Risks

Risks
Internal audit and implementation

Advisory focused on alignment and strategy development activities; assessment, diagnosis and
transformation of internal audit; execution of work plan; outsourcing and sharing.

Process mapping and review

Services focused on activities that seek to reduce costs with internal controls efficiently. Turn risks into
results by seeking competitive advantage through the efficient use of scarce resources, improved decision
making, and reduced exposure to negative events.

Corporate risk management (ERM)

Identification, evaluation, communication and risk management at different organizational levels. The
ERM structure has the following main elements: governance model and organization of risk management;
identification, evaluation, qualification, quantification, monitoring and reporting of risk considering risk
appetite, impact and probability of occurrence.

Strategic, operational, financial and compliance risk management

Services related to risk management through a set of operational and strategic solutions focused on the
organization segment, contributing to the evaluation and expansion of the scope of its functions aimed at
risk management.

Risk management in contracts

Diagnosis of the processes related to management of contracts signed with third parties, seeking to
identify opportunities for improvement, including inventory, review of the standard models adopted, rules
and procedures, support tools and periodic monitoring.

Assistance in evaluating compliance with internal rules and procedures, agreements,
regulatory aspects and legislation

Services aimed at improving and protecting corporate value and reputation through actions that aim to
comply with internal and external regulations and each organization’s sector.

Assistance in compliance with the Sarbanes-Oxley Act.

Diagnosis and implementation of opportunities for improvements in the internal control environment,
aiming to adapt to the certification process established by the Sarbanes-Oxley Act, including evaluation
of internal controls and disclosure procedures; evaluation of internal controls at the process, transaction or
application level, and documentation of related processes and controls.