Exhibit 1-3 — Data focused financial statement risk assessment








































            Logical access represents a significant IT risk, but it also represents a significant IT control that can
            provide assurance about accounting transactions.


            Objectives
            Logical access can be the tool whereby management provides logical segregation of duties (SoD) to
            mitigate risks virtually identical to physical SoD. That is, employees are granted restricted rights to
            applications and data based on their role and responsibilities; critical functions such as authorization are
            controlled by allowing a limited number of designated employees access to those functions, applications,
            or data.


            Data (transactional) level
            The most effective layer for logical access control is the data layer. Access controls above this layer can
            be effective, but generally less effective simply because they exist in layers above the data.


            Access to data through the application

            The most common access to the data would be the application that uses a particular data file or
            database. Some applications provide separate access controls (for example, Microsoft Dynamics) and



            © 2019 Association of International Certified Professional Accountants. All rights reserved.    1-11