-
Audit approach overview
Our audit approach will allow our client's accounting personnel to make the maximum contribution to the audit effort without compromising their ongoing responsibilities
-
Annual and short period audit
At P&A Grant Thornton, we provide annual and short period financial statement audit services that go beyond the normal expectations of our clients. We believe strongly that our best work comes from combining outstanding technical expertise, knowledge and ability with exceptional client-focused service.
-
Review engagement
A review involves limited investigation with a narrower scope than an audit, and is undertaken for the purpose of providing limited assurance that the management’s representations are in accordance with identified financial reporting standards. Our professionals recognize that in order to conduct a quality financial statement review, it is important to look beyond the accounting entries to the underlying activities and operations that give rise to them.
-
Other Related Services
We make it a point to keep our clients abreast of the developments and updates relating to the growing complexities in the accounting world. We offer seminars and trainings on audit- and tax-related matters, such as updates on Accounting Standards, new pronouncements and Bureau of Internal Revenue (BIR) issuances, as well as other developments that affect our clients’ businesses.
-
Tax advisory
With our knowledge of tax laws and audit procedures, we help safeguard the substantive and procedural rights of taxpayers and prevent unwarranted assessments.
-
Tax compliance
We aim to minimize the impact of taxation, enabling you to maximize your potential savings and to expand your business.
-
Corporate services
For clients that want to do business in the Philippines, we assist in determining the appropriate and tax-efficient operating business or investment vehicle and structure to address the objectives of the investor, as well as related incorporation issues.
-
Tax education and advocacy
Our advocacy work focuses on clarifying the interpretation of laws and regulations, suggesting measures to increasingly ease tax compliance, and protecting taxpayer’s rights.
-
Business risk services
Our business risk services cover a wide range of solutions that assist you in identifying, addressing and monitoring risks in your business. Such solutions include external quality assessments of your Internal Audit activities' conformance with standards as well as evaluating its readiness for such an external assessment.
-
Business consulting services
Our business consulting services are aimed at addressing concerns in your operations, processes and systems. Using our extensive knowledge of various industries, we can take a close look at your business processes as we create solutions that can help you mitigate risks to meet your objectives, promote efficiency, and beef up controls.
-
Transaction services
Transaction advisory includes all of our services specifically directed at assisting in investment, mergers and acquisitions, and financing transactions between and among businesses, lenders and governments. Such services include, among others, due diligence reviews, project feasibility studies, financial modelling, model audits and valuation.
-
Forensic advisory
Our forensic advisory services include assessing your vulnerability to fraud and identifying fraud risk factors, and recommending practical solutions to eliminate the gaps. We also provide investigative services to detect and quantify fraud and corruption and to trace assets and data that may have been lost in a fraud event.
-
Cyber advisory
Our focus is to help you identify and manage the cyber risks you might be facing within your organization. Our team can provide detailed, actionable insight that incorporates industry best practices and standards to strengthen your cybersecurity position and help you make informed decisions.
-
ProActive Hotline
Providing support in preventing and detecting fraud by creating a safe and secure whistleblowing system to promote integrity and honesty in the organisation.
-
Accounting services
At P&A Grant Thornton, we handle accounting services for several companies from a wide range of industries. Our approach is highly flexible. You may opt to outsource all your accounting functions, or pass on to us choice activities.
-
Staff augmentation services
We offer Staff Augmentation services where our staff, under the direction and supervision of the company’s officers, perform accounting and accounting-related work.
-
Payroll Processing
Payroll processing services are provided by P&A Grant Thornton Outsourcing Inc. More and more companies are beginning to realize the benefits of outsourcing their noncore activities, and the first to be outsourced is usually the payroll function. Payroll is easy to carve out from the rest of the business since it is usually independent of the other activities or functions within the Accounting Department.
-
Our values
Grant Thornton prides itself on being a values-driven organisation and we have more than 38,500 people in over 130 countries who are passionately committed to these values.
-
Global culture
Our people tell us that our global culture is one of the biggest attractions of a career with Grant Thornton.
-
Learning & development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day. And when you are at your best, we are the best at serving our clients
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton is the opportunity to work on cross-border projects all over the world.
-
Diversity
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
In the community
Many Grant Thornton member firms provide a range of inspirational and generous services to the communities they serve.
-
Behind the Numbers: People of P&A Grant Thornton
Discover the inspiring stories of the individuals who make up our vibrant community. From seasoned veterans to fresh faces, the Purple Tribe is a diverse team united by a shared passion.
-
Fresh Graduates
Fresh Graduates
-
Students
Whether you are starting your career as a graduate or school leaver, P&A Grant Thornton can give you a flying start. We are ambitious. Take the fact that we’re the world’s fastest-growing global accountancy organisation. For our people, that means access to a global organisation and the chance to collaborate with more than 40,000 colleagues around the world. And potentially work in different countries and experience other cultures.
-
Experienced hires
P&A Grant Thornton offers something you can't find anywhere else. This is the opportunity to develop your ideas and thinking while having your efforts recognised from day one. We value the skills and knowledge you bring to Grant Thornton as an experienced professional and look forward to supporting you as you grow you career with our organisation.
Breach, breach, brace for impact!
07 Mar 2018(Last of 2 parts)
What businesses need to do in a personal data breach
In our story last week, Lui and other Bank X Platinum cardholders have all become victims of a confidentiality breach that led to their being billed for substantial purchases they did not make. As this incident involves the stealing of personal data that caused financial harm, Bank X must notify the victims and the National Privacy Commission (NPC) of the breach.
Bank X is required to inform, in written or electronic form, the NPC within 72 hours from the time it has known, or reasonably believed that the personal data breach has occurred, based on available information. While the NPC does not expect Bank X to know the full extent of the breach at the time of initial notification, Bank X’s notification must at least address questions about the nature, extent, and impact of the breach, the personal data possibly affected, steps taken by Bank X to address the breach, contact details of the person designated by Bank X to provide additional information about the breach, and any assistance provided to Lui and other victims.
Subsequent to the initial notification to the NPC, Bank X needs to fully investigate the personal data breach. At the end of the fact-finding and full investigation, Bank X must submit to the NPC a detailed written report on the circumstances surrounding the personal data breach (including the systems involved and their vulnerabilities that allowed the breach), the effects of the breach, and the remedial actions taken by Bank X.
Affected data are personal data, but there is no real risk of serious harm.
Now what?
Three key factors must be present in a security incident for notification to the NPC (and affected owners of personal data, also known as data subjects) to become mandatory:
• the incident involves sensitive personal information, or any information that may be used to commit identity fraud;
• information may have been acquired by an unauthorized person or group; and
• the incident is likely to cause risk of serious harm to owners of the personal information involved.
What if, in our hypothetical scenario, Bank X’s technology security controls were able to detect and immediately block the hacking activity, such that only the records of Lui and other cardholders’ first name, marital status, age, and hair color information had been stolen?
Now, picture a person with these features: woman, single, 30-something, black-haired, named Lui. Is this our Lui? Maybe, or maybe not.
Although Lui’s gender (woman), marital status (single), and age (30+) are sensitive personal information that should be kept confidential, stealing such information does not automatically result in mandatory notification of the incident to the NPC and affected data subjects. For security incidents involving personal data that are collectively not enough to ascertain the identity of the owner, identity fraud is least likely to happen and the data owner would most likely remain unharmed. However, the initial assessment of the breach’s likelihood to cause harm must be carefully performed, since the need for mandatory notification depends upon it.
For this scenario, Bank X does not need to notify the NPC and the affected data subjects of the breach; however, it may prepare a written report showing aggregated data about the security incident and still comply with what NPC considers sufficient documentation. At the end of the year, Bank X needs to include the incident in an annual report to the NPC. The deadline for the annual security incident report this year is March 31, 2018, even for a personal information controller (PIC) that is exempt from Phase II registration with the NPC. Annual security incident reports should include both successful and unsuccessful security incidents.
Final push for first-time DPA compliance
As owners of personal data, we are not burdened with the requirements of the Data Privacy Act of 2012 (DPA) and its implementing rules and regulations (IRR).
Yet we are not entirely disinterested — the DPA was put into law for our benefit.
By the end of March 2018, Phase II of the registration process and the filing of the first annual security incident report will have been completed. As a final push for the remaining month, let us enjoin our companies to assess the applicability of these two remaining requirements.
As for Lui, if Bank X is able to address the breach management requirements by implementing satisfactory measures to foil another cyberattack, then she may yet find more time to shop with renewed confidence.
Mark Basa is a Managing Consultant, Advisory Services of P&A Grant Thornton. P&A Grant Thornton is one of the leading Audit, Tax, Advisory, and Outsourcing firms in the Philippines, with 21 Partners and over 850 staff members. We’d like to hear from you! Tweet us: @PAGrantThornton, like us on Facebook: P&A Grant Thornton, and email your comments to mark.basa @ph.gt.com or pagrantthornton.marketscomm@ph.gt.com. For more information, visit our Website: www.grantthornton.com.ph.
As published in The Manila Times, dated on 07 March 2018