CORPORATE GOVERNANCE
REPORT

PRINCIPLE SEVEN – AUDIT

DIRECTORS’ RESPONSIBILITIES

The Directors are accountable for the preparation and fair presentation of the financial statements in accordance with International Financial Reporting Standards and all the requirements of The Companies Act 2001 of Mauritius, The Banking Act 2004 (amended 12 August 2021) and the Financial Reporting Act 2004 (amended 2020) and for such internal controls as the Directors determine are necessary to enable the preparation of financial statements that are free from material misstatements, whether due to fraud or error.

EXTERNAL AUDIT

The Bank launched a tender exercise in 2017 whereby the appointed audit firm was Deloitte. Subsequently, at the Board meeting held on 9 May 2019, it was resolved to renew the audit contract with Deloitte as external auditors of the Bank for the financial years ended 30 June 2020 and 2021, with the Bank reserving the right to review its decision at the end of each of the financial year end mentioned and subject to Deloitte’s acceptance to renew the audit contract.

Deloitte has served 5 years with the Bank. The Audit Committee evaluates the independence and effectiveness of the external auditor on a continuous basis before making a recommendation to the Board on their appointment and retention.

The Bank is required to comply with the prerequisites of The Banking Act 2004 (amended 12 August 2021) in respect of rotation of auditors after a period of 5 years. As per the Finance Act 2020, the Central Bank may, upon a request from a financial institution and on just and reasonable grounds shown, grant an approval in writing for the extension of the appointment of its firm of auditors for an additional period of not more than 2 years.

The Bank has initiated its tendering process in search of the next auditors.

The fees for audit and other services were as follows:

YEAR ENDED
30 JUNE 2021
YEAR ENDED
30 JUNE 2020
YEAR ENDED
30 JUNE 2019
Audit
MUR
'000
Other
MUR
'000
Audit
MUR
'000
Other
MUR
'000
Audit
MUR
'000
Other
MUR
'000
Deloitte
The Bank

AfrAsia Bank Limited


5,700


4,117*


8,400


6,426


7,200


3,711
Ernst & Young
The Subsidiaries
AfrAsia Investments Limited 327 25 314 329 196 280
EKADA Capital Ltd (formerly known as
AfrAsia Capital Management Limited)
618 22 598 33 694 26
*Other services include limited review, internal control review, AML/CFT review and assurance reports.

INTERNAL AUDIT

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to the evaluation and improvement of risk management, control and governance processes. The internal audit function at ABL helps the Board and management maintain and improve the process by which risks are identified and managed and helps the Board discharge its responsibilities for maintaining and strengthening the internal control framework.
Independence of the internal audit team

The internal audit function in ABL remains independent of the activities audited and objective in its work. There have been no restrictions placed over the right of access by internal audit to the records, management or employees of the Bank as part of the audit procedures performed during the year under review. The Head of Internal Audit maintains a direct reporting line with the Audit Committee for direction and accountability and to the Chief Executive Officer for administrative interface and support in line with good governance practices.

The Head of Internal Audit has regular access to the Chairperson of the Audit Committee. He attends quarterly meetings with the Audit Committee and more frequently when the need arises.

Qualifications and experience

Kristy Kumar Ballah, a Chartered Banker and also a Fellow of the Institute of Chartered Accountants in England and Wales with 16 years of experience in the auditing field heads the Internal Audit department. Prior to joining the Bank, he was the Group Internal Audit Manager at the Mauritius Commercial Bank. He started his career with PwC where he grew to become an Audit Manager. Over the years, the Head of Internal Audit had exposure to local organizations operating in diverse sectors and also had significant international exposure. He is well acquainted with strategy setting for risk functions in Banks and risk management activities in general. The profile of the Head of Internal Audit is displayed on the Bank’s website.

The Head of Internal Audit is supported by staff members with significant banking and auditing experience. The team includes members with “Big 4 firm” exposure and who are also members of professional bodies such as ICAEW, CBI, ACCA, CISA, STEP etc.

Implementation of the risk-based audit plan

The Internal Audit team implements the yearly risk-based audit plan approved by the Audit Committee. The audit frequency for identified processes is as follows:

 
The Financial Year 2021 Audit Plan

Delays in executing the FY 2020 audit plan as a result of the lengthy confinement linked to COVID-19 meant completion of same only happened in Quarter 2 of FY 2021. Given the cascading effect and considering that ad-hoc assignments, comprising fact finding and other assignments of an advisory nature, have been performed at the request of management during FY 2021, the target is to complete the latter audit plan by the end of October 2021. The FY 2021 risk-based audit plan was approved by the Audit Committee and Internal Audit used amongst others use the following key criteria to assign inherent and residual risk ratings to the relevant processes in the Bank:

  • Past audit findings and cumulative audit knowledge of controls design and performance;
  • Financial impact;
  • Volume of transactions;
  • Whether the process is impacted by key regulatory requirements;
  • Whether the process represents a key second line of defense function; and
  • Recent or foreseen changes in management, structure, systems impacting the process.

The internal audit team provides varying degrees of assurance about the effectiveness of the risk management and control processes of selected activities and functions of the organization. The Internal Audit function does not believe that any deficiencies identified so far could at this stage, individually or collectively jeopardize the operations of the Bank.

It is worth mentioning that as at date, the majority of issues categorized as “critical” and “major” have been or are in the process of being addressed by management.

Any risk or deficiency in the system of internal controls revealed during audits performed have been reported in the respective reports issued at the end of the assignment. The audit report includes audit recommendations, management comments, action plan and timeline for implementation. Strict monitoring of implementation is done by Internal Audit and a periodic status is given to the Audit Committee.

Internal Audit also performs a close follow up on the implementation of recommendations in the management letter of the external auditors.