| 132 Annual Report | 2024-2025 Arohan Financial Services Limited Independent Auditors’ Report of even date on the financial statements of Arohan Financial Services Limited for the year ended March 31, 2025 (cont’d) Information Technology systems and controls The key audit matter How the matter was addressed in our audit Information Technology (IT) systems and controls The Company's key financial accounting and reporting processes are dependent on the automated controls in information systems. There exists a risk in the IT control environment which could result in the financial accounting and reporting records being misstated. We have identified ‘IT systems and controls’ as a key audit matter considering the high level of automation and the complexity of the IT architecture. Further, it impacts on overall financial reporting process and regulatory expectation on automation. In view of the significance of the matter, we applied the following audit procedures in this area, among others to obtain sufficient audit evidence for scoped in application by involving our IT specialist: 1. Evaluating and testing the design, implementation and operating effectiveness of the significant accounts related to IT applications controls relevant to the accuracy of system computation, and the consistency of data transmission. 2. Evaluating and testing the design, implementation and operating effectiveness of key General IT Controls. This includes controls on Access management, Change management and Computer Operations. 3. Testing the design and operating effectiveness of key controls over user access management. This includes access authentication through password configuration management, granting or modification of user access, creating new users, deactivating user access for exiting users, user access and privileged access examination basis their role and function. 4. Testing the design, implementation and operating effectiveness of the IT automated controls which are relevant to the accuracy of system computation. 5. Testing the controls over changes to applications including access to configure changes, approvals required to deploy the changes, segregation of environment and segregation of duties in change management. 6. Testing the design and operating effectiveness of audit trail (edit log) feature for the in-scope applications i.e. where books of accounts are maintained in an electronic mode using an accounting software. 7. Tested the controls over computer operations including controls over backup of data, controls on operating system and database viz. authorized access, password management and changes. Based on procedures performed above, wherever required, we extended our audit procedures over other IT application controls, periodic reconciliations, manual approval processes, tests on identified key changes and additional substantive testing. Independent Auditor's Report
RkJQdWJsaXNoZXIy NTE5NzY=