-
IPO
Are you and your company considering a stock market launch? If you are well prepared before initiating a listing process, and well informed about the requirements of listed companies, then there is much to gain.
-
External audit
It is important for us to deliver a high-quality audit of an annual report. We think it is important to look beyond the accounting and instead focus on your particular business and the agreements that form the basis for the accounting. Our experts can help you with an external audit of your business.
-
Sustainability audit
External quality assurance made by an independent specialist creates security both for your company and for those who will use the information. The credibility of the information is also increased by your company asking for an external certification.
-
International audit
Our audit specialists at Grant Thornton's International Business Center combine international experience with technical and industry-specific expertise. Through honest and straightforward communication with you as a customer, we create a better customized international audit.
-
Internal audit
Grant Thornton can carry out targeted audit efforts on behalf of the internal audit. The entire internal audit function can also be outsourced to Grant Thornton as we carry out audits in accordance with the Board's approved audit plan. Reporting takes place on an ongoing basis with clear review results and relevant recommendations for improvements.
-
IT Assurance
Digital information management requires great security, both in terms of protection against intrusion and against loss of data. Our experts will help you find an optimized solution adapted to the company's information management.
-
Closely held businesses
Grant Thornton’s tax consultants offer customized solutions for owners of close companies based on their specific needs.
-
Company taxation
Legislations and practices on companies and corporate taxes change constantly. We ensure that you stay updated, so that you can avoid problems and take advantage of the available tax benefits.
-
International taxation
We'll answer your questions concerning corporate tax, value-added tax, international transactions, and impact assessments prior to establishments. We also offer help in establishments of branches or subsidiaries.
-
VAT
Virtually every transaction in a company needs VAT management. The rules may seem complicated, and improper handling of the VAT can cause unnecessary costs and penalties for your business.
-
Business advisory
We provide strategic advisory that helps you plan, prioritize, and execute your important business strategies more effectively. By doing this, we support the long-term development of your business.
-
Company services
Our team at Company Services are experts in corporate matters and can help you when you want to start a company, make changes in an existing company, or terminate your business.
-
Financial reporting
Grant Thorntons consultants support financial managers, accounting managers and CFOs with the company’s financial reporting. We offer professional support regarding legal reporting based on established laws and requirements.
-
Forensic services
In today's complex processes, more and more input is required to achieve positive outcomes. Current determining factors for resolving disputes include insightful analyses, informative reports, and presentations. Grant Thornton’s experienced experts provide financial and economic analysis which helps to resolve disputes in an efficient manner.
-
Governance risk compliance
We assist expanding companies, as well as those companies going through changes, by providing useful internal control, compliance and process efficiency. We can help your company reach long-term and sustainable results with effective governance and risk management. Our experts have extensive and substantial experience within the industry.
-
Sustainability services
The world's demands the performance on companies' are increasing, not only financially, but also environmentally and socially. It is the company's' total responsibility and the function they fulfill in society that counts.
-
Integration & Separation
We support our customers throughout the entire process, from defining separation alternatives and understanding the potential impact on value creation, to developing and delivering robust separation plans.
-
International services
Our International Business Centre (IBC) provides services in auditing, advisory, accounting and tax, with an international perspective for the international market through our member companies in over 140 countries.
-
Internal audit
Grant Thornton can carry out targeted audit efforts on behalf of the internal audit. The entire internal audit function can also be outsourced to Grant Thornton as we carry out audits in accordance with the Board's approved audit plan. Reporting takes place on an ongoing basis with clear review results and relevant recommendations for improvements.
-
M&A services
Grant Thornton´s dedicated team focuses on helping you to get the highest value possible when selling your company. We project manage and support you in every step of the sales process, so that you can focus on your daily operation.
-
Transaction advisory services
In connection with acquisitions, our transaction advisory team helps you through the entire process: from advisory and pre-bid support, reviews of letters of intent and tax structuring to financial and tax due diligence, and share transfer agreement advisory.
-
Valuation services
Our specialist team can help with all types of business valuations. The team has broad experience and continuously performs independent valuations, indicative value statements and fairness opinions (so-called second opinions).
-
Customer invoice
With our customer invoice solution, you can create a quote that is converted into a work order and ultimately results in an invoice that we distribute to your customer. We also handle reminders and register customer payments.
-
Receipt and travel management
Our smart digital service for receipt management will simplify handling and save you time. All you need to do is take a photo of the receipt with your smartphone and add the amounts and relevant comments. Then everything is ready for further electronic management and automatic bookkeeping.
-
Supplier invoice
Traditional handling of supplier invoices can be time consuming and lack effective control. Grant Thornton's web-based supplier invoice management (EIM) gives you completely new opportunities to streamline the management of your supplier invoices.
-
Payroll Services
Grant Thornton offers complete management of your company’s payroll function: from reporting to payouts, authorisations, statistics, and pension administration. We will review your needs and customise a solution that fits your company perfectly.
-
Reports and analyses
With our digital solution, your financial information becomes easily accessible and easier to understand. The information is available 24 hours and you can extract your reports at any time. We create customized reports for your business, which will help you make the right decisions.
-
Accounting
We offer your company customized financial services and accounting. We create a whole range of common tasks such as accounting, supplier accounts, customer accounts, VAT and reporting.
-
Advisory
A key to being able to grow profitably in a company is order and structure. This results in that "everything flows" and that employees know what authorization and what responsibilities they have.
-
Specialist services
In addition to your company being able to outsource the entire finance department or payroll department to us, we can also help with more specialized or temporary services. We have driven consultants and advisers who are ready to contribute with broad experience and a network of experts.
-
Time and projects
Do you want to simplify cost monitoring and get a clearer plan of the company's occupancy? Our digital solution streamlines and ensures your company's time reporting and project reporting. Developing a basis for salary payment and invoicing has never been easier.
GDPR: Technical and organisational measures
Background
Grant Thornton implements appropriate technical and organisational measures to ensure the protection of personal data processed under the Data Processing Agreement. The measures are adapted to the types of processing, scope, context, categories of personal data, the cost of implementation, the purposes of the processing as well as risks, of varying probability and severity.
Grant Thornton uses an Information Security Management System (ISMS) based on the international standard ISO/IEC 27001 as the basis for all security measures. The ISO/IEC 27001 standard provides guidelines and general principles for planning, implementing, maintaining and improving information security in an organisation.
To address GDPR's requirements such as confidentiality, integrity, availability and resilience, Grant Thornton applies documented IT security processes and routines, covering authorisation management, encryption, operational security, malware protection, backup, logging, vulnerability management, communications security, continuity management and supplier relationship management.
Authorisation management
Access to systems
Access to systems is governed by an access control policy. The employee´s manager is responsible for ordering access rights to systems, applications and information at the IT service desk. The access control policy also covers changes and removal of access rights, for example due to role changes or termination of employment. Orders relating to access rights always require the explicit approval of a responsible person, which for example can be the nearest manager or the system owner. The approving person will assess the specific needs of the requesting employee before approval.
Requests related to access rights follow established processes and are registered in a ticket management system. This enables traceability of the execution including approvals. The access rights related activities (addition, change, removal and review) are carried out by trained staff. Only a limited number of personnel are authorised to carry out these activities.
Access to IT-infrastructure
Grant Thornton actively monitors all critical IT infrastructure components and has configured alarms that automatically trigger under certain conditions or events (for example extreme CPU usage and lost connection). Physical access to Grant Thornton's data centres requires a personal security token as well as a pass code. The data centres have camera monitoring and clearly inform visitors on that matter. Only authorized personnel have physical access to Grant Thornton's data centres.
Special authorisation of the system owner is required to be able to log on to servers and network components that constitute critical parts of the IT infrastructure. The system owner will assess amongst others the needs, purpose and function of the requesting person before giving approval.
External suppliers can be given temporary access to Grant Thornton's IT infrastructure if a special need exists. This can for example concern maintenance of equipment that requires technicians with specific certification. Established procedures are followed for these situations. Normally, an expiration time limit is set for supplier access to a system. Alternatively, supplier access is verified regularly to ensure the need for access is still legitimate.
Encryption
Grant Thornton applies encryption to hard disks, storage media, backup data and any other media used for any kind of sensitive data. Encryption is also applied to any kind of communication of sensitive data.
All computer hard disks are encrypted during installation. This is part of Grant Thornton's default configuration for computers. The default configuration also requires that USB devices that are connected always need to be encrypted before anything can be saved on them. The encryption keys required for encryption and decryption are handled by staff with special authorisation only. As part of the operational security routines, an automated scan of all Grant Thornton computers is performed regularly to verify that encryption is active.
All communications to and from the computers shall be encrypted if a service is used that contains sensitive data, also covering sensitive personal data. The assurance that the communication is encrypted lies on the service being used. The service verifies that the connecting computer and the user meet certain requirements, such as computer certificate to ensure the device identity and legitimacy or that the user must enter a one-time password. Grant Thornton encrypts all data during automated backup of all systems.
Operational security
Malware protection
Grant Thornton has different systems and methods to protect the IT infrastructure against malicious code, including various antivirus scanners, spam filters, security updates and training. Grant Thornton uses active monitoring to ensure that antivirus scanners and spam filters are active and updated. Malicious code often exploits vulnerabilities in systems and applications for their attacks. Consequently, Grant Thornton actively installs the latest security updates on systems and applications to minimize the risk for exploitation of vulnerabilities. Malicious code also exploits human curiosity. Therefore, as a part of basic training, all Grant Thornton employees must take a training covering the identification of malicious code.
E-mail
Grant Thornton utilises the email security framework of two suppliers to protect all inbound and outbound e-mail from malware. The e-mail protection of the supplier of standard email services and the supplier of e-mail spam filtering services are complementing each other and both guard against amongst others spam, virus and phishing attacks. The e-mail security frameworks are updated on a regular basis with the latest patches and contain information about known malicious code that may be attached to or be part of the content of an email. Updates are ongoing and in the form of a subscription service. If an email is identified as infected or harmful, the email will be blocked and quarantined automatically. The verification and assessment of whether an email is malicious or not is automated and based on the rules provided by the suppliers. The portion of the mail security solutions on the users' computers are updated regardless of whether they are within or outside Grant Thornton's network.
Internet
Grant Thornton applies different types of security measures related to the usage of Internet. The technical security measures are found in the central IT infrastructure and locally on Grant Thornton's computers and mobile devices. In the central IT infrastructure there are, for example, filters that blacklist Internet sites that are considered hazardous. Organisational security measures include training and a central IT-policy covering guidelines for Internet usage.
Computers and servers
All computers and servers, hereafter devices, have malware protection software against computer viruses, spyware and other malicious code. The protection software is managed from a central management console provided by the supplier. The console deploys the latest updates of the protection software, sets security policies and actively monitors all devices. Scans of devices are automated and occur mainly in scheduled intervals but are also event-driven. The protections software also scans files when they are opened or otherwise handled by the user, including downloading or uploading of a file to another device. Detected malware is removed automatically, whenever possible, and notifications are sent to the central management console for further processing.
Backup
Data backup is automated and carried out according to a documented schedule. The backup solution used by Grant Thornton is redundant and backup media is stored at a different physical location. Alarm triggers are set on backup jobs to detect and report deviations and incidents. Data restore tests are carried out in different ways based on risk assessments. Grant Thornton encrypts data backups.
Vulnerability management
Vulnerability management covers vulnerability scanning, security updating and penetration testing.
Grant Thornton's performs vulnerability scanning of IT infrastructure critical devices. The central vulnerability management console detects, gathers, classifies and reports vulnerabilities and provides suggestions for remediation. The supplier delivers updates with known vulnerabilities with regular intervals. The vulnerability scans that are scheduled generate a vulnerability report that is analysed and handled by specially trained personnel. The vulnerabilities are prioritized and remediated based on risk classification. Vulnerabilities that have been remediated are verified through new vulnerabilities scans.
Regular security updates are automatically distributed monthly during planned service windows. Security updates that solve critical issues and vulnerabilities are verified at release by trained personnel and distributed with the highest priority.
Penetration tests are conducted annually by external parties.
Logging
Logging of activities such as change and removal of users to the Grant Thornton domain, devices and applications is handled centrally by trained staff. This is done in accordance with regulatory and business needs and requirements. Tasks performed by staff with high authorisation are logged. The logs are reviewed with a risk-based perspective. Identified deviations are followed up and, when applicable, escalated as incidents.
The systems logs are protected against removal and manipulation. This is to ensure its integrity, confidentiality and accuracy. Deletion occurs in accordance with applicable legislation.
Communications security
To ensure communications security, there are active monitoring and alarm settings on a variety of components and parameters in the IT Infrastructure that manages communications.
Computers, servers, network equipment, and other hardware connected to the GT network are handled based on applicable security requirements and placed in designated segments to achieve an appropriate level of communications security.
Continuity management
Data backup is one of the cornerstones of Grant Thornton's IT continuity plan. Therefore, trained personnel manage and follow up on backup execution to ensure the integrity, confidentiality and accuracy of the backup data. Another cornerstone are the processes and routines that are carried out when a serious incident occurs. Grant Thornton continually works on keeping processes and routines updated. The continuity plan is tested at intervals based on regular risk assessments.
Grant Thornton's data centres have specialized and qualified solutions to achieve redundancy on several levels, i.e. failback systems that automatically take over a task of another system that has stopped functioning. The servers have a 24/7 support agreement. The redundancy in Grant Thornton's data centres is tested at intervals based on regular risk assessments.
Grant Thornton has a high degree of digitization and many of the services and tools are accessible through the Internet. As a result, most employees can continue to work from other locations even if some or all of Grant Thornton's offices are closed or not accessible due to an extreme event.
Supplier relationship management
Grant Thornton secures that identified security requirements are met by external suppliers during the procurement process. A contract with a chosen supplier addresses the demands on the supplier's IT environment and information security measures. The supplier shall present and account for their technology, routines and processes as well as IT and information security policies. Non-disclosure agreements and other relevant regulatory agreements are signed by the supplier before the service is taken into service. Grant Thornton conducts regular control of suppliers' access rights and other aspects of the agreement with the supplier.