Global site
Africa
Americas
Asia Pacific
Europe
Middle East

Locations

Our Services

Advisory

Our progressive thinkers offer services to help create, protect and transform value today, so you have opportunity to thrive tomorrow.

See Overview

Governance advisory
We guide boards and management teams in frameworks, team processes and leadership dynamics to deliver sustainable value.
Financial services advisory
Get market-driven expertise to achieve your goals in banking, insurance, capital markets, and investment management.
Business risk services
Our market-driven expertise helps firms keep growing and manage risk in an evolving regulatory landscape.
Risk
Meet risks with confidence and transform your business – we support you to manage risk and deliver on your goals.
Economic consulting
Bespoke guidance grounded in complex economic theory and practical sector insight to help you make the right decisions.
Government and public sector
Experience and expertise in delivering quality public sector advisory and audits.
Business consulting
Partnering with you to deliver sustainable business change that helps you realise your ambitions.
Transaction advisory services
Whether buying or selling, we help you get the deal done with our comprehensive range of transaction advisory services.
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
Corporate finance advisory
Building a business is never easy. We help you maximise the value of your business and find the right option.
Valuations
Help to understand or support the valuation of a business or asset.
Insolvency and global asset recovery
We provide asset tracing and seamless cross-border global recovery for clients.
Forensic and investigation services
Market-driven expertise in investigations, dispute resolution and digital forensics.
Restructuring
Our restructuring team help lenders, investors and management navigate contingency plans, restructuring and insolvency.
Transformation consulting
Is business transformation a priority for your organisation? Our expert insight and guidance can help you achieve it.

Audit and assurance

Experience our agile audit approach for market-leading quality, tailored expertise, and efficient digital enablement.

See Overview

Pensions assurance
A tailored service that responds to evolving risks and regulations.
Accounting services
Optimise your growth with expert accounting services. Contact us today.
Royalty and intellectual property (IP) audits
Enhance IP asset protection with our royalty and IP audit services. Expertise in licensing, revenue detection, and compliance improvements.

Related insights:

Report Charity sector development report 2024

Find out more about emerging risks and issues in the charities sector, including changes to FRS 102, in our report.

| 2 min read | 04 Apr 2024

Consulting

Seize new opportunities, and navigate through any complexities and risks

See Overview

Business consulting
Partnering with you to deliver sustainable business change that helps you realise your ambitions.
Corporate Simplification
Release value, reduce compliance complexity, and improve tax efficiency by streamlining your group structure.
Economic consulting
Bespoke guidance grounded in complex economic theory and practical sector insight to help you make the right decisions.
Governance advisory
We guide boards and management teams in frameworks, team processes and leadership dynamics to deliver sustainable value.
International
Unlock global opportunities with our local expertise and worldwide reach.
People advisory
Driving business performance through people strategy and culture.
Strategy Group
Successful business strategy is rooted in a clear understanding of the market, customer segmentation and how purchase decisions vary.

Cyber

Cyber crime is on the rise and you need to protect your business. We offer tailored security solutions for your firm.

See Overview

Respond: Data breach, incident response and computer forensics
Are you prepared for a cyber failure? We can help you avoid data breaches and offer support if the worst happens.
Comply: Cyber security regulation and compliance
Cyber security regulation and compliance is constantly evolving. Our team can support you through the digital landscape.
Protect: Cyber security strategy, testing and risk assessment
Cyber security threats are constantly evolving. We’ll work with you to develop and test robust people, process and technology defences to protect your data and information assets.

Related insights:

Article Secure AI: National Cyber Security Centre guidelines

Understand the National Cyber Security Centre's guidelines for artificial intelligence and the practical actions you should consider.

| 6 min read | 22 Apr 2024

Deals

Supporting you to grow your business profitably through our partner-led deals service.

See Overview

Corporate finance advisory
Building a business is never easy. We help you maximise the value of your business and find the right option.
Debt advisory
Working with borrowers and private equity financial sponsors on raising and refinancing debt. We can help you find the right lender and type of debt products.
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
Financial modelling services
Financial modelling that helps you wrestle with your most pressing business decisions.
Operational deal services
Enabling transaction goals through due diligence, integration, separation, and other complex change.
Our credentials
Search our transactions to see our experience in your sector and explore the deals advisory services we've delivered.
Transaction advisory services
Whether buying or selling, we help you get the deal done with our comprehensive range of transaction advisory services.
Valuations
Help to understand or support the valuation of a business or asset.

Environmental, social and governance (ESG)

Our pragmatic approach will help you maximise your ESG strategy and reporting.

See Overview

The ESG agenda
Shape your ESG agenda by identifying the right metrics, sustainable development and potential business value impact.
ESG driven business transition
Whatever your ESG strategy, we can support your organisation as it evolves while maximising efficiency and profitability.
ESG programme and change management
Do you have the right capabilities to drive the delivery of your ESG strategy to realise your targets?
ESG risk management
You must protect, comply, understand and influence to successfully manage the risk involved with ESG issues. We can help.
ESG strategy, risk and opportunity identification
We can help you clearly define your ESG Strategy, with the risks and opportunities identified and managed.
Create value through effective ESG communication
Building trust and engagement with your stakeholders on your ESG strategy.
ESG metrics, targets and disclosures
The pressure to report your ESG progress is growing. Do your targets measure up?
ESG governance, leadership and culture framework
Make the most of ESG opportunities by effectively embedding your strategy across your organisation.
ESG and non-financial assurance
Support your board to be confident in supplying robust information that withstands scrutiny.

Financial services advisory

Get market-driven expertise to achieve your goals in banking, insurance, capital markets, and investment management.

See Overview

Actuarial and insurance consulting
We consult extensively to the life insurance, general insurance, health insurance and pensions sectors.
Business risk services
Our market-driven expertise helps firms keep growing and manage risk in an evolving regulatory landscape.
Financial crime
Helping you fight financial crime in a constantly changing environment
Financial services business consulting
Leverage our diverse capabilities to manage challenges and take opportunities: from assurance to transformation
Financial services tax
Helping financial services firms navigate the global financial services and funds tax landscape.
Regulatory and compliance
Providing an exceptional level of regulatory and compliance to firms across the financial services industry.

Forensic and investigation services

Market-driven expertise in investigations, dispute resolution and digital forensics.

See Overview

Corporate intelligence
Corporate intelligence often involves cross-border complexities. Our experienced team can offer support.
Litigation support
Industry-wide litigation support and investigation services for lawyers and law firms.
Disputes advisory
Advising on quantum, accounting and financial issues in commercial disputes.
Forensic investigations and special situations
Do you need clarity in an uncertain situation? If you're accused of wrongdoing we can help you get the facts right.
Forensic data analytics
Our forensic data analytics team are helping businesses sift the truth from their data. See how we can help your firm.
Monitoring trustee and competition services
Monitoring trustee services to competition, financial and regulatory bodies.
Financial crime
Supporting your fight against financial crime in an ever-changing environment

Government and public sector

Experience and expertise in delivering quality public sector advisory and audits.

See Overview

Public sector advisory
To deliver excellent public services, local and central government need specialist support.
Public sector consulting
Helping public sector organisations maintain oversight of services and understand what's happening on the ground.
Public sector audit and assurance
As a leading UK auditor, we have unparalleled insights into the risks, challenges and opportunities that you face.

Insolvency and global asset recovery

We provide asset tracing and seamless cross-border global recovery for clients.

See Overview

Contentious estates and family disputes
We manage complex and sensitive disputes through to resolution.
Digital Asset Recovery
Get guidance and technical expertise on digital finance and cryptoasset recovery from our dedicated crypto hub.
Grant Thornton Offshore
Grant Thornton Offshore is our one-stop global solution for insolvency, asset recovery, restructuring and forensics services.
Insolvency Act Portal
Case information and published reports on insolvency cases handled by Grant Thornton UK LLP.
Litigation support
Industry-wide litigation support and investigation services for lawyers and law firms.
Personal insolvency
We can support you to maximise personal insolvency recovery and seek appropriate debt relief.

International

Unlock global opportunities with our local expertise and worldwide reach

See Overview

South Asia business group
Supporting your growth in the UK-India economic corridor and beyond.
US business group
Optimise your trans-Atlantic operations with local knowledge and global reach.
Japan business group
Bridging the commercial and cultural divide and supporting your ambitions across Japan and the UK.
Africa business group
Connecting you to the right local teams in the UK, Africa, and the relevant offshore centres.
China-Britain business group
Supporting your operations across the China – UK economic corridor.

Restructuring

Our restructuring team help lenders, investors and management navigate contingency plans, restructuring and insolvency.

See Overview

Contingency planning and administrations
In times of financial difficulty, it is vital that directors explore all the options that are available to them, including having a robust ‘Plan B’.
Corporate restructuring
Corporate restructuring can be a difficult time. Let our team make the process simple and as stress-free as possible.
Creditor and lender advisory
Whether you're a creditor or lender, complex restructurings depend on pragmatic commercial advice
Debt advisory
Our debt advisory team can find the right lender to help you in restructuring. Find out how our experts can support you.
Financial services restructuring and insolvency
Financial services restructuring and insolvency is a competitive marketplace. Our team can help you navigate this space.
Pensions advisory services
DB pension-schemes need a balanced approach that manages risk for trustees and sponsors in an uncertain economy.
Restructuring and insolvency tax
Tax will often be crucial in a plan to restructure a distressed business. Our team can guide you through the process.
Restructuring Plans
Market leading experience in advising companies and creditors in Restructuring Plan processes.

Related insights:

Report The UK consumer credit sector: Market update – April 2024

Read our consumer credit sector report for the latest developments in BNPL and key priorities for motor finance firms.

| 1 min read | 23 Apr 2024

Risk

Meet risks with confidence and transform your business – we support you to manage risk and deliver on your goals.

See Overview

Controls advisory
Build a robust internal control environment in a changing world.
Data assurance and analytics
Enhancing your data processes, tools and internal capabilities to help you make decisions on managing risk and controls.
Enterprise risk management
Understand and embrace enterprise risk management – we help you develop and connect risk thinking to your objectives.
Internal audit services
Internal audit services that deliver the value and impact they should.
Managing risk and realising ESG opportunities
Assess and assure risk and opportunities across ESG with an expert, commercial and pragmatic approach.
Project, programme, and portfolio assurance
Successfully delivering projects and programmes include preparing for the wider impact on your business.
Service organisation controls report
Independent assurance provides confidence to your customers in relation to your services and control environment.
Supplier and contract assurance
Clarity around key supplier relationships: focusing on risk, cost, and operational performance.
Technology risk services
IT internal audits and technology risk assurance projects that help you manage your technology risks effectively.

Related insights:

Article UK Corporate Governance updates: Managing third parties

The Code update asks companies to report on the effectiveness of their material controls and is now sharpening the focus on how material third party risks are managed. Complying with the regulations requires careful assessment and strategic planning to ensure resilience and compliance.

22 Apr 2024

Tax

Tax has always been complicated, but it's more important than ever to understand how the evolving tax landscape impacts you and your business.

See Overview

Capital allowances (tax depreciation)
Advisory and tools to help you realise opportunities in capital allowances.
Corporate tax
Helping companies manage corporate tax affairs: delivering actionable guidance to take opportunities and mitigate risk.
Employer solutions
We will help you deliver value through your employees, offering pragmatic employer solutions to increasing costs.
HMRC R&D tax compliance enquiries
HMRC is increasing scrutiny of research and development claims. Find advice and support on responding to Enquiries.
Indirect tax
Businesses face complex ever changing VAT regimes, guidance and legislation. We can help you navigate these challenges.
International tax
Real-world international tax advice to help you navigate a changing global tax landscape.
Our approach to tax
We advise clients on tax law in the UK and, where relevant, other jurisdictions.
Private tax
Tax experts for entrepreneurs, families and private business. For now and the long term.
Real estate tax
Stay ahead of real estate tax changes with holistic, tax-efficient solutions.
Research and development tax incentives
We can help you prepare optimised and robust research and development tax claims.
Tax dispute resolution
We make it simple to stay compliant and avoid HMRC tax disputes
Tax risk management
We work with you to develop effective tax risk management strategies.

Our Industries

Industries

Our Industries

Helping you shape the future of your industry.

See Overview

Automotive

Insight and practical guidance to help upstream and downstream automotive companies adapt and grow.

See Overview

Business services

Bringing insight-led guidance and diverse perspectives to help business support services achieve their ambitions

See Overview

Skills and training
Get the right support to deliver corporate and vocational training that leads the way in an expanding market.
Private education
Insight and guidance for all businesses in the private education sector: from early years to higher education and edtech.
Facilities management and property services
Get insight and strategic support to take opportunities that protect resilience and drive UK and international growth.
Recruitment
Helping recruitment companies take opportunities to achieve their goals in a market where talent and skills are key.

Consumer markets

There are opportunities in consumer markets. Our experience, insight, and rigorous approach can help you take them.

See Overview

Food and beverage (F&B)
We can help you find the right ingredients for growth in your food and beverage business.
Travel, tourism and leisure
Tap into our range of support for travel, tourism and leisure businesses in this period of challenge and change.
Retail, e-commerce and consumer products
With multiple challenges and opportunities in the fast-evolving retail sector, make sure you are ready for them.

Energy, utilities and natural resources

Adapting to an evolving market is tough. We support clients across the whole energy sector to adapt, succeed and grow.

See Overview

Financial services

Regulatory change, pressure on cost management and growth, and increased investment in technology and data are dominating the financial services industry.

See Overview

Banking
Our expertise and insight can help you respond positively to long term and emerging issues in the banking sector.
Capital markets
2020 is a demanding year for capital markets. Working with you, we're architecting the future of the sector.
Insurance
Our experienced expert team brings you technical expertise and insight to guide you through insurance sector challenges.
Investment management
Embracing innovation and shaping business models for long-term success.
Pensions
Pension provision is an essential issue for employers, and the role of the trustee is becoming increasingly challenging.

Related insights:

Technical Your guide to this week in regulation

Stay up to date with our latest round up of financial regulation.

Paul Staples

| 5 min read | 29 Apr 2024

Government and public sector

The pandemic is an unprecedented challenge for the public sector. The right strategic support is vital.

See Overview

Central and devolved government
Helping central and devolved governments deliver change to improve our communities and grow our economies.
Infrastructure and transport
Delivering a successful transport or infrastructure project will require you to balance an often complex set of strategic issues.
Local government
Helping local government leverage technical and strategic expertise deliver their agendas and improve public services.
Regeneration development and housing
We provide commercial and strategic advice to assist your decision making in pursuing your objectives.
Health and social care
Sharing insight and knowledge to deliver transformation and improvement to health and social care services.

Industrials and manufacturing

Supporting industrials and manufacturing businesses to grow, protect and create value.

See Overview

Not for profit

Helping charities, education, social housing and other organisations to overcome pressures and achieve their goals.

See Overview

Charities
Supporting you to achieve positive change in the UK charity sector.
Education and skills
The education sector has rarely faced more risk or more opportunity to transform. You need to plan for the future.
Social housing
We are committed to helping change social housing for the better, and can help you make the most of every opportunity.

Related insights:

Man conducting an agile meeting with co-workers.

Article Updates for academy finance teams

Gain insight on updates to the Accounts Direction and Academy Trust Handbook, defined benefit pension schemes, cyber security, and financial reporting changes.

Stephen Dean

| 10 min read | 06 Oct 2023

Private sector healthcare

Our team brings clear and actionable solutions to the private sector healthcare, helping companies achieve their goals.

See Overview

Real estate and construction

The expertise you need in real estate advisory, audit, and tax to get the right strategy for your business.

See Overview

Technology, media and telecommunications (TMT)

Are you ready to deliver on your growth ambitions? We work with TMT leaders to navigate the risks and opportunities.

See Overview

Technology
We work with dynamic technology companies of all sizes to help them succeed and grow internationally.
Telecommunications
Take all opportunities to realise your goals in telecommunications: from business refresh to international expansion.
Media
Media companies must stay agile to thrive in today’s highly competitive market – we’re here to support your ambitions.

Article

Cloud assurance: keeping up with cloud adoption trends

By:

Cristiana Mirosanu,

Ian Greaves

22 Nov 20238 min read

With organisations increasingly adopting cloud computing solutions at varying levels of business criticality, Cristiana Mirosanu and Ian Greaves look at how assurance activities can keep pace, outlining good practice for cloud environments and practical steps across the lines of defence.

Contents

By 2026, Gartner predicts 75% of organisations will use cloud computing services as a fundamental underlying platform. Public cloud spend is also increasing 21.7% year on year – although this represents only a fraction of the global IT spend (projected USD 4.7 trillion in 2023).

Over the past few years, we've seen growth at a rapid pace in cloud usage. The cloud risk increases for organisations that use it to host their critical systems, such as ERP and customer-facing applications, or sensitive data, such as personal data or intellectual property. They may face challenges around cloud controls and assurance, inconsistent approaches across teams, cloud concentration risks, and lock-in with vendors. There is also a shortage in the market for cloud risk specialists who can support organisations to review whether practices are aligned with recommendations from the Cloud Security Alliance and the cloud service providers.

Issues may also be compounded by the inherent complexity of cloud solutions, lack of visibility at all layers of the computing stack, limited understanding of shared responsibilities for managing cloud controls, and varying compliance requirements for companies operating across multiple jurisdictions.

How are companies tackling cloud assurance?

We talked to a range of financial services and corporate clients to discover how organisations perform their cloud control assurance.

The discussions confirm what analysts report: that established companies operating in financial services have been reluctant to deploy their core banking or systems of record into public cloud service providers (CSP). We also noted that cloud-native banks in the UK are operating core banking on public CSPs. New banking entrants to the UK are increasingly adopting payment aggregators to help them deploy UK subsidiary banks running on public CSPs. By contrast, the non-financial services companies that we spoke with typically run most, if not all, of their core applications on CSPs – typically in a software-as-a-service (SaaS) model.

Approach to cloud control assurance

There is currently no consistent approach to undertaking cloud control assurance in industry. Organisations adopt a range of strategies to ensure they operate with board risk appetite, management comfort and regulations. One common theme is that cloud control assurance activity can be overly manual, rather than using automated tools.

Companies that we spoke with also reported challenges around upskilling or recruiting the right people with technical expertise to provide assurance and challenge on controls.

Cloud concentration risks

We identified different perspectives on cloud concentration risk. While regulators are concerned about companies using a small number of public CSPs, the organisation themselves typically accept the risk of adopting one CSP for specific use cases. While there is acceptance of the risks to operating on one CSP, more could be done to test and prove specific IT disaster recovery plans as expected.

Exit strategy

Larger companies inevitably have multiple CSPs. However, different CSPs are used for different use cases and customer journeys. To mitigate cloud exit and CSP lock-in risks organisations could adopt several strategies, for example:

review and amend contracts with CSPs, despite multiple organisations believing these contracts are non-negotiable
monitoring CSP financial and non-financial health to get early visibility of CSP problems
building methods to enable CSP services, data and infrastructure to be more easily copied or migrated and/or recreate infrastructure from code (coupled with partnerships to ensure the cloud technical capability and capacity is available to perform these changes and to provide oversight).

Cloud assurance good practices

Although there are a number of challenges and risks with cloud adoption, we've detailed a number of good assurance practices you can follow, supported by our discussions with several organisations. These good practices are enabled by companies upskilling internal teams around cloud risks and bringing in subject matter experts to review the proposed controls.

Cloud frameworks and control design

The organisations surveyed are drawing on a variety of control frameworks, such as NIST, ISO27001 and the Cloud Security Alliance Cloud Controls Matrix. One frequently used method is to start by using existing internal control frameworks and build on these by adding cloud-specific controls. The next step for companies should be to consolidate their controls, for example by embedding controls into tooling. This would reduce the manual effort to provide assurance and shift focus to more targeted continuous monitoring of controls.

Assessing cloud control design

Organisations typically provide their cloud service providers with supplier questionnaires and are typically directed to existing SOC2 reports for review, with the latter providing more reliable independent assurance around CSP controls. A key control is to reject the use of SaaS providers if they're not able to demonstrate that appropriate controls are in place.

Assessing cloud control operating effectiveness

Another theme is identifying the need to use automated controls to implement guardrails for cloud services. For example, using the cloud vendor’s recommended good practices, or using tailored blueprints and baselines, which are applied before a system goes live and monitored periodically thereafter.

Assessing cloud control monitoring

Organisations use tooling to help with maintaining compliant internal controls. Third-party assurance reports (eg, SOC2) are periodically reviewed by the organisations surveyed to understand shared responsibilities with cloud vendors and where gaps in controls need to be remediated. Nevertheless, these organisations have concerns about visibility and the inability to obtain real-time compliance from cloud service providers, rather than annual or semi-annual reports.

Internal auditors and technology risk functions need to know how to respond to the emerging areas of technology risks their businesses face.

Trends in technology risks 2023

Read this article

Practical steps across the lines of defence

When it comes to implementing cloud controls, a cloud assurance strategy and monitoring of cloud controls, there are practical steps that each line of defence can start to apply. Too much assurance can become a burden on the business, with a negligible increase in overall assurance and benefit to governance.

We recommend maintaining an assurance map that provides a point-in-time view of plans across the three lines of defence, and the overall status of activities and observations. This enables better visibility of the assurance being provided on a risk-by-risk basis and allows the relevant governance groups, including the Audit Committee, to make informed choices about whether the assurance is at the required level to meet the board’s risk appetite, including regulatory requirements.

First line of defence: operational management

Implementing cloud controls and standards that align with industry good practices, such as the Cloud Security Alliance's Cloud Controls Matrix (CCM) or the National Institute of Standards and Technology's (NIST) Cloud Computing Security Reference Architecture (CCSRA)
Engaging with cloud subject matter experts who can provide practical advice around implementing these frameworks and ensuring that controls are sustainable
Regularly reviewing and updating cloud environment configurations, access controls, and activity logs to ensure they are aligned with internal policies and objectives, with a view to move towards more automated controls
Conducting regular cloud training for employees and third-party contractors who have access to the company's cloud infrastructure, including security, resilience and shared responsibilities
Implementing controls to ensure that all new system implementations to public cloud environments follow a defined due diligence process, including input from security and technology functions
Agreeing clear roles and responsibilities, both internally and with vendors, for managing the cloud operations and controls

Second line of defence: risk management and compliance

Conducting risk assessments and impact analyses of cloud environments to determine priority and frequency of reviews for the controls in these environments
Regularly monitoring cloud environments for compliance with internal and regulatory requirements, and identifying areas for improvement
Engaging with cloud subject matter experts who understand the unique risks of each cloud service provider and can advise cloud control owners on how to tailor controls to address these
Collaborating with first-line management to develop and implement cloud controls that address identified risks and compliance gaps

Third line of defence: internal audit

Conducting independent assessments of cloud environments and controls to provide assurance to senior management and the board of directors
Augmenting audit teams with cloud subject matter experts who can provide challenge to technology functions on a peer-to-peer level around the design and effectiveness of cloud controls
Testing the effectiveness of cloud controls and maturing assurance activities with increased levels of control testing automation and dashboarding capabilities
Reviewing and evaluating third-party vendor risk management processes and controls related to cloud environments

Addressing the challenges

The rapid growth of cloud spend and adoption is set to continue, with organisations moving more applications to cloud infrastructure, including critical applications. At the same time, companies are facing challenges with cloud controls and assurance, such as inconsistent approaches across teams, cloud concentration risks, and lock-in with vendors.

To address these challenges, organisations need to adopt good practices across all three lines of defence. People are key enablers, therefore teams need to upskill around cloud risks and controls, and call on subject matter experts to provide in-depth, tailored insight and independent assurance for the chosen cloud solutions.

For more insight and guidance, contact Cristiana Mirosanu and Ian Greaves.

Read our insights, reports and more

Heads of internal audit: technical updates and guidance to support your role

Get the latest insights, events and guidance, straight to your inbox.

Cloud assurance: keeping up with cloud adoption trends

How are companies tackling cloud assurance?

Approach to cloud control assurance

Cloud concentration risks

Exit strategy

Cloud assurance good practices

Cloud frameworks and control design

Assessing cloud control design

Assessing cloud control operating effectiveness

Assessing cloud control monitoring

Practical steps across the lines of defence

First line of defence: operational management

Second line of defence: risk management and compliance

Third line of defence: internal audit

Addressing the challenges

Heads of internal audit: technical updates and guidance to support your role

CONNECT

About

Legal