53 | Annual Report | 2024-2025 normal risk environment throughout FY 2025. Operational Risk Management is expected to come under enhanced focus in RBI’s Operational Risk regulations & guidelines in FY 2025 in the backdrop of various discussions and workshops through the year. • Enterprise Risk Management Arohan has been proactively working on the microfinance sector-specific ERM structure for a while now. That foresight started bearing fruits in FY 2025, with the Reserve Bank of India actively encouraging systemically important NBFCs, during their regular audits and in their specifically curated CRO Workshop, for the deployment of Enterprise Risk Management (ERM) systems. ERM is a globally well-established framework for effectively optimising Risk vis-à-vis Return, and providing accurate and insightful visibility on all inherent risks inherent during the functioning of an organisation. As a mandate for the Risk unit, Arohan initiated the implementation of the Enterprise Risk Management (ERM) project using the COSO framework. Christened SANDESH, the project has made significant progress with the platform that was completely developed inhouse. The platform is already operational with the respective Risk Owners approving the risk registers along with their controls and thresholds. Arohan is again the first in the sector for the development of ERM in true letter and spirit. Business Continuity Policy (BCP) Arohan’s deployment and practice of Business Continuity Plan (BCP) was led and anchored by the Risk unit, which was also audited by the Reserve Bank of India and was found to be satisfactory. The implementation of the Business Continuity Policy and Plan of the Company has led to a well-established BCP process backed by well-trained BCP committees and stakeholders. The company continues to be ‘Business as Usual’ with the least disruptions during events of calamities and other disruptions during the year. The Risk unit will continue to strengthen and anchor this important regulatory requirement for the Company. Appointment & Reporting of CISO In FY 2024, Reserve Bank of India through its circular titled Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices had directed for detailed compliance across Information technology practise & control and cyber security preparedness, cyber crisis management & mitigation plans. In line with one of the key directives in the said circular is the definition & scope of the role of a Chief Information Security Officer (CISO) with reporting lines to the Chief Risk Officer. In compliance to the said circular, a General Manager cadre officer has been appointed as a CISO in Arohan with effect from April 1, 2024 to bring in the desired focus & actionable regarding information technology and cyber security risk management. An independent vCISO consulting team has been appointed under the oversight of the CISO to ensure better Information Security preparedness at Arohan. INTERNAL AUDIT MANAGEMENT At Arohan, the Internal Audit function plays a vital role in protecting the interests of our customers by ensuring transparency, accountability, and sound governance across all operations. Through its independent assessment of internal controls, risk management practices, and governance systems, the Internal Audit team helps uphold the integrity and reliability of the organisation. This disciplined and systematic approach not only enhances operational efficiency but also strengthens the trust customers place in Arohan. Reporting directly to the Audit Committee of the Board, the Internal Audit department operates with complete independence. The Audit Committee regularly evaluates the department’s structure, audit plan, and staffing to ensure a thorough and unbiased review process—ultimately reinforcing Arohan’s commitment to safeguarding customer trust and confidence. Strategic Role and Compliance Arohan’s Internal Audit function acts as a strategic partner to management, providing valuable insights that reinforce internal controls, ensure compliance, and enhance risk management and governance practices. By aligning with the Reserve Bank of India’s (RBI) Risk-Based Supervision (RBS) framework—particularly the guidelines outlined in the RBI’s circular dated February 3, 2021, on “Risk-Based Internal Audit (RBIA)” for large nondeposit-taking NBFCs—Arohan strengthens its internal defenses and reinforces its accountability. In addition, the function complies with the governance requirements under the Companies Act, 2013, and adheres to the Standards and Guidelines prescribed by the Institute of Chartered Accountants of India (ICAI). These efforts not only support regulatory compliance but also fortify customer confidence by promoting transparency, resilience, and long-term organisational integrity. Professional Expertise and Diversity Arohan’s Internal Audit team is built on a foundation
RkJQdWJsaXNoZXIy NTE5NzY=