INTERNAL AUDIT POLICY - AHALIA MONEY EXCHANGE & FINANCIAL SERVICES PVT LTD

PREAMBLE

Though there is no statutory or regulatory requirement for NBFC’s to have an audit policy, the Board of Directors of Ahalia Money Exchange & Financial services Pvt Ltd, as a part of their oversight function considers Internal Auditing as an independent and objective consulting activity designed to add value and improve the company’s operations. Internal Audit assists the company in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the company’s risk management, control and governance processes. The responsibilities of Internal Audit function are defined by this Policy.

The procedure of audit need to be documented for the different streams of activity viz branch operations, other establishments, HO departments, information system etc. Separate Audit manuals should be prepared for all audit streams to facilitate the audit activity.

OBJECTIVES

The objectives of internal auditing are:

• To ascertain compliance with statutory and regulatory requirements;
• To ascertain compliance with norms laid down by the company;
• To ascertain whether quality of assets is as per approved norms;
• To advise the management of any deficiencies in processes, procedures, and functions;
• To determine the integrity, security, and controls in the information system are at acceptable standards; and
• To identify deficiencies in the internal control system and recommend procedures to plug the control gaps.

SCOPE

The scope of internal auditing encompasses the examination and evaluation of the adequacy and effectiveness of the Internal Control System and the quality of performance in carrying out assigned responsibilities at the organizational, departmental, and functional level. It includes:

• Reviewing the reliability and integrity of financial and operating information;
• Assessing compliance with policies, plans, and procedures;
• Assessing compliance with laws and regulations;
• Reviewing the means of safeguarding assets and verifying the existence of such assets;
• Verifying quality of Assets;
• Reviewing and appraising the economy and efficiency with which resources including IT Resources are employed;
• Reviewing established systems of internal control to ascertain whether they are functioning as designed;
• Monitoring and evaluating the effectiveness of the company’s operational risk management processes;
• Examining and reporting on the adequacy of internal controls for all new or significantly modified information systems.
• Investigating and reporting on violations of policies and procedures, errors, fraud or misuse of company assets.
• Reviewing specific operations, programs, functions or activities at the request of the Audit Committee or management, as appropriate.

       ii. The Internal Audit Department will provide advice and assistance to the management, when requested, by:

• Serving as a consulting resource for the review of policies and procedures, financial and administrative systems, organizational structures, and other related administrative activities.
• Serving as a consulting resource for the development of control procedures for new or significantly modified functional areas and computer-based financial and management information systems.

 AUDIT UNIVERSE

• Audit universe includes all the present and future activities in the company.

 AUDIT PLAN

• Frequency of audit of an activity/ function should be determined based on the risk perception.
• However all activities of the company will be audited at least once a year.
• Internal Audit may be broadly divided into Head Office Audit and Branch Audit. The frequency of audit report will on monthly basis. Internal Audit department should have an Audit manual mentioning the plan to achieve minimum audit frequency.

AUDIT SAMPLING

• The internal auditor may perform sample verification where 100% verification is not warranted based on the risk perception
• The internal auditor should design and select an audit sample, perform audit procedures thereon, and evaluate sample results so as to provide sufficient appropriate audit evidence to meet the objectives of the internal audit engagement.
• When designing an audit sample, the internal auditor should consider the specific audit objectives, the population from which the internal auditor wishes to sample, and the sample size.
• The internal auditor should select sample items in such a way that the sample can be expected to be representative of the population. This requires that all items or sampling units in the population have an opportunity of being selected.

AUDIT REPORTING

• An audit report shall be prepared by the Auditor following the conclusion of each audit. The report will be finalised after discussion with the head of department/activity under review.
• The response should include a time-frame for anticipated completion of the action to be taken for rectifiable irregularities and an explanation for any recommendations that will not be addressed.
• Timelines for closure of audit reports for various streams of audit -by which time all irregularities should be rectified- will be laid down
• For non-rectifiable irregularities, appropriate action be taken within the time prescribed by the operational guidelines or permission for maintaining status quo obtained from appropriate authority
• The distribution of the report, obtention of the comments ,determination of the adequacy thereof and taking up the matter again if needed will be carried out by internal audit department.
• The Internal Audit department will report findings to the senior management. Any important points shall be reported to the ACB.
• Head of the Internal Audit department shall report to the audit committee on a frequency laid down by the board.
• There shall be a guideline to with internal audit department specifying the timeline for rectification/closure of audit report.

DOCUMENTATION

• The auditor shall prepare audit documentation on the basis of which he reached his conclusions
• The documents may be kept in paper form or in electronic form. However, as far as possible electronic documentation methods shall be resorted to.
• The retention period of audit documents will be laid out in the respective manual. The documentation will be recalled in case of any dispute on the audit findings

ORGANISATION

•  The ‘Head – Internal Audit’ shall report administratively to the CEO and functionally to the Audit Committee of the Board.
• The Internal Audit department should be and appear to be independent and objective in providing its services.

MANPOWER AND OUTSOURCING

• Company shall have an Internal Audit department adequately staffed with competent auditors.
• The auditors will generally be employees on the rolls of the company either on normal or contract employment
• in addition to internal audit done by the  company may outsource some part of audit to experienced professionals whenever needed.

CODE OF ETHICS

Internal Audit staff members are responsible for conducting themselves so that their integrity, objectivity, confidentiality, and competency are not open to question.

Internal Auditors shall:

• Possess the educational background, qualifications and competencies commensurate with their level of responsibility with providing assurance and consulting services to the company;
• Exercise objectivity, and diligence in the performance of their duties and responsibilities;
• Exhibit loyalty in all matters pertaining to the affairs of the company and not be a party to illegal or improper activity;
• Refrain from entering into any activity which may be in conflict with the interest of the company or which would prejudice their ability to objectively carry out their duties;
• Be prudent in the use of information acquired in the course of their duties and not use confidential information for any personal gain or in a manner that knowingly would be detrimental to the interest of the company;
• Use reasonable care to obtain sufficient factual evidence to support the conclusions drawn.
• Reveal such material facts known to them which, if not revealed, could distort the reported results of the audit; and
• Continue to strive for improvement in the proficiency and effectiveness of their service.

ACCESS TO INFORMATION

Internal Audit has the authority to audit all functions of the company and shall have full and complete access to all information, programmes, database, records, facilities and personnel relevant to the performance of an audit.

Documents and information given to internal auditors during a review will be handled consistent with company policy and in the same manner as the employees are normally accountable for them.

AUDITEE RESPONSIBILITIES

The division/department or activity under review is to provide full cooperation to the Internal Audit Department.

Where verification of valuables viz, gold ornaments, cash etc are involved there will be no prior intimation of audit to the auditee unit. Even in other cases there may be occasions when audit is planned without prior intimation. The auditee unit shall furnish information to the auditor whenever required.

• Head of the auditee department is responsible for developing action plans and implementing the recommendations contained in the audit report or alternatives that meet the objectives of the recommendations.

SCOPE AND CHECKLIST

Scope and checklist for internal audit for the time being is attached as Annexure -1 to the policy. Same may be revised from time to time by Managing Director on recommendation of CEO/CFO.

REVIEW OF THE AUDIT POLICY

• The Internal Audit policy shall be reviewed once in three years.
• The Audit committee is responsible for the review and modification of the Internal Audit policy.