In today’s highly regulated, competitive marketplace

every company is faced with strategic, financial, cybersecurity, operational and technological challenges. Successful organizations realize that the achievement of their strategic goals is dependent on successfully managing and mitigating risk, and providing assurance of this to all stakeholders.

Grant Thornton is well positioned to offer a Business Risk Services (BRS) to assist organizations in determining their exposure to various risks associated with operational, process and finance risks, as businesses attempt to create integrated and transparent risk management practices and move away from disconnected multiple risk functions. 

Grant Thornton's Business Risk Services (BRS) can provide the advice necessary to help you manage risk and improve your business performance. Our team can deliver objective, value-added solutions that will enable you to strengthen internal controls and governance processes, implement sound organizational strategies, increase technological capabilities and improve your operational efficiency. 
Our offering is well positioned to address the current needs of businesses and their risk management challenges. We are specialized in the fields of:

•    Technology audit, advisory and risk management
•    Enterprise risk management including operational, process and finance risk
•    Internal Control
•    Internal Audit
•    Corporate governance advisory, design and compliance
•    Business process re-engineering
•    Information security and data protection

Today's companies have enormous responsibilities. Grant Thornton understands that growing companies need guidance to help manage their businesses, establish robust internal controls, use information technology effectively and improve performance. We are dedicated to working with our clients to customize our approach to each assignment, while at all times delivering our core strengths of technical excellence and commercial focus, to support business improvement.

professional qualification courses PECB certification trainings Read more
Our BRS practice is split into three key elements:
IT governance and advisory

In 21st century business success is closely related to information technology and ability to manage the IT associated risks and uses it to drive their stakeholder value. 

Our BRS team can help you evaluate your IT (Information Technology) governance, analyze IT applications and infrastructure, strengthen security and assess the business risks and controls related to the use of IT. IT is often one of the most important vulnerable assets a business has, which is why it is critical to ensure that you maximize your technology investment and use IT effectively to help you drive your business strategy.

Grant Thornton has a proven, internationally-used methodology for IT audit, IT advisory and risk-oriented engagements, which involves review and assessment, design and implementation, recommendations and action plans for ongoing re-evaluation and continuous improvement. This allows us to provide a consistent, standardized, best practice IT assurance service, whilst retaining the flexibility to adapt to your specific circumstances and requirements.

Our IT assurance approach based on a risk-based methodology. Our detailed work programmes are based on COBIT and the related IIA’s Global Technology Audit Guides, and include tested and proven good practice in IT assurance, so that control improvement opportunities can be identified. We can tailor our IT assurance programmes to suit the scope of a clients’ engagement. Typically an IT internal audit or IT risk management engagement will include some or all of the following: user access, system interfaces, data protection and integrity, change management, information security and business continuity planning.

Grant Thornton offers clients an extensive suite of IT Governance and advisory services in the following areas:

  • Assurance of IT-systems and processes
  • Audit of IT general and application controls
  • Audit of special payment and billing systems
  • Software Selection
  • IT Risk management
  • IT Strategy
  • IT due diligence
  • Technology Advisory
  • Cybersecurity audits and advisory
  • Penetration testing and vulnerability scanning solutions
  • IT Governance Audit
  • Audit of Data Center

Grant Thornton IT Governance and advisory services are designed to provide:
assurance to the Board, Audit Committee and other interested parties that IT risks are being effectively mitigated

  • greater awareness of IT risks within the organization
  • a clearer view of the performance of IT controls, to enable you to monitor their effectiveness
  • the information needed to determine return on investment in IT security and control
  • compliance with relevant legislation and regulatory frameworks, such PCI DSS, ISO 27001, NIST, SWIFT, ISO 9001 and etc.
  • the ability to satisfy management, customers and external auditors that information security and systems are appropriately managed and controlled
Enterprise risk management

Enterprise risk management (ERM) serves as the leading approach to managing and optimizing risks, strategically identifying, analyzing, overseeing and monitoring the potential risks to an organization.

Grant Thornton offers a range of services to assist organizations in determining their exposure to various risks associated with ERM, as businesses attempt to create integrated and transparent risk management practices and move away from disconnected multiple risk functions.

Grant Thornton ERM services are designed to:

  • align risk management activities with business objectives to drive value
  • enhance coordination among risk and control groups to eliminate redundancies
  • improve the risk assessment process to better anticipate and understand risks
  • increase awareness of key risks and their respective key controls
  • enhance ownership by process owners for their control environment
  • provide senior management with the most up to date information regarding risk that may be used in the decision making process
  • improve accountability and transparency among all levels of Boards, senior management and interested parties
  • introduce of the new controls and processes to address newly emerging business risks.

ERM services include:

  • Designing and implementation of ISMS under the ISO 27001 standard; QMS under the ISO 9001 standard; FMS under the ISO 22000 standard
  • Designing and implementation of an information security framework under the PCI DSS standards
  • Designing and implementation of an information security infrastructure under the SWIFT requirements
  • Advisory on the ERM framework, compliance with COSO framework
  • Advisory on the Operational Risk Management (Basel II/III)
  • Advisory in implementation of an Internal Control Framework (COSO)
  • Internal auditing, risk based audit reports
  • Advisory on development of the internal audit function
  • Audit of business process

As a Professional Evaluation and Certification Board (PECB) certified partner we are authorized to provide management systems certification audits for a number of ISO certificates, such as:

ISO 27001               ISO 22000               ISO 9001

If your business offers the option of paying for goods and services with a credit card, you are required to protect your customers' credit card data by complying with the Data Security Standard set out by the Payment Card Industry Security Standards Council.

Grant Thornton as a PCI QSA and PCI ASV will assist you with your readiness in complying with the Data Security Standard. Our approach is to manage your requirements in a cost effective manner and address the areas of highest risk first.

As an approved SWIFT Accredited Security Auditor (BIC PTSQGBEE), we help our clients comply with the SWIFT security requirements through provision of a wide range of services that cover review and report the clients’ current controls in place for SWIFT security requirements, as well as design and implement new frameworks and controls in order to assist clients in achieving the target control state.

Grant Thornton Armenia is the first Grant Thornton firm, and the only professional services firms in the CIS region to receive CREST accreditation and membership.

CREST’s mission is to build high quality capability, capacity and consistency within the global technical cyber security sector. CREST provides internationally recognized accreditation for organizations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment. 

CREST accreditation provides clients of Grant Thornton, wishing to buy penetration testing services, threat intelligence or incident response services, with confidence that the work will be carried out by a qualified organization and individuals with up to date knowledge, skill and competence of the latest vulnerabilities and techniques used by real attackers.

Corporate governance

Governance crises in the corporate environment have placed unprecedented emphasis on corporate governance in all types of organizations. As organizations seek to give stakeholders greater confidence, they face ever increasing pressure to demonstrate best practice corporate governance.
Increased focus on directors' and executives' role and responsibilities requires systematic frameworks for implementing critical corporate governance principles on ethics, code of conduct, compensation, financial policy, and financial reporting. The companies need to actively consider their strategic priorities before adopting corporate governance reforms and corporate strategies that enhance both business performance and governance effectiveness.

Our corporate governance and advisory services can help ensure that your organization and board understand the necessary requirements for implementing the right corporate governance framework. We work with our clients to put in place transparent and robust governance arrangements at board and operational level, intelligent risk management and effective compliance structures in the following areas:

  • Corporate governance advisory
  • Audit committee advisory
  • Business processes re-engineering
  • Review of operational and organizational structures (KPI, KGI, and etc.)
  • Corporate governance assessment
  • Advisory on best corporate governance practices and applicable regulations
  • Advisory on development of corporate governance manuals
  • Controls analysis and documentation

Grant Thornton Corporate Governance and Advisory services deliver:

  • co-ordinated interaction amongst the Board, Audit Committee, Management team, External auditor and Internal audit group
  • a risk and controls-focused framework for corporate governance, ensuring the effectiveness of controls in light of your specific operations and company structure, management and board of directors

greater awareness of and compliance with your organization’s own compliance environment.