Click to listen highlighted text! Powered By GSpeech

PRINCIPLE SEVEN – AUDIT

DIRECTORS’ RESPONSIBILITIES

The Directors are accountable for the preparation and fair presentation of the financial statements in accordance with International Financial Reporting Standards and all the requirements of The Companies Act 2001 of Mauritius, The Banking Act 2004 (amended August 2020) and the Financial Reporting Act 2004 and for such internal controls as the Directors determine are necessary to enable the preparation of financial statements that are free from material misstatements, whether due to fraud or error.

EXTERNAL AUDIT

The Bank launched a tender exercise in 2017 whereby the appointed audit firm was Deloitte. Subsequently, at the Board meeting held on 9 May 2019, it was resolved to renew the audit contract with Deloitte as external auditors of the Bank for the financial years ended 30 June 2020 and 2021, with the Bank reserving the right to review its decision at the end of each of the financial year end mentioned and subject to Deloitte’s acceptance to renew the audit contract.

Deloitte has served 4 years with the Bank. The Audit Committee evaluates the independence and effectiveness of the external auditor on a continuous basis before making a recommendation to the Board on their appointment and retention.

The Bank is required to comply with the prerequisites of The Banking Act 2004 (amended August 2020) in respect of rotation of auditors after a period of 5 years. As per the Finance Act 2020, the central bank may, upon a request from a financial institution and on just and reasonable grounds shown, grant an approval in writing for the extension of the appointment of its firm of auditors for an additional period of not more than 2 years.

The audit fees and fees for other services were:

YEAR ENDED
30 JUNE 2020
YEAR ENDED
30 JUNE 2019
YEAR ENDED
30 JUNE 2018
Audit
MUR
'000
Other*
MUR
'000
Audit
MUR
'000
Other*
MUR
'000
Audit
MUR
'000
Other*
MUR
'000
Deloitte
The Bank

AfrAsia Bank Limited
8,400 6,426 7,200 3,711 2,921 1,137
Ernst & Young
The Subsidiaries

AfrAsia Bank Limited
314 329 196 280 189 461
AfrAsia Capital Management Limited 598 33 694 26 518 -
AfrAsia Capital Management Limited 598 33 694 26 518 -
AfrAsia Corporate Finance International Limited (Under liquidation) - - - - 50 -

*Other services include limited review, internal control review, investigations and review of information memorandum.

INTERNAL AUDIT

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to the evaluation and improvement of risk management, control and governance processes. The internal audit function at ABL helps the Board and management maintain and improve the process by which risks are identified and managed and helps the Board discharge its responsibilities for maintaining and strengthening the internal control framework.

The structure is as follows:

Operational Audit Senior ManagerAudit CoordinatorOperationalAudit ManagerHead of Internal AuditAuditCoordinatorJunior InternalAuditorIT Audit ManagerAuditCoordinator

Independence of the internal audit team

The internal audit function in ABL remains independent of the activities audited and objective in its work. There have been no restrictions placed over the right of access by internal audit to the records, management or employees of the Bank as part of the audit procedures performed during the year under review. The Head of Internal Audit maintains a direct reporting line with the Audit Committee for direction and accountability and to the Chief Executive Officer for administrative interface and support in line with good governance practices.

The Head of Internal Audit has regular access to the Chairperson of the Audit Committee. He attends quarterly meetings with the Audit Committee and more frequently when the need arises.

Qualifications and experience

Kristy Kumar Ballah, a Fellow of the Institute of Chartered Accountants in England and Wales with over 14 years of experience in the auditing field heads the Internal Audit department. Prior to joining the Bank, he was the Group Internal Audit Manager at the Mauritius Commercial Bank. He started his career with PwC where he grew to become an Audit Manager. Over the years, the Head of Internal Audit had exposure to many local clients operating in diverse sectors and also had significant international exposure.  He is well acquainted with strategy setting for risk functions in Banks and risk management activities in general. The profile of the Head of Internal Audit is displayed on the Bank’s website.

The Head of Internal Audit is adequately supported by staff members with significant banking and auditing experience. The team includes members with “Big 4 firm” exposure and who are also members of professional bodies such as ACCA, CISA, etc.

Implementation of the risk-based audit plan

The Internal Audit team implements the yearly risk-based audit plan approved by the Audit Committee. The audit frequency for identified processes is as follows:

Yearly or more frequently where the need arisesProcess Risk Category: HighEvery two years or more frequently where the need arisesEvery three years or more frequently where the need arisesProcess Risk Category: MediumProcess Risk Category: Low

The execution of the financial year 2020 audit plan has been impacted by COVID-19 despite all the efforts made by the internal audit team to be as efficient as possible while working from home during the national lockdown. The completion of certain audits has inevitably spilled into the beginning months of financial year 2021.

In addition, several ad-hoc assignments have been performed at the request of management comprising fact finding and other assignments of an advisory nature during financial year 2020.

The Internal Audit team has made use of this unique opportunity COVID-19 provided to closely monitor the execution of the Business Continuity Plan in the real practice. The team also had to execute its advisory role to the fullest during that period and remained available to assist any crisis Committee in a timely and constructive manner.

The crisis has led to an increase in phishing, email scams, social engineering and fraud attempts worldwide. Internal Audit ensured that there was more vigilance, fraud monitoring in place and customer awareness undertaken on security best practices.

The Financial Year 2021 Audit Plan

The Financial Year 2021 audit plan will be purely risk based and Internal Audit will amongst others use the following key criteria to assign inherent and residual risk ratings to the relevant processes in the Bank:

  • Past audit findings and cumulative audit knowledge of controls design and performance;
  • Financial impact;
  • Volume of transactions;
  • Whether the process is impacted by key regulatory requirements;
  • Whether the process represents a key second line of defense function; and
  • Recent or foreseen changes in management, structure, systems impacting the process.

Internal Audit will maintain a specific focus on Segment B clients and will also keep a close eye on the following factors that could emanate as a result of the sanitary crisis:

  • IFRS 9 and accounting for impairment since clients operating in Tourism, Textile, Real Estate and Aviation amongst others are severely impacted.
  • The greater use of digital means for payments as opposed to cash, working from home set up might be retained to some extent and higher fraud attempts resulting in more technology-oriented models and structures post crisis requiring specific skills to review;
  • The impact of monetary and fiscal policies as major reforms is anticipated in the country to achieve certain macro-economic objectives where such measures may impact in a pertinent manner certain line items in the financial statements of banks; and
  • Changes to legislation and regulations.

The internal audit team provides varying degrees of assurance about the effectiveness of the risk management and control processes of selected activities and functions of the organization. The Internal Audit function does not believe that any deficiencies identified so far could at this stage, individually or collectively jeopardize the operations of the Bank.

It is worth mentioning that as at date, the major share of issues categorized as “critical” and “major” have been or are in the process of being addressed by management.

Any risk or deficiency in the system of internal controls revealed during audits performed have been reported in the respective reports issued at the end of the assignment. The audit report includes audit recommendations, management comments, action plan and timeline for implementation. Strict monitoring of implementation is done by Internal Audit and a periodic status is given to the Audit Committee.

Internal Audit also performs a close follow up on the implementation of recommendations in the management letter of the external auditors.

Click to listen highlighted text! Powered By GSpeech