Quality and risk management G4-14 | 41 | 56 | 57 | 58 | SO3
We operate in a heavily regulated environment and our primary contribution, in many cases, is to assist our clients in statutory reporting to regulators. That is why credibility is key to the survival of our brand and of the very market served by our Organisation.
On a daily basis we come in contact with information that is crucial to our clients' business, and we recognise that our investments in training and technology, though essential for our quality of delivery, are not sustainable without our professionals' commitment to ethics based on our values and culture of integrity.
For this reason, one of the pillars of our business strategy is 'professionalism and integrity', by which we seek to ensure that our professionals are committed to and follow the policies and principles established by KPMG International and applied to all member firms. Our stakeholders recognise these two principles as being material to our business.
Our Risk Management function is responsible for controlling and monitoring factors that could affect our business, our professionals and clients, or the capital market and the environment in which we operate. Risk Management is directly related to sustainability and the very nature of our business, as it entails analysis of information to anticipate any conflicts of interest or issues in complying with the rules, standards and policies established locally and globally by KPMG.
Alongside the Service Quality Control System, this function uses a precautionary approach focused on our core business to shape our policies, people development, client acceptance guidelines, engagement delivery and oversight in the entire network of entities that operate under the brand KPMG in Brazil, as further described below. G4-SO3
Quality and risk management at KPMG in Brazil
Our Risk Management are consists of partners, managers and technical staff whose mission is to manage risk, disseminate professional practices and accounting standards, provide technical support and coordinate the implementation of quality programmes.
Professional Practices Department (DPP)
Provides technical guidelines and advice on professional practices and disseminates updates on emerging technical guidance, both local and foreign. It also coordinates quality review programmes.
Risk Compliance
The function responsible for matters related to management of regulatory risk, testing adherence to the Organisation's practices and computer-based training.
Client and Engagement Acceptance and Continuance
Manages a rigorous and systematic policy for accepting and continuing with clients and engagements, which includes background checks and evaluation of publicly available information about the business and management of a prospective client, including its financial health, the reputation of its management, its products, the technical risk of the engagement and ethics and independence concerns.
Ethics and Independence (E&I)
Maintains controls and assesses the conformity of our operations and services to our policies and the procedures established by regulators with respect to independence and conflicts of interest.
Sentinel
The Organisation's global online system for screening projects against independence requirements and applicable standards. Where the system identifies an existing or potential conflict of interest that cannot be eliminated, our policy is to reject the engagement. Anti-money laundering legislation has led us to include system parameters to identify the ultimate beneficiaries of our services, which are supported by an internal whistleblowing policy for reporting concerns of this nature. G4-41
Office of General Counsel (OGC)
Advises the Organisation on corporate matters, reviews our commercial relationships with clients and suppliers and monitors the standards established for service proposals.
National IT Security Officer (NITSO)
Responsible for policies that protect the confidentiality of information, whether in electronic storage or on paper. As part of the information security policy, all computers have data encryption software and password-protected access. In addition, all professionals are required to keep confidential all client and former client information. Knowledge of, and compliance with, this commitment are confirmed annually by means of an electronic statement. Our e-learning about Ethics & Independence also addresses this topic and notices are routinely issued as reminders of applicable procedures. There was one demand of this nature during the period covered by this report. G4-PR8
Litigation
Handles any judicial and administrative claims. During the period covered by this report, we were not subject to any final conviction arising from disputes related to our services. G4-PR4
To ensure compliance with the principles of professionalism and quality, our Quality and Risk Management System is structured into five groups: