Arohan Annual Report FY 20-21

Information Technology system for the financial reporting process The Company is dependent on their IT system (FIS software) for recording customer’s operational data, supporting their business processes, ensuring complete and accurate processing of financial transactions and supporting the overall internal control framework. This system is maintained by FIS Payment Solutions (“FIS”) which acts as technology partner for implementing an end-to-end banking solution, infrastructure and network components. Their scope includes customer informationmanagement, user management and role-based access control. FIS software is a complex IT system which runs on a mobility platform and is used for recording all disbursements and collections, identification and tagging of pledged loans to customers and calculating interest income and overdue days. The Company’s accounting and financial reporting processes are dependent on automated controls enabled by IT systems which impacts key financial accounting and reporting items such as loans, interest income, impairment on loans amongst others. The controls implemented by the Company in its IT environment determine the integrity, accuracy, completeness and validity of data that is processed by the applications and is ultimately used for financial reporting. Accordingly, considering the pervasive impact of the IT system on the financial statements and testing of such IT systems and related controls being the most significant aspect of our audit strategy, we have determined the same as a key audit matter. Our audit procedures with the involvement of auditor’s IT specialists included, but were not limited to the following: • Obtained an understanding of the Company’s IT related control environment and conducted risk assessment and identified IT applications, data bases and operating systems that are relevant to our audit. Also, obtained an understanding of the changes that were made to the identified IT applications during the audit period including the impact on asset classification on account of moratorium relief extended to its customers and tested those changes that had a significant impact on financial reporting; • Evaluated the appropriateness of controls for security governance to protect systems and data from unauthorised use, including logging of security events and procedures to identify vulnerabilities. Tested segregations of duties controls around programmaintenance, security administration and key business processes; • Evaluated management processes for modifications to the IT environment including monitoring and authorization of such modifications. Tested changes made to the IT system that involved significant impact on financial reporting; • Tested the design and operating effectiveness of the Company’s IT controls over the IT applications as identified above; • Tested related interfaces, configuration and other application layer controls identified during our audit and report logic for system generated reports relevant to the audit mainly for loans, interest income and impairment of loan assets for evaluating completeness and accuracy Arohan Financial Services Limited Independent Auditors’ Report of even date to the members of Arohan Financial Services Limited on the financial statements for the year ended 31 March 2021 (cont’d) Key audit matter How our audit addressed the key audit matter Auditor’s Report 123