Enterprise risk management

Enterprise risk management (ERM) serves as the leading approach to managing and optimizing risks, strategically identifying, analyzing, overseeing and monitoring the potential risks to an organization.

Grant Thornton offers a range of services to assist organizations in determining their exposure to various risks associated with ERM, as businesses attempt to create integrated and transparent risk management practices and move away from disconnected multiple risk functions.

Grant Thornton ERM services are designed to:

  • align risk management activities with business objectives to drive value
  • enhance coordination among risk and control groups to eliminate redundancies
  • improve the risk assessment process to better anticipate and understand risks
  • increase awareness of key risks and their respective key controls
  • enhance ownership by process owners for their control environment
  • provide senior management with the most up to date information regarding risk that may be used in the decision making process
  • improve accountability and transparency among all levels of Boards, senior management and interested parties
  • introduce of the new controls and processes to address newly emerging business risks.

ERM services include:

  • Designing and implementation of ISMS under the ISO 27001 standard; QMS under the ISO 9001 standard; FMS under the ISO 22000 standard
  • Designing and implementation of an information security framework under the PCI DSS standards
  • Designing and implementation of an information security infrastructure under the SWIFT requirements
  • Advisory on the ERM framework, compliance with COSO framework
  • Advisory on the Operational Risk Management (Basel II/III)
  • Advisory in implementation of an Internal Control Framework (COSO)
  • Internal auditing, risk based audit reports
  • Advisory on development of the internal audit function
  • Audit of business process

As a Professional Evaluation and Certification Board (PECB) certified partner we are authorized to provide management systems certification audits for a number of ISO certificates, such as:

ISO 27001               ISO 22000               ISO 9001

If your business offers the option of paying for goods and services with a credit card, you are required to protect your customers' credit card data by complying with the Data Security Standard set out by the Payment Card Industry Security Standards Council.

Grant Thornton as a PCI QSA and PCI ASV will assist you with your readiness in complying with the Data Security Standard. Our approach is to manage your requirements in a cost effective manner and address the areas of highest risk first.

As an approved SWIFT Accredited Security Auditor (BIC PTSQGBEE), we help our clients comply with the SWIFT security requirements through provision of a wide range of services that cover review and report the clients’ current controls in place for SWIFT security requirements, as well as design and implement new frameworks and controls in order to assist clients in achieving the target control state.

Grant Thornton Armenia is the first Grant Thornton firm, and the only professional services firms in the CIS region to receive CREST accreditation and membership.

CREST’s mission is to build high quality capability, capacity and consistency within the global technical cyber security sector. CREST provides internationally recognized accreditation for organizations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment. 

CREST accreditation provides clients of Grant Thornton, wishing to buy penetration testing services, threat intelligence or incident response services, with confidence that the work will be carried out by a qualified organization and individuals with up to date knowledge, skill and competence of the latest vulnerabilities and techniques used by real attackers.