS
CONTROLSAPPLICATION AND GENERAL SECURITY
![Page 14: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/14.jpg)
WHAT ARE LOGICAL ACCESS CONTROLS
They refer to controls that provide relevant
authorization to appropriate personnel for the
applications.
This area of controls include –
Granting Access
Monitoring Access
Revoking Access
Preventing Conflict of Roles – Segregation of duties
![Page 15: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/15.jpg)
ILLUSTRATIVE CONTROL OBJECTIVES FOR LOGICAL ACCESS
CONTROLS (SECURITY) Execution of security administration policies and procedures
Avoidance of conflict of duties of personnel having security
roles
Approvals, Authorization and Documentation of access of new
employees
Revocation of access of terminated employees performed in
a timely manner
Periodical Review of user access roles and rights
Enforcement of access password complexity parameters in all
systems
![Page 16: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/16.jpg)
WHAT ARE LOGICAL ACCESS CONTROLS?
![Page 17: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/17.jpg)
![Page 18: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/18.jpg)
![Page 19: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/19.jpg)
WHAT ARE LOGICAL ACCESS CONTROL?
![Page 20: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/20.jpg)
REGULATIONSUNDER THE COMPANIES ACT PERSPECTIVE
![Page 21: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/21.jpg)
REGULATIONS – COMPANIES ACT 2013
Section Reference Regulatory Requirement
Section - 134 The directors would provide a responsibility statement
have laid down internal financial controls to be followed
by the company and are adequate and were operating
effectively.
Section - 143 The auditor’s report shall state that whether the company
has adequate internal financial control system in place
and the operating effectiveness of such controls.
![Page 22: Physical and logical access controls - A pre-requsite for Internal Controls](https://reader030.vdocument.in/reader030/viewer/2022032616/55a6b4ca1a28ab012c8b4682/html5/thumbnails/22.jpg)
QUESTIONS AND THANK YOU
Tarish Vasant
/tarishvasant
Bharath Rao
/bharathraob
Bharathraob.com