How can we help you? Contact us

Global site
Africa
Americas
Asia Pacific
Europe
Middle East

Services

Outsourcing

Audit

We approach each audit with sharp thought, straight talk and common sense. In addition to verifying that financial results are fairly presented and meet...

See Overview

Financial statements audits
Financial statement audits
Compliance audits
Compliance audits
Compilations and reviews
Compilations and audit
Agreed-upon procedures
Agreed-upon procedures

Tax

Tax is a key part of our organization. Our award-winning teams can offer you a range of solutions, whatever the size of your business or the challenges you’re...

See Overview

Tax compliance
Business Tax
Global mobility services
Through our global organisation of member firms, we support both companies and individuals, providing insightful solutions to minimise the tax burden for both parties.
Sales and use tax and indirect taxes
SUT/ VAT & indirect taxes
Tax incentives
Navigating the complex landscape of tax incentives in Puerto Rico can be challenging. Whether you're looking to benefit from the Export Services Act (Act 20), the Individual Investors Act (Act 22), or other incentives under Act 60, we provide tailored advice to help you maximize your tax benefits and ensure compliance. Let us help you unlock the potential of doing business in Puerto Rico.
Transfer Pricing
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public

Related insights:

Tax Insight Do I need a Transfer Pricing Study to file my entity’s tax return?

For many years, the Puerto Rico Treasury Department (PR Treasury) has been looking for ways to oversee the amount of expenses that entities in Puerto Rico get charged or allocated by related entities outside Puerto Rico. In Puerto Rico, it is very common to have entities operating here as subsidiaries or branches of foreign entities, where the Parent Company or Home Office is in the United States or elsewhere.

3 min read | 30 Apr 2025

Advisory

As your business grows, our advisory services are designed to help you achieve your goals. Successful growth often means navigating a complex array of...

See Overview

Business consulting
Our business consulting services can help you improve your operational performance and productivity, adding value throughout your growth life cycle.
Business Risk Advisory
Risk is inevitable but manageable. We deliver relevant, timely and practical advices to aid organizations manage risk and improve business performance. We can help you identify, understand and manage potential risks to safeguard your business and comply with regulatory requirements.
Technology Advisory
We provide comprehensive solutions to safeguard your business and ensure operational resilience and compliance. Our expert team offers a range of technology advisory services designed to address your cybersecurity needs, enhance business continuity, and manage security effectively.
Transactional advisory services
Transactions are significant events in the life of a business – a successful deal that can have a lasting impact on the future shape of the organizations involved. Because the stakes are high for both buyers and sellers, experience, determination and pragmatism are required to bring deals safely through to conclusion.
Forensic and investigative services
At Grant Thornton, we have a wealth of knowledge in forensic services and can support you with issues such as dispute resolution, fraud and insurance claims.

Related insights:

International business Doing business in Puerto Rico

If you are looking for alternatives to expand your current operations or investment opportunities, now is the time to bring Puerto Rico at the front and center. The beneﬁts of establishing, relocating or expanding businesses in Puerto Rico are, without a doubt, attractive and rarely surpassed by any other jurisdiction.

02 May 2024

Outsourcing

Our outsourcing services allow you to save time and money in order to concentrate on the competencies and the core business activities.

See Overview

Careers

Careers page for Kevane Grant Thornton

See Overview

The Kevane Grant Thornton Difference

See Overview

Our values

Grant Thornton prides itself on being a values-driven organization and we have more than 56,000 people in over 140 countries who are passionately committed to...

See Overview

Diversity

Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience...

See Overview

In the community

Many Grant Thornton member firms provide a range of inspirational and generous services to the communities they serve.

See Overview

Experienced hires

See Overview

Students

See Overview

Job openings

Jobs at Kevane Grant Thornton

See Overview

Our Culture - Familia Kevane

Familia Kevane reflects the sentiment that our partners and team members express about their experience in the firm and that steers the pillars that define our...

See Overview

Industries

Consumer products & retail / wholesale

Emerging markets and shifting consumer demand are creating new opportunities in food and beverage, with business leaders investing in new products, markets and...

See Overview

Financial services

Optimism is slowly returning to the global economy, but the financial services industry needs to regain the trust of public and private bodies. To succeed,...

See Overview

Healthcare

At Kevane Grant Thornton we provide services to the Healthcare industry

See Overview

Technology, media & telecommunications

Rapid change and complexity are norms, and innovation the fuel in the technology industry. Today’s revolutions – including cloud, as-a-service, social media...

See Overview

Industrial products

At Kevane Grant Thornton we provide services to the Industrial products industry.

See Overview

Not for profit

Across the globe, not for profit organizations are increasingly expected to deliver more, while at the same time facing cuts in government funding and...

See Overview

Public sector

We work with all types of agencies, including central and state government, local government, donors (including bilateral and multilateral international...

See Overview

Real estate & construction

While the impact of the prolonged downturn continues to be felt, pockets of opportunity and optimism have emerged within the retail estate and construction...

See Overview

Services

At Kevane Grant Thornton we provide services to the Services industry.

See Overview

Travel, tourism & leisure

Dynamic businesses need to move with speed and purpose if they want to capitalise on opportunities in hospitality and tourism. At Grant Thornton, we know...

See Overview

Advisory Article

Addressing the threat within

16 Sep 2019

The right way to combat insider cyber threats

News coverage of cyber breaches tends to focus on external threats like cybercriminals, paid hackers or state-sponsored actors. But threats from insiders—employees, contractors and others with sanctioned access to your systems and data—are every bit as real and every bit as dangerous. Insiders face much lower barriers when committing cybercrime. Where external actors must devise ways to break into a target organization’s system, insiders enjoy ready, sanctioned access. Unfortunately, organizations pay insider threats little heed and exacerbate the issue by failing to report insider incidents. Yet the FBI notes that damages from individual insider incidents that it investigates range up to $3 million. Losses include:

The value of stolen data
The significant costs of IT services and countermeasures
Legal fees
Lost customers and revenue
Credit monitoring services for customers and employees affected by insider incidents

Identifying and addressing threats

Insider threats fall into three broad categories:

IT sabotage: An insider uses access to IT systems to harm the organization; an associated organization, such as a supplier or customer; or an individual, such as a senior executive.
Theft of IP: An insider uses IT to steal the organization’s IP, such as account information, trade secrets or financial or strategic plans. This category includes industrial espionage involving outsiders who recruit insiders.
Fraud: An insider uses IT for the unauthorized modification, addition or deletion of an organization’s data (not programs or systems) for personal financial gain, or to steal information associated with crimes such as identity theft or credit card fraud.

Getting it right

An effective insider security program will affect more than security. It also impacts the relationship between your people and your organization and potentially the efficiency with which they can do their jobs. Therefore, addressing insider security requires a broader team and a more nuanced approach than dealing with external threats. As with external security programs, this effort should involve their chief information security officer’s (CISO’s) function, the chief risk officer (CRO) and the chief legal officer (CLO) or general counsel. But an internal security program should also involve the chief human resources officer (CHRO) to ensure that the impact on and communications with your personnel are appropriately addressed.

This multi-disciplinary team should begin by determining which positions need access to which systems and data. This involves interviews and surveys of functions throughout the business to drive a disciplined analysis of business needs and interrelationships. The team must then establish procedures for appropriately granting and controlling access to and use of the data and systems in question, including methods for ongoing monitoring to ensure future compliance. Next, communicate the program to all employees and contractors in ways that both support the organization’s compliance and legal concerns and that engender acceptance and cooperation.

An effective program for controlling insider cyber risk addresses each of the five following issues:

Program governance. The first step toward an effective insider threat management function is to develop and deploy the right frameworks, policies and procedures, access, and activity monitoring and response protocols.
Vetting processes. The degree of vetting should be scaled to the sensitivity and value of the data and systems to which individuals in specific functions and positions have access. One size does not fit all, yet this is the approach many organizations employ.
Controlling access. For any given role, access to systems and data should be grounded in an analysis of what is actually required to perform that function. For reasons mainly related to convenience and a fear of insulting otherwise trusted insiders, many organizations fail to appropriately limit access.
Communication. Communication concerning an insider risk program requires sensitivity and diplomacy. You do not wish to give the impression that insiders are not trusted, but instead seek to clearly communicate the need for an internal risk control program and explain its role in mitigating threats.
Enhanced monitoring. An effective insider risk program can build out appropriate investigation and response models based on behavioral patterns, data movements, incidents and breaches. These should address the need to monitor people in different roles who use different data, and activities within a given environment.

Trust, but verify

In today’s digitalized environment, employees, contractors and partners understand the need for an organization to protect its digital assets. Oddly, in our experience it is often senior management that fails to understand that need, or to act on that understanding.

The risks are real and serious due to the growing value of an organization’s data, IP and processes. Management can readily address these risks, with the right expertise, experience and assistance. But management commonly overlooks these risks, often with serious consequences.

Source: Grant Thornton library articles