-
Audit approach overview
Our audit approach will allow our client's accounting personnel to make the maximum contribution to the audit effort without compromising their ongoing responsibilities
-
Annual and short period audit
At P&A Grant Thornton, we provide annual and short period financial statement audit services that go beyond the normal expectations of our clients. We believe strongly that our best work comes from combining outstanding technical expertise, knowledge and ability with exceptional client-focused service.
-
Review engagement
A review involves limited investigation with a narrower scope than an audit, and is undertaken for the purpose of providing limited assurance that the management’s representations are in accordance with identified financial reporting standards. Our professionals recognize that in order to conduct a quality financial statement review, it is important to look beyond the accounting entries to the underlying activities and operations that give rise to them.
-
Other Related Services
We make it a point to keep our clients abreast of the developments and updates relating to the growing complexities in the accounting world. We offer seminars and trainings on audit- and tax-related matters, such as updates on Accounting Standards, new pronouncements and Bureau of Internal Revenue (BIR) issuances, as well as other developments that affect our clients’ businesses.
-
Tax advisory
With our knowledge of tax laws and audit procedures, we help safeguard the substantive and procedural rights of taxpayers and prevent unwarranted assessments.
-
Tax compliance
We aim to minimize the impact of taxation, enabling you to maximize your potential savings and to expand your business.
-
Corporate services
For clients that want to do business in the Philippines, we assist in determining the appropriate and tax-efficient operating business or investment vehicle and structure to address the objectives of the investor, as well as related incorporation issues.
-
Tax education and advocacy
Our advocacy work focuses on clarifying the interpretation of laws and regulations, suggesting measures to increasingly ease tax compliance, and protecting taxpayer’s rights.
-
Business risk services
Our business risk services cover a wide range of solutions that assist you in identifying, addressing and monitoring risks in your business. Such solutions include external quality assessments of your Internal Audit activities' conformance with standards as well as evaluating its readiness for such an external assessment.
-
Business consulting services
Our business consulting services are aimed at addressing concerns in your operations, processes and systems. Using our extensive knowledge of various industries, we can take a close look at your business processes as we create solutions that can help you mitigate risks to meet your objectives, promote efficiency, and beef up controls.
-
Transaction services
Transaction advisory includes all of our services specifically directed at assisting in investment, mergers and acquisitions, and financing transactions between and among businesses, lenders and governments. Such services include, among others, due diligence reviews, project feasibility studies, financial modelling, model audits and valuation.
-
Forensic advisory
Our forensic advisory services include assessing your vulnerability to fraud and identifying fraud risk factors, and recommending practical solutions to eliminate the gaps. We also provide investigative services to detect and quantify fraud and corruption and to trace assets and data that may have been lost in a fraud event.
-
Cyber advisory
Our focus is to help you identify and manage the cyber risks you might be facing within your organization. Our team can provide detailed, actionable insight that incorporates industry best practices and standards to strengthen your cybersecurity position and help you make informed decisions.
-
ProActive Hotline
Providing support in preventing and detecting fraud by creating a safe and secure whistleblowing system to promote integrity and honesty in the organisation.
-
Accounting services
At P&A Grant Thornton, we handle accounting services for several companies from a wide range of industries. Our approach is highly flexible. You may opt to outsource all your accounting functions, or pass on to us choice activities.
-
Staff augmentation services
We offer Staff Augmentation services where our staff, under the direction and supervision of the company’s officers, perform accounting and accounting-related work.
-
Payroll Processing
Payroll processing services are provided by P&A Grant Thornton Outsourcing Inc. More and more companies are beginning to realize the benefits of outsourcing their noncore activities, and the first to be outsourced is usually the payroll function. Payroll is easy to carve out from the rest of the business since it is usually independent of the other activities or functions within the Accounting Department.
-
Our values
Grant Thornton prides itself on being a values-driven organisation and we have more than 38,500 people in over 130 countries who are passionately committed to these values.
-
Global culture
Our people tell us that our global culture is one of the biggest attractions of a career with Grant Thornton.
-
Learning & development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day. And when you are at your best, we are the best at serving our clients
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton is the opportunity to work on cross-border projects all over the world.
-
Diversity
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
In the community
Many Grant Thornton member firms provide a range of inspirational and generous services to the communities they serve.
-
Behind the Numbers: People of P&A Grant Thornton
Discover the inspiring stories of the individuals who make up our vibrant community. From seasoned veterans to fresh faces, the Purple Tribe is a diverse team united by a shared passion.
-
Fresh Graduates
Fresh Graduates
-
Students
Whether you are starting your career as a graduate or school leaver, P&A Grant Thornton can give you a flying start. We are ambitious. Take the fact that we’re the world’s fastest-growing global accountancy organisation. For our people, that means access to a global organisation and the chance to collaborate with more than 40,000 colleagues around the world. And potentially work in different countries and experience other cultures.
-
Experienced hires
P&A Grant Thornton offers something you can't find anywhere else. This is the opportunity to develop your ideas and thinking while having your efforts recognised from day one. We value the skills and knowledge you bring to Grant Thornton as an experienced professional and look forward to supporting you as you grow you career with our organisation.
In the aftermath of a cybercrisis
13 Feb 2019(Last part)
It started without warning when the malware hit Prix Healthcare Inc.’s servers. The new strain infected the company’s systems like silent wildfire, burning through the cyber kill chain unabated. The hacker advanced easily from each step on the kill chain; he harvested enough email addresses during his reconnaissance to know all about Mark’s secret affair with a staff member, that he enjoyed a high-speed virtual private network connection to the office’s network, and that Mark maintains several personal email addresses. He weaponized his exploit of choice into an unassuming PDF (portable document format) file, and delivered the payload as an email masquerading as a legitimate corporate travel agent. A typical customized whale-phishing email attack will do the trick, the hacker’s eyes gleamed, easy peasy. The code executed after exploiting a known vulnerability, and then the malware installed on the server—the asset, lighting up his target. He knew no one in Prix had the foresight, skill, and time to hunt for abnormal outbound network activities or packets that the now-infected system will be sending to call home—and engage the next step in the chain, command and control.
During that short session, a connection was established with the infected machine and the hacker swiftly keyed in and executed a multitude of other commands through his remote command and control channel. Using the compromised machine, the attacker initiated a wave of spam emails to Prix’s clients and hijacked ongoing email conversations and existing threads of insurance agents and high-value targets—Prix’s top brass. Mimicking their tone, ensuring the people in the conversation believe they are interacting with the Prix employee they trust, the hacker sent documents where he embedded his signature trojan payload. The malware was designed to let the attacker gain access to the victim’s medical records and clear out or change details. The versatile attacker went on installing a phishing website and launched attacks against other servers. His intentions were to widely distribute the malware—his pride and joy—in the shortest time possible; and, eventually, undermine the public’s trust in the health care system to cause panic—his original goal.
The staggering amount of phishing emails sent to Prix’s health insurance clients across the nation clogged their bandwidth and rendered communications down to a trickle. Key services started to shut down. By the time Mark ordered to take their IT system offline to contain the damage, the malware had already spread to private individuals, health clinics, hospitals, government health centers, and numerous businesses covered by their SME healthcare products.
“Are you still there? I’m listening,” Mark said as he watched his wristwatch strike midnight. “Activate your CERT if you have one, but I know you don’t, so who am I kidding—call this number and drop my name, they have a team of experienced cybersecurity incident advisors and a battery of other experts who can help you respond, issue a public statement, and hopefully recover… unfortunately, it doesn’t end there, Mark.”
He resigned himself to the gravity of the facts, laid bare by his friend, that all plans for his company would have to wait, its future now was thrown into question. To resolve the matter, as told bluntly by his friend, Prix Healthcare will have to deal with compliance fines and court fees and undergo a computer forensic and investigation process.
Mark has to brace for any blowback from the public and endure reputational losses that will likely last a long time; not to mention the possible imposition of regulatory commitments, spending revenues on identity theft prevention services for his clients, taking on an incident response retainer that would be tasked to conduct regular compromise assessments, and availing of a cyber-liability insurance product to cover for potential data breaches. With the likely turnover of clients, he will be spending more on client acquisition activities in the short term to keep his company running. For Prix, the future looked bleak. Mark did not foresee that a cyber-incident can cause a disruption of this scale.
This is a work of fiction. Names, characters, businesses, places, events, locales, and incidents are either the product of the author’s imagination or used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental.
The author wants to show a precautionary tale of the near future, where cyberattacks continue to dominate the news and hackers win the cyberbattle, yet again, in a highly interconnected digital market. While the government finds diplomatic ways to impose its regulatory might, small businesses struggle to cope in a regulated marketplace with steep protection rules, where the overall cost of compliance schemes represent an additional barrier to market entry. And the need to focus on the human element and how it plays a crucial role in security. The biases and the impact of decisions that shape the course of our businesses, its competitiveness and impact on society.
Paul Gonzales is a Director of the Advisory Services Division of P&A Grant Thornton. P&A Grant Thornton is one of the leading Audit, Tax, Advisory, and Outsourcing firms in the Philippines, with 21 Partners and over 900 staff members.
As published in The Manila Times, dated on 13 February 2019