Internal Audit Executive Board

Histórico de Revisões

Versão: Data de Revisão: Histórico:
1 08/02/2018 Document Elaboration.
2 06/19/2019 Updated subitems 1.1, 2.1, 2.2, 3.1, 3.2 and 4.1 of item III. Guidelines, included sub-items 2.3, 2.9, 3.3, 5 and 6 and excluded sub-item 2.1.1.
Updated item IV. Management of Consequences
Updated item V. Responsibilities
Updated item VII. Concepts and Acronyms


I. Purpose

Set forth the principles of action of the Internal Audit Executive Board in the Company’s processes.

II. Scope

All Management (Statutory Officers, members of the Board of Directors, Fiscal Council, Board of Directors’ advisory committees) and employees of Cielo S.A., associated companies and subsidiaries.

III. Guidelines

1. Mission

1.1. Provide independent, autonomous and impartial opinions on the quality and effectiveness of the systems and processes for risk management, internal controls and corporate governance, identifying deviations and proposing improvements to protect the interests of the Company and its shareholders.

2. Independence

2.1. Auditors report to the person responsible for the Internal Audit, who reports to the Board of Directors with the technical support of the Audit Committee.

2.2. The nomination, designation, dismissal or layoff of the person responsible for the Internal Audit shall be approved by the Board of Directors, with a recommendation of the Audit Committee, and informed to the Brazilian Central Bank.

2.3. The budgets of the Internal Audit and Audit Committee, both to cover expenses with its operation and to hire consultants when the opinion of an external expert is required, considering their operational autonomy, must be approved by the Board of Directors, which is responsible for such approval.

2.4. The Internal Audit may contract advisory services from external experts to subsidize the area when it is not sufficiently skilled.

2.5. Auditors cannot assume operational responsibility concerning the audited units; they also cannot participate in the audit of a business area or duty which they have managed or they had operational responsibility in the last 12 months so that to avoid a potential conflict of interests.

2.6. Auditors answer to the Board of Directors and the Audit Committee on all the issues referring to the performance of their activities.

2.7. Auditors’ compensation is defined regardless of the business areas, so that not to create a conflict of interests.

2.8. The auditors’ compensation is established regardless of the business areas, thus not creating a conflict of interests.

2.9. The person in charge and other employees of the Internal Audit who carry out the audit activities have unrestricted access to the information necessary for the good performance of their duties. The members of the Management and the employees of the Company must cooperate with the Auditors, enabling their access to goods, facilities, transactions and information systems.

3. Audit Plan

3.1. The Audit Plan shall consider all the relevant factors and risks relating to the areas, processes, products, strategies, and guidelines of the Board of Executive Officers, Audit Committee and Board of Directors.

3.2. Considering the technical nature of the Audit Plan, the Board of Directors grants to the Audit Committee the power to approve the said Plan, which will be taken with the approval of all members present at the meeting, excluding the votes of any members with interests conflicting with those of the Company. If there is no consensus, the Audit Plan shall be submitted to the Board of Directors, which shall resolve on the matter. After approving the Audit Plan in the Audit Committee, the Coordinator of the Audit Committee shall report to the Board of Directors, reporting the Plan and making any adjustments needed.

3.3. The Audit Plan must be made available to the Brazilian Central Bank for at least five (5) years.

4. Scope

4.1. The scope of the internal audit shall consider all duties of Cielo S.A., institutions that are part of the prudential conglomerate and other associated companies and subsidiaries, including outsourced companies.

5. Methodology of the Works

5.1. The Internal Audit process is based on internal procedures and International Standards for the professional practice of the Internal Audit, issued by The Institute of Internal Auditors (IIA).

5.2. The work programs of the Internal Audit are based on the COSO (Committee of Sponsoring Organizations of the Treadway Commission), COBIT (Control Objectives for Information and Related Technology), ISO (International Organization for Standardization) standards and the Company’s regulatory instruments.

6. Contracting Extra-Audit Services

6.1. In addition to contacting the audit firm responsible for auditing the financial statements, the Board of Directors is also responsible for approving contracting with such firm any other service to be provided to the Company, other than the audit service of the financial statements, in compliance with the recommendation the Audit Committee and the person responsible for the Internal Audit. It is forbidden to hire an extra-audit service that could compromise the independence of auditors.

6.2. The person who has rendered internal audit services to the Company in the last three (3) years should not be hired as an independent auditor.

6.3. Likewise, a professional who has worked in the Independent Audit team responsible for auditing the financial statements in the last year (one year) must not be hired as the Company’s employee.

IV. Management of Consequences

Employees, suppliers or other stakeholders who notice any deviation to this Policy’s guidelines, may report the fact to the Ethics Channel ( or 0800 775 0808), anonymously or not.

Likewise, employees, suppliers or other stakeholders must immediately notify the Auditor of any material fact or situation of risk to the Company’s assets or matters involving a misconduct and irregular behavior that they are aware of.

Internally, the failure to comply with this Policy’s guidelines implies the application of measures holding liable those violators according to the respective seriousness of non-compliance.

V. Responsibilities

Internal Audit Executive Board:

  • Carries out the internal audit at the Company.
  • Ensures that the Internal Audit activity, collectively, has or obtains the knowledge, skills and other competencies required to perform its activities.
  • Oversees the service agreements and ensures the quality of activities in cases where the audit services are provided by external providers.
  • Shares information and coordinates activities involving the independent audit of relevant assessments to ensure appropriate coverage and minimize duplicated efforts.
  • Investigates complaints received and frauds involving managers and employees.
  • Takes part in work groups as an advisor, as well as in committees and commissions, when invited, without losing its independence.
  • Treats confidentially the information and documents accessed by Internal Audit team when executing their works.
  • Ensures that the audit reports and related work papers are treated confidentially with exclusive use of the Internal Audit.
  • Develops and maintains a quality and improvement warranty program to include all the aspects of internal audit and continuously monitors its efficacy.
  • Makes available the work results to external audit, inspection and control entities, in the cases provided for by laws and applicable rules, and other interested parties only due to a court order.
  • Reports and answers to the Board of Directors.

Management and Employees

  • Observe and ensure the compliance with this Policy, and when necessary, prompt the Cielo’s Audit Committee for consultation on situations involving conflict with this Policy or whenever occurs the situations outlined therein.

VI. Additional Documentation

  • This Policy takes into account a set of the best practices adopted by the market, the Circular Letter No. 3.856 issued by the Brazilian Central Bank and the International Standards for the Professional Practice of Internal Audit issued by The Institute of Internal Auditors (IIA).
  • Cielo’s Code of Ethical Conduct
  • In-company rules are continuously improved, approved by the appropriate authorities and made available to all employees.

VII. Concepts and Acronyms

  • Independent Auditors or Independent Audit: The company that carries out the audit service on the Company’s financial statements to issue an expert opinion on the compliance of such statements with the equity and financial position, results of operations, changes in shareholders’ equity and other financial statements, according to Brazilian and international auditing standards.
  • Internal Audit: This is an independent and objective activity which provides assurance and consulting services (as detailed below in Consulting Services), aiming at adding value and enhancing the operations of an organization. The Audit assists the Company to achieve its objectives, by adopting a systematic and disciplined approach to assess and improve the efficacy of risk management, control, and corporate governance processes.
  • Ethics Channel: Specific channel to receive information via the Internet or voice on events conflicting (irregularities) with Cielo’s Code of Ethical Conduct.
  • Code of Ethical Conduct: Reference document for Cielo and other stakeholders.
  • Audit Committee: Has as purpose assisting the Board of Directors in the performance of its responsibilities relating to accounting policies, internal controls and issue of financial reports. The Audit Committee may also issue recommendations and opinions so that the Board of Directors may promote the accountability of the Board of Executive Officers and assess the integrity and the effectiveness of the internal controls implemented by the Company. Without prejudice to the activities mentioned above, the Audit Committee shall also ensure that the Internal Audit Executive Board may regularly perform its duties independently, and the independent auditors may assess the practices of the Board of Executive Officers and the Internal Audit Executive Board.
  • Ethics Forum: This is a joint committee composed of Cielo’s Chief Executive Officer, Vice Chief Executive Officers and Executive Officers whose scope of action includes: ensure the continuous improvement of the content of the Cielo’s Code of Ethical Conduct; ensure that the precepts of the Code of Ethical Conduct are reference in Cielo’s management process and to be observed during employee’s daily activities; deliberate on the situations which were identified as deviations of the principles contained in the Code of Ethical Conduct sent to this Forum. The Forum, at its sole discretion, may eventually invite Cielo’s managers who may contribute to solving the occurrence.
  • Internal Audit Plan: The Internal Audit Plan, based on the evaluation of audit risks, presents the processes that will be part of the scope of the internal audit, the classification of these processes by risk level, the proposed schedule and the allocation of resources available.
  • Evaluation Services: This is an objective evaluation of the evidence by the internal auditor aiming at presenting an independent opinion or conclusions on a certain process or other related matter.
  • Consulting Services: Providing independent and objective advice to the boards, committees and business units of the Company.
  • Extra-Audit Services: These are other services rendered by the Independent Auditors other than those described in the above definition of Independent Auditors.

VIII. Miscellaneous

It shall be incumbent upon the Company’s Board of Directors to amend this Policy whenever necessary.

This Policy takes effect on the date of its approval by the Board of Directors and revokes any contrary rules and procedures.