PROJECT REPORT

SECURITY AND CONTROL RISK ASSESSMENT OF TOLL BRIDGE

OPERATIONS
2

CERTIFICATE
Project report of DISA 3.0 Course

This is to certify that we have successfully completed the DISA 3.0 course training conducted
online module: from 10th March 2023 to 27th March 2023 and we have the required attendance.
We are submitting the Project titled: REPORT ON SECURITY AND CONTROL RISK ASSESSMENT
OF TOLL BRIDGE OPERATIONS.

We hereby confirm that we have adhered to the guidelines issued by CIT, ICAI for the project.
We also certify that this project report is the original work of our group and each one of us have
actively participated and contributed in preparing this project. We have not shared the project
details or taken help in preparing project report from anyone except members of our group.

1. Name: Pandurang Pisal DISA No: Signed: Pandurang Pisal

2. Name: Kuldeep Sahu DISA No: Signed: Kuldeep Sahu
3. Name: AgniMitra Kokkiligadda DISA No: Signed: AgniMitra

Place: Hyderabad

Date: 27/03/2023
3

Table of Contents

Details of Case Study/Project (Problem)

Project Report (solution)

1. Introduction – Auditee and Auditor

2. Understanding Auditee’s Environment

3. Client Background

4. Current situation & Scope

6. Resource requirements

7. Methodology & Strategy for successful execution

8. Format of Report/ Findings and Recommendations

9. Summary/Inferences & Conclusion

4

Title: Report on Review of Security and Control risk

assessment of toll bridge operations

A. Details of case study/Project Report (Problem)

ABC ltd is a privately owned toll bridge that connects two cities. It is a
critical piece of infrastructure for the region, and millions of vehicles
cross the bridge each year. The bridge operator is responsible for
collecting tolls, ensuring the safety and security of the bridge and its
users, and maintain the physical infrastructure of the bridge. The toll
bridge operator uses an electronic toll collection system to collect tolls
from the vehicles that cross the bridge.

Problem:

The toll bridge operator is concerned about the security,

confidentiality, integrity of data generated by the toll bridge operations
and control risk associated with its toll collection system. The
electronic toll collection system contains sensitive information, such
as credit card information, vehicle registration number and owner
details, and is vulnerable to security threats, such as cyber- attacks,
hacking and data breaches. The toll bridge operator wants to conduct
a IS Audit of security and control risk assessment to identify potential
risks and vulnerabilities in the toll collection system,
privacy ,confidentiality of data and develop appropriate measures to
mitigate those risks.
5

B. Project Report (Solution)

1. Introduction :-

a) Auditee :-

ABC Ltd is engaged in toll bridge operations across India, it

provides different types of toll bridge operations depending upon
the geographical location like fixed toll bridge, distance-based toll
bridge, time-based toll bridge, congestion-based toll bridge,
private toll bridge, public toll bridge. Each type of toll bridge has
its unique characteristics and challenges in terms of transaction
records, toll collections, and other sensitive information related to
the toll bridge operations. ABC Ltd wants to have assurance on
the security, confidentiality and integrity of data regarding toll
collections transactions and its IT infrastructure.

The company has recently started operations at Bangalore,

Hyderabad, Chennai and Mumbai and placed its data centers at
Head office Hyderabad.

ABC Ltd is a toll bridge operations company that employs around

350 personnel, including 150 outsourced employees. The
company's toll bridge operations are supported by its own IT
infrastructure, which is centrally connected to a data center
located at the head office through high-speed networks and
telecommunication systems. The company has a well-trained and
organized staff that is assigned specific job responsibilities and
access privileges as per the principle of segregation of duties. To
ensure the collection and physical security of toll revenues, ABC
Ltd has installed CCTV cameras at crucial locations. To protect its
customers' collection data, transaction records, and other
sensitive information from unauthorized access and data
6

breaches, ABC Ltd has implemented a comprehensive

information security system that conforms to the ISO27001 and
ISAE 3402 Type 1 standards. The company has used best-of-
breed security and control practices for implementing security for
its IT infrastructure. This security system is subject to rigorous
audits by independent ISO auditors before certification and is
regularly audited using global best practices to maintain its
effectiveness. As the auditee of this security and control risk
assessment, ABC Ltd will work closely with the auditor to provide
access to relevant systems, data, and personnel. The company will
also be responsible for implementing any recommended remedial
actions to improve the security and control of its toll bridge
operations.

b) Auditor :-

ABC Ltd, a toll bridge operator, has appointed Rao & Associates
Chartered Accountants to perform an independent IS audit of the
security and control practices. This is to provide assurance to the
management and regulators that their data is well protected. Rao
& Associates is a 30-year-old firm with a specialization in
Information Systems Security Assurance, Training, and
Consulting, including Management consultancy services. The
firm provides services in the areas of Information Systems Audit,
Training, Implementation, and Consultancy. They have a panel of
Technology\Domain experts available as required. Rao &
Associates has been involved in providing Information Systems
Assurances for both public and private sectors in India and
abroad. Their clients include IT Companies, Banks, and public
sector companies.

Our team for the IS Audit of ABC Ltd will be led and personally
supervised by Mr. Kuldeep Shah, a partner at Rao & Associates
Chartered Accountants. Our team will be composed of a diverse
group of professionals with extensive experience in management,
7

information technology, and auditing. Our team includes

chartered accountants, IT professionals, management
consultants, and certified information system auditors, all of
whom have proven track records in their respective fields.

Below are the details of our team members:

a) Mr. Kuldeep Sahu, Partner, with over 15 years of experience in IS

Audit and Assurance
b) Mr. Pandurang Pisal, Chartered Accountant, with over 10 years of
experience in IT Audit and Risk Assessment
c) Mr. AgniMitra, Chartered Accountant, with over 05 years of
experience in IT Audit and Risk Assessment
d) Ms. Ravi Teja, IT Professional, with over 12 years of experience in
IT Security and Risk Management
e) Mr. Rakesh Sharma, Management Consultant, with over 8 years
of experience in IT Governance and Compliance
f) Ms. Priya Patel, Certified Information System Auditor, with over
6 years of experience in IS Audit and Risk Assessment.

2. Understanding Auditee’s Environment :-

Toll management system is the most important part of a Highway

Project. This is the system that will enable the toll operating
agency to efficiently and securely collect toll from the road user.
The system is a complicated mix of more than 13 different
hardware equipment integrated with a multi-module software, to
automate and keep track of various functions of the toll collection,
such as User management, Float management, Toll Collection,
Cash declaration, Transaction Audit, Vehicle Classification, ETC
FAST Tag transaction processing, TC performance, and various
other features.
8

Even though cost-wise, this system is only a small fraction of the

total project cost but, this is the system that will enable a toll
operator to recover their investment efficiently. The system is
designed with various built-in security features, with a focus on
ease of toll collection in the lane and avoiding, detecting, and
stopping any revenue leaks.

Our system is designed with our experience and insights in Toll

operations and is readily integrated with the majority of hardware
equipment’s from multiple OEMs such as Automatic barriers,
CCTV Cameras, Weigh in Motion, Static Weigh Bridges, RFID
Readers, Thermal Printers, Traffic Lights, LED Fare Displays, etc.

Today, PATH is counted among leading provider of Toll

Management Systems and software in India with more than 500
toll lanes running on our Toll Management Systems on multiple
toll plazas across National and State Highways. PATH is also an
empanelled System Integrator with IHMCL for supply, installation,
and maintenance of Hybrid ETC systems in India.

3. Client Background :-

1. 50 toll plazas with more than 300 toll lanes running on Client Toll
Management System
2. Providing toll automation with Hybrid and Dedicated ETC
systems, at 15 NHAI toll plazas under contract from IHMCL
3. In house design and development of Automatic Vehicle
Detection, Classification and Weigh-in-Motion systems
9

4. In house IT team with 32 software, hardware support engineers

5. Field team of 50 support technicians on toll plazas

 Also, The Expertise in development and production of micro-

controller based electronic hardware and software.
 In house, sophisticated, electronics manufacturing facility with an
efficient team
 More than 70% of Truck Scales in India are equipped with our
supplied weighing terminals.
 Steel Structures for weighing segment, Pre-Engineered buildings
and Weigh In Motion (WIM).
 CAD/CAE software for Designing, Manufacturing & Fabrication.
 40,000 sq. ft. shed area.
 Automatic Multi head Cutting, Tagging & Welding machine.

4. Current Situation & Scope :-

Toll Management system is put in place to collect revenue from

road users to cover the cost of construction of new roads, repairs
and maintenance of existing roads and the expenses of installing
the system in the first place. The fees depend on the type of
vehicle, weight and distance travelled. A high level of security
needs to be assured as well, as considerable amounts of cash are
collected on a daily basis.

 Allows lane integration with our ATMS & Speed Enforcement

systems for collecting violation tickets at toll plaza. Facilitate
smooth traffic flow that minimizes leakages and increases
revenues
 Detect fraud and incidents, easing operations and minimizing risk.
10

 Determine exact Toll Charge through Automated Vehicle

Classification (AVC)
 Detect overweight vehicles using violation controls like Weigh in
Motion (WIM)
 Facilitate faster and accurate processing of vehicular data via
Automatic Number Plate detectors and works in conjunction with
Speed Enforcement engines.
 The Automatic Vehicle Classification (AVC) system is the most
crucial and vital component of the intelligent toll collection system.
AVC is used for automatic counting and classification of vehicles
entering and leaving the lane at Toll Plazas. Moreover, it
determines and stores the graphical details of the profile of the
vehicles along with other additional information
 Automatic number plate recognition (ANPR) is a real-time
embedded system which automatically recognizes the license
number of vehicles.
 Captures the image and processes the information to decipher the
vehicle registration number and updates the system.This feature
also supports incident management and system audit.
 The concept of toll collection is devised to raise funds for roads,
especially for the highways, which enables to recover the capital
invested in the construction and meet expenses to repair and
maintain the roads. Also, toll operation is a process that reduces
the tax burden on local taxpayers and charges the road users
instead. Over the years, the technological advancement has
changed the spare of toll management system. The Indian toll
operation system got a face-lift when Electronic Toll Collection
(ETC) System was introduced in 2013. Since then the
commissioners have been able to overcome the challenge of long
queues and save users time.

5. Resource Requirements :-
11

HARDWARE REQUIREMENTS: Following listed computer

hardware are required for all 300 lanes working currently for the
collection of Toll charges from the vehicles.

 System : Pentium Dual Core.

 Hard Disk : 120 GB.
 Monitor : 15’’ LED
 Input Devices : Keyboard, Mouse
 Ram : 1 GB

SOFTWARE REQUIREMENTS: Also followings licenced software

copies are required for all the machines/computers working
currently for the collection of Toll charges from the vehicles.

 Operating system : Windows 7.

 Coding Language : C#.net
 Tool : Visual Studio
 Database : SQL Server

6. Methodology & Strategy for successful execution :-

Conduct of the surveys required a good deal of planning and

organization, such as identification of locations along road side,
intercepting commuters, handing over the questionnaire or asking
the set of questions, etc. Road user survey involved asking a
sample of road users such as drivers, staff in vehicle,
passengers, etc. (viz. cars, LCVs, buses, public transport, goods
vehicles). The commuters were contacted and the structured
questionnaires were given to the road users or commuters at
various points along the roads such as road side dhabas, bus
stops, checkpoints, etc. During face to face interview, the
respondents were asked to give their personal attributes such as
mode of travel, category of user (for toll exemptions / pass
12

holders), etc. where as in the other section of questionnaire, data

on 77 respondents‘ opinion on various services were measured
on a five point numeric scale, popularly known as ―Likert Scale‖
or service quality scale in this particular study. Survey team
comprised adequate number of interviewers and a well trained
supervisor. 4.4.3.3 Sampling Process Sampling Frame: Vehicles
covered by the study included passenger and commercial
vehicles, the toll roads under study cater to the travel needs of
rural and urban population across the region. The vehicles
travelling on the highways include goods vehicles such as trucks,
lorries, tempos and other Light Commercial Vehicles (LCV), and
passenger transport vehicles like buses, cars, vans, jeeps auto
rickshaws, etc. Categories of road users such as passengers,
drivers, owners (in case of cars and some LMVs), staff in the
vehicle, are the sampling unit in this study

 Toll Collection System

Lane Transaction Module

Audit Module

Cash up Module
13

Report Module

Point of Sale Module

Static Weigh Bridge

ETC System

Configuration Module

File Management
14

Reconciliation Reports

7. Format of Report/ Findings and Recommendations :-

a) Findings :-

 Refreshing Solutions for Toll Management System are advanced

and offer a hassle-free experience to users. Also, it helps
commissioners collect toll charges and manage operations
successfully. With technologies like Automatic Vehicle
Classification System (AVCS), Weigh in Motion.
 Offers a unique, effective and yet very simple Electronic Toll
Collection System. Our toll management system also gathers data
on traffic volumes, vehicle classifications, vehicle speeds, the
collected fares and sends you detailed reports.
 Electronic Toll collection is a system enabling collection of toll
payments electronically, allowing for near‐nonstop toll collection
and traffic monitoring. ETC utilizes vehicles equipped with
transponders (electronic tags), wireless communication, in‐road/
roadside sensors, and a computerized system (hardware and
software) for uniquely identifying each vehicle, electronically
collection of toll, providing general vehicle/ traffic monitoring and
data collection.
 Multi Level security for daily operations as well as data handling

b) Recomandations :-
 Compulsory road survey of state and national highways should be
conducted once in every two months, reporting any damages
immediately and rectifying the same within a month. Road projects
should be given only to well proven infra companies, and be held
responsible for certain minimum life of these roads Enforce and
15

check overloading of trucks which damages the roads and reduces

the life of roads. Plan better roads, truck bays, trucks bays, parking
for trucks before toll plazas posts so that heavy vehicles like
trucks, buses do not spill over the roads blocking highways by
haphazard parking. Response to public grievances should be
prompt and courteous. The road users complaints given in writing
must always be followed up through written feedback. Road users
feel that the facility should be provided free by the Government as
they are already paying taxes. The road way conditions in terms of
standards like surface of the road, roadway markings, etc. need to
be drastically improved so as to minimize accidents rate and
improve travel time.

9. Summary/Inferences & Conclusion :-

The Electronic Toll Collection system in expressway based on

Radio Frequency Identification (RFID), a tracking items on
supply chain technology was put forward. It is low cost, high
security, far communication and efficiency, etc. It not improve
the passage ability of expressway but also improve the
technology level of charge. Electronic toll collection system
using RFID is an effective measure to reduce management
costs and fees, at the same time, greatly reduce noise and
pollutant emission of toll station. In the design of the proposed
Electronic toll collection (ETC) system, real time toll collection
and anti-theft solution system have been designed. This
reduces the manual labour and delays that often occur on
roads. This system of collecting tolls. Is eco-friendly and also
results in increased toll lane capacity. Also an anti-theft solution
system module which prevents passing of any defaulter vehicle
is implemented, thus assuring security on the roadways. IX.
16