Audit Policy

Credknow Solutions Private Limited

1. Purpose

The purpose of this Audit Policy is to establish a structured approach for conducting internal and external audits across all operational, financial, compliance, and technology domains of Credknow Solutions Private Limited ("Credknow"). This policy ensures accountability, promotes transparency, verifies regulatory compliance, and enhances operational efficiency by identifying risks, irregularities, and opportunities for improvement.

2. Scope

This policy applies to:

  • All departments, business functions, and systems within Credknow.
  • Employees, contractors, vendors, and any third parties involved in processes subject to audit.
  • Operational areas including credit assessment, loan facilitation, data handling, information technology, finance, legal compliance, and partner relationships.

3. Objectives

  • To ensure adherence to internal policies, industry best practices, and applicable laws.
  • To evaluate the effectiveness of internal controls, risk management, and governance processes.
  • To detect and prevent fraud, mismanagement, or data misuse.
  • To provide assurance to stakeholders and regulators on the integrity and reliability of company operations and records.

4. Types of Audits

Credknow may conduct the following audits periodically:

  • Internal Audit: Conducted by an in-house or appointed internal audit team. Reviews operational efficiency, financial controls, and policy compliance. Performed quarterly or semi-annually based on risk assessment.
  • IT & Data Security Audit: Assesses cybersecurity controls, data protection practices, access controls, and system resilience. Includes review of compliance with the Data Encryption Policy, IT Policy, and data privacy regulations.
  • Financial Audit: Conducted by external Chartered Accountants or statutory auditors. Verifies the accuracy and integrity of financial statements and transactions.
  • Regulatory Compliance Audit: Ensures compliance with applicable legal frameworks and partner oversight.
  • Vendor and Partner Audit: Evaluates third-party service providers’ adherence to contractual, data security, and compliance obligations.

5. Audit Process

The standard audit process includes the following steps:

  • Planning – Define audit scope, objectives, resources, and timeline.
  • Notification – Inform auditees in advance unless the audit is surprise-based.
  • Data Collection – Examine relevant documents, systems, processes, and personnel.
  • Analysis & Evaluation – Assess controls, performance, compliance, and identify gaps.
  • Reporting – Draft an audit report highlighting findings, risks, and recommendations.
  • Corrective Action – Assign responsibility and timelines for remediation.
  • Follow-Up – Review implementation of corrective actions and re-audit if necessary.

6. Roles and Responsibilities

Various roles including the Audit Committee, Chief Compliance Officer, Internal Audit Team, IT Security Officer, and Department Heads are responsible for overseeing and executing the audit process effectively.

7. Confidentiality

All audit findings and associated documents must be treated as confidential. Information gathered during audits must not be disclosed except to authorized personnel or regulators.