|
Corporate
Governance at Cyta
For all the advantages that renewal brings, one
may also observe a corresponding risk. For this
reason, in the context of CYTA’s current
modernisation project we have placed particular
importance on the introduction and application
of effective controls which ensure proper
corporate governance. Our aim is to secure the
smooth running of our Organisation and the
interests of its owners, customers and personnel
as well as those of society as a whole.
Board
The Board of CYTA, which is
ultimately responsible for the Organisation’s
results, approves all decisions regarding
corporate policy and strategy concerning
financial, technological and social issues. It
is made up of nine non-executive members who, by
law, are appointed by the Council of Ministers.
For better control and monitoring, the Board has
set up various committees, one of which is the
Audit Committee to which the Internal Audit
Department (IAD) reports. The Board comes
together about once a week, while its various
committees meet as and when required.
For the optimum execution of its duties, the
Board may use independent advisory services,
including those of the Legal Advisor, and it has
unrestricted access to information. Members of
the Board thus have at their disposal all the
relevant data so as to be in a position to form
a proper, informed opinion on issues on the
agenda.
The Board members’ remuneration is determined by
the Council of Ministers, while relations
between the Board and the shareholders
(Government) are determined by the relevant
provisions of the law.
Audit Committee
The Audit Committee, formed in 2004, operates in
accordance with the Code of Corporate Governance
and is comprised exclusively of Members of
CYTA’s Board.
During 2007, the Committee held seven meetings.
In accordance with its mandate, the Committee
reviewed, inter alia, CYTA’s Financial
Statements for 2006 together with the underlying
accounting principles, as well as the findings
of the external auditors. In the course of the
year, the Committee also reviewed the interim
Financial Statements and rolling Budgets that
are prepared periodically.
The Committee reviewed and approved the Audit
Programme for 2007, which was prepared on the
basis of the results of a risk assessment
carried out for the Organisation. Also, in the
framework of assessing the effectiveness of
CYTA’s System of Internal Controls, the
Committee reviewed and assessed the work carried
out by the IAD during 2007 and oversaw the
implementation of the recommendations made.
Risk Assessment and Risk Management
Every year the IAD undertakes the coordination
of workshops to assess risks in all business
units (BUs), basic interdepartmental processes
and major projects. In these workshops the aims
of the BUs are confirmed and any risks
threatening their achievement are identified,
taking existing internal controls into account.
All risks are assessed for their possible impact
on the Organisation (financial, operational,
corporate image) and the probability of them
occurring. The results, with the corporate risks
prioritised, are submitted to Senior Management
and the Board. Also, based on the risk
assessment, the IAD’s Annual Audit Programme is
prepared for approval by Senior Management and
the Board.
Assessment of Internal Controls
In all our auditing work, either directly or
indirectly, we assess the sufficiency and
effectiveness of the System of Internal Controls
(SIC) which exists for the purposes of risk
management and achieving the Organisation’s
aims. Consequently, through the SIC we safeguard
all stakeholders by increasing the
Organisation’s value and securing our assets.
For a complete assessment of our internal
controls, we follow the COSO methodology, which
is the most widely accepted best practice
internationally. Moreover, to assess our
Information Technology (IT) controls we follow
the respective COBIT methodology.
Internal Audit Department
It is generally
accepted that any Internal Audit Service that
demands respect needs to implement modern
practices, help Senior Management and the Board
focus on the five to ten most important
corporate risks and ensure that Senior
Management quantifies the risks and determines
its risk tolerance.
This is why our IAD places such great importance
on the annual risk assessment of all BUs, basic
processes and major projects. In this way we
identify the most important corporate risks,
which are then submitted to Senior Management
and the Board who decide what action to take.
Great emphasis is also placed on the
implementation of best practices and the
continuous training of our internal auditors on
issues relating to auditing systems of internal
controls, risk management and corporate
governance. Moreover, our internal auditors are
constantly being briefed on a variety of issues
and sectors so that they have a complete
understanding of CYTA’s activities and are in a
position to provide us with effective auditing
and consultancy services.
It is no accident that the majority of our
Internal Auditors are Certified Internal
Auditors. Moreover, during the year under
review, five of our internal auditors passed
international examinations to qualify as
Certified Information Systems Auditors, thus
enabling us to upgrade and intensify our audit
coverage of technology and IT issues.
|
