FGV’S INTERNAL CONTROL AND COMPLIANCE SYSTEM
The enactment on August 1, 2013 of Federal Law 12,846, known as the Anti-Corruption Law, definitively put Brazil on the map of fighting corruption and defined new challenges for the management of Brazilian organizations, bringing the actions of identification, assessment and measurement of risks to the top of senior administrators’ priorities. The law punishes companies for corrupt acts against the Brazilian or foreign public administration. This punishment goes well beyond fines and sanctions, and involves intangible values that are hard to measure, such as the image and reputation of an institution.
In response to this move toward greater transparency and control and against corruption, FGV created its Internal Control and Compliance System, with the objective of guaranteeing, with reasonable assurance:
- Prevention, identification, monitoring and mitigation of potential risks;
- Compliance with applicable laws and regulations;
- Integrity and reliability of information;
- Promotion of the efficiency and efficacy of operations, seeking to:
- Achieve its strategic targets and objectives as well as its mission, vision and values;
- Protect its assets against waste, fraud and inefficiency.
The efficiency and efficacy of FGV’s Internal Control and Compliance System must be based on a careful analysis of the appropriateness of its activities, culture and organizational discipline as well as its human and technological resources. This analysis should be carried out in an environment in which everybody knows their role in the System and information flows fully and reliably, in good time for informed decision making. In this way, it is possible to apply appropriate and compatible risk management to safeguard the institution’s interests and objectives.
Thus, considering the objectives of FGV’s Internal Control and Compliance System, risk is defined as anything that endangers:
- The achievement of:
- Strategic targets and objectives;
- Efficiency and efficacy in management and operations;
- The sustainability of FGV’s brand and image.
- The protection of assets, preventing waste, fraud and inefficiency;
- The compliance, integrity and confidentiality of information.
Given their scope and FGV’s specific interests and objectives, the risks covered here arise from:
- Operational failures in conducting various activities – operational risks – that generate inefficiency and even financial losses;
- Failure to comply with laws, rules (internal and external), regulations and various other documents that make up FGV’s Integrity Program (FGV Code of Ethics and Conduct and Anti-Corruption Policy) – risks of non-compliance, which generate a direct impact on FGV’s image.
FGV’s Internal Control and Compliance System consists of a set of elements that, operated in an integrated and dynamic way, help the institution achieve its strategic objectives as well as its mission, vision and values, guiding its development and providing reasonable assurance that operational and non-compliance risks that could jeopardize its sustainability and growth will be managed efficiently and effectively.
Rather than considering FGV’s Internal Control and Compliance System as a set of bureaucratic control actions, it should be associated with sound management practices that foster operational efficiency, compliance with laws, and the credibility and transparency of financial or other reports.
FGV has created an independent internal body with responsibility for developing and monitoring the Internal Control and Compliance System, called the Internal Control Division (DCI). Senior management (the Board of Directors and President) must provide this area with the necessary resources and assure its autonomy, integrate the guidelines and values of this System into the institution’s culture, and foster its dissemination, so that all employees know their role and perform it responsibly.
Furthermore, one of the conditions for implementing FGV’s Internal Control and Compliance System is that it becomes an instrument of corporate governance, integrating hierarchies, units, commissions and committees, and the institution’s different levels of approval.
Five components form the pillars of FGV’s Internal Control and Compliance System:
- Control Environment:
- Integrity and ethical values;
- Control awareness of everyone involved;
- Structure of norms and processes;
- Governance structure: delegation with responsibility.
- Risk Assessment:
- Clarity of statement of strategic objectives of the Institution;
- Identification of risks that jeopardize the achievement of these objectives;
- Ongoing measurement of the levels of risk and of the impact of changes of any kind on them;
- Action on intentional errors.
- Control Activities:
- Authorities for approval;
- Standardization of records and of analyses compatible with sound market practices;
- Segregation of functions;
- Establishment of committees to monitor control activities in different hierarchical levels.
- Information and Communication:
- Availability and timely communication of reliable information to the right people for informed decision making;
- Communication of roles and responsibilities in the System;
- Communication, in appropriate channels, with various stakeholders.
- Gathering of independent evaluations;
- Ongoing review of the System (what is working, what needs improvement);
- Dissemination of results;
- Promotion of changes.
The components are interdependent but form an integrated and dynamic system that allows the Institution to identify and deal with risks and also implement controls to assure compliance with applicable laws.
NOTE: The structure of FGV’s Internal Control and Compliance System is based on, but not limited to, the method COSO (Committee of Sponsoring Organizations of the Treadway Commission).
FGV’s Compliance Programs define the actions, guidelines and controls necessary for FGV as a whole to comply with the determinations of the laws and standards (external and internal) to which it is subject. The Programs also define how these laws and standards affect FGV when they are not followed, i.e., the risks to which FGV may be exposed. Therefore, a Program must indicate the ways people can contribute to reduce exposure to the identified risks.
Depending on the law or standard to be complied with, the risks of non-compliance, as previously stated, may subject the institution to sanctions and harm to its image and reputation, with consequential financial losses. FGV’s Compliance Programs thereby have the goal of assuring, among other aspects, that there is:
- Compliance with the laws and external and internal standards applicable to the institution;
- Compliance with the principles stated in its Code of Ethics and Conduct and Anti-Corruption Policy;
- Implementation of processes to disseminate laws and standards, as well as to guarantee their compliance;
- Dissemination of the culture of internal controls when carrying out any of its activities;
- Adequate responses to regulatory and inspection authorities;
- Treatment of problems indicated by regulatory and inspection authorities.
FGV’s Compliance Programs are not limited to the publication of guidelines. Instead, they may also involve talks, training sessions, the handling of reported irregularities, the strengthening of actions through contractual instruments, and the dissemination of guidelines to stakeholders (commercial partners, clients, students, public officials, the press and others), among other measures deemed fitting and necessary.
FGV’s Internal Control and Compliance System thus has strategic importance to FGV, as it is a leading factor for the sustainability of its brand, by acting to defend its image and reputation. It must permeate FGV as a whole, and is crucial to the continuing growth of its activities and expansion in different areas.
It is not enough to know that FGV is complying with the rules at a given moment. Instead it is necessary to trust that existing controls will reveal the need for adjustments any time required, both in relation to regulatory aspects (laws and external and internal standards) and operational and financial aspects of its research, teaching and technical consulting activities.
Internal controls are not a set of actions independent from the management of FGV’s activities, but rather a way to execute them. It is up to all managers and employees to contribute with serious and adequate evaluations about the quality of the controls that support the activities that they perform so that FGV always figures as the main beneficiary of the results of these activities.
Only through joint action can a responsible level of security be achieved regarding the quality of the institutional controls in all their dimensions - structure, nature of the controls and components for assessing their quality - and can the institution be prepared to minimize the impact of the limitations of control. This is because:
- Human judgment in making decisions can be flawed;
- Human judgment can be biased;
- Functional and operational errors are possible;
- A particular internal control can be ignored;
- Unexpected external events can happen.
It must be possible to adapt the Internal Control and Compliance System to constant changes in FGV’s operational and regulatory environments. For this purpose, it is essential that everyone in the institution knows of its existence, scope and expectations. Besides the standards, wording and control activities, a structure is necessary to give it form and body.
The structure of internal controls and compliance at FGV is supported by an independent unit to organize, disseminate and control the method employed by FGV for the Internal Control and Compliance System. However, the System is a matter of shared responsibility, from senior management to each of the managers of FGV’s units forming its structure, as follows:
I. Executive Structure – to approve the concepts and guidelines suggested by the Internal Control Division and to safeguard the quality of the environment for internal controls based on evaluations of exposure:
- Vice Presidents (by delegation)
II. Deliberative Structure – to ratify the concepts and guidelines of FGV’s Internal Control and Compliance System approved by the Executive Structure and to supervise them:
- Board of Directors
III. Independent Structures – to develop the method and maintain the culture of internal controls within FGV, by employing, with independence in relation to the other units, the actions necessary to support FGV’s Internal Control and Compliance System:
- Internal Control Division: to extrapolate scheduled or random actions in specific situations, as indicated by the Boards or the Division itself;
- Audit Department
IV. Operational Structure – to disseminate the concepts, guidelines and actions that put into practice FGV’s Internal Control and Compliance System, arising from the Deliberative Structure, formed of the following elements:
- Head of Support/Control Units
- Heads of Schools, Institutes and of Specific Units
V. Collegial Structures – to supervise solutions that reduce FGV’s risk exposure:
- Board of Directors Level
- Office of the President Level
- Unit Level
PERSONAL DATA PROTECTION
- FOCUS ON EXCELLENCE
Pursue superior standards of quality and of constant innovation based on an environment in which the enthusiasm, the desire to learn and teach, the commitment and professionalism are exemplary and contagious.
- HONESTY AND ETHICS
Value that FGV’s excellence and tradition naturally generate trust in relations with different stakeholders and in these relations, one must not only weigh up what is legal and illegal, fair and unfair, convenient and inconvenient, opportune and inopportune, but above all what is honest and dishonest.
Consider that FGV respects the individual choices of its stakeholders, while sharing fundamental moral and ethical attitudes.
- COMMITMENT TO RULES
Observe that FGV’s attitudes and behaviors are based on a strong commitment to do the best, while fully respecting its values, applicable laws and internal rules.
- PROFESSIONAL INTEGRITY
Base conduct on impartiality. There are situations in which rules become too abstract to help make decisions that involve balancing opposing interests (conflicts of interest), and it is necessary to use one’s own concept of what is right or wrong.
- PROTECTION OF INFORMATION AND KNOWLEDGE
Respect content and information produced by FGV and third parties