Adopted at the 30th Meeting of the Council of the University on April 15, 2014   

1. Internal Audit  

1.1. Definition

The Internal Audit is an independent, objective and consulting activity designed to add value and improve the operations of the Cyprus University of Technology. It helps the University to achieve its objectives by adopting a systematic and professional approach to evaluate and improve the effectiveness of management and control systems, risk management and governance processes.

1.2. Mission

The Internal Audit Department mission is to provide independent and objective assessment of internal management and control systems, risk management and governance processes, contributing effectively and efficiently to achieve the objectives of the University.

1.3. Objectives

 The Internal Audit Department include:

• Independent feeding and guide of the University management and bodies with the necessary data, information and suggestions for appropriate corrective measures and decisions.
• Independent and objective assessment of the University Compliance with Laws, Regulations, Rules, Circulars and Decisions of Bodies / Committees and other institutions.
• Securing Institutions and Good Management Authorities.
• Ensuring the efficient use and management of financial resources of the University.
• Preserving and safeguarding the assets of the University Records.
• Checking the efficient and effective functioning of the University activities, with a view to their future improvement.
• Checking the adequacy and effectiveness of procedures, safety valves, internal control systems, strategies and management of high-risk areas.
• Monitoring of IT systems and controls incorporated in them, in order to support the processes and goals of the University.

1.4. Organization

The Internal Auditor addresses the Audit Committee of the Council and the Council itself. In regards to service issues (e.g. leave of absence, etc.) the Internal Auditor addresses the Administration and Finance Director.

1.5. Powers

The Internal Audit Department Officers / assistant officers have the following powers:

• Unlimited access to all files (e.g. books, documents, bills, contracts, minutes, payment orders, invoices, etc.) in the Assets and Human Resources of the University, for the effective performance of their duties.
• Right from entering the buildings of the University and receive information and explanations deemed necessary from any Officer, to form an opinion. Each Officer / Assistant Officer must comply with valid and timely in providing all the information and explanations requested.
• Right to cooperate with independent auditors and collect advice from professionals when and where necessary for the effective performance of their duties.

  The Internal Auditor has extra power:

• For direct contact with the President of the Council, the Rector, the President and / or members of the Audit Committee and / or any other person believes that you should receive any direct information on issues arising from the audit.
• For automatic selection of issues to be controlled, determination of areas of work and adoption the techniques required to accomplish audit objectives.
• Collection of information, data, documents and explanations, which are necessary to complete the audit work by any person, organization, company or institution to form its opinion.
• Expression of views on issues of his/her competence and suggestion of improvements or corrections on issues relating to new policies or changes to existing University policy.

1.6. Independence

 "Independence": The officers of the Internal Audit Department are considered independent when they can carry out their work freely and objectively. This independence allows officers to reach impartial and fair conclusions regarding the controls carried out.  

"Objectivity": The impartial attitude that allows the Internal Audit Department officers to carry out their work in such a way that they themselves believe that their findings represent their work and that no reductions were carried out in terms of authenticity of their work.

The independence of the Internal Audit Department is achieved by adopting let the following principles:

The Internal Audit Department: 

• Has the authority to conduct ex officio controls on matters it deems necessary to be done.
• Submits audit reports to the Audit Committee for consideration and submission of recommendations to the Council.
• Has no responsibility or authority over the activities it controls.
• Sits at the Audit Committee meetings to provide information on the issues, having no voting rights in decisions making.
• Sits at the Bodies or Committees meetings as observer, wherever deemed necessary by the Council.

 Officers / Assistants Officers of the Internal Audit Department do not participate in any activities, which would assess or evaluate and that could affect the objectivity and independence, namely:

• They do not carry out any administrative or operational tasks.
• They do not develop or install programmes and procedures.
• They do not carry out or approve accounting records.

1.7 Liability

 The Internal Audit Department is responsible for:

• Preparing one-year, two-year or three-year internal audit work plan, based on risk assessment, including any risks or control concerns identified by the senior / executive bodies or the Audit Committee and for submitting it to the Audit Committee for approval.
• Preparing audit reports and submitting them to the Audit Committee, together with the views / comments and suggestions of interested parties, summarizing the results and recommendations for solving or improving the issues raised.  
• Obtaining written answers from the Higher Administrative / Executive Bodies, the remedies made or planned to be done during a time interval from the date of decision by the Council. It also evaluates and monitors the proposed actions.
• Cooperating with independent auditors, where necessary, aiming to provide the University with optimal audit coverage.
• Using external services or advice to meet processing needs of its audit work.
• Investigating or helping investigation of important suspicions of possible fraud actions, corruption, illegality, irregularity or mismanagement within the University, following the Audit Committee guidelines and / or automatically reporting back.
• Seeking to maintain professionally qualified staff in the Internal Audit Department, with sufficient knowledge, skills, experience and qualifications to meet the needs for carrying out control operations.

1.8. Internal Audit Tasks

 The Internal Audit Department operations are conducted in accordance with International Standards for the Professional Application of Internal Auditing and the Code of Ethics and focus on:

1. The provision of an independent and objective assessment of internal control systems and procedures applied for risk management, control and governance, as designed by the University authorities, operating in a manner that ensures that:

• High risk areas are defined and adjusted appropriately.
• The financial statements present a true and fair University financial situation and the administrative and operating information is accurate, reliable and timely.
• There is a full application and compliance with policies, standards, procedures, laws, regulations, rules, circulars and decisions of the competent Bodies, Committees and University institutions.
• There is no misuse of financial resources of the University and their management is conducted according to the principles of good administration.
• Quality and improvement of tasks are encouraged by the procedures and internal control systems of the University.  
• The important legislative and regulatory issues presented at the University are recognized and treated appropriately.

1. The conduct of special audits, investigations, studies to facilitate the authorities to make correct and timely decisions.
2. The cooperation with the Auditor General for better coordination of tasks and success in the common objectives.
3. Studies and other activities which are deemed necessary by the Administrative Authorities of the University, for its effective operation.

2. Control Tasks

The Internal Audit Department tasks are distinguished Scheduled and Non-Scheduled / Special Investigations.

2.1. Scheduled Control Tasks The scheduled tasks of the Internal Audit Department are approved by the Council's Audit Committee, through the Audit Work Programme. 
 

The Audit Department performs a wide range of controls, including the following:

2.1.1. Financial Audit

It examines issues related to the accounting management and the preparation of financial statements. The purpose of the audit is to verify that the financial activities of the University reflect correctly and fairly the Financial Statements and that the University assets are safeguarded.

2.1.2. Compliance Audit

It determines the rank of University Compliance with Laws, Regulations, Rules, Resolutions and Guidelines, which govern its operation as well as in accordance with the procedures and contractual obligations.

2.1.3 Operational Control

It inspects internal control systems and procedures of the University operations and examines the possibility of adopting new methods that can improve efficiency and effectiveness and contribute to reducing risks.

2.1.3. Information Systems Control

It evaluates the internal control systems of information systems, data security, systems development processes and requirements.

2.1.4. Consulting

It covers a wide range of consulting services, enabling the University to utilize the knowledge and experience of the Internal Auditor for problem solving, reducing risks and improving operating procedures.

2.2. Non-scheduled tasks / Special Investigations

 The mandates / guidelines to the Internal Auditor for conducting investigations, is as follows:

1. The President of the Council and the Rector may request a special investigation by the Audit Committee. The Rector may use the services of the Internal Auditor conferring specific investigations in the performance of its own duties, in consultation with the President of the Audit Committee.
2. Officials of the University (Vice-Rectors, Administration and Finance Director) may submit requests for conducting special investigations to the Rector. The Rector evaluates and submits same to the Audit Committee for a decision.
3. The Control Committee shall decide on the necessity for the Special Investigation or other task and determines the order of priority.
4. The Internal Auditor may automatically select subjects for inspection, define areas of study and adopt techniques required to accomplish audit objectives.

2.3. Audit Procedures / Stages

 The Internal Audit Department activities are carried out based on the Code of Ethics and International Standards for the Professional Implementation of Internal Control.  

2.3.1. Preparation and Approval of Audit Work Plan:

 The Internal Audit Department develops an one-year, two-year or three-year audit work, based on an appropriate risk assessment methodology, including any risks or concerns identified by the Senior Management / Executive Bodies of the University or the Audit Committee. The Audit Work Plan is submitted for the year when deemed necessary.

2.3.2. Control stages:

2.3.2.1. Opening meeting

The audit tasks begin with an opening meeting for discussion between Officers / Assistant Officers of the Internal Audit Department and Officers of the controlled Department / Service. It is noted that the audit tasks may begin without notice or meeting, if judged that sudden control better ensures the success of the audit objectives.

2.3.2.2. Control Operations Conduct

Provided that each test is unique, the control conducting procedures may vary. In a typical test, the Officers of the Internal Audit Department assess the effectiveness of internal control systems, designed and adopted in a Department / Service and check compatibility of the procedures applied by these systems.

2.3.2.3. Final meeting with interested parties

 Upon completion of control tasks all questions / issues to be updated and / or further clarifications from interested partied are marked.

In the final clarification meeting with relevant officers of the Services / Departments, the subjects / issues, findings and recommendations are mentioned and the final opinions and recommendations are determined.

2.3.2.4. Preparation and delivery of the Audit Report to interested partied

 The Internal Auditor sends the final report to the interested parties for any comments / opinions / suggestions.

The final Audit Report comprises of the following:

• Executive summary of the main conclusions and recommendations.
• Detailed Report with observations, findings, conclusions and recommendations.
• Any other information / reports / documents deemed necessary.

2.3.2.5. Report study by interested parties and submission of comments / opinions / suggestions

The interested parties submit to the Internal Auditor their comments / views / recommendations within 10 working days from the date of the final report dispatch. In case of no reply within the above timeframe, will imply that that the above-mentioned persons do not have any comments / opinions or suggestions and that they agree with the content, conclusions and recommendations of the Report.

The Final Report of the Internal Auditor, together with the views / comments / suggestions of interested parties are submitted to the Audit Committee for consideration and submission of recommendations to the Council.  

It is noted that the internal auditor's report are not discussed in another Body / Committee before being studied by the Audit Committee.

2.3.2.6. Study Report of the Audit Committee:

 The Audit Committee studies the Audit Report and the comments / views of the interested parties.

2.3.2.7. Submission of proposals

 The Audit Committee makes its recommendations to the University Council for decision making.

2.3.2.8. Decision Making Follow Up:

 The Internal Audit Department monitors the implementation of decisions by the Council of the University and informs the Audit Committee accordingly.

2.3.2.9. Feedback

The results of the audit, the Audit Committee decisions and their implementation by the competent services are used for the preparation of audit plan for next year.

3. Audit Committee

3.1. Members of the Audit Committee

The University Council at its 1st meeting dated March 21, 2012, appointed the first President and the first members of the Audit Committee.

It is noted that the Internal Auditor also attends the Audit Committee, for information sharing, without voting rights.

3.2. Audit Committee Order Terms

The Audit Committee is responsible for making recommendations to the Council on improving internal systems and of operating procedures of the University, effective management of financial resources, safeguarding of assets, risk management and assessment of governance.

It directs the Council on policies and decisions, confirming the compliance of the Laws, Regulations, Rules and decisions of the administrative authorities, accurate financial statements, healthy risk management and ethical behavior.

It is clarified that although not listed explicitly in the above Terms of Reference, the Audit Committee and after the oral assurances of the Council President, retains its implementing powers since the 10th meeting of the Council dated December 19, 2012.

3.3. Composition

The Audit Committee comprises of five members unless the Council decides otherwise and is composed of independent, external members of the Council of the University.

The Audit Committee reports to the University Council, informing about its decisions and providing suggestions and views on matters within its remit.

The President of the Audit Committee is appointed by the University Council.

The term of office of Committee members lasts for as long as its members remain members of the Council.

3.4. Meetings

The Audit Committee meets in sessions at regular intervals to discuss the audit reports of the Internal Auditor and other issues related to its objectives.

The Internal Auditor also attends the meetings of the Audit Committee for providing information on the issues, having however no voting rights in decisions making.

The Committee President has right to convene the Audit Committee, establishing the agenda and chairing the meetings.  

The Audit Committee has the discretion to invite at its meetings Advisors / Experts or other Officers of the University or Observers.

Under the responsibility of the Internal Audit Department Minutes of meetings and relevant file are kept.

There is a Quorum at the Committee meetings, when the majority of the Audit Committee (including the President) is present.  

The decisions of the Audit Committee meetings are taken by simple majority and are directly enforceable. It is clarified that when a member of the Audit Committee disagrees with the decision of the majority, the opposition will be recorded and the topic is referred to the Council, if he/she wishes same.

3.5. Responsibilities, Rights and Powers

The Audit Committee, in the framework of effective implementation of the purpose of its establishment, has the following powers, duties and powers:

3.5.1. In General:

1. It has the discretion to give directions for the conduct of specific Research / Studies / Audits and reviews the findings of the relevant reports.
2. It decides on the necessity for Special Investigations, which may be submitted by the President of the Council and the Rector and determines the order of priority.
3. It seeks and provides any information by a member of staff and / or external source.
4. It receives documents and information from any member of the university community, to effectively carry out its duties.
5. It ensures any external service from independent counselors (e.g., Accounting, Legal et al), for the efficient performance of its functions.
6. It meets with Management and the University Bodies for discussion of any Committee subjects or issues that management believes that should be discussed confidentially with the Audit Committee.
7. It periodically examines the appropriateness of its "Terms of Reference" and recommends changes.
8. It examines the audit reports submitted by the Internal Audit Department and ensures that the Administration and the University institutions respond appropriately to the issues arising.
9. It makes periodic assessments and revisions of "Internal Control Standards", policies and internal systems and operating procedures of the University and provides suggestions on amendments to the University Council.
10. It evaluates the organizational structure of the Internal Audit Department to confirm the possibility of handling the Internal Audit Work Plan in a valid manner, timely and effectively.
11. It studies and assesses reports submitted to the Council of the University, being related to its responsibilities.
12. It maintains open communication with the Internal Auditor, the Auditor General and the University Council.
13. It meets with the Auditor General of the Republic or his representative or any external consultant deems necessary.
14. It carries out any other activities or actions that will assist in carrying out its Terms of Reference.

3.5.2. Internal Control Systems and Risk Assessment

1. In cooperation with the Administration, the University Bodies and the Internal Auditor, it examines the reports of the Auditor General.
2. It summarizes the significant risks, inspects the management policies and procedures and assesses the measures taken by the Administration and the University Bodies to control these risks.
3. It examines the Administration and the University Bodies, the Internal Auditor and the significant accounting principles.
4. It examines, inspects and assesses the effectiveness of the University Internal Control Systems, in cooperation with the Administration and the University Bodies, regarding:
   • The evaluation of the effectiveness of the University's internal control systems.
   • The adequacy of the University's internal control systems, including IT control and security systems.
   • Any comments and / or suggestions for improvement of the internal control systems by the Internal Auditor or the Auditor General.
   • Internal Audit Work Plan.
5. It approves one-year, two-year or three-year Internal Audit Work Plan.
6. It gets updated for emergencies and non-scheduled audit tasks as well as the consulting and other tasks undertaken by the Internal Audit Department during the year.
7. It receives and approves annual revisions of the Internal Audit Work Plan, drawn up during the year.
8. It gets updated by the Internal Auditor, on any difficulties may arise when completing its work, including any obstacles to access, collection of data or any other difficulties in fulfilling its mission.