-
Compliance
Assistance in the design, implementation and monitoring of Compliance programs within the framework of local and international regulations (FCPA, Corporate Criminal Responsibility Law), including course delivery.
-
ESG & Sustainability
Projects related to ESG (environmental, social and governance) and Sustainability.
-
Forensic
The services offer includes expert advice in litigation resolution and the development of procedures in legal/digital forensics and cybersecurity.
-
Human Capital solutions
Grant Thornton's Human Capital division has a team of professionals determined to accompany individuals and organizations throughout the relationship between the employee and the organization.
-
Organizational restructuring
Advice on operational restructuring to companies in difficulty, their creditors or other interested parties.
-
Services to the Government and the Public Sector
Financial audit projects and special technical and concurrent reviews of programs of national and subnational governments financed by International Credit Organizations. Special projects for government entities, public and mixed companies.
-
Valuation Services
We provide stock, business, asset, and liability valuations in support of negotiations, account structuring, and tax opportunities.
-
Transaction Advisory Services
The service offer includes financial due Diligence, operations services, business and strategic intelligence, ratings, advice on mergers and acquisitions, capital markets and debt advice.
-
Academy - Empowered by Grant Thornton Argentina & Perú
Academy is an e-learning platform that emerged as a joint initiative of Grant Thornton Argentina and Grant Thornton Perú. It is designed so that everyone can acquire new skills in accounting, auditing, taxes, technology and business through access to multiple courses and certifications.
-
External audit
We offer services of external audit of financial statements; assurance reports, agreed procedures and certifications; due-diligence and take-over of companies.
-
Audit methodology and technology
At Grant Thornton we use a single audit methodology across our global network. We apply it through an integrated set of software tools known as the Voyager suite. Meet it now.
-
Professional standards and training
Our IFRS advisors can help you navigate the complexity of the standards so you can spend your time and effort on your business.
-
Prevention of money laundering and financing of terrorism
At Grant Thornton we provide advice to our clients in the development of an Asset Laundering and Terrorist Financing Prevention strategy that allows them to prevent risks in a comprehensive manner.
-
Tax outsourcing
Taxes have a strong impact on your business decisions. At Grant Thornton we will respond quickly and tailor solutions for our clients.
-
Payroll
Put your payroll in good hands while you take your business beyond. Learn about our services.
-
Accounting, administration and finance services
To achieve the highest business benefits, you need an experienced team by your side. Learn about our services.
-
Start-up companies
Learn about our solutions to help build your business.
-
Financial statements audit
We offer services of external audit of financial statements; assurance reports, agreed procedures and certifications; due-diligence and take-over of companies.
-
FIU Independent External Reviewer - AML/CFT
We participate in the implementation of the requirements of the FIU in leading companies and our services ensure an orderly framework, optimizing the investment.
-
Internal audit
An internal audit helps identify gaps, deficiencies, and potential for inherent risk in all facets of the organization.
-
Legal audit
The monitoring of the legal area is usually a complex and difficult task for organizations, which however cannot be neglected.
-
Creation and acquisition of Financial Entities
We have the knowledge and experience in activities related to the acquisition and creation of financial entities, both locally and internationally.
-
Responsible for regulatory compliance
At Grant Thornton we offer the service of acting as "Responsible for Regulatory Compliance and Internal Control" for companies that requested registration as Settlement and Clearing Agent and Trading Agent.
-
IT Internal Audit
IT has been, and will increasingly be, a key factor for success and operational efficiency in all industries. Innovations such as the cloud and virtualization, and new threats around data security, have reinforced the importance and increased the risks associated with the use of technology for our clients.
-
Cybersecurity
As sophisticated digital manipulations become more prevalent, organizations must strengthen their defences and effectively protect themselves from threats and recognize those that are not. Organizations must act quickly to strengthen trust and resilience. A combination of enhanced security capabilities, robust controls, and employee education and awareness is critical.
-
ITGC Controls
Information Technology General Controls (ITGC) are a set of policies that ensure the effective implementation of control systems throughout an organization. ITGC audits help verify that these general controls are implemented and functioning correctly, so that risk is appropriately managed.
-
Global Mobility Services
Sending someone abroad involves liabilities and obligations. We offer interesting solutions to minimize the tax burden for both parties.
-
Direct Tax
We provide clear and practical solutions that meet your specific business needs, in the most tax-efficient way possible.
-
Indirect Tax
Grant Thornton's tax teams take a rigorous approach to help you meeting your tax obligations, whatever challenges you may face along the way.
-
International taxes – Transaction support
We offer our international experience in the field and make available the resources to plan and adequately comply with regulatory frameworks.
-
Services to private clients
Wherever you are in the world, our tax specialists can help you with your interests and investments abroad.
-
Clean energy and technology
Growing demand, development of new ways of energy and need of a sustainable future: we accompany our client in these changes and to be one step ahead.
-
Mining
Our flexible, partner-led teams are dynamic and focused on development. We take time to understand the details of the client’s business and offer unique solutions.
-
Oil and gas
Our Oil & Gas teams have the deep knowledge, wide experience and vision needed to offer our clients practical solutions adapted to their businesses.
-
Banking
Grant Thornton offers meaningful and accurate solutions for operational and transactional issues, litigation and administrative disputes in banking.
-
Private capital
We gather international teams of experts in corporate finance, restructuring and recovery, tax and insurance services to deliver customized solutions from initial investment, through development stages until the end of each project.
-
Fintech
We work to take advantage of all opportunities and manage industry risks, allowing our clients to always be one step beyond their competitors.
-
Asset management
We have specialized teams in more than 140 markets delivering solutions regarding insurance, taxes and advisory to global, international, regional, local asset managers.
-
Insurance
Thanks to our specialized team we offer accurate solutions for operational and transactional matters, litigations and administrative conflicts.
In recent years we have seen an upward trend in the mid-market's intentions to invest in technology. This may not just be about productivity or staying ahead and keeping pace with changing markets. It may also be due to a more defensive aspect: that the investment seeks to acquire or improve the company's cybersecurity to mitigate the increasingly frequent and sophisticated digital risks.
The International Business Report began in 2024 to measure the perception of digital risks as a limitation. In the first quarter, 25% of Argentine mid-market business leaders surveyed said they were concerned about cybersecurity, while 45% announced their intention to invest in technology. In the same period, globally, 50% of leaders viewed digital risks with concern and 66% planned to invest in technology.
The impact of cyber attacks
The International Monetary Fund points out that direct economic losses due to cyberattacks have quadrupled since 2017 and stand at USD 2.5 billioni. “This situation goes hand in hand with changes in the ways companies relate to their clients, suppliers, employees, etc., and it would be expected that they will increase in the future,” says Cristian Bertone, BRS – Financial Services Partner and IT Advisory leader at Grant Thornton Argentina. “The multiplication of digital channels, added to the lack of risk perception, the frictionless demands of the user and the speed of adoption of new technologies, put companies at a crossroads.”
Each successful attack not only has an economic impact but can also have legal and reputational consequences for the business. These attacks damage the company's image, the trust of clients, allies and stakeholders is lost, the business is exposed to public scrutiny and, depending on the nature of the incident, there may be regulatory repercussions detected by control bodies that lead to sanctions.
The extent of the damage will depend on the size of the data breach, how quickly and effectively the company was (or is perceived to have been) in stopping the attack, the number of parties affected, and the company's track record of previous incidents or protective measures.
Since the pandemic, cyber incidents have tripled and become more sophisticated. IT teams can no longer be solely responsible for preventing and containing threats. Organization leaders and their teams must understand the risks and find ways to avoid exposure to potential attacks.
AI and cybersecurity
In the third quarter of 2024, globally, 69% of mid-market companies plan to invest in information technology over the next 12 months. Of this percentage, 66% indicate that it will be in artificial intelligence (AI). “Given the context we are experiencing, it is important to keep an open mind and not refuse the innovation that these new tools can bring,” says Bertone.
Knowing them and monitoring their evolution is key to mitigating and preventing risks, while it can facilitate defences. For example, AI can make attacks more sophisticated while allowing control and analysis processes to be optimized. The World Economic Forum's Global Risks Report 2024ii indicates that the negative consequences of advances in AI and related technological capabilities entered the ranking of perceived risk severity in the long term (10 years), ranking 5th for both the public and private sectors.
“With our teams, we have been observing for some time the availability of software development tools that allow us to manage alarms, optimize codes, correct programming errors or translate from one code to another,” highlights Bertone. “The parameterization process of these tools is key, as is their subsequent testing, to ensure that the use of AI truly adds value and allows us to achieve the objectives that are in mind when making these investments in new tools.”
AI can also be used to develop a vulnerability management system that can take the company beyond. Grant Thornton Luxembourg, for example, developed an AI-based vulnerability management system with a diverse team of cybersecurity experts, IT engineers and business strategists. It not only flags vulnerabilities based on traditional risk metrics, but also aligns those risks with the company's business priorities, improving overall efficiency and strategic focus.
Cybersecurity in the banking industry
In Argentina, the Equipo de Respuesta ante Emergencias Informáticas Nacional (CERT.ar - National Computer Emergency Response Team) showed that in 2023 the finance sector was the biggest target of cyberattacks, accounting for 31% of the incidents recorded.
The Banco Central de la República Argentina (BCRA - Central Bank of Argentina) has been working towards Cyber Resilience for some time and has established a series of mandatory guidelines and requirements to deal with cyber incidents and limit risks.
“The BCRA Comm A7724 issued in 2023, for example, updated the mandatory requirements that financial entities in Argentina must implement for the management of information systems (IS) and information technologies (IT). It incorporated new controls and topics to consider, ensuring that all entities have effective practices for internal control and risk management of their IT/IS operating environment,” comments Fabián Bogado, Director of IT Advisory at Grant Thornton Argentina.
The BCRA has also established guidelines for response and recovery from cyber incidents (RRCI) that must be applied before, during and after the incident. “Although these are aimed at financial institutions, payment service providers that offer payment accounts and financial market infrastructures, they can be adopted by any institution or company since they are of a general nature,” Bertone points out.
What are the RRCI guidelines?
Establish a governance framework to organize and manage cyber incident response and recovery activities. Define decision-making by assigning roles and responsibilities to internal and external participants.
“Effective management requires fostering a cybersecurity culture throughout the company, with everyone knowing their role and responsibility. It is necessary to establish metrics to assess the impact, measure the efficiency of RRCI activities and report,” Bertone stresses.
Preparedness to deal with incidents plays a significant role in the effectiveness of RRCI activities. Defining policies, plans and procedures to know when and how to act will allow an orderly and successful response. A strategy, channels and communication plans must be established for coordinated and appropriate action.
“It is not just the internal infrastructure that needs to be considered, but the planning should also consider service providers. To build resilience, it is also necessary to identify the risk in third parties and assess and adopt mitigation measures where appropriate,” says Bertone.
Determine the criticality and impact of the cyber incident and investigate the root cause through forensic analysis. Knowing the taxonomy for its classification according to the type of incident, its actors, its threat vectors and its impacts will allow determining the level of prioritization and the allocation of resources to mitigate the impact, restore services and recover.
“System and device audit records are necessary for a proper forensic investigation. Furthermore, the BCRA guidelines recommend having both internal and external sources of information for a quick evaluation of the threats and causes of a cyber incident,” highlights Bertone.
Contain, isolate and eradicate. Refers to actions aimed at preventing the situation from worsening and eliminating the consequences of incidents to minimize the impact on operations and services.
“According to the type of cyber incident, different containment measures will be deployed, which can range from disconnecting or isolating part of the systems or networks, or continuing to provide the service, depending on the criticality, possible consequences or impact,” says Bertone.
In the event of a cyber incident, the affected operations, services and data must be restored to their normal state in a secure manner. The BCRA recommends that restoration activities have automated, documented and tested procedures, thus reducing the risk of human error that may arise in manual restoration. Monitoring the restoration process and validating the integrity of the assets is a convenient practice.
“The data that was compromised in the incident may have undergone some type of manipulation, so its integrity must be guaranteed. It is good practice to periodically perform restoration tests to ensure the integrity, availability and readability of the recovered data,” says Bertone.
It is key to always maintain coordination and fluid communication. Defining the language, frequency and level of detail according to the recipient of the message and proper coordination between the parties will allow the objectives to be achieved. Escalating the incident according to the criticality framework and established procedures and acting according to the action plans will provide reasonable guarantees of a correct approach to the threat.
“Reporting the incident and exchanging technical information with the Authorities about the threat, strategies and actions taken will allow the creation of a more resilient ecosystem and the recognition of new methods, both of attack and defence, which will allow the company to be better prepared in the future,” Bertone highlights.
Post-incident analysis, drills and measures and protocol validation exercises will improve RRCI activities and capabilities, implementing changes where necessary. Valuable information can be obtained before and after the incident to improve response and recovery activities and cyber risk management practices.
“The company must have a spirit of continuous improvement that allows it to learn and want to go beyond in the management of cyber incidents. Recognizing failures and staying up to date with technological advances, trends and publications from regulatory and supervisory bodies will improve resilience and strengthen procedures during the incident, minimizing consequences,” says Bertone.
How to be cyber protected
Adopting an integrated business approach and having senior management support and involvement in digital risk management offers several key benefits to organisations. Cybersecurity is no longer just a challenge for the IT team; creating a company-wide cybersecurity culture could prevent major damage, as according to Harvard Business Review, 80% of cyberattacks are due to human error.iii
The same is true when assessing and analysing digital risk: a holistic approach that includes all threats must be taken. Focusing on each of them separately is not effective and makes it difficult to protect and differentiate between threats and those that are not.
Having an ally like Grant Thornton helps you build a cybersecurity-first culture to accelerate secure growth, manage cyber risk, and respond quickly to evolving regulations. Sharing cybersecurity responsibility with experts strengthens alignment across the company and establishes cyber responsibility beyond the CISO.
-----------------
i. " Rising Cyber Threats Pose Serious Concerns for Financial Stability" - International Monetary Fund (FMI). Retrieved from imf.org.
ii. "The Global Risks Report 2024" - World Economic Forum. Retrieved from weforum.org.
iii. "Human Error Drives Most Cyber Incidents. Could AI Help?" - Harvard Business Review. Retrieved from hbr.org.