Mahindra & Mahindra Limited | Integrated Annual Report 2025-26

381 FINANCIAL STATEMENTS | Consolidated Accounts Information Technology and General Controls in the financial services business The key audit matter How the matter was addressed in our audit The component relating to the financial services business (‘the Component’) is highly dependent upon its Information Technology (IT) systems for carrying out its operations and owing to the significant volume of transactions that are processed daily basis as part of the operations, which impacts key financial accounting and reporting. The Component has put in place the IT General Controls and application controls to ensure that the information produced by the Component is complete, accurate and reliable. Among other things, the Management also uses the information produced by the entity’s IT systems for accounting and preparation and the presentation of the financial statements. Since the audit strategy included focus on entity’s key IT systems relevant to the audit due to their potential pervasive impact on the financial statements of financial services business, the component joint auditors have determined the use of IT systems and related control environment for accounting and financial reporting as a key audit matter. The audit procedures of the component joint auditors of the Component for assessment of the IT systems and controls over financial reporting, which includes carrying out the key audit procedures, but were not limited to the following: • Obtained an understanding of the Component’s key IT systems, IT General Controls which covered access controls, program/ system changes, program development and computer operations i.e., job processing, data/ system backup and incident management and application controls relevant to the audit; • Tested the design, implementation and operating effectiveness of the general IT controls over the key IT systems that are critical to financial reporting. This included evaluation of entity’s controls to check segregation of duties and access rights being provisioned / modified based on duly approved requests, access for exit cases being revoked in a timely manner and access of all users being recertified during the period of audit; • Tested application controls (automated controls), relevant to the audit of loans, expenses, payroll, borrowings and investment among others, for evaluating completeness and accuracy; • Tested compensating controls or performed alternate procedures to assess whether there were any unaddressed IT risks that would impact the controls or completeness and accuracy of data; • Relied on IS and other technology audits conducted during the year; and • The component joint auditor have obtained management representations wherever considered necessary. Other Information The Holding Company’s Management and Board of Directors are responsible for the other information. The other information comprises the information included in the Holding Company’s annual report, but does not include the financial statements and auditor’s report thereon. The Holding Company’s annual report is expected to be made available to us after the date of this auditor’s report. Our opinion on the consolidated financial statements does not cover the other information and we will not express any form of assurance conclusion thereon. In connection with our audit of the consolidated financial statements, our responsibility is to read the other information identified above when it becomes available and, in doing so, consider whether the other information is materially inconsistent with the consolidated financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. When we read the Holding Company’s annual report, if we conclude that there is a material misstatement therein, we are required to communicate the matter to those charged with governance and take necessary actions, as applicable under the relevant laws and regulations. Management’s and Board of Directors’ Responsibilities for the Consolidated Financial Statements The Holding Company’s Management and Board of Directors are responsible for the preparation and presentation of these consolidated financial statements in term of the requirements of the Act that give a true and fair view of the consolidated state of affairs, consolidated profit/ loss and other comprehensive income, consolidated statement of changes in equity and consolidated cash flows of the Group including its associates and joint ventures in accordance with the accounting principles generally accepted in India, including the Indian Accounting Standards (Ind AS) specified under Section 133 of the Act. The respective Management and Board of Directors of the companies included in the Group and of its associates and joint ventures are responsible for maintenance of adequate accounting records in accordance with the provisions of the Act for safeguarding the assets of each company and for preventing and detecting frauds and other irregularities; the selection and application of appropriate accounting policies; making judgments and estimates that are reasonable and prudent; and the design, implementation and maintenance of adequate internal financial controls, that were operating Independent Auditor’s Report to the Members of Mahindra & Mahindra Limited (contd.)

RkJQdWJsaXNoZXIy NTE5NzY=