-
Financial administration
An accurate financial administration provides you with the information you need to take the right decisions. The big advantage of a digital financial administration is that it provides insight into your most important financial processes at any time, whether this is the invoices, salary payments or bank changes.
-
Financial insight
You want to take the right decisions, based on trustworthy and clear management information. You want to have access to all your financial data, 24/7, in order to determine your position and be able to adjust where necessary.
-
Global compliance partnering
Outsourced compliance services comprises the total financial compliance of your business, in accounting, financial reporting, payroll, legal and various tax reporting obligations. We can make sure you don’t have to worry.
-
Business risk services
Minimize risk, maximize predictability, and execution Good insights help you look further ahead and adapt faster. Whether you require outsourced or co-procured internal audit services and expertise to address a specific technology, cyber or regulatory challenge, we provide a turnkey and reliable solution.
-
Corporate finance
Finding a suitable match at the most optimum terms. That, in a nutshell, aptly describes the objective of mergers and acquisitions. To most businesses mergers or acquisitions are not standard daily practice. It is, however, for the professionals at Grant Thornton! Seeking their services will add value instantly.
-
Cyber risk services
What should I be doing first if my data has been kidnapped? Have I taken the right precautions for protecting my data or am I putting too much effort into just one of the risks? And how do I quickly detect intruders on my network? Good questions! We help you to answer these questions.
-
Impact House
Building sustainability and social impact. That sounds good. But how do you go about it in the complex world of stakeholders, regulations and frameworks and changing demands from clients and society? How do you deal with important issues such as climate change and biodiversity loss?
-
Transaction services
What will the net proceeds be after the sale? How do I optimise the selling price of my business or the price of one of my business activities? How do I capitalise on synergies following an acquisition? Am I not offering too much? These are all good questions when you’re buying or selling a business. It’s a transaction that concerns significant amounts, impacts your future, and therefore must be executed properly. We provide a solid foundation for your decisions.
-
Valuation, investigation & dispute services
Do you require a fact finding investigation to help assess irregularities? Is it necessary to ascertain facts for litigation purposes?
-
Auditing of annual accounts
You are answerable to others, such as shareholders and other stakeholders, with regard to your financial affairs. Financial information must therefore be reliable. What is more, you want to know how far you are progressing towards achieving your goals and what risks may apply.
-
IFRS services
Financial reporting in accordance with IFRS is a complex matter. Nowadays, an increasing number of international companies are becoming aware of the rules. But how do you apply them in practice?
-
ISAE & SOC Reporting
Our ISAE & SOC Reporting services provide independent and objective reports on the design, implementation and operational effectiveness of controls at service organizations.
-
Pre-audit services
Pre-audit services is all about making the company’s entire financial administration ready for checking before the external accountant begins his/her audit of the annual accounts.
-
SOx law implementation
The SOx legislation dictates that management is structurally accountable for reporting on the internal control relevant to the financial statements.
-
International corporate tax
The Netherlands’ tax regime is highly dynamic. Rules and the administrative courts raise new challenges in fiscal considerations on a nearly daily basis, both nationally and internationally.
-
VAT advice
VAT is an exceptionally thorny issue, especially in major national and international activities. Filing cross-border returns, registering or making payments requires specialised knowledge. It is crucial to keep that knowledge up-to-date in order to respond to the dynamics of national and international legislation and regulation.
-
Customs
Importing/exporting goods to or from the European Union involves navigating complicated customs formalities. Failure to comply with these requirements usually results in delays. In addition, an excessively high rate of taxation or customs valuation for imports can cost you money.
-
HR services
Do your employees determine the success and growth of your organisation? And are you in need of specialists which you can ask your Human Resources (HR) related questions? Human Resources (HR) related questions? Our HR specialists will assist you in the areas of personnel and payroll administration, labour law and taxation relating to your personnel. We provide you with high-quality personnel and payroll administration, good HR guidance and the right (international) advice as standard. All this, of course, with a focus on the human dimension.
-
Innovation & grants
Anyone who runs their own business sets themselves apart from the rest. Anyone who dares stick their neck out distinguishes themselves even more. That can be rather lucrative.
-
Tax technology
Driven by tax technology, we help you with your (most important) tax risks. Identify and manage your risks and become in control!
-
Transfer pricing
The increased attention for transfer pricing places greater demands on the internal organisation and on reporting.
-
Sustainable tax
In this rapidly changing world, it is increasingly important to consider environmental impact (in accordance with ESG), instead of limiting considerations to financial incentives. Multinational companies should review and potentially reconsider their tax strategy due to the constantly evolving social standards
-
Pillar Two
On 1 January 2024 the European Union will introduce a new tax law named “Pillar Two”. These new regulations will be applicable to groups with a turnover of more than EUR 750 million.
-
Cryptocurrency and digital assets
In the past decade, the utilization of blockchain and its adoption of a distributed ledger have proven their capacity to revolutionize the financial sector, inspiring numerous initiatives from businesses and entrepreneurs.
-
Expand into new markets
Do you seek for opportunities in the global business arena? Whether you are about to open a new office in a foreign country or considering an international acquisition, you need certainty of making the right choices for your company. Global expansion isn’t always as simple as it sounds. The good thing is that we’re here to help!
-
Expanding your business in the Netherlands
International expansion is an important step. The Netherlands can be your gateway to Europe for doing business abroad. But why you should choose the Netherlands?
-
Global contacts
Wherever you choose to do business, you want access to people with the best ideas and critical thinking that will enable you to grow your business at home and abroad.
-
Corporate Law
From the general terms and conditions to the legal strategy, these matters need to be watertight. This provides assurance, and therefore peace of mind and room for growth. We will be pro-active and pragmatic in thinking along with you. We always like to look ahead and go the extra mile.
-
Employment Law
Small company or large multinational: in any company your people are of the utmost importance for your business. Employment brings with it many issues in many areas and often has legal consequences. For big strategic, but also for more everyday questions about employment law, our lawyers are ready to help you out. Also for questions about international employment law. Do you have your own HR department? We’ll gladly assist them. We deliver bespoke services and are there when you need us.
-
Specialist Areas
Besides our focus on corporate and employment law, we also advise entrepreneurs on a range of (specialist) legal issues. A corporate acquisition, your company administration, complex question in the field of healthcare issues: you have come to the right place.
-
Maritime sector
How can you continue to be a global leader? The Netherlands depends on innovation. It is our high-quality knowledge which leads the maritime sector to be of world class.
-
Growth in an international network
At Grant Thornton, you will benefit from the expertise and quality of colleagues around the world who will benefit your knowledge, advice and growth.
-
Varied customer portfolio
The customer package at Grant Thornton varies from (large) SME customers to (small) corporate customers. From local customers to customers from the international network of Grant Thornton International Ltd. All this diversity in customers can also be recognized in your customer package.
-
Culture
At Grant Thornton we combine a solid base with a flexible and results-driven mentality.
Businesses of all shapes and sizes are trying to carve out a competitive advantage by leveraging digital information. The most cutting-edge companies harness customer preference data for a range of reasons, including to create personalised services and targeted marketing campaigns; to scrutinise employee performance data to drive productivity; and to analyse supply chain information to drive efficiencies. And that’s just the tip of the iceberg, with digitised data embedded across business practices.
Digital information offers businesses huge potential, but owing to the increased use of personal data, it also creates vulnerabilities and interdependencies between two previously discrete threats – data privacy and security. For example, data breaches can result from a cyber attack, but have data privacy implications.
GDPR and other international data privacy regulations have started to bite, meaning businesses are starting to feel the commercial cost of data privacy violations. So it is perhaps no surprise that we see data privacy rising up the business agenda. Grant Thornton’s research of over 4,500 international business leaders found that 2 in 3 agreed that due to new regulation there has been a greater focus on privacy issues than there has on cyber security in recent years in their business.
However, it’s important to not lose focus on the real and growing cyber security risk - the number of cyber attacks causing losses in excess of $1m has increased by 63% during the past three years.[i]
Vishal Chawla, Grant Thornton’s global head of cyber security emphasises that data privacy and cyber security have never been more interlinked.
“In today’s data-driven world, data privacy and cyber security simply cannot be considered in isolation,” he says. “They should be viewed instead as part of a wider digital risk function.”
An integrated response to breaches
The interconnection between data privacy and cyber security is never more painfully obvious than immediately following a data breach. Businesses need to know how the breach occurred and which cyber defences (if any) failed. But, crucially, they also need to understand which data were compromised and whether it was personal or sensitive. If so, they will need to disclose it.
Most businesses are not fully equipped to do this. Only 28% of businesses surveyed by Grant Thornton are ‘highly satisfied’ with their ability to protect against the risk of a serious breach and just 26% with their ability to respond consistently to a major breach across the entire business, no matter when or where it takes place.
Integrate privacy and security into one function, and businesses will be able to respond more effectively to data breaches due to their combined resources and holistic understanding of the threat.
“Privacy and cyber security are complex because they are crashing together in the real world,” says Mike Harris, partner, cyber security services, Grant Thornton Ireland. “A data breach could start off as something very technical in an outsourced cloud provider. But in responding to the incident you need to consider whether personal data are involved and what regulatory disclosures need to be made.
“All of a sudden, the two have become interconnected. Rather than two separate cyber and privacy functions responding to a breach, it makes sense to have one integrated function with the specialised skills to manage the process, so that nothing falls through the cracks.”
Managing supply chain and third-party digital risk
The increased interconnectedness of cyber security and privacy has implications for how third-party risk is managed. For example, data privacy regulation such as GDPR requires businesses to get robust guarantees from suppliers that handle data on their behalf.
“It would make a lot of sense for organisations to merge cyber security aspects of third-party risk management with privacy controls,” says Harris. “It’s just a matter of asking about both at the same time. It’s relatively straightforward, but it’s not happening widely at the moment. Cyber security teams and privacy teams are doing this separately.”
Of course, this ‘one-stop’ third-party risk management will remove duplication of effort and create efficiencies. More importantly, however, it will produce a more joined-up understanding of digital risk.
Benefits of an integrated digital risk approach
Taking an integrated business approach to managing digital risk delivers a number of key benefits to organisations –
Firstly, it can help to bring forward digital transformation initiatives because the data classification and compliance that companies are undertaking across the business for various purposes is aligned and co-ordinated.
Secondly, a digital risk function that conducts comprehensive assessments of third-party and supply chain digital risk is better positioned to ensure that risk is considered across the organisation. One way to do this is by pre-approving vendors from a risk perspective.
“Businesses can digitally transform quicker if they do the supplier approval process up front,” says James Arthur, partner, head of cyber consulting, Grant Thornton UK. “It’s a lot easier to do this if you have a single digital risk function that proactively assesses cyber security and privacy risk together.”
Thirdly, businesses continue to use new technologies to seek out commercial advantage, meaning their approach to data privacy and cyber security also needs to continually evolve, to address new threats and vulnerabilities. An integrated digital risk function is better placed to scrutinise some of these new technologies, such as blockchain.
“It’s vital that risk teams are involved right from the outset, because with any technology database there’s always the risk of attacks by third parties that want to steal the information” says Michel Besner, general manager of Catallaxy, a blockchain subsidiary of Raymond Chabot Grant Thornton. “To combat this, risk teams can ensure that there are proper governance structures around how the blockchain is implemented, managed and supported. Get this right, and you’ll avoid security issues further down the line.”
Board oversight is key, combined management essential
The case for an integrated digital risk function is clear. But who should oversee and manage it?
At the moment, there is confusion about where responsibility ultimately lies, and this is hampering digital risk management. Tellingly, surveyed businesses say that a lack of understanding about which risks individuals and teams are responsible for is their second-greatest weak point in managing digital risk.
The first important thing to consider is who manages digital risk from a day-to-day point of view. Most companies put the chief risk officer or chief technology officer in charge of this. But, as explained in our Digital risk: Technology is no silver bullet article, effective digital risk management relies on a lot more than technology. Chief risk officers report on more holistic risk to business – strategic, financial and operational. So what’s the answer?
Enter the chief digital risk officer function. “Organisations are starting to create digital risk functions headed by a chief digital risk officer,” confirms Arthur. “This is where responsibility for managing digital risk should lie. But at the moment they are still organisationally distinct at most companies.”
Once the day-to-day digital risk management is in place, its essential to consider who provides oversight. As with financial risk, the gravity of digital risk means that the board must take an active role. While the board needs to oversee it, they may not always have the technical expertise to understand the nature of the threat. Therefore ideally, a specific digital risk committee should be established within the board to oversee this risk, with representation from experts.
“Digital risk oversight should be at board level,” confirms Christos Makedonas, technology risk leader at Grant Thornton Cyprus. “There should also be a committee that discusses digital risk.
“Digital risk is multifaceted, so many people need to feed into this process. At the moment, this only happens in large, heavily regulated companies – especially those in financial services.”
Three steps to integrated digital risk management
- Combine the data privacy and cyber security functions, to create a single digital risk function. This new team should be governed by a single model and follow the same set of processes, goals and practices connected to wider business commercial drivers.
- Work out who is responsible for managing and overseeing digital risk, map out their activities and daily workflows, and see if there is any overlap. Identify synergies and strip out duplicated processes.
- Ensure that digital risk processes are managed on an end-to-end basis. For example, should assess both cyber security and data privacy. Both factors should also be evaluated when classifying data.
How to better manage digital risk
_____________________________________
[i] Linklaters, Global cyber-incidents soar by 63% in the last three years - January 2019.
[ii] Eur-Lex - General Data Protection Act.
[iii] Information Commissioner’s Office - Data protection by design and default.