AfrAsia Bank Limited and its Group Entities
Annual Report 2015
page 104
The Bank has moved its data centre to Ebène and set up the Disaster Recovery (DR) site in its premises at Port Louis.
The network of the Bank has been upgraded this year to mitigate the risk of failure from a single provider. There are redundant links between
the Bank sites in Port Louis and Ebène and also for internet connectivity.
A BCM test is performed annually for all critical infrastructure involving all functions and user groups of the Bank to ensure the effectiveness
of the processes and the readiness of the infrastructure and people.
INTERNAL AUDIT
During the year under review, the Internal Audit Department has conducted 29 operational audits and ad hoc assignments covering several
business operations of the Bank. As at this date, a significant number of recommendations has been satisfactorily addressed by Management.
In addition, an independent service provider performed an IT Security Assessment, whereby - after necessary corrective actions - it was
concluded that AfrAsia Bank Limited’s network, operating and database systems (including Internet Banking) were adequately secured.
The Bank has appointed a new Head of Internal Audit, effective 1 July 2015, following the retirement of the former Head. As was previously
the case, reporting lines will remain to the Audit Committee for direction and accountability and to the Executive Directors for administrative
interface and support in line with good governance practices.
A more robust framework, through the elaboration of a 3-year strategic plan amongst others, is being implemented to enable the Internal
Audit Function to progressively position itself as a strategically focused unit as defined by the Institute of Internal Auditors (IIA)*. Four pillars,
namely (i) Strategy, (ii) People (iii) Process and (iv) Information Technology, have been identified as primary basis to help accomplishing the
set objective, as illustrated below:
Mindful of AfrAsia Bank Limited’s core values, coupled with the successful implementation of solid foundations, Internal Audit should in
Strategy
People
IT
Process
Vision and Mission
3-Year Risk-Based Audit Plan
Advisory Services
Synergy with other Control
Functions
IT Audits :
• General Controls
• Application Controls
Use of Computer Aided Audit
Tools
Audit methodology in line with IIA
Standards
Revised communication protocol
(including risk-based grading of
issues)
Audit Manual
Promote knowledge growth, hard
and soft skills and disciplines
Recruitment, development and
retention of professionals
Establish key performance
indicators
RISK MANAGEMENT REPORT (CONTINUED)