-
Annual and short period audit
We perform audit engagements in accordance with the Philippine Standards on Auditing (PSA), as required by required by national legislation or other regulations of agencies such as the Bureau of Internal Revenue (BIR), Securities and Exchange Commission (SEC), Bangko Sentral ng Pilipinas (BSP), Insurance Commission (IC), Cooperative Development Authority (CDA), etc.
-
Review engagement
We provide a limited or moderate level of assurance that financial statements are free from material misstatements, in accordance with the Philippine Standard on Review Engagements (PSRE).
-
Financial statements compilation
We help in the preparation of financial statements of clients in accordance with Philippine Standard on Related Services (PSRS) 4410.
-
Security offerings services
We provide assurance services for our clients’ debt and equity security offerings. These include audits or reviews of financial statements, examination of prospectuses, and issuance of comfort letters as required.
-
Agreed-upon procedures
We perform agreed-upon procedures in accordance with applicable professional standards, delivering factual findings reports tailored to the specific needs of our clients and relevant third parties. Our services include asset and inventory count observations, financial statement translations, and assistance with regulatory applications such as capital stock increases and debt-to-equity conversions.
-
Other related services
We help our clients stay ahead of the evolving complexities in the accounting landscape. Our offerings include training programs, transition and implementation planning, and impact assessments related to newly adopted accounting standards, such as Philippine Financial Reporting Standards (PFRS Accounting Standards) and other relevant frameworks.
-
Tax advisory
With our knowledge of tax laws and regulations, we help safeguard the substantive and procedural rights of taxpayers and prevent unwarranted assessments.
-
Tax compliance
We aim to minimise the impact of taxation, enabling you to maximise your potential savings and to expand your business.
-
Transfer pricing
We provide comprehensive Transfer Pricing (TP) solutions suited to the needs of the client.
-
Corporate services
For clients who want to do business in the Philippines, we help set up the business and assist in determining the appropriate and tax-efficient operating business or investment vehicle.
-
Tax education and advocacy
We offer seminars and trainings on tax-related developments and special issues of interest to taxpayers.
-
Business risk services
Our business risk services cover a wide range of solutions that assist you in identifying, addressing and monitoring risks in your business. Such solutions include external quality assessments of your Internal Audit activities' conformance with standards as well as evaluating its readiness for such an external assessment.
-
Business consulting services
Our business consulting services are aimed at addressing concerns in your operations, processes and systems. Using our extensive knowledge of various industries, we can take a close look at your business processes as we create solutions that can help you mitigate risks to meet your objectives, promote efficiency, and beef up controls.
-
Transaction services
Transaction advisory includes all of our services specifically directed at assisting in investment, mergers and acquisitions, and financing transactions between and among businesses, lenders and governments. Such services include, among others, due diligence reviews, project feasibility studies, financial modelling, model audits and valuation.
-
Forensic advisory
Our forensic advisory services include assessing your vulnerability to fraud and identifying fraud risk factors, and recommending practical solutions to eliminate the gaps. We also provide investigative services to detect and quantify fraud and corruption and to trace assets and data that may have been lost in a fraud event.
-
Cyber advisory
Our focus is to help you identify and manage the cyber risks you might be facing within your organization. Our team can provide detailed, actionable insight that incorporates industry best practices and standards to strengthen your cybersecurity position and help you make informed decisions.
-
ProActive Hotline
Providing support in preventing and detecting fraud by creating a safe and secure whistleblowing system to promote integrity and honesty in the organisation.
-
Sustainability
At P&A Grant Thornton sustainability is at the core of our mission. We are committed to fostering a healthier planet through innovative practices that reduce our environmental footprint, promote social responsibility, and ensure economic viability for future generations.
-
Accounting Services
At P&A Grant Thornton, we handle accounting services for several companies from a wide range of industries. Our approach is highly flexible. You may opt to outsource all your accounting functions, or pass on to us choice activities.
-
Payroll Services
We streamline payroll operations with secure, technology-driven solutions that enhance accuracy, ensure compliance, and free organisations to focus on strategic priorities.
-
Human Capital Outsourcing Services
We deliver highly trainable and experienced accounting professionals matched to client requirements, covering center and attrition management, and special projects.
-
Our values
Grant Thornton prides itself on being a values-driven organisation and we have more than 38,500 people in over 130 countries who are passionately committed to these values.
-
Global culture
Our people tell us that our global culture is one of the biggest attractions of a career with Grant Thornton.
-
Learning & development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day. And when you are at your best, we are the best at serving our clients
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton is the opportunity to work on cross-border projects all over the world.
-
Diversity
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
In the community
Many Grant Thornton member firms provide a range of inspirational and generous services to the communities they serve.
-
Behind the Numbers: People of P&A Grant Thornton
Discover the inspiring stories of the individuals who make up our vibrant community. From seasoned veterans to fresh faces, the Purple Tribe is a diverse team united by a shared passion.
-
Fresh Graduates
Fresh Graduates
-
Students
Whether you are starting your career as a graduate or school leaver, P&A Grant Thornton can give you a flying start. We are ambitious. Take the fact that we’re the world’s fastest-growing global accountancy organisation. For our people, that means access to a global organisation and the chance to collaborate with more than 40,000 colleagues around the world. And potentially work in different countries and experience other cultures.
-
Experienced hires
P&A Grant Thornton offers something you can't find anywhere else. This is the opportunity to develop your ideas and thinking while having your efforts recognised from day one. We value the skills and knowledge you bring to Grant Thornton as an experienced professional and look forward to supporting you as you grow you career with our organisation.
In the aftermath of a cybercrisis
13 Feb 2019(Last part)
It started without warning when the malware hit Prix Healthcare Inc.’s servers. The new strain infected the company’s systems like silent wildfire, burning through the cyber kill chain unabated. The hacker advanced easily from each step on the kill chain; he harvested enough email addresses during his reconnaissance to know all about Mark’s secret affair with a staff member, that he enjoyed a high-speed virtual private network connection to the office’s network, and that Mark maintains several personal email addresses. He weaponized his exploit of choice into an unassuming PDF (portable document format) file, and delivered the payload as an email masquerading as a legitimate corporate travel agent. A typical customized whale-phishing email attack will do the trick, the hacker’s eyes gleamed, easy peasy. The code executed after exploiting a known vulnerability, and then the malware installed on the server—the asset, lighting up his target. He knew no one in Prix had the foresight, skill, and time to hunt for abnormal outbound network activities or packets that the now-infected system will be sending to call home—and engage the next step in the chain, command and control.
During that short session, a connection was established with the infected machine and the hacker swiftly keyed in and executed a multitude of other commands through his remote command and control channel. Using the compromised machine, the attacker initiated a wave of spam emails to Prix’s clients and hijacked ongoing email conversations and existing threads of insurance agents and high-value targets—Prix’s top brass. Mimicking their tone, ensuring the people in the conversation believe they are interacting with the Prix employee they trust, the hacker sent documents where he embedded his signature trojan payload. The malware was designed to let the attacker gain access to the victim’s medical records and clear out or change details. The versatile attacker went on installing a phishing website and launched attacks against other servers. His intentions were to widely distribute the malware—his pride and joy—in the shortest time possible; and, eventually, undermine the public’s trust in the health care system to cause panic—his original goal.
The staggering amount of phishing emails sent to Prix’s health insurance clients across the nation clogged their bandwidth and rendered communications down to a trickle. Key services started to shut down. By the time Mark ordered to take their IT system offline to contain the damage, the malware had already spread to private individuals, health clinics, hospitals, government health centers, and numerous businesses covered by their SME healthcare products.
“Are you still there? I’m listening,” Mark said as he watched his wristwatch strike midnight. “Activate your CERT if you have one, but I know you don’t, so who am I kidding—call this number and drop my name, they have a team of experienced cybersecurity incident advisors and a battery of other experts who can help you respond, issue a public statement, and hopefully recover… unfortunately, it doesn’t end there, Mark.”
He resigned himself to the gravity of the facts, laid bare by his friend, that all plans for his company would have to wait, its future now was thrown into question. To resolve the matter, as told bluntly by his friend, Prix Healthcare will have to deal with compliance fines and court fees and undergo a computer forensic and investigation process.
Mark has to brace for any blowback from the public and endure reputational losses that will likely last a long time; not to mention the possible imposition of regulatory commitments, spending revenues on identity theft prevention services for his clients, taking on an incident response retainer that would be tasked to conduct regular compromise assessments, and availing of a cyber-liability insurance product to cover for potential data breaches. With the likely turnover of clients, he will be spending more on client acquisition activities in the short term to keep his company running. For Prix, the future looked bleak. Mark did not foresee that a cyber-incident can cause a disruption of this scale.
This is a work of fiction. Names, characters, businesses, places, events, locales, and incidents are either the product of the author’s imagination or used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental.
The author wants to show a precautionary tale of the near future, where cyberattacks continue to dominate the news and hackers win the cyberbattle, yet again, in a highly interconnected digital market. While the government finds diplomatic ways to impose its regulatory might, small businesses struggle to cope in a regulated marketplace with steep protection rules, where the overall cost of compliance schemes represent an additional barrier to market entry. And the need to focus on the human element and how it plays a crucial role in security. The biases and the impact of decisions that shape the course of our businesses, its competitiveness and impact on society.
Paul Gonzales is a Director of the Advisory Services Division of P&A Grant Thornton. P&A Grant Thornton is one of the leading Audit, Tax, Advisory, and Outsourcing firms in the Philippines, with 21 Partners and over 900 staff members.
As published in The Manila Times, dated on 13 February 2019