Best Practices for Mitigating Risk in Expense Reporting Platforms
Expense reporting platforms have simplified the review and approval processes, making it easier to submit documentation for payment. However, this convenience can also lead to less stringent review of submitted documents and opportunities for changing electronic receipts. As a result, organizations need to implement best practices to reduce the risk associated with these reporting systems….
How Internal Audit Can Support Whistleblower Investigations
By Melissa Musser, Partner and Director GRF Risk & Advisory Services, President of the IIA Washington DC Chapter. Do you know if an employee is stealing from your company? Quite often, the first hint of a problem comes from an insider tip. Having a comprehensive whistleblower program in place is a powerful early warning mechanism…
Top 5 Tax Tips for Small Business Owners
By Jennifer Galstad-Lee, Senior Manager, Tax Services Small business owners have double-duty during tax season – preparing and filing their own taxes as well as taxes for their small business. With so many demands on their time already, tax season can be cause for dread, but advance planning and organization can make life a little…
Essential stages of a third party risk management program
Developing and maintaining a third party risk management (TPRM) program can help to reduce the overall risk to your organization. What is TPRM? In short, it is the process of analyzing and mitigating risks associated with working relationships with outside entities. These parties can include everyone from contractors providing janitorial services to suppliers of a…
Four Things You Can Do Today to Improve Your Cybersecurity Posture
Cybersecurity is always changing and evolving as threats grow. Here are ideas that you can start on today that will help reduce your risk and improve your cybersecurity posture: 1. Require Multi-Factor Authentication Having multi-factor authentication (MFA) is essential for granting access to confidential data. It helps to reduce the risk of credential loss and…
Workshop Highlights: Navigating the World of Uncertainties Impacting Non-Profit Organizations
The 4th Annual GRF /NC State ERM Workshop for Nonprofits was held on February 23 and 24, 2023. Nonprofit executives and board members from across the U.S. came together to share their experiences and discuss strategies and tactics for strengthening enterprise risk management at tax-exempt organizations. Melissa Musser, Partner and Director of GRF’s Risk Advisory…
State-Mandated Retirement Plans: An Overview for Businesses
By Jennifer Galstad-Lee, CPA, JD, Senior Tax Manager Many Americans are not saving enough for retirement – in fact, a recent survey by the Federal Reserve found that a quarter of working adults have no retirement savings at all. To address this growing crisis, a number of states are enacting laws that require private businesses…
Tax Benefits of “Going Green”
By Jennifer Galstad-Lee, Senior Manager, Tax From electric vehicles to solar panels, “going green” can offer both environmental and financial benefits. With global conflicts and increased gas prices, now may be the time to explore reducing your carbon footprint to better the Earth and save you money. In addition, with more emphasis on environmental, social…
IRS Issues Penalty Relief for Many Taxpayers
The Internal Revenue Service recently issued a notice (IRS Notice 2022-36) that provides broad penalty relief for specified delinquent 2019 and 2020 tax returns. For U.S. taxpayers who qualify, this relief will waive and refund delinquent filing penalties for many who filed their 2019 and/or 2020 tax returns late. Notably, certain penalties for international reporting…
Getting Started with Cybersecurity Training
By Darren Hulem, CISA, CEH, Security+, Supervisor and Tom Brown, CAPM, Security +, Senior Risk Analyst TLDR: End user cybersecurity training is essential for preventing malicious actors from gaining unauthorized access to your organization’s network. Creating a risk-averse organization involves making your staff aware of best-practices for identifying common attacks, like phishing scams. At the…