AfrAsia Bank Limited and its Group Entities

Annual Report 2015

page 104

The Bank has moved its data centre to Ebène and set up the Disaster Recovery (DR) site in its premises at Port Louis.

The network of the Bank has been upgraded this year to mitigate the risk of failure from a single provider. There are redundant links between

the Bank sites in Port Louis and Ebène and also for internet connectivity.

A BCM test is performed annually for all critical infrastructure involving all functions and user groups of the Bank to ensure the effectiveness

of the processes and the readiness of the infrastructure and people.

INTERNAL AUDIT

During the year under review, the Internal Audit Department has conducted 29 operational audits and ad hoc assignments covering several

business operations of the Bank. As at this date, a significant number of recommendations has been satisfactorily addressed by Management.

In addition, an independent service provider performed an IT Security Assessment, whereby - after necessary corrective actions - it was

concluded that AfrAsia Bank Limited’s network, operating and database systems (including Internet Banking) were adequately secured.

The Bank has appointed a new Head of Internal Audit, effective 1 July 2015, following the retirement of the former Head. As was previously

the case, reporting lines will remain to the Audit Committee for direction and accountability and to the Executive Directors for administrative

interface and support in line with good governance practices.

A more robust framework, through the elaboration of a 3-year strategic plan amongst others, is being implemented to enable the Internal

Audit Function to progressively position itself as a strategically focused unit as defined by the Institute of Internal Auditors (IIA)*. Four pillars,

namely (i) Strategy, (ii) People (iii) Process and (iv) Information Technology, have been identified as primary basis to help accomplishing the

set objective, as illustrated below:

Mindful of AfrAsia Bank Limited’s core values, coupled with the successful implementation of solid foundations, Internal Audit should in

Strategy

People

IT

Process

Vision and Mission

3-Year Risk-Based Audit Plan

Advisory Services

Synergy with other Control

Functions

IT Audits :

• General Controls

• Application Controls

Use of Computer Aided Audit

Tools

Audit methodology in line with IIA

Standards

Revised communication protocol

(including risk-based grading of

issues)

Audit Manual

Promote knowledge growth, hard

and soft skills and disciplines

Recruitment, development and

retention of professionals

Establish key performance

indicators

RISK MANAGEMENT REPORT (CONTINUED)