Arohan Financial Services Limited | Annual Report 2021-22

134 | Annual Report | 2021-2022 Arohan Financial Services Limited Independent Auditors’ Report of even date on the financial statements of Arohan Financial Services Limited for the year ended March 31, 2022. (contd.) Sr. No Key Audit Matter How the Key Audit Matter was addressed in our audit The Company’s accounting and financial reporting processes are dependent on automated controls enabled by IT systems which impacts key financial accounting and reporting items such as loans, interest income, impairment on loans amongst others. The reliability and security of IT systems play a key role in the business operation. The controls implemented by the Company in its IT environment determine the integrity, accuracy, completeness and validity of data that is processed by the applications and is ultimately used for financial reporting. Accordingly, we have identified ‘IT systems andcontrols’ as keyauditmatter because of the high level automation, significant number of systems being used by the management and the complexity of the IT architecture and its impact on the financial reporting system. • Key IT audit procedures includes testing design and operating effectiveness of key controls operating over user access management (which includes user access provisioning, de-provisioning, access review, password configuration review, segregation of duties and privilege access), change management (which include change release in production environment are compliant to the defined procedures and segregation of environment is ensured), program development (which include review of data migration activity), computer operations (which includes testing of key controls pertaining to, backup, Batch processing (including interface testing), incident management and data centre security), System interface controls. This included testing that requests for access to systems were appropriately logged, reviewed, and authorized. Also, entity level controls pertaining to policy and procedure and Business continuity plan assessment due impact of COVID-19 was also part of our audit procedure; • In addition to the above, the design and operating effectiveness of certain automated controls, that were considered as key internal system controls over financial reporting were tested. Using various techniques such as inquiry, review of documentation / record / reports, observation, and re-performance. We also tested few controls using negative testing technique; • Tested compensating controls and performed alternate procedures, where necessary. In addition, understood where relevant, changes made to the IT landscape during the audit period.

RkJQdWJsaXNoZXIy NTE5NzY=