Business Continuity Policy (BCP) Arohan’s deployment and practice of Business Continuity Plan (BCP) was led and anchored by the Risk unit, which was also audited by the Reserve Bank of India and was found to be satisfactory. The implementation of the Business Continuity Policy and Plan of the Company has led to a well-established BCP process backed by well-trained BCP committees and stakeholders. The Company continues to be ‘Business as Usual’ with the least disruptions during events of calamities and other disruptions during the year. The Risk unit will continue to strengthen and anchor this important regulatory requirement for the Company. Appointment & Reporting of CISO The Reserve Bank of India through its circular titled Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices has directed for detailed compliance across Information technology practise & control and cyber security preparedness, cyber crisis management & mitigation plans. One of the key directive in the said circular is the definition & scope of the role of a Chief Information Security Officer (CISO). The circular has also mandated that the CISO will have direct reporting lines to the Chief Risk Officer. In compliance to the said circular, a General Manager cadre officer has been appointed as a CISO in Arohan with effect from April 1, 2024 to bring in the desired focus & actionable regarding information technology and cyber security risk management. INTERNAL AUDIT MANAGEMENT Arohan boasts a robust Internal Audit function, offering independent assurance and guidance on internal control and risk management processes. This function plays a crucial role in helping Arohan achieve its objectives by employing a methodical and disciplined approach to evaluate and enhance the effectiveness of internal control and governance processes. Functioning autonomously, the Internal Audit department at Arohan operates under the oversight of the Audit Committee of the Board. This committee thoroughly reviews the department’s structure, annual audit plan, and staffing, ensuring a rigorous and impartial review process. Arohan’s Internal Audit acts as a trusted advisory body, delivering top-tier counsel and precise insights to management regarding the efficiency of internal control, process adherence, risk management, and governance across the organisation. Aligned with the Reserve Bank of India’s guidelines, Internal Audit at Arohan adopts a Risk-Based Supervision (RBS) approach. It diligently adheres to the provisions outlined in RBI circulars, such as the one dated February 3, 2021, focusing on “Risk-Based Internal Audit (RBIA)” for non-deposit taking NBFCs with an asset size of INR 5000 Cr and above. Moreover, it complies with relevant guidelines under the Companies Act, 2013, as well as internal audit standards set forth by the Institute of Chartered Accountants of India (ICAI), ensuring governance processes are credible, resilient, and transparent. In its pursuit of excellence, Internal Audit at Arohan actively recruits professionals with specialized domain expertise. Currently, the team comprises three Chartered Accountants, two Qualified Information System Auditors (CISA), one Certified Internal Auditor (CIA), and six MBAs at both Head Office and field levels, enriching the team’s professional acumen. The team is dedicated to fostering diversity and inclusion within its members. Presently there are seven women members, with plans to further increase female representation going forward. This move is particularly notable in an industry where women leaders are rare, and it signifies a positive shift towards gender balance, with women taking prominent roles, even in field audits. Quality Certification In FY 2020, the Internal Audit function of Arohan achieved accreditation with the ISO 9001:2015 certification from the British Standards Institution (BSI). This certification attests to Arohan’s adherence to the requisite standards and requirements for conducting Internal Audit. It serves as a testament to the organisation’s dedication to excellence in quality management functions and underscores its determination to elevate these standards further to enhance business precision. Moreover, BSI reaffirmed this certification in February 2023, extending it for an additional three years following comprehensive surveillance. Infrastructure In the microfinance industry, Internal Audit is a specialized function demanding a blend of field expertise and auditing proficiency. Arohan’s Internal Audit team is meticulously structured to integrate the essence of both aspects, selecting field auditors from seasoned personnel alongside professionally qualified auditors. Moreover, Arohan consistently invests 59 | Annual Report 2023-24
RkJQdWJsaXNoZXIy NTE5NzY=