Home -

Professionalism and Integrity

Integrity is a fundamental characteristic that our clients expect and trust we have. Integrity is also one of KPMG’s main values.

This Pillar of our strategy addresses the material theme that was considered by our stakeholders to be the most important: conduct ethical business. In addition, it deals with questions that have an impact on the quality and independence of the services we provide, which refers to the third theme Identified by our stakeholders.

Ethics, professionalism and integrity of our people enables KPMG to be one of most highly regarded Professional services companies worldwide. As has been demonstrated, transparency and integrity are values of our Organization. Consequently, KPMG International relies on policies and procedures that are strengthened by the involvement of experienced leaders from each member firm. These leaders emphasize the importance of quality control, risk management and compliance, and act as examples in providing services that reflect quality and integrity.

In this chapter we deal with these procedures in detail. A lot of the quality control and risk management processes are multi-functional, and also applicable to the Tax and Advisory areas. However, we stress that the emphasis in this chapter in on the Audit practice, and thus, some of the procedures cited may not apply in full to the other two areas.

At KPMG, the quality of an audit goes beyond issuing a correct opinion, and includes how we reached this opinion. This refers to the processes, thinking and integrity on which an audit is based. KPMG sees the result of a quality audit being an appropriate and independent opinion in accordance with legal and professional requirements. This means, above all, being independent, being in compliance with the relevant legal and professional requirements and offering our clients an impartial and informative vision.

Risk management

GRI 4.6 | 4.11 | SO2

Through the Risk Management area, we manage factors that could have an impact on our business, our professionals and clients, the capital market and the environment in which we operate.

For us, risk management, which includes our operational risks, is accompanied by the quality control of our services since, in our business segment, objective, quality work is a determining factor to meet the public interest and retain the confidence of the capital markets and that of regulatory bodies. Thus, we provide quality services, based on independence, integrity, ethics and objective behavior, and our anticorruption and anti-bribery procedures permeate the management of these risks through all the network of independent entities that operate under the brand KPMG in Brazil.

In order to make feasible this management, we maintain an internal structure, represented in the next page, consisting of partners, directors, managers and technical staff.

The mission of this department, besides risk management, is to spread professional practices and accounting standards, working together with professionals from the Organization, providing technical support and coordinating the implementation of quality programs.

In Brazil, we have a quality system for the audit practice, aimed at meeting the requirements of
Brazilian Law, Professional Standards, the rules of the International Federation of Accountants (IFAC), the rules adopted by the Public Company Accounting Oversight Board (PCAOB) and the regulations from the European Union and the US Security and Exchange Commission (SEC).

Risk Management Structure at KPMG

Department of Professional Practices (DPP) Provide technical guidelines and consultations on professional practices and distribute updates for emerging technical guidelines both local and foreign. Coordinate quality analysis programs.

Risk Compliance Area responsible for issues related to management of regulatory risk, testing adherence to KPMG practices and training by means of electronic tools.

Sentinel KPMG Global on-line system for including all projects. The objective is to verify whether it is possible to undertake the Project, given the requirements of independence and norms applicable.

Client Acceptance (K-Risk) and CEAC Manage a rigorous and systematic policy for accepting and continuing with clients and projects, which includes verifications and consulting public information about the business and administration of potential clients, such as the financially health, the reputation of its management, type of products, technical risk of the Project and questions related to ethics and independence.

National IT Security Officer (NITSO) Responsible for maintaining the policies that protect the confidentiality of information in both electronic form and hard copies. As part of the information security policy, all of the computers have software for encrypting data and access protected by passwords. In addition, all professionals have to maintain confidentiality of client and ex-client information. Knowledge and compliance with this commitment are checked annually by means of a statement via web. For the period covered by this report there were no substantiated complaints of this nature. GRI PR8

Ethics and independence (E&i) Maintain controls and analyses of conformity of our operations and services provided in relation to our policies and the procedures from regulatory bodies, with respect to independence and verification of any conflicts of interest.

Litigation Undertake any judicial claims. During the period covered by this report, we were not subject to any relevant sentence resulting from disputes related to services rendered. GRI PR4

Office of General Counsel (OGC) Assist the Organization with corporate issues, analyzing our commercial relationship with clients, and monitoring the Standards established for the proposals to provide services.

The support teams for this structure comprise an integrated management, which includes five fundamental groups for quality control and risk management throughout KPMG in Brazil: (i) independence, integrity, ethics and objectivity; (ii) people management, including professional training and development; (iii) acceptance and continuance with clients and work; (iv) execution of work; and (v) monitoring. We present below, some of the most relevant aspects from these groups.

Independence, integrity,
ethics and objectivity

The procedures that are part of each one of these groups are related, as demonstrated in our Code of Conduct, Global Marketing Risk Management (GMRM), Global Quality and Risk Management Manual (GQ&RM Manual) and training on ethics and independence and anticorruption.

KPMG International is signatory to the Anticorruption Principles from the World Economic Forum. www.weforum.org/issues/partnering-against-corruption-initiative

Code of conduct

GRI 4.8

In Brazil, we adopted and disseminated the Code of Conduct: Performance with Integrity, which expresses the commitments to our public and the behavior to be adopted by our professionals to ensure ethical principles in their relations with the Organization, with other professionals, clients and with the community.

The Code emphasizes the personal responsibility of each Professional to observe legal and ethical Standards which apply to their position, as well as disclosing the resources and channels available to provide assistance on the themes covered.

Global Marketing Risk Management (GMRM) e Global Quality and Risk Management Manual (GQ&RM Manual)

We seek to establish an open and honest communication with all our stakeholders, based on ethics, objectivity and transparency. Therefore, both the GMRM and the GQ&RM Manual provide guidelines to ensure that these principles are present in the relationships with the organization’s stakeholders:

Marketing

GRI PR6

All of our communication and marketing material is continually revised by qualified professionals from GB&RC, and consists of a set of principles and rules prepared by KPMG International which have to be adopted by the member firms to ensure global consistency of the brand name, control the risks related to its reputation and manage client expectations with respect to the services provided, with the disclosure of clear and objective information. In 2011, we had a team of 16 professionals qualified in these norms.

Information on products and services

GRI PR3

Our contracts are based on the GQ&RM Manual, and seek to achieve transparency in client relations, and are available to all professionals on intranet.

Main information and specifications stated in the contracts agreed between KPMG and its clients
Scope of services	The scope and purpose of the KPMG engagement, with limitations on the work expressly stated.
Description of products	Description of what will be submitted, the nature (report, presentation, etc.) and possible limitations.
Timetable	Whenever agreed with the client, the timetable for undertaking and concluding the work.
Client responsibilities	Client responsibilities for providing information, assistance to KPMG and decision making.
Fees	Determining fees for the services provided, collection methods, payment, interest on accounts overdue and currency in which payment will be made.
Subcontracting	For the services when this is permitted, inform any subcontracting of specialists.
KPMG responsibilities	The limit on responsibilities is subject to legal or regulatory restrictions and is included in each contract.

Beyond Compliance
KPMG is aware of the importance of disseminating its values throughout the organization, and as such, extends the training in Ethics & Independence to all professionals from the administrative areas, even though this is not required by professional regulations.

People, Performance and Culture Global Manual

GRI 4.6

To achieve independence, ethical work and the objectivity of our professionals during the services provided, we have a policy that establishes the norms for relationships with our public, for example, assessing any possible conflict of interests prior to allocating a professional on certain projects.

KPMG in Brazil also monitors compliance of its investment policies, whether of the Organization or its partners, directors and managers, through an automatic integrated tracking system of independence based on the Web. This system contains a list of public stock corporations, their branches and financial institutions and the types of securities they issue.

It also includes a list of investments held by KPMG in Brazil and other financial relationships that have to be analyzed prior to KPMG in Brazil accepting a new client. The independence department continually updates this list and these relationships.

Prior to acquiring securities, the partners, directors and managers have to use the independence tracking system to determine whether the investment is restricted. They also have to inform all of the movements in individual investments within 14 days after purchasing or selling investments.

If a security becomes restricted in a subsequent date, the holders of these amounts will receive automatic notification stating that they have to dispose of the restricted investment.

The Global People, Performance and Culture Manual informs the conduct to be adopted at each of the human resource management areas, as an integral part of the process for analyze quality and risk management, attending to the norms enacted by the local laws and also professional requirements in Brazil, requirements of the Federal Accounting Council (CFC), IBRACON – Institute of Independent Auditors in Brazil, the National Monetary Council (CMN), the Securities Commission (CVM), the Secretary for Complementary Social Security and by international bodies, such as Public Company Accounting Oversight Board (PCAOB) and US Security and Exchange Commission (SEC).

Every year, Training in Ethics and Independence is provided, which is mandatory for all partners, partner-directors and other technical professionals that provide services to clients, and also Anticorruption Training, mandatory for all professionals. After concluding this training, the professionals sign a term confirming their understanding and compliance with KPMG policies and their independence in performing the services. During the period covered by this report, 100% of the required professionals - that had to receive the training - were trained in the Ethics & Independence and Anticorruption policies.

GRI SO3

Participation of Professional in Ethics & Independence and Anticorruption training
	Ethics & Independence			Anticorruption
	2011	2010	2009	2011	2010	2009
Non management	2,128	1,877	1,836	2,214	2,130	1,864
Managers	362	318	300	363	327	300
Partners and partner-directors	224	186	177	213	187	177
Total professionals	2,714	2,381	2,313	2,790	2,644	2,341

Does not include amongst the required professionals: those in mobility or on leave, administrative professions with no access to the network of e-mails or those contracted towards the end of the financial year, who receive training in the subsequent year. In addition, during 2009 and 2010, apprentices were not required to receive this training.

GRI 4.6

We work diligently to avoid any conflicts of interest arising. In addition to the tools and systems to improve the independence, integrity and objectivity of the work of our professionals, we have a global, exclusive system, called Sentinel.

Finally, to offer services with consistency and integrity, we have implemented the rotation of audit partners, in compliance with legislation, which limits the number of years that the leaders can provide this type of service to the same client. This exchange of leaders assists us to develop transition and succession plans, which encourages the continuity of our business.

People management, training and development

The dynamic nature of our work and the environment in which we operate demands that we continually seek professional excellence. Consequently, in addition to the specific training stated before, our people management includes actions to attract, retain, train, develop and recognize our professionals, which reflect the way we want to grow and be recognized.

This system is presented, in general terms, beside, but is presented in more detail in the next strategic Pillar People.

Acceptance and continuance of clients and work

We rely on policies and procedures for assessing risk that support decision making regarding the acceptance of and continuity with clients and projects, for example, the tools referred to previously, CEAC and Sentinel. Rigorous compliance is essential for us to provide professional services with quality and integrity that are necessary for building more ethical and sustainable markets.

Identification of risks from assessment of the company’s background, its administration, businesses and other relevant questions, focused on integrity. Acceptance or otherwise of a client is determined by a partner who assesses the client, and this has to be approved by the partner responsible for risk management, when necessary.

Assessment of risks and skills of the client’s financial management team, and additional safeguards can be introduced to the services, in order to mitigate any risks identified.

Assessment of other relationships and services provided by KPMG to the potential client that are not related to the Project, to avoid potential conflicts of independence. Acceptance of the Project is approved by its potential leader, and another senior professional, when necessary.

The continuance of each client and Project is assessed every 12 months, or less – if specific questions of integrity are identified. The company’s risk factors are revised and possible changes to determine the continuance of the services provided.

Execution of the work

The execution of our work also follows methodological guidelines and policies that aim to maintain integrity, compliance with local and international regulations and the incorporation of good global practices so that ethical behavior is observed during all of the stages of the services.

Our methodology includes an assessment of the information system, and our professionals from Information Technology Advisory Services (ITAS), are responsible for performing the corresponding tests.

The professional practice, risk management and quality control are the responsibility of each KPMG Professional, who has to adhere to the policies and procedures (including independence policies) and to the extensive range of tools developed to support them in attending these expectations. The policies and procedures we have established for audits include the requirements for accounting, audit, ethics and quality control norms and other relevant laws and regulations.

Audit tools and methodology

We invest significant resources to maintain our standards and tools up to date. Our global audit methodology, developed by the Global Service Centre (GSC), is based on International Standards on Auditing (ISA).

The methodology is included in the KPMG Audit Manual (KAM) and contains requirements that go beyond the ISA, for cases where KPMG understands that this increases the quality of our analyses. The member firms of KPMG International can also include local procedures to comply with professional, legal or regulatory requirements.

Our audit methodology is supported by eAudIT, an electronic audit tool from KPMG, which provides the auditors from the member firms worldwide with the methodology, guidelines and knowledge of the sector necessary to render efficient and high quality audits.

The work flow for eAudIT provides the teams with immediate access to relevant information at the correct time during the audit, thus increasing efficiency and value for our clients. The main activities included in the eAudIT work flow are:

Engagement set up

Engagement acceptance and scoping
Team selection and timetable

Risk assessment

Understand the entity and identify and assess risks

Plan for the involvement of specialists and others, including experts, internal audit, service organizations and other auditors
Evaluate design and implementation of the selected controls
Risk assessment and planning discussion
Determine the audit strategy and planned audit approach

Tests

Test operating effectiveness of selected controls
Plan and perform substantive procedures

Completion

Update risk assessment
Perform completion procedures, including overall review of the financial statements
Perform overall evaluation, including evaluation of significant findings and issues
Communicate with those charged with governance (for example, the audit committee)
Form the audit opinion

KAM includes, amongst other things, the procedures intended to identify and assess the risk of material misstatement and procedures to respond to those assessed risks. Our methodology encourages engagement teams to exercise professional skepticism in all aspects, from the planning to performing the audit.

KAM includes the implementation of quality control procedures at the engagement level that provides us with a reasonable assurance that our engagements comply with relevant professional, legal, regulatory and KPMG requirements.

The policies and procedures established in KAM are specific to audits and supplement the policies and procedures set out in the Global Quality and Risk Management Manual (GQ&RM) which is applicable to all KPMG International member firms, functions and personnel. The provisions of International Standard of Quality Control I (ISQC-I) are addressed through KAM and through member-firms implementation of the Q&RM Manual.

Monitoring

Monitoring procedures complete the groups from our quality control system and risk management, and include permanent assessments by means of internal and external reviews to check the integrity and independence of our professionals and adherence to our practices, methodologies, training and internal controls.

The verifications, to which we are subject, and for which we have always received adequate classifications, are:

Risk Controls Checklist (RCC): annual verification performed by KPMG International on the internal controls, procedures, practices and global training (80 hours/year).
Quality Review Program: annual reviewed performed of the Audit, Tax and Advisory work to verify conformity with our standards and norms and with Professional standards required (2,120 hours/year).
Peer Review: local review, required by the CFC, which consists of external verification of our work every four years, performed by our peers, i.e. by another audit company of the same size, and supervised by representatives from Brazilian regulatory bodies. (320 hours/year).
PCAOB Review: three yearly review and anticipated for all companies that provide accounting audit services, to assess adherence to the norms and regulations adopted by the PCAOB, the North American regulatory body (480 hours/year).

In the period covered by this report, no sanctions or fines occurred as a result of these reviews. GRI PR9

In addition to these reviews, other monitoring is performed in relation to compliance with ethical standards and the integrity of our professionals and assessments of any deviations in our procedures or professional norms to which our services are subject.

One of these monitoring procedures is performed by the Disciplinary Committee, which is responsible for analyzing information and documents that suggest possible violations of the rules and policies related to risk management, ethics and integrity and training by any professional, including partners.

If evidence of such is confirmed, the violation is qualified between one of four categories (light, medium, severe or very severe violations) and could result in disciplinary measures that vary from simple notification to additional training or financial penalties to variable remuneration to rescission of the employment contract.

In addition, we provide a confidential international hotline for denouncing possible illegal, ethical violations or violations of norms and standards, coordinated by an independent supplier and can be contacted by all our public, 24 hours a day, seven days a week.

All of the contacts received are registered and a confidential investigation process begins, which is also consistent with legislation in force and our norms and procedures.

During the period covered by this report, no case of corruption was registered by any of our monitoring tools. GRI SO4

Hotline for Denouncing Unlawful Acts
By telephone:
Brazil – 0800 891 7391
Other countries – (www.kpmg.com/Global/en/Pages/International-hotline-numbers.aspx)
On-line: www.clearviewconnects.com/
By post: P.O. Box 11017 – Toronto, Ontário –
M1E 1N0 Canada

© 2012 KPMG Auditores Independentes, a Brazilian entity and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

KPMG International Cooperative ("KPMG International") is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.