Category: Risk & Advisory

Expense reporting platforms have simplified the review and approval processes, making it easier to submit documentation for payment. However, this convenience can also lead to less stringent review of submitted documents and opportunities for changing electronic receipts. As a result, organizations need to implement best practices to reduce the risk associated with these reporting systems….

Read more ›

By Melissa Musser, Partner and Director GRF Risk & Advisory Services, President of the IIA Washington DC Chapter. Do you know if an employee is stealing from your company?  Quite often, the first hint of a problem comes from an insider tip. Having a comprehensive whistleblower program in place is a powerful early warning mechanism…

Read more ›

Developing and maintaining a third party risk management (TPRM) program can help to reduce the overall risk to your organization. What is TPRM?  In short, it is the process of analyzing and mitigating risks associated with working relationships with outside entities. These parties can include everyone from contractors providing janitorial services to suppliers of a…

Read more ›

Cybersecurity is always changing and evolving as threats grow. Here are ideas that you can start on today that will help reduce your risk and improve your cybersecurity posture: 1. Require Multi-Factor Authentication Having multi-factor authentication (MFA) is essential for granting access to confidential data. It helps to reduce the risk of credential loss and…

Read more ›

The 4th Annual GRF /NC State ERM Workshop for Nonprofits was held on February 23 and 24, 2023. Nonprofit executives and board members from across the U.S. came together to share their experiences and discuss strategies and tactics for strengthening enterprise risk management at tax-exempt organizations. Melissa Musser, Partner and Director of GRF’s Risk Advisory…

Read more ›

TLDR: End user cybersecurity training is essential for preventing malicious actors from gaining unauthorized access to your organization’s network. Creating a risk-averse organization involves making your staff aware of best-practices for identifying common attacks, like phishing scams. At the end of this article, you will find a cyber hygiene template and risk checklists for privacy,…

Read more ›

By Kristen Ocampo, CPA, Senior Internal Auditor Travel & Expense (T&E) reimbursement fraud can have a significant impact on your organization. The Association of Certified Fraud Examiners’ 2022 Report to the Nations found the average loss from an expense reimbursement scheme was $152,000. The report, which is based on a worldwide survey of Certified Fraud…

Read more ›

By Darren Hulem, CISA, CEH, Security+, Supervisor, IT and Risk & Advisory Services As cyberattacks grow in frequency and complexity, organizations are asking, “Is Cyber Insurance worth it?” The short answer is “Absolutely!” Before contacting an insurance company, we recommend some research and due diligence to position your organization for reasonable rates. Coverages can vary…

Read more ›

Enterprise risk management is becoming more common in the not-for-profit sector, but recent research finds that risk management practices are not keeping pace with the increased complexity of risks for nonprofits. On July 12, 2022, the Enterprise Risk Management (ERM) Initiative at NC State University published the 13th edition of its annual State of Risk…

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Your organization’s reputation can be influenced by a variety of factors including brand image, online reviews, social media presence, customer experience, and more. Each of these elements factors into the overall image of the organization. When it comes to your internet reputation, important elements are different…

Read more ›