EXTERNAL AUDIT

The Bank launched a tender exercise in 2017 whereby the appointed audit firm was Deloitte, the latter has served 3 years with the Bank. During the year under review, the members of the Audit Committee have met with the external auditors without the presence of the management during which the financials and the accounting principles of the Bank adopted were discussed. The Audit Committee evaluates the independence and effectiveness of the external auditor on a continuous basis before making a recommendation to the Board on their appointment and retention.

At the Board meeting held on 9 May 2019, it was resolved to renew the audit contract with Deloitte as external auditors of the Bank for the financial years ended 30 June 2020 and 2021, with the Bank reserving the right to review its decision at the end of each of the financial year end mentioned and subject to Deloitte’s acceptance to renew the audit contract.

The Bank is complying with the prerequisites of the Banking Act in respect with the rotation of auditors after a period of 5 years.

The audit fees and fees for others services were:

Fees of MUR 7.5m is payable to Deloitte for the audit as at June 2019.
The audit fees include an ad-hoc fee relating to review of IFRS 9 in the first year of implementation.

INTERNAL AUDIT

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to the evaluation and improvement of risk management, control and governance processes. An internal audit helps the Board and management maintain and improve the process by which risks are identified and managed and helps the Board discharge its responsibilities for maintaining and strengthening the internal control framework. 

Independence of The Internal Audit Team

The internal audit function in ABL remains independent of the activities audited and objective in its work. There have been no restrictions placed over the right of access by internal audit to the records, management or employees of the Bank as part of the audit procedures performed during the year under review. The Head of Internal Audit maintains a direct reporting line with the Audit Committee for direction and accountability and to the Chief Executive Officer for administrative interface and support in line with good governance practices.

The Head of Internal Audit has regular access to the Chairperson of the Audit Committee. He attends quarterly meetings with the Audit Committee which comprises high calibre professionals and more frequently when the need arises.

Qualifications and Experience

Kristy Kumar Ballah, a Fellow of the Institute of Chartered Accountants in England and Wales with over 14 years of experience in the auditing field heads the Internal Audit department. Prior to joining the Bank, he was the Group Internal Audit Manager at the Mauritius Commercial Bank. He started his career with PwC where he grew to become an Audit Manager. Over the years, the Head of Internal Audit had exposure to many local clients operating in diverse sectors and also had significant international exposure. He is well acquainted with strategy setting for risk functions in Banks and risk management activities in general. The profile of the Head of Internal Audit is displayed on the Bank’s website.
The Head of Internal Audit is adequately supported by staff members with significant banking and auditing experience. The team includes members with “Big 4 firm” exposure and who are also members of professional bodies such as ACCA.

Implementation of The Risk-Based Audit Plan

The Internal Audit team implements the yearly risk based audit plan approved by the Audit Committee. The audit frequency for identified processes is as follows: 

The execution rate of financial year 2019 internal audit plan, which covered key operational and IT areas, is satisfactory. Treasury and Credit processes were audited in financial year 2019 and they cater for a major portion of the Bank’s income. Other core functions such as compliance, finance and operations have also been covered. In addition, several ad-hoc assignments have been performed at the request of management comprising fact finding and other assignments of an advisory nature.

The financial year 2020 audit plan is purely risk based and will also accommodate (i) any financial year 2019 audit that could not be completed in that period and for which very valid justifications exist and (ii) any ad hoc that will arise. To complete the financial year 2020 audit plan, Internal Audit has used the following key criteria to assign a risk rating to the relevant processes in the Bank:

  • Past audit findings and cumulative audit knowledge  Financial impact
  • Volume of transactions 
  • Whether the process is impacted by key regulatory requirements
  • Whether the process represents a key second line of defence function
  • Recent or foreseen changes in management, structure, systems impacting the process

The internal audit team provides varying degrees of assurance about the effectiveness of the risk management and control processes of selected activities and functions of the organization. The Internal Audit function does not believe that any deficiencies identified so far could at this stage, individually or collectively jeopardize the operations of the Bank. The audit of subsidiary ACM revealed several high risk issues, Management has produced a comprehensive action plan to address the audit recommendations with owners and timelines clearly established.

It is also worth mentioning that as at date, the lion’s share of issues categorized as “critical” and “major” have been or are in the process of being addressed by management.

Any risk or deficiency in the system of internal controls revealed during audits performed have been reported in the respective reports issued at the end of the assignment. The audit report includes audit recommendations, management comments, action plan and timeline for implementation. Strict monitoring of implementation is done by Internal Audit and a periodic status is given to the Audit Committee.