Deepening our Expertise to serve you better

Kristy Kumar Ballah, Head of Internal Audit

“New normal”, a term which garnered quite some attention and fame over the past year, has almost compelled individuals and corporates alike to roll up their sleeves in a bid to keep up with the dramatical changes happening globally. AfrAsia Bank has followed suit and so have our employees.  Transforming the pandemic’s challenges into opportunities, our colleagues chose to upskill and deepen their expertise in their respective fields.

INTERNAL AUDIT: A CHANGING LANDSCAPE

Having witnessed a tremendous shift over the past few years, this function has progressed from having a reactionary stance to a more strategic one. This shift has mandated organisations to revisit their strategies and prompted auditors to up their game. Meet our Head of Internal Audit, Kristy Kumar Ballah (FCA), who undertook a dual certification of Chartered Banker MBA from the Bangor Business School in Wales. He secured both the much-coveted Chartered Banker status and a distinction-level MBA whilst ranking first in his class out of 52 students from 20 different nationalities.

1. How’s been your learning journey?

I won’t sugar-coat it; this course was tough! It was certainly challenging to strike the right balance between work, family and studies. Perseverance and focus were crucial but my work experience has also played key role.

I’ve been able to reflect on how learning has transformed over the years; when I compare the first degree I did onsite in the UK almost two decades ago to having completed a distance-learning course this year, I’ve realised to what extent the learning landscape has transformed over the years due to enhanced accessibility. I was impressed by the infrastructure and technological platforms provided to attend live courses and tutorials and how seemingly seamlessly the time difference between countries were circumvented in the most efficient ways through conveniently-accessible videos, amongst others. 

2. How has the audit function evolved over the past 5 years?

The Internal Audit function has grown in size and has also upskilled during the past few years. Recruitment has mostly happened within the banking sector and major audit firms amongst others, specifically targeting professionally-qualified (for e.g.: ACA, ACCA, STEP, CISA), agile and experienced individuals.  The key advantage of same has been the achievement of a mix of skills relevant in today’s context, which facilitates the complementarity of expertise and individual critical thinking to better understand the local banking context and its challenges.  Mauritius being on the grey list of the FATF has resulted in higher scrutiny from the authorities over the past year and undeniably, COVID has had a major impact on the banking business and on regulations but it has also catalysed technological development globally.  As an internal auditor, we need to adopt a proactive stance to identify where, how and to what extent these threats impact the Bank’s activities and processes, and how we can effectively capture and address same in yearly audit plans.

3. How does this qualification better equip you to tackle the existing and novel challenges in the audit function?

Over time, auditors get entangled in their work routines: planning, testing samples, reporting and following up on audit findings. Unfortunately, as at date, the skills are here but adequately-applied training in banking is still limited and even when available, rarely will they stimulate our thinking beyond the area of focus.

This is where the Chartered Banker MBA fits in and, is according to me, highly relevant for an internal auditor from both the macro and micro perspectives. Firstly, it shows how banks are used to effectively implement the monetary policy of a government in an economy, thereby delimiting concisely the responsibilities and obligations of a financial institution for a country. Secondly, it deepens one’s understanding of the interconnectedness in the economy and within financial systems and how systemic risk arises.  Next, there is a lot of emphasis on regulating the banking sector, more specifically, where the optimal point for regulating lies. This is key for an internal auditor to effectively carry out his/ her responsibilities in the most efficient and cost-effective manner. Last but not the least, the course highly focuses on governance, capital adequacy in banking, asset and liability management, liquidity management and management of the different types of risks which are critical components of banking business.

CYBERSECURITY – IS ETHICAL HACKING THE NEW NORM?

We now take a leap from the internal audit to the cybersecurity sphere. The advent of technology surges through all spheres of life. As much as it is a boon, unfortunately, it seems like it is also a bane given that cybercriminals are also keeping up with the evolving technological developments to continually attack and exploit IT infrastructure by intruding through vulnerabilities in systems. To better equip themselves to overcome the challenges, our colleagues, Jamiil Mahomudally - Senior IT Security Analyst, Avinash Gunsam - ICT Security Analyst, and Mehnish Ramuth - ICT Security Analyst Assistant have successfully earned the ‘Certified Ethical Hacker’ qualification.

What is this Certified Ethical Hacker certification about?

The CEH certification provides a hands-on knowledge to prevent and counter cyber-attacks. This the most comprehensive ethical hacking programme that helps information security professionals learn about the fundamentals of ethical hacking. The certification provides the skills required to inspect network infrastructures with the consent of the owner to find loopholes in applications or computer systems.

What’s happening on the cybersecurity front currently?

“The last few months have seen a sharp rise in cyber-attacks, often disrupting products and services that are key to our everyday lives. Many of those attacks have used ransomware, a set of tools that enables hackers to gain access to computer systems and disrupt or lock them until attackers get paid”, comments Jamiil.

Attesting of the situation globally, our previous article on cybersecurity and the statistics therein are self-explanatory as to why specialists need to continually upskill. “With the rise of remote working during the pandemic, significant vulnerabilities have been revealed that only make it easier to launch such attacks. Hence, it is important to determine which security measures are effective, which ones need to be updated, and which ones contain vulnerabilities that can be exploited”, highlights Avinash.

2021 has seen a surge of ransomware attacks against targets ranging from hospitals, oil pipelines, and global technology companies. Many victimised companies do not have the adequate tools, expertise and the required resources to match up to the increasing vulnerabilities, attack techniques, and security incidents. As reported by Forbes, “the DarkSide attacks exploited ‘critical’ (9 on a scale of 10) vulnerabilities that had been known for more than 90 days.”

 “Cybercriminals are upping their game big time and it’s high time we do it too.  Our job is not only to keep abreast of the latest technological developments to reinforce the security parameters of our ecosystem, but it’s to also be a step ahead in finding the loopholes that hackers leverage to launch cybersecurity attacks. And, the latter, I think, is today more important than the former. As they say: to beat a hacker, you must first think like one!” added Mehnish.