Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a computer system safeguards assets, maintains data integrity, allows organizational goals to be achieved effectively, and uses resources. efficiently. Security risk is a potential threat which may endanger the company's assets, especially in the case where it is one of the impacts of IT implementation in a company. Physical security control is a security control designed by an organization or company to protect the physical facility of information technology infrastructure. Logical security control is a security control designed by an organization or company to protect the information technology infrastructure that is invisible in character, such as corporate data and computer software by means of logical function (by using ID password, hand key, fingerprint, and retina scan). The research method is descriptive analysis method, a research method which systematically, actually, and accurately describes concerning facts, characteristics, and also the relation between the phenomenon being studied (that is the application of physical and logical security control at PT Talc Indonesia). Data collecting techniques include observation, interviews, questionnaires, and documentation.Research result shows that environmental control is effective (68.75%), physical security control is not effective (26.92%), and logical security control is categorized as effective enough (42.22%). In conclusion, the condition of security risk in PT Talc Indonesia is at a risky level because according to this research, there is still an ineffective control (that is the practice of physical security control). Meanwhile, the practice of logical security control at PT Talc Indonesia is determined as effective enough. Keyword: audit, information technology, security control, security risk