-
Business consulting services
Our business consulting services can help you improve your operational performance and productivity, adding value throughout your growth life cycle.
-
Business process solutions
We can help you identify, understand and manage potential risks to safeguard your business and comply with regulatory requirements.
-
Business risk services
The relationship between a company and its auditor has changed. Organisations must understand and manage risk and seek an appropriate balance between risk and opportunities.
-
Cybersecurity
As organisations become increasingly dependent on digital technology, the opportunities for cyber criminals continue to grow.
-
Forensic and investigation services
At Grant Thornton, we have a wealth of knowledge in forensic services and can support you with issues such as dispute resolution, fraud and insurance claims.
-
Mergers and acquisitions
Globalisation and company growth ambitions are driving an increase in M&A activity worldwide. We work with entrepreneurial businesses in the mid-market to help them assess the true commercial potential of their planned acquisition and understand how the purchase might serve their longer- term strategic goals.
-
Recovery and reorganisation
Workable solutions to maximise your value and deliver sustainable recovery
-
Transactional advisory services
We can support you throughout the transaction process – helping achieve the best possible outcome at the point of the transaction and in the longer term.
-
Valuations
We provide a wide range of services to recovery and reorganisation professionals, companies and their stakeholders.
-
IFRS
The International Financial Reporting Standards (IFRS) are a set of global accounting standards developed by the International Accounting Standards Board (IASB) for the preparation of public company financial statements. At Grant Thornton, our IFRS advisers can help you navigate the complexity of financial reporting from IFRS 1 to IFRS 17 and IAS 1 to IAS 41.
-
Audit quality monitoring
Having a robust process of quality control is one of the most effective ways to guarantee we deliver high-quality services to our clients.
-
Global audit technology
We apply our global audit methodology through an integrated set of software tools known as the Voyager suite.
-
Corporate and business tax
Our trusted teams can prepare corporate tax files and ruling requests, support you with deferrals, accounting procedures and legitimate tax benefits.
-
Direct international tax
Our teams have in-depth knowledge of the relationship between domestic and international tax laws.
-
Global mobility services
Through our global organisation of member firms, we support both companies and individuals, providing insightful solutions to minimise the tax burden for both parties.
-
Indirect international tax
Using our finely tuned local knowledge, teams from our global organisation of member firms help you understand and comply with often complex and time-consuming regulations.
-
Innovation and investment incentives
Dynamic businesses must continually innovate to maintain competitiveness, evolve and grow. Valuable tax reliefs are available to support innovative activities, irrespective of your tax profile.
-
Private client services
Our solutions include dealing with emigration and tax mitigation on the income and capital growth of overseas assets.
-
Transfer pricing
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public
-
Tax policy
Tax policies are constantly evolving and there are a number of complex changes on the horizon that could significantly affect your business.
-
Outsourcing Changes to the Outsourcing legislation, specifically when offshoringSignificant changes to the dynamic of the financial services sector in recent years have shifted the paradigms in how we work. The increased digitisation of the workforce, changes in business models, globalisation, and remote working capabilities have led to a new approach to the delivery of services.
-
Asset management Inflation and tax planningThe recent onset of rapid inflation is an unwelcome development that is having a widespread impact on US businesses and tax planning.
Three steps to better data understanding
Businesses need to get better at understanding their data, but they face many hurdles and challenges along the way. Here, we outline our recommendations to help organisations recognise the importance of their data – and ultimately achieve a more mature approach to information risk management.
1. Clarify ownership: system-wide and data-specific
Information security should be treated like an enterprise-wide, consistently applied risk management issue. This means nominating a system-wide owner – often the chief revenue officer or chief financial officer, if not a dedicated chief information security officer – as well as a ‘coalface’ owner at the operational level. It means accepting that your data is a strategic asset that should be risk-rated and incorporated into the risk register.
2. Embed information risk management ‘by design’
Having an enterprise-wide owner of information risk management also makes it easier to ensure that effective data categorisation or assessment are built into projects at the start.
Cross-functional insight
There are several parts to security by design. One is ensuring that a range of functions are involved in the ongoing assessment and policy-setting process – not just the individual data owners.
Destroy as standard
Responsible data destruction reduces the likelihood of a data breach. “You can have a policy around transactional records and sales presentations and specify how long it is to be kept around,” says one of our respondents. “Then you need to take steps to get rid of the data. Things that are kept in email folders, or things that are not under any record hold, would automatically be purged and deleted.”
Sunil Chand of Grant Thornton Canada believes that destruction should be built into any agreed handling standards around data. “Your data’s usefulness will be dictated by business need, legislation, regulation, and whether you are going through litigation,” he says. “The best approach, and it’s a simple one, is to have a data destruction policy with accompanying manual or automated controls to enforce as standard unless you still need the information or will need it in the future.”
3. Achieve more ‘human’ communication and training
Getting your employees to better appreciate the reality of cyber threats means engaging them on a human level and avoiding technical jargon and ‘geek speak’. Build IT teams that can bridge the communications gap between business users and technical tools using layman’s terms.
Ongoing training
Training plays an integral role in improving awareness and resilience among employees, especially in ensuring that people start to think about data risk as second nature. “Any hacker will tell you that the weakest point in a system is the people,” warns Grant Thornton’s Andrew Harbison. “So you need to focus on training, training, training”
Beyond ‘project fear’
The benefits of better data understanding extend far beyond effective cyber security. Companies can incentivise their employees to understand their data by pointing to the additional value that can be unlocked during the process.
In conclusion
In recognition that cyber risk is only going to become more pronounced as new technologies come on stream, most organisations accept that they need to get better at managing the threat. Cyber risk needs to be approached with an attitude of continuous improvement, and our strongly-held view is that this isn’t possible unless you also have a clear and dependable picture of the data you have.
Above all, data should be seen as a critical business asset – yet our research suggests that many organisations do not perceive it as such. They aren’t doing enough to understand what they have and how to protect it. Even when they do take steps to improve how they look after their data, they often do so with legacy tools and approaches that are not sufficient to measure, manage and put a price on non-physical risk.
And yet, a workable and effective approach is certainly within reach. First of all, organisations need to accept that their data is too big – and too important – to ignore. Beyond this, they need to be pragmatic. If you assume that someone, at some point, will find a way to hack into your systems, you will make sure that your most valuable data remains unassailable.
Ultimately this means understanding what your crown jewels are – depending on your industry, your risk profile and your business goals – and allocating specific controls. It isn’t a straightforward activity, or even a finite one, but it is an indispensable part of risk management in the digital era.