Cybersecurity remains a crucial concern for retirement plan administrators and sponsors. Ensuring the security of sensitive data and maintaining compliance with regulatory requirements is essential to protect plan participants and maintain trust. GRF hosted a 2024 Update on Retirement Plans webinar on May 16th, 2024, which outlined key cybersecurity best practices recommended by the Department…
Cybersecurity and privacy issues have become prominent ESG concerns as organizations frequently manage sensitive information concerning their beneficiaries, employees, third parties, and other stakeholders. Protecting this data from cyber threats and ensuring privacy is a crucial responsibility, as stakeholders expect organizations to have robust cybersecurity measures in place to safeguard their personal information. Failure to…
To some extent, all business functions are responsible for managing risks. However, certain departments have direct responsibilities in risk management, such as Internal Audit, Enterprise Risk Management (ERM), and Fraud Risk Management. Integrating and fostering collaboration between these functions can result in more effectively addressing risks and protecting against fraudulent activities. This is particularly critical…
Nonprofits are more reliant on technology than ever before to deliver on their mission. The integration of digital technology into all aspects of the organization, or digital transformation, provides a number of new opportunities, but it also provides the possibility for additional security issues. Not only are there more ways to be attacked than ever…
By Jay Mui, PMP, MBA | Supervisor, Risk & Advisory Services Well if you are being literal, 17th century Croatian mercenaries would use a scarf to hold together the openings at the neck of their shirts. King Louis XIII, a great employer of these mercenaries, so enjoyed and promoted this look that it soon became…
By Melissa Musser, CPA, CITP, CISA | Principal, Risk & Advisory Services For years, associations have taken a siloed approach to risk management, focusing on areas like cybersecurity. More are now widening their nets, using ERM to ensure unexpected dangers don’t derail their association. When it comes to risk management, some may think of areas…
By Melissa Musser, CPA, CITP, CISA | Risk & Advisory Services Principal Corporations and organizations have long understood the value of systematic planning for worst-case scenarios to avoid unwelcome surprises, known as enterprise risk management (ERM). ERM is a proactive, multidimensional process of identifying, assessing, cataloguing, and preparing for potential negative organizational outcomes in order…
By Darren Hulem | Network Administrator Auditor GDPR, also known as General Data Protection Regulation (EU) 2016/679, was a regulation passed by the European Union (EU) in 2016 aimed at data protection and privacy for individuals within the EU. Enforcement, which began on May 25, 2018, has the potential to affect companies outside of the…
By Mac Lillard, CPA, CFE, CITP, CISA, | Manager, Audit and Risk Advisory Services Fraud prevention is one of the most important aspects of an effective organizational risk management strategy. According to the Association of Certified Fraud Examiners (ACFE) 2018 Report to the Nations, there were 2,690 cases of occupational fraud, resulting in $7+ billion…
By their nature, tax-exempt entities are under extraordinary scrutiny. With the IRS, external auditors, donors, watchdogs and stakeholders all analyzing their finances, nonprofit organizations must implement effective internal controls that decrease the likelihood of fraud, accounting mistakes or other inappropriate accounting practices that could impact the organization’s finances and reputation. Many organizations who have established…