-
Audit approach overview
Our audit approach will allow our client's accounting personnel to make the maximum contribution to the audit effort without compromising their ongoing responsibilities
-
Annual and short period audit
At P&A Grant Thornton, we provide annual and short period financial statement audit services that go beyond the normal expectations of our clients. We believe strongly that our best work comes from combining outstanding technical expertise, knowledge and ability with exceptional client-focused service.
-
Review engagement
A review involves limited investigation with a narrower scope than an audit, and is undertaken for the purpose of providing limited assurance that the management’s representations are in accordance with identified financial reporting standards. Our professionals recognize that in order to conduct a quality financial statement review, it is important to look beyond the accounting entries to the underlying activities and operations that give rise to them.
-
Other Related Services
We make it a point to keep our clients abreast of the developments and updates relating to the growing complexities in the accounting world. We offer seminars and trainings on audit- and tax-related matters, such as updates on Accounting Standards, new pronouncements and Bureau of Internal Revenue (BIR) issuances, as well as other developments that affect our clients’ businesses.
-
Tax advisory
With our knowledge of tax laws and audit procedures, we help safeguard the substantive and procedural rights of taxpayers and prevent unwarranted assessments.
-
Tax compliance
We aim to minimize the impact of taxation, enabling you to maximize your potential savings and to expand your business.
-
Corporate services
For clients that want to do business in the Philippines, we assist in determining the appropriate and tax-efficient operating business or investment vehicle and structure to address the objectives of the investor, as well as related incorporation issues.
-
Tax education and advocacy
Our advocacy work focuses on clarifying the interpretation of laws and regulations, suggesting measures to increasingly ease tax compliance, and protecting taxpayer’s rights.
-
Business risk services
Our business risk services cover a wide range of solutions that assist you in identifying, addressing and monitoring risks in your business. Such solutions include external quality assessments of your Internal Audit activities' conformance with standards as well as evaluating its readiness for such an external assessment.
-
Business consulting services
Our business consulting services are aimed at addressing concerns in your operations, processes and systems. Using our extensive knowledge of various industries, we can take a close look at your business processes as we create solutions that can help you mitigate risks to meet your objectives, promote efficiency, and beef up controls.
-
Transaction services
Transaction advisory includes all of our services specifically directed at assisting in investment, mergers and acquisitions, and financing transactions between and among businesses, lenders and governments. Such services include, among others, due diligence reviews, project feasibility studies, financial modelling, model audits and valuation.
-
Forensic advisory
Our forensic advisory services include assessing your vulnerability to fraud and identifying fraud risk factors, and recommending practical solutions to eliminate the gaps. We also provide investigative services to detect and quantify fraud and corruption and to trace assets and data that may have been lost in a fraud event.
-
Cyber advisory
Our focus is to help you identify and manage the cyber risks you might be facing within your organization. Our team can provide detailed, actionable insight that incorporates industry best practices and standards to strengthen your cybersecurity position and help you make informed decisions.
-
ProActive Hotline
Providing support in preventing and detecting fraud by creating a safe and secure whistleblowing system to promote integrity and honesty in the organisation.
-
Accounting services
At P&A Grant Thornton, we handle accounting services for several companies from a wide range of industries. Our approach is highly flexible. You may opt to outsource all your accounting functions, or pass on to us choice activities.
-
Staff augmentation services
We offer Staff Augmentation services where our staff, under the direction and supervision of the company’s officers, perform accounting and accounting-related work.
-
Payroll Processing
Payroll processing services are provided by P&A Grant Thornton Outsourcing Inc. More and more companies are beginning to realize the benefits of outsourcing their noncore activities, and the first to be outsourced is usually the payroll function. Payroll is easy to carve out from the rest of the business since it is usually independent of the other activities or functions within the Accounting Department.
-
Our values
Grant Thornton prides itself on being a values-driven organisation and we have more than 38,500 people in over 130 countries who are passionately committed to these values.
-
Global culture
Our people tell us that our global culture is one of the biggest attractions of a career with Grant Thornton.
-
Learning & development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day. And when you are at your best, we are the best at serving our clients
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton is the opportunity to work on cross-border projects all over the world.
-
Diversity
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
In the community
Many Grant Thornton member firms provide a range of inspirational and generous services to the communities they serve.
-
Fresh Graduates
Fresh Graduates
-
Students
Whether you are starting your career as a graduate or school leaver, P&A Grant Thornton can give you a flying start. We are ambitious. Take the fact that we’re the world’s fastest-growing global accountancy organisation. For our people, that means access to a global organisation and the chance to collaborate with more than 40,000 colleagues around the world. And potentially work in different countries and experience other cultures.
-
Experienced hires
P&A Grant Thornton offers something you can't find anywhere else. This is the opportunity to develop your ideas and thinking while having your efforts recognised from day one. We value the skills and knowledge you bring to Grant Thornton as an experienced professional and look forward to supporting you as you grow you career with our organisation.
Preparation and prevention vs insider threats
17 Feb 2021Insider threats may have been looming even before the start of the Covid-19 pandemic, but the crisis further put a corporation’s security in distress.
Because of the drastic changes caused by the pandemic, the various factors that could motivate employees and other insiders to put their organization’s computer network in danger intensified. These include fear, anxiety, anger, depression and financial troubles.
Working remotely also cultivated an environment that offers malicious insiders opportunities to execute security breaches. And employee negligence can result in the unauthorized access to or sharing of information from laptops, mobile phones, cloud storage and other technologies.
Organizations must increase their vigilance and diligence to reduce insider threats during this time. These can be done by applying a proactive approach in balancing security and privacy.
The rise of insider threats
The dramatic increase in security breaches requires organizations to take a more comprehensive approach in combating insider threats. A study by the Ponemon Institute, a leading security research organization, showed that insider threats have jumped by 47 percent over the past two years. Reasons cited for this increase include the growing number of emboldened insiders who are determined to commit theft, fraud and espionage; negligent employees who unintentionally made disclosures by using weak passwords or divulging sensitive information by falling prey to phishing; and using compromised devices for work. These have been especially amplified by the work-from-home arrangements that many firms have adopted.
As the term indicates, insider threats are mostly caused by complacent employees, contractors and third parties, rather than malicious external threats. To provide some perspective, 62 percent of insider-threat incidents are caused by negligent, hasty or unaware employees; 23 percent resulted from compromise, with stolen and sold insider credentials leading to identify theft and sabotage; and 14 percent are linked to insiders with intent to commit theft, fraud or espionage.
Insider threats are aided by different tools, such as encryption, cryptocurrencies and dark web trading sites, and working remotely can significantly contribute to them.
Furthermore, when information is stored in the cloud, it can be accessed anywhere, thus making it easier for hackers to steal it. Understanding the signs that indicate insider threats can help organizations trace potential issues and prevent breaches from happening.
As digital transformation is currently trending, the internet has made it easy for cyberattackers to steal private data from organizations. Platforms such as dark websites and the onion router allow buyers and sellers to trade data online. Cybercriminals are exerting great effort to search for vulnerable insiders who are willing to give them the data they need while looking for ways to hack systems.
Human error
While we know that human behavior is the ultimate cause of insider threats, most organizations still rely on technology to detect and prevent attacks. This approach has led to organizations only reacting after an attack has occurred.
It is suggested that an organization must have a human-centric insider threat program from the beginning. Employees should be engaged through training, transparency and communication. The program must also make use of human behavior and analytics tools to determine possible human vulnerabilities and prevent a potential breach. Employee involvement should be a big part of any organization’s cybersecurity program.
Engaging employees to identify and help prevent insider threats makes them an organization’s top ally in cybersecurity. By using technology and analytics to identify and predict potential human vulnerabilities, an organization would have a more robust insider-threat program. But with all these said, it would still need to balance employee participation and behavior. This makes training, awareness, communication and assessment of privacy risk very important.
Implementing insider-threat programs
Insider threats have been established as notable cybersecurity risks that can result in heavy financial and reputational damages. To ensure consistency and compliance, organizations must carefully design insider-threat programs to cater to long-term use and sustainability.
According to Grant Thornton, the effective implementation of this program is marked by three pillars: Assess, Build and Run. Assess makes sure organizations evaluate regulatory requirements, industry standards and best practices that apply to high-value data. This includes evaluating data protection tools, solutions, risks and employee preparedness.
Under Build, organizations should implement the changes identified during Assess, and must make up of policies, procedures, governance, teams, training and tools. They must also implement and integrate technology to identify and track insider-threat indicators.
Under Run, effective programs should be managed and monitored. Among those factors monitored are employee sentiment, awareness, compliance and training, and reporting on performance and risk metrics. Programs must also be adjusted based on feedback and regular independent audits.
Overcoming the challenges of remote working
Of course, there will be challenges in implementing an insider-threat program amid the pandemic, given that many employees still work from home. Trying to maintain a secure online work environment is already difficult, and introducing such a program may even be more so. But one must remember that with employees working remotely using laptops, mobile devices and independent internet connections, the risk of security breaches increases.
As dated cybersecurity methods involving traditional firewalls are becoming obsolete, it becomes necessary for organizations to take the initiative in addressing insider threats where the line between trust and human behaviors are ever changing. Investing in cybersecurity at this time will reap great benefits as cybercriminals are still looking out for vulnerable links. Prioritizing cybersecurity is undoubtedly one of the decisions that would make or break any organization’s future.
Mark Bajar is the lead consultant of the Advisory Services Division of P&A Grant Thornton. P&A Grant Thornton is one of the leading audit, tax, advisory, and outsourcing firms in the Philippines with 22 partners and more than 900 staff members. We’d like to hear from you! Tweet us with @GrantThorntonPH; like us on Facebook at P&A Grant Thornton; and email your comments to pagrantthornton@ph.gt.com. For more information, visit www.grantthornton.com.ph.
As published in The Manila Times, dated 17 February 2021