report on internal administrative/operational structures and financial controls Systems of internal control and processes
Computer and telecommunications services
The Cape Peninsula University of Technology (CPUT) maintains a system of internal control to provide reasonable assurance regarding the achievement of its objectives. The system of internal control is designed to ensure effective and efficient operations, the reliability of financial reporting, and overall compliance with relevant laws and regulations, to prevent loss of resources and assets, and also to reduce legal liability.
The University applies modern technology solutions, such as virtualisation, storage redundancy, and managed backup applications in its data centres. These solutions are developed and implemented in accordance with defined and documented standards to achieve efficiency, effectiveness, reliability and security. In utilising technology to transact with staff, students and third parties, procedures are designed to minimise the risk of fraud and error. During 2021, CPUT continued to upgrade its IT infrastructure and software suite to meet the demands of multimodal learning and a remote workforce. Simultaneously, IT security was strengthened to mitigate the increased cyber security risk introduced by remote working. In response, a significant portion of the 2021 Internal Audit Plan was assigned to IT governance, information security, and IT resilience. The Information Technology Governance Committee of Council provides oversight of the IT control environment, including the implementation of the IT Strategy.
The internal control system is designed to provide reasonable assurance to the University and the Council regarding an operational environment that promotes the safeguarding of the University’s assets, and the preparation and communication of reliable financial and other relevant information. Internal control objectives include measures to ensure completeness, accuracy and proper authorisation in relation to documented organisational structures setting out the segregation of responsibilities, as well as established policies and procedures, including a code of ethics. It is the responsibility of Management to establish and maintain effective internal control systems. As part of fulfilling that responsibility, Management understands and supports the role of Internal Audit. As such, Management is responsible for ensuring that audit report findings and recommendations are addressed in an appropriate manner. There are inherent limitations to the effectiveness of any system of internal control, including the possibility of human error, and the circumvention of controls. Accordingly, even an effective internal control system can only provide reasonable assurance with respect to the reporting of financial information and the safeguarding of assets. Smart systems, including automated internal control systems, are considered to be a key enabler of CPUT’s Vision 2030.
Internal audit Internal Audit monitored the adequacy and effectiveness of internal control systems through the approved 2021 Internal Audit Plan. The Internal Audit Plan is developed annually, following a risk-based approach. The Plan is approved by the Audit and Risk Oversight Committee (AROC), and is amended in response to emerging risks. Internal Audit’s findings and recommendations are reported to Management and the Council via the AROC. Follow-up reviews are performed continuously to verify the implementation of agreed Management action plans in response to previously reported Internal Audit findings. Progress is reported to Executive Management to ensure that actions are implemented timeously.
34 | report on internal administrative/operational structures and financial controls
