-
Financial statements audits
Financial statement audits
-
Compliance audits
Compliance audits
-
Compilations and reviews
Compilations and audit
-
Agreed-upon procedures
Agreed-upon procedures
-
Corporate and business tax
Our trusted teams can prepare corporate tax files and ruling requests, support you with deferrals, accounting procedures and legitimate tax benefits.
-
International tax
Our teams have in-depth knowledge of the relationship between domestic and international tax laws.
-
Tax compliance
Business Tax
-
Individual taxes
Individual taxes
-
Estate and succession planning
Estate and succession planning
-
Global mobility services
Through our global organisation of member firms, we support both companies and individuals, providing insightful solutions to minimise the tax burden for both parties.
-
Sales and use tax and indirect taxes
SUT/ VAT & indirect taxes
-
Tax incentives program
Tax incentives program
-
Transfer Pricing Study
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public
-
Business consulting
Our business consulting services can help you improve your operational performance and productivity, adding value throughout your growth life cycle.
-
Forensic and investigative services
At Grant Thornton, we have a wealth of knowledge in forensic services and can support you with issues such as dispute resolution, fraud and insurance claims.
-
Fraud and investigations
The commercial landscape is changing fast. An ever more regulated environment means organizations today must adopt stringent governance and compliance processes. As business has become global, organizations need to adapt to deal with multi-jurisdictional investigations, litigation, and dispute resolution, address the threat of cyber-attack and at the same time protect the organization’s value.
-
Dispute resolutions
Our independent experts are experienced in advising on civil and criminal matters involving contract breaches, partnership disputes, auditor negligence, shareholder disputes and company valuations, disputes for corporates, the public sector and individuals. We act in all forms of dispute resolution, including litigation, arbitration, and mediation.
-
Business risk services
We can help you identify, understand and manage potential risks to safeguard your business and comply with regulatory requirements.
-
Internal audit
We work with our clients to assess their corporate level risk, identify areas of greatest risk and develop appropriate work plans and audit programs to mitigate these risks.
-
Service organization reports
As a service organization, you know how important it is to produce a report for your customers and their auditors that instills confidence and enhances their trust in your services. Grant Thornton Advisory professionals can help you determine which report(s) will satisfy your customers’ needs and provide relevant information to your customers and customers’ auditors that will be a business benefit to you.
-
Transaction advisory services
Transactions are significant events in the life of a business – a successful deal that can have a lasting impact on the future shape of the organizations involved. Because the stakes are high for both buyers and sellers, experience, determination and pragmatism are required to bring deals safely through to conclusion.
-
Mergers and acquisitions
Globalization and company growth ambitions are driving an increase in M&A activity worldwide as businesses look to establish a footprint in countries beyond their own. Even within their own regions, many businesses feel the pressure to acquire in order to establish a strategic presence in new markets, such as those being created by rapid technological innovation.
-
Valuations
We can support you throughout the transaction process – helping achieve the best possible outcome at the point of the transaction and in the longer term.
-
Recovery and reorganization
We provide a wide range of services to recovery and reorganisation professionals, companies and their stakeholders.
As organizations increasingly migrate to and rely upon cloud-based solutions, internal audit (IA) is uniquely positioned to play a critical role in the adoption of a cloud security program. IA’s independence and objectivity can provide insights that enhance the ability for management and the board to oversee and control risks. IA bolsters cloud security by:
- assessing cloud security strategy and its alignment with risk and compliance
- understanding cloud security architecture, service types and associated risks and challenges
- identifying areas for improvement and communicating them to the board and management
- collaborating with the cloud service provider, IT, IS and leadership to translate enterprise risk management objectives
Cloud migration and related cybersecurity risks
Cloud computing has seen rapid adoption because of its speed, agility, and affordability. Benefits include a scalable infrastructure, flexibility in access to computing resources and reduced expenses associated with maintaining infrastructure like data sources, network components and, in some cases, even physical data centers.
However, the cloud also presents challenges. Studies suggest that more than 70% of companies had a cloud data breach in the previous 12 months, which has intensified the need for cloud security. A Sophos News survey revealed that organizations have been confronted with a variety of cloud data breaches. About 34% faced a malware attack, 29% had exposed data and 28% suffered a ransomware strike.
How IA provides perspective on cloud security
IA plays a critical role in assessing and enhancing your cloud security by:
- helping management understand cloud security architecture, with associated risks and challenges
- identifying areas for improvement and communicating them to management and the board
- supporting collaboration among the cloud service provider, IT, IS, and leadership
IA’s assistance is also vital in helping to bring leading practices to a cloud security strategy, with a focus on the risk and control elements primarily driven by people, process, and technology:
People
- address risks from a lack of skilled cloud security experts
- identify key dependencies on the cloud service provider and critical third-party providers
- evaluate clearly defined roles and responsibilities, ensuring that risks are collectively mitigated
Process
- evaluate alignment of cloud security against business goals and objectives
- assess non-standard processes introduced through migration to the cloud
- evaluate processes for risk mitigation as responsibilities transition from one business function to the other
- examine adoption of cloud controls, and how they impact risk and compliance efforts
Technology
- address risks related to privilege access, data storage, and security
- evaluate risks that protect against shared responsibilities from third-party service providers that provide cloud services
Focus on these cloud security areas
When your organization has accepted its responsibility to ensure strong cloud security, it can move forward to develop a program that identifies key focus areas and an action plan to audit those functions. Concentrate on the most important areas, including:
- cloud program governance: Policies, procedures and risk-based planning and assessment; for compliance with standards, regulations, legal, contractual, and statutory requirements
- policies and procedures: Identification and assessment of how identity inventory, password policies, and other information is managed
- application security: Secure application design and development, such as access code, logic, and secure coding practices
- data security: Data inventory, classification, storage, ownership, and privacy
- key management and encryption: Policies, procedures, roles and responsibilities, and encryption requirements on classified data
Management needs to ensure that the cloud security program is built into the overarching enterprise resiliency architecture. That means, environment aside, you need to ensure you are following the security controls and requirements that can help reduce the risk to your organization.
A strong cloud security audit program must develop a “cadence,” or a regular review cycle of cloud security, configuration, and other factors. In addition to an annual audit, cloud security should be reviewed with each change in strategy or with the introduction of a new application. As the cloud strategy evolves and major applications are being moved to the cloud, it’s important to perform a pre-implementation review.
Cloud security isn’t optional
Creating a strong cloud security program requires identification of not only key IA focus areas, but also a thorough understanding of your operational objectives, risks, and processes. It also requires the integration of program enhancements to prepare for inevitable risks
Grant Thornton library articles:
We are committed to keep you updated of all developments that may affect the way you do business in Puerto Rico. Please contact us for assistance in relation to this or any other matter, we will be glad to assist you.
