Governance Risk & Compliance
The experience that Baker Tilly has built up over the last few years enables us to develop projects of excellence tailored to our clients' needs. In addition to the knowledge accumulated by the Governance, Risk & Compliance team, we have Information Systems specialists available to support us in Audit and Consulting projects and the experience and support of the Baker Tilly international network.
In the Governance, Risk & Compliance team we have accumulated most of our experience in providing audit and consultancy services to entities regulated by the Bank of Portugal, CMVM and ASF, but we have also carried out projects for companies in other sectors of activity.
To this end, we provide a range of auditing and consulting services, including:
INTERNAL CONTROL
NOTICE NO. 3/2020 OF THE BANK OF PORTUGAL
- Independent evaluations (external audits) provided for in Banco de Portugal Notice 3/2020 that can be carried out by our team:
- Article 3(2) BoP Notice 3/2020 - The Board of Directors promotes periodic and independent assessments, to be carried out by an entity external to the Institution, regarding the conduct and values of the Institution, which also cover the conduct and values of the Board of Directors itself and its committees
- Article 3(2) BoP Notice 3/2020 - On its own initiative, the Institution's Supervisory Body also promotes periodic and independent assessments, to be carried out by an entity external to the Institution, on the conduct and values of the Body itself, which may be developed in conjunction with the assessments referred to in the previous paragraph - View presentation
- Article 29.7 BoP Notice 3/2020 - The Management Body shall ensure that the adequacy of the processes for obtaining, producing and processing information implemented at the Institution, as well as the control mechanisms referred to in paragraph 5, are subject to periodic independent assessments, to be carried out by an entity external to the Institution
- Article 30(4) BoP Notice no. 3/2020 - The Board of Directors shall ensure that the compliance of the information flows established within the Institution with the provisions of this article is subject to periodic independent assessments, to be carried out by an entity external to the Institution
- Article 32(8) BoP Notice 3/2020 - The adequacy and effectiveness of the internal audit function are subject to independent assessments, to be carried out periodically, at least every five years, by an entity external to the institution - View presentation
- Issuance of a Report to support the opinion of the Supervisory Body as described in Article 56(1) of BoP Notice 3/2020, which includes:
- A clear, detailed and reasoned opinion, expressed positively, on the adequacy and effectiveness of the Institution's organizational culture and governance and internal control systems, within the scope of the responsibilities assigned by law to the Supervisory Body, which considers, at the reference date, in particular, the current or potential impacts of the deficiencies that remain open
- Assessment of the state of implementation of the measures defined in the reference period to correct the deficiencies detected, including deficiencies in the internal financial control system and the accounting system reported by the Statutory Auditor, pursuant to Article 11(2)(j) of Regulation (EU) No 537/2014 or within the scope of other activities carried out by him, or identified by other entities external to the Institution, including supervisory authorities
- Opinion on the quality of performance and adequate independence of the internal control functions, including operational tasks that are outsourced, in accordance with Article 36
- Statement on the reliability of the processes for preparing prudential and financial reports, including those carried out under Commission Implementing Regulation (EU) No 680/2014 of April 16, 2014, in the reference period
- Statement on the reliability of the Institution's processes for preparing information disclosed to the public under applicable laws and regulations, including financial and prudential information
- Declaration on the Institution's proper compliance, during the reference period, with all public disclosure duties arising from applicable laws and regulations and concerning the matters set out in this Notice
OTHER INTERNAL CONTROL PROJECTS
- Outsourcing the responsibilities of the Internal Audit Function
- Drafting and supporting the implementation of internal audit policies, manuals and regulations
- Definition of the internal audit plan
- Execution of Internal Audit Actions
- Follow-up of internal audit recommendations
- Preparation of Internal Audit Reports
- Review of the internal control system (specific areas)
COMPLIANCE
COMPLIANCE PROJECTS
- Outsourcing the responsibilities of the Compliance Function
- Drafting and supporting the implementation of Compliance Policies and Manuals
- Definition of the Compliance Function's Activity Plan
- Gap analysis for identifying obligations and assessing exposure to risks of regulatory non-compliance
- Drawing up a checklist of the company's regulatory responsibilities
- Support for the implementation of the action plan for open deficiencies within the scope of Compliance
PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING
- Tests to support the preparation of the Authority's Opinion for the issuance of the annual Money Laundering and Terrorist Financing Prevention Report (Article 83 (4) (c) of Banco de Portugal Notice no. 1/2022)
- Effectiveness tests (Article 9 of Bank of Portugal Notice no. 1/2022)
- Tests to support the issuance of the Prevention of Money Laundering and Terrorist Financing Report for entities supervised by the CMVM (Article 18.1 - a) of CMVM Regulation 2/2020)
- Effectiveness tests (Article 5 of CMVM Regulation 2/2020)
- Assessment of the compliance of internal manuals and policies with the legal provisions established by Law 83/2017 and CMVM Regulation 2/2020
- Audit (Certification) of the implementation of recommendations resulting from special BoP audits (Specific Determinations and Supervisory Measures, for example) View presentation
- Support for the implementation of the action plan for open deficiencies within the scope of PBCFT
- Creation and implementation of PBCFT policies and manuals
- Assessment of the BCFT Prevention Risk Management Model in terms of the adequacy and effectiveness of the Internal Control System in its ability to comply with the Preventive Duties described in the applicable legislation, for example KYC analysis and review of suspicious transactions
RISK MANAGEMENT
- Outsourcing the responsibilities of the Risk Function
- Drafting and supporting the implementation of Policies and Manuals related to the Risk Management Function
- Definition of the Risk Function Activity Plan
- Comprehensive analysis of internal and external risks, including their identification, analysis, evaluation, mitigation, monitoring and communication
- Drawing up a risk matrix and developing risk management strategies
- Review of the governance model and the Internal Control System
- Implementation of the GRC model in accordance with applicable legislation and best practices