|
Corporate
Governance at Cyta
Proper corporate governance demands
responsibility in an organisation’s actions.
Responsibility to its shareholders, personnel,
associates and customers, and to society.
In 2008, through our rebranding project, we
reminded our customers that, with the modern
services that we provide, we help them to
"get closer"
to friends and family and enable them to
"touch the world"
while reassuring them that we do everything
responsibly. Year by year we place greater
emphasis on the security of data and IT systems
since these play an increasingly important role
in our modern way of life.
Board
The Board is appointed by the Government which,
in accordance with the relevant law, is the sole
shareholder. It is made up of nine non-executive
Members, of whom one is the Chairman and another
Vice-Chairman. It is responsible for the
Organisation’s smooth running and long-term
development, as well as for assessing and
monitoring the Organisation’s activities. It
approves all decisions regarding corporate
policy and strategy concerning financial,
technological and social issues.
Among the Board’s responsibilities is the
appointment of the Chief Executive Officer. In
October 2008, it appointed Mr. Photis Savvides
to the post.
For better control and monitoring, the Board has
set up various committees, one of which is the
Audit Committee to which the Internal Audit
Department (IAD) reports. The full Board comes
together two to three times a month, while its
various committees meet as and when required. It
has unrestricted access to all information and
to all members of Cyta’s staff and, at the same
time, it may use independent advisory services,
including those of the Legal Advisor.
The Board members’ remuneration is determined by
the Council of Ministers, while relations
between the Board and the shareholders
(Government) are determined by the relevant
provisions of the law.
Audit Committee
The Audit Committee, formed in 2004, operates in
accordance with the Code of Corporate Governance
and is comprised exclusively of Members of
Cyta’s Board.
During 2008, the Committee held four meetings.
In accordance with its mandate, the Committee
reviewed, inter alia, the Organisation’s
Financial Statements for 2007 together with the
underlying accounting principles, as well as the
2007 Budgetary Control. In the course of the
year, the Committee also reviewed the interim
Financial Statements and rolling Budgets and
Forecasts that are prepared periodically.
The Committee reviewed and discussed the Audit
Programme for 2008, which was prepared on the
basis of the results of a risk assessment
carried out for the Organisation. Also, in the
framework of assessing the effectiveness of
Cyta’s Systems of Internal Controls, the
Committee reviewed and assessed work carried out
by the IAD during 2008 and oversaw the progress
made in the implementation of the
recommendations made.
Risk Assessment and Risk Management
Every year we identify, assess and manage the
risks threatening the Organisation, including
those to technology and IT systems. The method
we follow includes the holding of workshops,
under the IAD, with the participation of
representatives of all the Organisation’s main
business units. The workshops confirm the aims
of the main business units, activities and major
projects. Subsequently the risks threatening
their achievement are identified, taking into
account the existing Systems of Internal
Controls (SIC). All risks are assessed for their
possible impact on the Organisation (financial,
operational, corporate image) and the
probability of them occurring. The results, with
the corporate risks prioritised, are submitted
to Senior Management and the Board. Also, based
on the risk assessment, the IAD’s Annual Audit
Programme is prepared for approval by Senior
Management and the Board.
In addition to the above, in 2008 we held
specialised workshops on information security
risk management, with the parallel aim of
obtaining ISO27001/2 Quality Certification. In
the specific case we identified all the
information resources related to our basic
products/processes and assessed the
corresponding risks to their confidentiality,
integrity and availability.
Internal Audit Department
The Internal Audit
is an integral part of our Organisation’s chain
of added value, through the provision of
independent advice to the Management and Board
regarding the adequacy and effectiveness of the
Systems of Internal Controls (SIC), risk
management, compliance with laws and
regulations, and the Organisation’s governance.
The assessment of the SIC is carried out using
the COSO methodology, which is the most widely
accepted best practice internationally. To
assess the SIC concerning information systems,
the COBIT methodology is followed. In general
terms, monitoring work carried out in 2008
showed the standard of the SIC at Cyta to be
quite satisfactory.
It is worth noting that,
during the year under review, we dealt
extensively with a very innovative sector, that
of Information Technology Governance. Using
internationally recognised consultants and in
close cooperation with Management and the Board,
we identified areas where there is room for
improvement so that our objectives and actions
related to technology and IT issues are properly
aligned with our business and strategic aims.
Every year we hold Control
Risk Self Assessment (CRSA) workshops for all
our main business units, activities and
projects. In 2008 we held separate information
security risk management workshops, showing in
practical terms the significance that we attach
to this issue. Also, during the same year we
increased the percentage of audit coverage of
issues pertaining to information systems and
their corresponding management.
To strengthen our role and
our effectiveness, the Organisation’s Management
and Board show unstinting support to facilitate
the audit process. Specifically, direct access
is provided to Senior Executive Management and
the Board’s Audit Committee, as well as to Cyta
information and personnel. In addition, training
opportunities have resulted in a large
percentage of our Organisation’s internal
auditors obtaining professional qualifications
as Certified Internal Auditors, Certified
Information Systems Auditors and Certified
Control Self Assessors.
|
