[A] Definition
Internal Audit is an independent, objective and advisory activity, designed to add value and improve the operations of the University of Cyprus. It helps the University Administration achieve its objectives by adopting a systematic and professional approach to evaluating and improving the effectiveness and efficiency of management and control systems, risk management and governance processes.
[B] Mission
The mission of the Internal Audit Service is to offer to the Administrative Authorities of the University, an independent and objective assessment of the internal management and control systems and the management of risks and governance procedures, thereby contributing substantially and effectively to the achievement of the objectives of the Administrative Authorities of the University University.
[C] Objectives
The objectives of Internal Audit include:
- The independent supply and guidance of the Administrative Authorities of the University with the necessary data, information and suggestions, for taking appropriate corrective decisions and measures.
- The independent and objective assessment of the University’s compliance with the Laws, Regulations, Rules, Circulars and Decisions of the Bodies / Committees and Other Bodies.
- Ensuring User Management Principles.
- Ensuring the effective utilization and management of the University’s financial resources.
- Safeguarding and safeguarding the University’s Assets.
- The control of the efficient and effective operation of the University’s activities, with the aim of their future improvement.
- Checking the adequacy and effectiveness of procedures, security barriers, internal control systems, strategies and the management of high-risk areas.
- The control of IT systems and the controls integrated into them, to support the processes and objectives of the University.
[D] Powers
Officers of the Internal Audit Service
- They have the right to access, without any restrictions, all Records (e.g. electronic systems, software programs, books, documents, accounts, contracts, minutes, payment orders, invoices, etc.), Assets and Human University staff, for the effective performance of their duties.
- They have the right to enter the building facilities of the University, to request and receive information and explanations from any official, which are deemed necessary for the formation of an opinion. Each official of the University must respond validly and in a timely manner to the provision of all information and explanations requested.
- They have the right to cooperate with independent auditors and receive advice from Specialists, when this is deemed necessary for the effective performance of their duties.
Internal Auditor
- He has all the powers granted to the officers of the Internal Audit Service.
- He has direct communication with the President of the Council, the Rector, the President and the members of the Audit Committee and any other persons he deems should receive any immediate information, on issues arising from his audit.
- Ex officio selects audit matters, defines scopes of work and adopts techniques required to achieve audit objectives.
- It cooperates and consults with the Auditor General of the Republic, in matters of his competence, with the aim of optimal audit coverage of the University.
- It receives information, data, documents and explanations deemed necessary for the completion of its audit tasks, from any person, organization, company or institution, in order to form its opinion.
- He expresses opinions on matters of his competence and suggests improvements or corrections on matters concerning new policies or changes to existing policies of the University.
[E] Independence
The independence of the Internal Audit is achieved by adopting the following basic principles:
The Internal Auditor:
- He has the authority to conduct ex officio audits for matters that come to his attention and that he himself judges to be serious and necessary.
- It submits its Audit Reports to the Audit Committee of the Council.
- It has no responsibility or authority over activities it controls.
- Attends Audit Committee sessions as Secretary.
- He brings relevant matters to the attention of the Audit Committee, but does not have the right to vote in decision-making.
- He attends the sessions of Bodies or Committees as an Observer, where the Council deems it appropriate or the Legislation provides for it.
- In relation to the audit reports, it does not refer to any Authority and/or Organ of the KP, other than the Audit Committee and the KP Council.
The Officers of the Internal Audit Service:
- They do not participate in any activities, which they will control or evaluate and which could affect their objectivity and independence, namely:
- They do not carry out any administrative or operational tasks.
- They do not develop or install programs and processes.
- They do not perform or approve accounting entries.
[F] Responsibility
The Internal Audit Service has the responsibility to:
- Prepares a one-year, two-year or three-year internal audit work plan, based on risk assessment, including any risks or concerns identified by Senior Management / Executive Bodies or the Board’s Audit Committee and submits to the Audit Committee for approval.
- Prepare Audit Reports and submit them to the Audit Committee, together with the opinions, comments and suggestions of the stakeholders, summarizing the results and suggestions for solving or improving the issues or weaknesses raised.
- Receives written responses from the Higher Administrative/Executive Bodies on the corrective measures taken or planned to be taken, within a certain period of time from the date of the Council’s decision. Evaluates and monitors proposed actions.
- It uses external services or advice to meet the needs of processing its audit tasks.
- Investigate or assist in the investigation of significant information or complaints of possible fraud, misconduct, illegality, irregularity or mismanagement within the University, following instructions from the President of the Council, the Chancellor, the President of the Audit Committee and/or Ex-officio and prepare relevant reports.
- It takes care of the development of the Internal Audit Service, the maintenance of professionally qualified staff with high knowledge, abilities, experience and professional qualifications, to cover the needs imposed to carry out the necessary audit work.
[G] Tasks of the Internal Audit Service
- The work of the Internal Audit Service is conducted based on the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics.
- They focus on providing an independent and objective assessment of internal control systems and risk management, audit and governance processes as designed by the University Authorities:
(i) Types of Audits/Services
The Internal Audit Service conducts a wide range of audits, including the following:
- Auditing
Examines issues related to accounting treatment and the preparation of Financial Statements. The purpose of the financial audit is to confirm that the financial activities of the University are correctly and fairly reflected in its Financial Statements. - Compliance Check
It determines the degree of compliance of the University with the Laws, Regulations, Rules, Decisions and Instructions that regulate its operation. - Administrative/Operational Control
It inspects the internal systems and control procedures of the various functions of the University and examines the possibility of adopting new methods, which can improve efficiency and effectiveness and contribute to the reduction of risks. - Information Systems Control
It evaluates IT systems internal control systems, data security, systems development processes and their requirements. - Special Investigations
– The President of the Council, the Rector and the President of the Audit Committee, may request the conduct of Special Investigations based on information they possess or are transmitted to them.
– The Internal Auditor may ex officio conduct a Special Investigation, if deemed necessary, based on information or complaints in his possession.
– Officials of the University (Vice-Chancellors, Director of Administration and Finance) may submit requests for Special Investigations to the Rector. The Rector evaluates them and decides whether to issue instructions for conducting an investigation. - Consultancy
It covers a wide range of advisory services, enabling the Board to leverage the knowledge and experience of the Internal Auditor to solve problems, reduce risks and improve the University’s operating processes.
– The Internal Auditor offers or is authorized to offer consulting services to the University of Cyprus, when they:
– Improve operations and risk management and add value to the University.
– They do not lead to a conflict of interest.
– They do not reduce his other obligations.
– Consulting services may include formal projects (eg projects defined by written agreements) up to advisory activities (eg participation in permanent or temporary Management Committees or Project Teams).
(ii) Audit Work Stages
Preparation and Approval of Audit Work Program
The Internal Audit Service prepares a one-year, two-year or three-year audit work plan, based on an appropriate risk assessment method, including any risks or concerns identified by the University’s Senior Management/Executive Bodies or the Audit Committee. The Audit Work Program is submitted for approval to the Audit Committee at the beginning of the year and is revised at any stage during the year when deemed necessary.
Opening Meeting/Information
The audit work may begin with an opening meeting or briefing on the initiation of the audit, for discussion between Internal Audit Service officers and officers of the audited Department/Service, the purpose and objective of the audit. Audit work may begin without any notice or meeting if it is judged that this process best ensures the success of the audit objectives.
Control Tasks
Since each audit is unique and may contain its own particularities, the audit procedures may be different. In a typical audit, the Internal Audit Service officers assess the effectiveness of the internal control systems designed and adopted in a Department/Service and check the compatibility of the procedures implemented with these systems. They examine compliance with Laws, Regulations, Rules and Decisions of its Bodies and Committees.
Final Meeting/Update
– Before the completion of the audit work, all issues/issues that require information and/or further clarification by the competent officials are noted and sent in writing or discussed with the competent officials of the Services/Departments, in order to obtain the necessary clarifications and/or views.
– Upon completion of the audit report, the Internal Auditor sends it to the interested parties for any comments, opinions, suggestions.
– The comments, opinions, suggestions of the interested parties are submitted to the Internal Auditor, within 15 days from the date. sending the final Report. Failure to receive a response within the specified framework is interpreted as meaning that the interested parties do not have any comments, opinions or suggestions and that they agree with the content, conclusions and suggestions of the Report.
(iii) Submission of Audit Reports to the Audit Committee
The final Audit Report includes:
- Executive Summary with the most important conclusions and recommendations.
- Detailed Report with observations, findings, conclusions and recommendations.
- Any other data, reports, documents, annexes, which are deemed necessary for the best, fair and objective information of the Commission.
- The final Audit Report, together with the opinions, comments, suggestions of the interested parties, are submitted to the Audit Committee.
- The Audit Committee studies the Audit Report and the relevant comments, opinions, recommendations of the authorities and submits its own recommendations to the University Council, for further actions / decisions.
- The Audit Reports may in exceptional cases be referred directly to the Council, if the Council decides that the needs and circumstances so require.
(iv) Follow Up
The Internal Audit Service monitors the implementation of the decisions of the University Council by its competent Services/Departments, regarding the audit reports and informs the Audit Committee accordingly.
(v) Code of Ethics and International Auditing Standards
The activities of the Internal Audit Service are conducted based on the Code of Ethics and the International Standards for the Professional Application of Internal Audit.
(vi) The Internal Audit Law
The University of Cyprus adopts the provisions of On Internal Audit no. 114(I) of the 2003 Law.