How can we help you? Contact us

Global site
Africa
Americas
Asia Pacific
Europe
Middle East

Services

Outsourcing

Audit

We approach each audit with sharp thought, straight talk and common sense. In addition to verifying that financial results are fairly presented and meet...

See Overview

Financial statements audits
Financial statement audits
Compliance audits
Compliance audits
Compilations and reviews
Compilations and audit
Agreed-upon procedures
Agreed-upon procedures

Tax

Tax is a key part of our organization. Our award-winning teams can offer you a range of solutions, whatever the size of your business or the challenges you’re...

See Overview

Tax compliance
Business Tax
Global mobility services
Through our global organisation of member firms, we support both companies and individuals, providing insightful solutions to minimise the tax burden for both parties.
Sales and use tax and indirect taxes
SUT/ VAT & indirect taxes
Tax incentives
Navigating the complex landscape of tax incentives in Puerto Rico can be challenging. Whether you're looking to benefit from the Export Services Act (Act 20), the Individual Investors Act (Act 22), or other incentives under Act 60, we provide tailored advice to help you maximize your tax benefits and ensure compliance. Let us help you unlock the potential of doing business in Puerto Rico.
Transfer Pricing
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public

Related insights:

Tax insights Learn about the federal tax filing for Puerto Rico residents

Our tax experts discuss when and how Puerto Rico residents need to report their income to the IRS, which forms to use and incentives that may be available to them. Watch the video to learn about federal tax filing

Less than a minute | 09 Apr 2025

Advisory

As your business grows, our advisory services are designed to help you achieve your goals. Successful growth often means navigating a complex array of...

See Overview

Business consulting
Our business consulting services can help you improve your operational performance and productivity, adding value throughout your growth life cycle.
Business Risk Advisory
Risk is inevitable but manageable. We deliver relevant, timely and practical advices to aid organizations manage risk and improve business performance. We can help you identify, understand and manage potential risks to safeguard your business and comply with regulatory requirements.
Technology Advisory
We provide comprehensive solutions to safeguard your business and ensure operational resilience and compliance. Our expert team offers a range of technology advisory services designed to address your cybersecurity needs, enhance business continuity, and manage security effectively.
Transactional advisory services
Transactions are significant events in the life of a business – a successful deal that can have a lasting impact on the future shape of the organizations involved. Because the stakes are high for both buyers and sellers, experience, determination and pragmatism are required to bring deals safely through to conclusion.
Forensic and investigative services
At Grant Thornton, we have a wealth of knowledge in forensic services and can support you with issues such as dispute resolution, fraud and insurance claims.

Related insights:

International business Doing business in Puerto Rico

If you are looking for alternatives to expand your current operations or investment opportunities, now is the time to bring Puerto Rico at the front and center. The beneﬁts of establishing, relocating or expanding businesses in Puerto Rico are, without a doubt, attractive and rarely surpassed by any other jurisdiction.

02 May 2024

Outsourcing

Our outsourcing services allow you to save time and money in order to concentrate on the competencies and the core business activities.

See Overview

Careers

Careers page for Kevane Grant Thornton

See Overview

The Kevane Grant Thornton Difference

See Overview

Our values

Grant Thornton prides itself on being a values-driven organization and we have more than 56,000 people in over 140 countries who are passionately committed to...

See Overview

Diversity

Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience...

See Overview

In the community

Many Grant Thornton member firms provide a range of inspirational and generous services to the communities they serve.

See Overview

Experienced hires

See Overview

Students

See Overview

Job openings

Jobs at Kevane Grant Thornton

See Overview

Our Culture - Familia Kevane

Familia Kevane reflects the sentiment that our partners and team members express about their experience in the firm and that steers the pillars that define our...

See Overview

Industries

Consumer products & retail / wholesale

Emerging markets and shifting consumer demand are creating new opportunities in food and beverage, with business leaders investing in new products, markets and...

See Overview

Financial services

Optimism is slowly returning to the global economy, but the financial services industry needs to regain the trust of public and private bodies. To succeed,...

See Overview

Healthcare

At Kevane Grant Thornton we provide services to the Healthcare industry

See Overview

Technology, media & telecommunications

Rapid change and complexity are norms, and innovation the fuel in the technology industry. Today’s revolutions – including cloud, as-a-service, social media...

See Overview

Industrial products

At Kevane Grant Thornton we provide services to the Industrial products industry.

See Overview

Not for profit

Across the globe, not for profit organizations are increasingly expected to deliver more, while at the same time facing cuts in government funding and...

See Overview

Public sector

We work with all types of agencies, including central and state government, local government, donors (including bilateral and multilateral international...

See Overview

Real estate & construction

While the impact of the prolonged downturn continues to be felt, pockets of opportunity and optimism have emerged within the retail estate and construction...

See Overview

Services

At Kevane Grant Thornton we provide services to the Services industry.

See Overview

Travel, tourism & leisure

Dynamic businesses need to move with speed and purpose if they want to capitalise on opportunities in hospitality and tourism. At Grant Thornton, we know...

See Overview

Advisory Article

Internal audit in the cloud

17 Aug 20213 min read

The critical role of internal audit in cloud security.

Contents

As organizations increasingly migrate to and rely upon cloud-based solutions, internal audit (IA) is uniquely positioned to play a critical role in the adoption of a cloud security program. IA’s independence and objectivity can provide insights that enhance the ability for management and the board to oversee and control risks. IA bolsters cloud security by:

assessing cloud security strategy and its alignment with risk and compliance
understanding cloud security architecture, service types and associated risks and challenges
identifying areas for improvement and communicating them to the board and management
collaborating with the cloud service provider, IT, IS and leadership to translate enterprise risk management objectives

Cloud migration and related cybersecurity risks

Cloud computing has seen rapid adoption because of its speed, agility, and affordability. Benefits include a scalable infrastructure, flexibility in access to computing resources and reduced expenses associated with maintaining infrastructure like data sources, network components and, in some cases, even physical data centers.

However, the cloud also presents challenges. Studies suggest that more than 70% of companies had a cloud data breach in the previous 12 months, which has intensified the need for cloud security. A Sophos News survey revealed that organizations have been confronted with a variety of cloud data breaches. About 34% faced a malware attack, 29% had exposed data and 28% suffered a ransomware strike.

How IA provides perspective on cloud security

IA plays a critical role in assessing and enhancing your cloud security by:

helping management understand cloud security architecture, with associated risks and challenges
identifying areas for improvement and communicating them to management and the board
supporting collaboration among the cloud service provider, IT, IS, and leadership

IA’s assistance is also vital in helping to bring leading practices to a cloud security strategy, with a focus on the risk and control elements primarily driven by people, process, and technology:

People

address risks from a lack of skilled cloud security experts
identify key dependencies on the cloud service provider and critical third-party providers
evaluate clearly defined roles and responsibilities, ensuring that risks are collectively mitigated

Process

evaluate alignment of cloud security against business goals and objectives
assess non-standard processes introduced through migration to the cloud
evaluate processes for risk mitigation as responsibilities transition from one business function to the other
examine adoption of cloud controls, and how they impact risk and compliance efforts

Technology

address risks related to privilege access, data storage, and security
evaluate risks that protect against shared responsibilities from third-party service providers that provide cloud services

Focus on these cloud security areas

When your organization has accepted its responsibility to ensure strong cloud security, it can move forward to develop a program that identifies key focus areas and an action plan to audit those functions. Concentrate on the most important areas, including:

cloud program governance: Policies, procedures and risk-based planning and assessment; for compliance with standards, regulations, legal, contractual, and statutory requirements
policies and procedures: Identification and assessment of how identity inventory, password policies, and other information is managed
application security: Secure application design and development, such as access code, logic, and secure coding practices
data security: Data inventory, classification, storage, ownership, and privacy
key management and encryption: Policies, procedures, roles and responsibilities, and encryption requirements on classified data

Management needs to ensure that the cloud security program is built into the overarching enterprise resiliency architecture. That means, environment aside, you need to ensure you are following the security controls and requirements that can help reduce the risk to your organization.

A strong cloud security audit program must develop a “cadence,” or a regular review cycle of cloud security, configuration, and other factors. In addition to an annual audit, cloud security should be reviewed with each change in strategy or with the introduction of a new application. As the cloud strategy evolves and major applications are being moved to the cloud, it’s important to perform a pre-implementation review.

Cloud security isn’t optional

Creating a strong cloud security program requires identification of not only key IA focus areas, but also a thorough understanding of your operational objectives, risks, and processes. It also requires the integration of program enhancements to prepare for inevitable risks

Grant Thornton library articles:

Internal audit in the cloud

We are committed to keep you updated of all developments that may affect the way you do business in Puerto Rico. Please contact us for assistance in relation to this or any other matter, we will be glad to assist you.