back

Global site

Global site
Africa
Americas
Asia Pacific
Europe
Middle East

Skip to content
Skip to navigation

Our offices

type to see results

back

Advisory
Audit and Assurance
Corporate Accounting and Outsourcing
Financial Services
Tax

Advisory

As your business grows, our advisory services are designed to help you achieve your goals.

See Overview

Business Consulting
Our Consulting team guarantees quick turnarounds, lower partner-to-staff ratio than most and superior results delivered on a range of services.
Business Risk Services
Our Business Risk Services team deliver practical and pragmatic solutions that support clients in growing and protecting the inherent value of their businesses.
Deal Advisory
Our experienced Deal Advisory team has provided a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
Digital Risk
Our Digital Risk team offer advisory and consulting solutions that give our clients peace of mind, clear value for money and an enhanced ability to react to cyber attacks.
Digital Transformation
Our Digital Transformation team work with business leaders to deliver efficient digital strategies and operating models that provide new or enhanced capabilities.
Forensic Accounting
Our Forensic and Investigation Services team have targeted solutions to solve difficult challenges - making the difference between finding the truth or being left in the dark.
Objectives and Key Results (OKRs)
Objectives and Key Results (OKRs) is a goal setting framework that helps teams, individuals and organisations set and track measurable goals.
People and Change Consulting
Our People & Change Consulting team help clients adapt to the changing nature of the workforce - how they attract, retain, engage, develop, deploy and lead their people.
Financial Accounting and Advisory Services (FAAS)
Our FAAS team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.
Restructuring
Grant Thornton is Ireland’s leading provider of insolvency and corporate recovery solutions.

Related insights:

Business Risk Services The changing face of fraud risk means businesses have to be on guard more now than ever

Businesses and organisations here have become a greater target for fraudulent activity by criminals looking to exploit the vast amounts of data that is created, shared and uploaded every second of the day. The challenge now is how to identify, monitor and manage that risk.

Sara McAllister

| 4 min read | 06 Dec 2023

Audit and Assurance

Our audit approach combines the rigorous standards of professional independence and objectivity, with a methodology that focuses on critical risk areas and...

See Overview

Corporate Accounting and Outsourcing

At Grant Thornton we have extensive knowledge and experience in providing tailored solutions to our clients, whether on a short-term or long-term basis.

See Overview

Outsourced Payroll
Our outsourced payroll teams become your dedicated payroll department, aiming to process your payroll in the most cost effective and compliant manner.
Outsourcing
Grant Thornton's reliable and cost-effective outsourcing services help you streamline your business operations by taking care of your workload.

Related insights:

Insurance Central Bank's Expectations on Outsourcing

The Central Bank of Ireland has reminded firms of their obligations to align the governance and oversight of MGA arrangements with the outsourcing requirements set out in Solvency II for Critical or Important Functions or Activities.

| 4 min read | 13 Mar 2023

Financial Services

Grant Thornton’s offering to the financial services industry is unique in that our team brings a wide range of experience with backgrounds in banking,...

See Overview

Actuarial
Our Actuarial team provides a comprehensive range of services to our insurance clients. From regulatory support for compliance to delivering specialist expertise in insurance & reinsurance.
Data Analytics
Our team helps to unlock the potential of data analytics within your organisation, allowing you to be more innovative, efficient and customer-centric than ever before.
Digital and Fintech
Our FinTech team are experts in technology and financial services and have a long track record of helping companies achieve sustained advantage.
Digital Risk
Our Digital Risk team offer advisory and consulting solutions that give our clients peace of mind, clear value for money and an enhanced ability to react to cyber attacks.
Financial Services Audit
Our Financial Services Audit team offers expertise and knowledge along with a horizontal approach to solving clients’ problems and queries.
Financial Services Consulting
We work closely with clients to understand their strategy and benchmark their performance against the very best international standards.
FS Business Risk Services
Our FS Business Risk team have real experience of the financial services sector, through working within regulatory bodies or holding leadership positions in Risk, Compliance and Internal Audit functions.
Grant Thornton Pensioneer Trustees Limited
The Grant Thornton Pensioneer Trustee service can offer business owners, directors and employees the opportunity to manage their own retirement choices with full transparency.
Pension Audit
The Grant Thornton Pension Audit team has vast experience in managing schemes and preparing annual reports on them for clients.
Prudential Risk
Our industry leading Prudential Risk team works with clients on a range of areas including regulatory reporting, regulatory authorisations, on-site investigations and data quality assurance.
Quantitative Risk
Our Quantitative Risk team members bring a wide range of experience with many of them having backgrounds in banking, investment markets, regulation, professional practice, and academia.
Sustainability desk
We recognise that businesses are operating at different levels of maturity when it comes to sustainability, and pride ourselves on working with our clients to develop bespoke solutions to their needs.
Financial Accounting and Advisory Services (FAAS)
Our Financial Accounting and Advisory Services (FAAS) team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.

Related insights:

Conduct Risk CBI publishes final IAF guidance

It was broadly agreed that the implementation of the IAF will provide clarity of responsibilities, which will underpin sound governance across the financial sector, enhancing the culture of accountability in firms, and bringing clarity to individuals in respect of the standards of conduct they are expected to meet.

| 6 min read | 16 Nov 2023

Tax

Grant Thornton Ireland has a team of over 100 tax professionals providing advice to a diverse range of clients, including sole traders, small and medium sized...

See Overview

Corporate Tax
Our Corporate Tax team is made up of more than 40 highly experienced senior partners and directors who work directly with a wide range of domestic and international clients; covering Corporation Tax, Company Secretarial, Employer Solutions, Global Mobility and Tax Incentives.
Financial Services Tax
The Grant Thornton team is made up of experts who are fully up to date in terms of changing and evolving tax legislation. This is combined with industry expertise and an in-depth knowledge of the evolving financial services regulatory landscape.
International Tax
We develop close relationships with clients in order to gain a deep understanding of their businesses to ensure they make the right operational decisions. The wrong decision on how a company sells into a new market or establishes a new subsidiary can have major tax implications.
Private Client Services
Grant Thornton’s Private Client Services team can advise you on all areas of financial, pension, investment, succession and inheritance planning. We understand that each individual’s circumstances are different to the next and we tailor our services to suit your specific needs.
VAT
Grant Thornton’s team of indirect tax specialists helps a range of clients across a variety of sectors including pharmaceuticals, financial services, construction and property and food to navigate these complexities.

Related insights:

Employer Solutions Share Options: New employer PAYE reporting requirements from 1 January 2024

Finance Bill (No. 2) 2023 introduced an amendment to the collection and reporting requirements of share option related taxes. The taxation of a gain realised on the exercise, assignment or release of share options has moved from an individual self-assessment system to a PAYE real-time payroll withholding system.

Jane Quirke

| 4 min read | 30 Nov 2023

About us

Grant Thornton Ireland has approximately 3,000 people, in 9 offices across Ireland, Isle of Man, Gibraltar and Bermuda, and a presence in over 140 countries...

See Overview

Alumni

We believe in a connected world — so we created an industry-leading online Alumni Network that focuses on what matters most at Grant Thornton — our people.

See Overview

Events

Browse our schedule of upcoming live events or webinars for the latest thinking from Grant Thornton's subject matter experts.

See Overview

News centre

Explore Grant Thornton's latest press releases and stay informed with our most recent news updates. Our News Centre is your gateway to the latest developments...

See Overview

Subscriptions

See Overview

Business Risk Services

Internal audit empowers third-party risk management

By:

Sara McAllister

13 Feb 20235 min read

Organizations are using more third-party services. That means they are taking on more third-party risks.

Contents

Subscribe to our mailing list

Receive the latest insights, news and more direct to your inbox.

When you have a dependence on third parties, you need a dedicated approach to third-party risk management (TPRM). TPRM programs manage the risks that can be introduced through third-party relationships, including brand and reputation risks through data leaks, disruptions to customer service, supply chain risks and even financial fraud. When your service provider uses downstream entities for extended service and support, you also need to consider the risks from a fourth party (a subcontractor to your third party).

The realities of third-party risks are important in the boardroom. The board’s oversight of the risk function is important to making sure all bases of the risk profile are covered. That’s especially true for private companies, where risks might be greater due to less regulatory mandated oversight.

How can you find the capacity and skills for additional TPRM when you form a significant new third-party relationship?

Internal audit (IA) can play a critical role in responding to this risk environment, and IA is keenly aware of third-party risk. In a recent survey from the Institute for Internal Auditors, third-party risk was identified as one of the top three areas of concern. The internal audit team brings an independent perspective to process, risks and controls, along with experience in reporting to senior leadership, all of which can be key to designing your TPRM program.

Trends in TPRM

As you launch or improve your TPRM program, consider starting with an awareness of market trends. Some of the current trends include:

IA in evaluating TPRM readiness

Internal audit can help you provide a TPRM readiness assessment, which typically includes three phases:

Planning and initiation:
IA can help evaluate the effectiveness of a TPRM program by selecting a framework that provides a comprehensive view of the TPRM program lifecycle and in defining the in-scope operating environment.
TPRM program assessment:
IA can help assess the governance and operating model, including TPRM program lifecycle to evaluate controls and to identify process gaps and opportunities for improvement.
Reporting:
IA can help prioritize any remediation needs with key stakeholders, develop a comprehensive program assessment and compile a report for board and executive leadership.

IA in assessing TPRM frameworks

There are essentially three TPRM program governance models to consider for your organization: centralized, federated, and de-centralized. The internal audit team can help determine which will work best in the structure of your organization, as each model comes with its own unique benefits and challenges to weigh.

Since internal auditors are independent and objective, they are often called upon to wear a consultant hat instead of an auditor hat. Their risk-based perspective can help determine the maturity level of the existing third-party risk management process, and what governance model and operating framework is the most appropriate. Their knowledge can help determine the appropriate controls for each relationship. IA knows the right questions to help ensure your organization gets the information it needs to select, monitor and manage third-party relationships.

For example, if a third party has access to the company’s data, you might need to ask:

Is there a defined data classification policy? Does the policy clearly define how certain classes of data should be secured?
Does the third party have privileged access or elevated privileges? If so, does it log and perform reviews of the activities it performs?
Does the third party always have carte blanche access, or does it use a limited portal or channel?
Is the third party being monitored by your organization?

IA can also ask important questions in each phase of the TPRM program. For instance, in contracts and negotiation, IA can make sure you include a “right to audit” clause so that your organization can perform its own investigation if necessary. It’s also important to assess how the third party might be able to grow with your organization in the future.

IA in every phase of TPRM program lifecycle

A TPRM program lifecycle is designed to maximize the business goals while minimizing the risks that arise from external relationships. The goals of the program should be to increase awareness of third-party management roles and responsibilities; establish coordination of third-party relationships; provide a clear understanding of risk; and deliver standardized risk classification and rating levels. The program lifecycle comprises four phases, and IA can play an important role in each one:

Profiling and selection (due diligence):
IA can evaluate the profiling and selection process, along with adoption and consistency. IA can also assess the risk assessment process, including risk acceptance and exception. The exception process should depend on the risk level of the third party or vendor, require approval from designated authorities and identify compensating controls.
Contract negotiation:
IA can evaluate the entry criteria before a contract is negotiated, to determine if it was evaluated using appropriate mechanisms. A third party or vendor should only be on-boarded after the contractual obligations are met — or for exceptions, after risk mitigation strategies are in place to ensure compensating controls are implemented in a timely manner.
Managing and monitoring:
IA can review guiding principles for risk assessment and monitoring review frequency. These should be based on the nature of service provided and the risk exposure that the company faces when contracting with the third party or vendor.
Termination/off-boarding:
IA can review the process for off-boarding to ensure there is a comprehensive checklist, and appropriate controls and communications in situ.

Outlined below is a typical TPRM program framework, illustrating the business drivers, risk areas and program components over the four phases of the TPRM program lifecycle:

Third party risk management program framework

Third-party services can often help lower costs, improve efficiency, add skills, boost capacity and offer other benefits, but those benefits come with risks that should be managed.

That’s why it’s essential to have a comprehensive and well-designed TPRM program to provide ongoing control monitoring and risk oversight. Internal audit is a valuable partner in addressing these risks, from evaluating the TPRM program governance model to assessing the process, risks and controls through the TPRM program lifecycle. All of this work plays an important role in managing the risks that arise from third party relationships.