Governance, risk management and Compliance practices involve people, systems, roles, time and, most importantly, money. On the other hand, lack or little control represents, in most cases, a high risk. However, managing all elements of governance intelligently can be a competitive advantage.

In this context, and with the development of own methodologies that take into account the use of computerized tools, PP&C is able to advise organizations on implementing innovative governance standards and guaranteeing their effectiveness and maintenance over time at reduced costs.

It is a global trend to introduce good management practices and this has gained the support of Brazilian companies in recent years, given the realization that corporate governance makes it possible to increase companies’ profits and increase their market value.

Investigating complaints

Our examination is conducted in accordance with legal fraud and complaint investigation techniques, which include, but are not limited to, examination of books and records, analysis of security camera recordings, voluntary interviews of appropriate personnel, and other evidence-gathering procedures as necessary under the circumstances.

In certain situations, in addition to issuing a detailed report on the fraud, we alert our clients to the risks that should be monitored and the controls that should be reviewed and improved. This is a major differential in our work.

PP&C offers its clients the following main services in whistleblowing and fraud investigation and the implementation of a whistleblowing channel:

• Advice on setting up the whistleblowing channel;

• Management of the whistleblowing channel;

• Investigation of complaints;

• Assignment of labor to investigate complaints under the client’s management (staff loan); and

• Participation in the committee responsible for processing complaints.

BRAZILIAN GDPA

The Brazilian General Data Protection Act (GDPA), Act No. 13,709/2018, establishes rules on the collection, storage, processing and sharing of personal data, guaranteeing the right to privacy and the protection of individuals’ information. This act applies to all companies that process data in Brazil, regardless of their size or segment of activity.

PP&C has experts in processes, technology and legal advisors to help organizations properly assess their needs and implement the GDPA. In order to adapt and comply with the requirements imposed by the GDPA, our methodology includes the application of the following main procedures:

• Meeting for project presentation: to be scheduled with the partners and significant leaders of the group to present the project;

• GDPA assessment: assessment of the operation to identify and map processes impacted by the GDPA definitions;

• Mapping of the processes: mapping of all activities that involve treatment of personal data, as well as internal operations of storage and sharing, identifying the treatment of sensitive personal data, including by means of questionnaires and interviews to assess the company’s situation regarding GDPA;

• Identification of risks: analysis of the corporate environment and identification of the risk matrix for GDPA compliance;

• Data inventory: inventory of the data collection sources and categorization of what are the treatment given to that information, according to their classification, including sensitive data and those situations in which the data treatment is classified in one of the hypothesis in which is allowed to treat personal data without consent;

• Impact report: report containing the risks identified, changes, improvements and adaptations necessary for the definitions of the data protection regime defined by the GDPA, identifying the best practices according to the specific purposes, for example: consent, rightful interest, contract execution and complying to legal or regulatory standards.

• Discussion of results: the results shall be discussed with the people responsible from the company, aiming to debug the analyses and define the action plans that will be implemented.

In addition to advising companies on the implementation of the GDPA, PP&C’s experts also provide GDPA Audit services, which aim to ensure that the company complies with the provisions established by the legislation regarding the processing of personal data.