-
Business valuations
We offer expert valuation advice in transactions, regulatory and administrative matters, and matters subject to dispute – valuing businesses, shares and intangible assets in a wide range of industries.
-
Capital markets
You need corporate finance specialists experienced in international capital markets on your side if you’re buying or selling financial securities.
-
Complex and international services
Our experience of multi-jurisdictional insolvencies coupled with our international reputation allows us to deliver the best possible outcome for all stakeholders.
-
Corporate insolvency
Our corporate investigation and recovery teams can help you manage insolvency situations and facilitate the best outcome.
-
Debt advisory
An optimal funding structure for your organisation presents unprecedented opportunities, but achieving this can be difficult without a trusted advisor.
-
Expert witness
Our expert witnesses analyse, interpret, summarise and present complex financial and business-related issues which are understandable and properly supported.
-
Financial models
A sound financial model will help you understand the impact of your decisions before you make them. Talk to us about our user-friendly models.
-
Forensic and investigation services
We provide investigative accounting and litigation support services for commercial, matrimonial, criminal, business valuation and insurance disputes.
-
Independent business review
Is your business viable? Will it remain viable in the future? A thorough independent business review can help your organisation answer these fundamental questions.
-
IT forensics
Effective ESI analysis is integral to the success of your business. Our IT forensics experts have the technical expertise to identify, preserve and interrogate electronic data.
-
Mergers and acquisitions
Grant Thornton provides strategic and execution support for mergers, acquisitions, sales and fundraising.
-
Raising finance
Raising finance - funders value partners who can deliver a robust financial model, a sound business strategy and rigorous planning. We can guide you through the challenges that these transactions can pose and help you build a foundation for long term success once the deal is done.
-
Relationship property services
Grant Thornton offers high quality independent advice on the many financial issues associated with relationship property from considering an individual financial issue to all aspects of a complex settlement.
-
Restructuring and turnaround
Grant Thornton’s restructuring and turnaround service capabilities include cash flow, liquidity management and forecasting; crisis and interim management; financial advisory services to companies and parties in transition and distress
-
Transaction advisory
Our depth of market knowledge will steer you through the transaction process. Grant Thornton’s dynamic teams offer range of financial, commercial and operational expertise.
-
Virtual asset advisory
Helping you navigate the world of virtual currencies and decentralised financial systems.
-
Corporate tax
Grant Thornton can identify tax issues, risks and opportunities in your organisation and implement strategies to improve your bottom line.
-
Employment tax
Grant Thornton’s advisers can help you with PAYE (payroll tax), Kiwisaver, fringe benefits tax (FBT), student loans, global mobility services, international tax
-
Global mobility services
Our team can help expatriates and their employers deal with tax and employment matters both in New Zealand and overseas. With the correct planning advice, employee allowances and benefits may be structured to avoid double taxation and achieve tax savings.
-
GST
GST has the potential to become a minefield and can be expensive when it goes wrong. Our technical knowledge can help you minimise the negative impact of GST
-
International tax
International tax rules are undergoing their biggest change in a generation. Tax authorities around the world are increasingly vigilant, especially when it comes to global operations.
-
Research and Development
R&D tax incentives are often underused and misunderstood – is your business maximising opportunities for making claims?
-
Tax compliance
Our advisers help clients manage the critical issue of compliance across accountancy regulations, corporation law and tax. We also offer business and wealth advisory services, which means we can provide a seamless and tax-effective offering to our clients.
-
Tax governance
Mitigate tax risks and implement best practice governance that will stand up to IRD scrutiny and audits.
-
Transfer pricing
Tax authorities are demanding transparency in international arrangements. We businesses comply with regulations and use transfer pricing as a strategic planning tool.
-
Audit methodology
Our five step audit methodology offers a high quality service wherever you are in the world and includes planning, risk assessment, testing internal controls, substantive testing, and concluding and reporting
-
Audit technology
We apply our audit methodology with an integrated set of software tools known as the Voyager suite. Our technology has been developed to produce quality audits that are effective and efficient.
-
Financial reporting advisory
Our financial reporting advisers have the expertise to help you deal with the constantly evolving regulatory environment.
-
Business architecture
Our business architects help businesses with disruptive conditions, business expansion and competitive challenges; the deployment of your strategy is critical to success.
-
Cloud services
Leverage the cloud to keep your data safe, operate more efficiently, reduce costs and create a better experience for your employees and clients.
-
Internal audit
Our internal audits deliver independent assurance over key controls within your riskiest processes, proving what works and what doesn’t and recommending improvements.
-
IT advisory
Our hands on product experience, extensive functional knowledge and industry insights help clients solve complex IT and technology issues
-
IT privacy and security
IT privacy and security should support your business strategy. Our pragmatic approach focuses on reducing cyber security risks specific to your organisation
-
Payroll assurance
Our specialist payroll assurance team can conduct a review of your payroll system configuration and processes, and then help you and your team to implement any necessary recalculations.
-
PCI DSS
Our information security specialists are approved Qualified Security Assessors (QSAs) that have been qualified by the PCI Security Standards Council to independently assess merchants and service providers.
-
Process improvement
As your organisation grows in size and complexity, processes that were once enabling often become cumbersome and inefficient. To maintain growth, your business must remain flexible, agile and profitable
-
Procurement/supply chain
Procurement and supply chain inputs will often dominate your balance sheet and constantly evolve for organisations to remain competitive and meet changing customer requirements
-
Project assurance
Major programmes and projects expose you to significant financial and reputational risk throughout their life cycle. Don’t let these risks become a reality.
-
Risk management
We understand that growing companies need to establish robust internal controls, and use information technology to effectively mitigate risk.
-
Robotic process automation (RPA)
RPA is emerging as the most sophisticated form of automation used to help businesses become more agile and remain competitive in the face of today’s ongoing digital disruption.
Cyber-attacks can happen to any organisation at any time, and the consequences can be severe - lost productivity, reputational damage, and legal liability, as well as the costs of remediation and recovery. A data breach could result in the theft of sensitive data, such as customer information or intellectual property, which can have serious reputational and financial consequences for the affected organisation.
If you want to strengthen your agency’s IT defences and understand your current state of cyber-preparedness, we recommend the following steps as part of a wider cyber security maturity assessment.
1 Establish a formal security strategy
The level of engagement between the IT security team and the organisation’s wider units can often be inadvertently overlooked and require improvement. Collaboration between your security team and the rest of the agency, as well as alignment between the organisation's strategy and IT strategy must be established so everyone understands the critical role the IT Security team plays in keeping the department safe.
2 Distinguish key roles across IT and security
Having clear differentiation between assigned roles and responsibilities, including establishing new roles when necessary, is important for effective cybersecurity management. It ensures each role is focused on specific obligations and achieves set goals without being bogged down by conflicting priorities.
For example, if your Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles are performed by the same person it can lead to conflicting priorities. Separating the CTO and CISO roles helps ensure the technology strategy aligns with the agency’s goals while also protecting the organisation's assets and data from security threats. Separating the responsibilities also provides clearer oversight for your executive leadership team, enabling them to focus on areas of weakness, and to assess the team's progress as they work towards improving their maturity.
3 Maintain and implement all key policies and procedures
The agency must develop and implement policies and procedures tailored to your organisation’s IT requirements and provide clear direction in the event of a security breach or disaster. A robust policy establishes the rules needed to help organisations protect against threats to data confidentiality, integrity, and availability.
4 Risk management
Cybersecurity should be viewed as an integral part of risk management rather than a separate issue. By implementing a risk management framework and actively monitoring key risks, you can better manage your cybersecurity profile and prioritise the actions required to minimise the likelihood of cybersecurity threats and operational disruptions. Each risk should be assigned to a dedicated owner to establish accountability, and a risk appetite can be set to ensure a baseline is established for the controls in place. Additionally, having a risk framework improves your executive leadership team’s visibility of key IT security risks and associated mitigation strategies.
5 Third-party risk management
If you have outsourced all or part of your IT ecosystem to third parties, it’s vital to ensure your risk management processes include the outsourcing risks as well as the IT security risks. Agencies should also define the roles, responsibilities, and monitoring to ensure third-party risk is effectively managed. By ensuring the performance reporting from third parties addresses the identified risks and relied upon assurance processes, the management of both the risks of outsourcing and the underlying cyber security risks becomes far more robust.
6 Security awareness
Your people are a key strength of the organisation, but they can also be a key weakness when it comes to cybersecurity. Security awareness training for your staff can help improve the overall security culture throughout the organisation. According to CERTNZ, the highest number of reported incidents are social engineering attacks such as phishing and credential harvesting.
On-going staff training will contribute to improved vigilance, reducing the likelihood of security incidents caused by human error. Training should also emphasise the importance of maintaining the confidentiality and integrity of your agency’s data.
Increasing learning and development opportunities for your IT Security team can also help ensure they have the necessary skills and knowledge to effectively manage security risks and issues.
7 Implement an incident response plan
Having a well-designed and tested incident response plan can help your organisation respond more effectively to IT security incidents, and to minimise the damage they can cause.
It’s essential to have effective threat and vulnerability assessment capabilities in place, including regular assessments and monitoring of potential threats and vulnerabilities. This can help identify potential security risks and weaknesses before they can be exploited by attackers.
Regular testing of the incident response plan can help identify deficiencies in the plan and improve your organisation's response. This could include conducting tabletop exercises or simulations to test the response plan in a controlled environment, as well as conducting more realistic exercises that simulate actual incidents.
Case study: What gets measured gets managed
Recently, a public sector agency needed a comprehensive picture of their cyber preparedness to help them enhance their security measures. This assessment helped articulate key responsibilities, identify gaps, and key risks, develop mitigation strategies, and demonstrated how to improve their preparedness and reduce their risk.
The agency then implemented their new cybersecurity approach following our initial review, and twelve months later asked us to perform a follow up assessment. After implementing and improving several control areas in the steps listed above, this dual-assessment approach helped our client lift their maturity rating from 2.06 (average) after the first assessment to 3.75 (average) after 12 months. We assessed the organisation against the Forrester Security Maturity Model where a score of 0 represents “non-existent” up to a score of 5 which is considered “optimised and effective.”
The charts below depict the progress made before and after a cybersecurity maturity assessment review. The assessment included evaluating four main domains for both years: Technology, process, oversight, and people.
Cybersecurity maturity assessments are critical tools for evaluating an organisation's security capabilities; they can play a key role in enhancing an organisation's cybersecurity. By conducting a maturity assessment, your agency can gain a comprehensive understanding of its current state, identify areas for improvement, and prioritise actions to enhance its overall security maturity and preparedness.
-
Murray Chandler I take a ‘one size does not fit all’ approach to helping organisations understand and mitigate their risks by delivering practical solutions to complex problems.View Profile -
Akarsha Palle I help organisations implement IT privacy and security measures that support their business strategies.