The Challenge

‍

‍CELEPAR presented challenges related to fragility in process governance, operational inefficiency, and the need to mature internal controls and risk culture. In addition, there was exposure to unmapped risks and lack of integration between processes and systems, impacting compliance with standards and good practices such as LGPD, COSO, COBIT, and ITIL.

‍

Objective of the Project

‍

Vennx was contracted to execute a strategic internal auditing and internal controls assessment initiative, focusing on risk mitigation, regulatory compliance, and increasing efficiency. Among the main objectives were:

• Evaluate critical processes in various areas of the company, focusing on adherence to recognized standards and frameworks;
• Identify risks, test, and map mitigating controls;
• Issue recommendations based on best governance, risks, and compliance practices;
• Create interactive Power BI panels with consolidated results;
• Produce robust working papers, ensuring traceability of all auditing procedures.

‍

Scope and Approach

‍

The following topics and processes were audited:

• LGPD - General Data Protection Law
• Project Management and Strategic Processes
IT Organizational Structure and Corporate Governance
• Provisions, Intangible and Fixed Assets
Contracts, Agreements and Legal Advice
• Innovation, R&D and Compliance
Acquisitions, Accounts Payable, and Accounts Receivable
Tax Planning and Budgeting
• Labor Relations and Benefits
• Information Systems and Information Security

The methodology included:

• Walkthrough interviews with those responsible for the audited processes;
• Diagnosis of adherence to the COSO ERM, COSO IC, COBIT and ITIL frameworks;
• Risk mapping, control tests and proposing a “to be” version of the processes;
• Development of a risk and control matrix, with prioritization according to materiality and criticism;
• Presentation of an Executive Audit Report to managers and Board of Directors.
‍

‍