-
Other audit services
We help clients with the application and use of foreign financial aid of EU and other funds and help prepare financial reports.
-
Audit calculator
The calculator will answer if the company's sales revenue, assets or number of employees exceed the limit of an inspection or audit.
-
Payroll and related services
We perform payroll accounting for companies whether they employ a few or hundreds of employees.
-
Tax accounting
Grant Thornton Baltic's experienced tax specialists support accountants and offer reasonable and practical solutions.
-
Reporting
We prepare annual reports in a timely manner. We help to prepare management reports and various mandatory reports.
-
Consolidation of financial statements
Our experienced accountants and advisors help you prepare consolidation tables and make the consolidation process more efficient.
-
Consultancy and temporary staff
Our experienced specialists advise on more complex accounting transactions, rectify poor historic accounting, and offer the temporary replacement of an accountant.
-
Outsourced CFO service
Our CFO service is suitable for companies of all sizes and in all industries. We offer services to our clients in the required amount and competences.
-
Assessment of accounting processes
We help companies to implement accounting practices that are in compliance with local and international standards.
-
Accounting services for small businesses
We offer affordable service for small businesses. We help organize processes as smartly and cost-effectively as possible.
-
Cryptocurrency accounting
We keep up with blockchain technology to serve and advise crypto companies. We are supported by a network of colleagues in 130 countries.
-
Trainings and seminars
Our accountants have experience in all matters related to accounting and reporting. We offer our clients professional training according to their needs.
-
Business advisory
We offer legal support to both start-ups and expanding companies, making sure that all legal steps are well thought out in detail.
-
Fintech advisory
Our specialists advise payment institutions, virtual currency service providers and financial institutions.
-
Corporate advisory
We advise on legal, tax and financial matters necessary for better management of the company's legal or organizational structure.
-
Transaction advisory
We provide advice in all aspects of the transaction process.
-
Legal due diligence
We thoroughly analyze the internal documents, legal relations, and business compliance of the company to be merged or acquired.
-
In-house lawyer service
The service is intended for entrepreneurs who are looking for a reliable partner to solve the company's day-to-day legal issues.
-
The contact person service
We offer a contact person service to Estonian companies with a board located abroad.
-
Training
We organize both public trainings and tailor made trainings ordered by clients on current legal and tax issues.
-
Whistleblower channel
At Grant Thornton Baltic, we believe that a well-designed and effective reporting channel is an efficient way of achieving trustworthiness.
-
Business model or strategy renewal
In order to be successful, every company, regardless of the size of the organization, must have a clear strategy, ie know where the whole team is heading.
-
Marketing and brand strategy; creation and updating of the client management system
We support you in updating your marketing and brand strategy and customer management system, so that you can adapt in this time of rapid changes.
-
Coaching and development support
A good organizational culture is like a trump card for a company. We guide you how to collect trump cards!
-
Digital services
Today, the question is not whether to digitize, but how to do it. We help you develop and implement smart digital solutions.
-
Sales organisation development
Our mission is to improve our customers' business results by choosing the right focuses and providing a clear and systematic path to a solution.
-
Business plan development
A good business plan is a guide and management tool for an entrepreneur, a source of information for financial institutions and potential investors to make financial decisions.
-
Due diligence
We perform due diligence so that investors can get a thorough overview of the company before the planned purchase transaction.
-
Mergers and acquisitions
We provide advice in all aspects of the transaction process.
-
Valuation services
We estimate the company's market value, asset value and other asset groups based on internationally accepted methodology.
-
Forensic expert services
Our experienced, nationally recognized forensic experts provide assessments in the economic and financial field.
-
Business plans and financial forecasts
The lack of planning and control of cash resources is the reason often given for the failure of many businesses. We help you prepare proper forecasts to reduce business risks.
-
Outsourced CFO service
Our CFO service is suitable for companies of all sizes and in all industries. We offer services to our clients in the required amount and competences.
-
Reorganization
Our experienced reorganizers offer ways to overcome the company's economic difficulties and restore liquidity in order to manage sustainably in the future.
-
Restructuring and reorganisation
We offer individual complete solutions for reorganizing the structure of companies.
-
Corporate taxation
We advise on all matters related to corporate taxation.
-
Value added tax and other indirect taxes
We have extensive knowledge in the field of VAT, excise duties and customs, both on the national and international level.
-
International taxation
We advise on foreign tax systems and international tax regulations, including the requirements of cross-border reporting.
-
Transfer pricing
We help plan and document all aspects of a company's transfer pricing strategy.
-
Taxation of transactions
We plan the tax consequences of a company's acquisition, transfer, refinancing, restructuring, and listing of bonds or shares.
-
Taxation of employees in cross-border operations
An employee of an Estonian company abroad and an employee of a foreign company in Estonia - we advise on tax rules.
-
Tax risk audit
We perform a risk audit that helps diagnose and limit tax risks and optimize tax obligations.
-
Representing the client in Tax Board
We prevent tax problems and ensure smooth communication with the Tax and Customs Board.
-
Taxation of private individuals
We advise individuals on personal income taxation issues and, represent the client in communication with the Tax and Customs Board.
-
Pan-Baltic tax system comparison
Our tax specialists have prepared a comparison of the tax systems of the Baltic countries regarding the taxation of companies and individuals.
-
Internal audit
We assist you in performing the internal audit function, performing internal audits and advisory work, evaluating governance, and conducting training.
-
Internal Audit in the Financial Services Sector
We provide internal audit services to financial sector companies. We can support the creation of an internal audit function already when applying for a sectoral activity license.
-
Audit of projects
We conduct audits of projects that have received European Union funds, state aid, foreign aid, or other grants.
-
Prevention of money laundering
We help to prepare a money laundering risk assessment and efficient anti-money laundering procedures, conduct internal audits and training.
-
Risk assessment and risk management
We advise you on conducting a risk assessment and setting up a risk management system.
-
Custom tasks
At the request of the client, we perform audits, inspections and analyzes with a specific purpose and scope.
-
External Quality Assessment of the Internal Audit Activity
We conduct an external evaluation of the quality of the internal audit or provide independent assurance on the self-assessment.
-
Whistleblowing and reporting misconduct
We can help build the whistleblowing system, from implementation, internal repairs and staff training to the creation of a reporting channel and case management.
-
Information security management
We provide you with an information security management service that will optimise resources, give you an overview of the security situation and ensure compliance with the legislation and standards.
-
Information security roadmap
We analyse your organisation to understand which standards or regulations apply to your activities, identify any gaps and make proposals to fix them.
-
Internal audit of information security
Our specialists help detect and correct information security deficiencies by verifying an organization's compliance with legislation and standards.
-
Third party management
Our specialists help reduce the risks associated with using services provided by third parties.
-
Information security training
We offer various training and awareness building programmes to ensure that all parties are well aware of the information security requirements, their responsibilities when choosing a service provider and their potential risks.
-
ESG advisory
We help solve issues related to the environment, social capital, employees, business model and good management practices.
-
ESG audit
Our auditors review and certify sustainability reports in line with international standards.
-
Sustainable investments
We help investors conduct analysis of companies they’re interested in, examining environmental topics, corporate social responsibility and good governance practices.
-
Sustainable tax behaviour
Our international taxation specialists define the concept of sustainable tax behaviour and offer services for sustainable tax practices.
-
ESG manager service
Your company doesn’t necessarily need an in-house ESG manager. This role can also be outsourced as a service.
-
Recruitment services – personnel search
We help fill positions in your company with competent and dedicated employees who help realize the company's strategic goals.
-
Recruitment support services
Support services help to determine whether the candidates match the company's expectations. The most used support services are candidate testing and evaluation.
-
Implementation of human resource management processes
We either assume a full control of the launch of processes related to HR management, or we are a supportive advisory partner for the HR manager.
-
Audit of HR management processes
We map the HR management processes and provide an overview of how to assess the health of the organization from the HR management perspective.
-
HR Documentation and Operating Model Advisory Services work
We support companies in setting up HR documentation and operational processes with a necessary quality.
-
Employee Surveys
We help to carry out goal-oriented and high-quality employee surveys. We analyse the results, make reports, and draw conclusions.
-
HR Management outsourcing
We offer both temporary and permanent/long-term HR manager services to companies.
-
Digital strategy
We help assess the digital maturity of your organization, create a strategy that matches your needs and capabilities, and develop key metrics.
-
Intelligent automation
We aid you in determining your business’ needs and opportunities, as well as model the business processes to provide the best user experience and efficiency.
-
Business Intelligence
Our team of experienced business analysts will help you get a grip on your data by mapping and structuring all the data available.
-
Cybersecurity
A proactive cyber strategy delivers you peace of mind, allowing you to focus on realising your company’s growth potential.
-
Innovation as a Service
On average, one in four projects fails and one in two needs changes. We help manage the innovation of your company's digital solutions!
Actually, there’s nothing that new about them. Anyone who has to consider any aspect of cybersecurity at their company has probably heard the sonorous sounding terms NIS 2, DORA, E-ITS or even ISO 27001.
If this seems not to have anything to do with your company, read on: you’re almost certain to have either customers or partners whom it does impact or pertain to. It's worth keeping yourself up to date, whether you’re a rank-and-file employee or executive.
On the Äripäev business daily radio programme “Kasvukursil”, a panel consisting of Head of Risk at Telia Eesti Andreas Meister, Grant Thornton Baltic’s Head of IT Artti Aston and CEO of data security provider FocusIT and Head of IT security at SALVe Doris Matteus discussed data security regulations and standards.
What is NIS 2?
NIS 2 directive is a new EU regulation that establishes new more stringent requirements for cyber security for providers of important services. While it entered into force in January 2023, it will apply in Estonia starting October 2024.
The NIS 2 directive applies to companies who provide services or operate in the EU, are at least medium-sized with 50 employees and whose annual balance sheet volume or turnover is more than 10 million euros, Artti Aston explained.
The NIS 2 directive applies to your company if you are operating in the following fields:
- electricity, district heating and cooling
- oil, gas, hydrogen
- air, railway, water or road transport
- banking, financial market infrastructure
- healthcare, research institutes
- drinking water, wastewater, waste handling
- digital infrastructure, ICT service management (business-to-business), digital service providers
- public administration units, postal and courier services
- manufacture, production and distribution of chemicals, production, processing and marketing of food, manufacturing (e.g. of computers, electronics and optical equipment)
Source: “Kasvukursil”, European Parliament website
If your company is in one of these sectors, you will have to take action and get up to speed with the new directive. Of course, you can ask your cybersecurity partner for assistance.
“In the Estonian context, what is important about the NIS 2 changes is that it requires amendments to legislation. But somehow the efforts have stalled out, since we’re still waiting for the draft amendments implementing the NIS 2 directive to become accessible for everyone to read. I think it would be important to Estonian companies to start familiarising themselves with this,” said Meister, expressing criticism.
Meister said the main thing that has to be done in connection with NIS 2 is something Estonian businesses are doing anyway. “It all starts with risk management at a company. The expectation is that companies will devote attention to cyber risks, data security policies. That companies conduct risk analyses and it is very important that they also have incident reporting processes,” Meister stressed. The State Information System Authority, Data Protection Inspectorate or partners should always be notified, for example, if you’re hit by a cyber incident.
Although the new regulations seem vague, it is likely we will make a smooth transition to them. Matteus recalled the concerns revolving around GDPR. “Yes, I would definitely draw a parallel to GDPR: if you take part in conferences and seminars, it is a similar atmosphere to the one we had in 2018 before GDPR came into force. No one knew what would happen,” said Matteus and added that a trustworthy company would get up to speed with the topic one way or another.
Still, does every company have the resources to do its research and bring itself into conformity with the requirements? No, and they don’t have to. Meister gave the example of general medicine centres. “In practice, we don’t imagine that a GP centre would start organising all this alongside its everyday work. If I were a family wellness centre’s IT person, I would outsource the services I needed pursuant to the standard,” he said.
A separate regulation called DORA (Digital Operational Resilience Act) will apply to companies in the financial sector in Europe. Guests on the program said this regulation will require an even broader review of cyber risks. DORA comes into effect on 17 January 2025.
What is DORA?
DORA deals with digital operational resilience in the financial sector and establishes rules for ICT risk management, incident reporting, digital resilience testing and managing ICT third-party risk. To this point, ICT risks in the financial sector had not been governed at a regulation level in the EU, but rather under more general guidelines with different regulation of ICT risks in different member states. DORA establishes, more specifically as well as more broadly, requirements for financial sector enterprises – and these requirements will be directly applicable. In addition, additional technical standards will be established, which financial enterprises will have to implement when the regulation comes into force.
Source: “Kasvukursil” and www.digital-operational-resilience-act.com
If your company is in the purview of both NIS 2 and DORA, DORA is the more important one and takes precedence for financial sector companies, said Matteus. Artti Aston added that various e-money organisations and investment firms’ crypto asset services are also covered by DORA. “There are some sorts of exceptions with additional compliance requirements. What’s important about DORA is that IT services that provide services to financial credit institutions are also partially under supervision of this regulation,” said Aston.
Companies must always be aware of the fact that their partners have to be skilful in managing data security and must also meet the requirements that you have to comply with. More information about DORA is available here.
Knowledge about several standards is necessary for conforming to the requirements. For instance, ISO 27001. “This standard makes it quite easy to prove to your client that we have a certain level of data security; certain processes in place, they are expected to work, since they have been audited by an independent auditor,” said Matteus in summing up.
What is ISO 27001?
ISO 27001 is an international standard for managing data security. The standard defines a systematic approach for creating, implementing, maintaining and constantly improving data security management in an organisation. Organisations can be ISO 27001 certified to demonstrate to clients and other parties that they take IT security seriously and that they have implemented appropriate controls for keeping information safe.
ISO 27001 certification is beneficial for organisations that need to administer and safeguard different types of information and whose activity is related to data security, e.g. the financial sector, healthcare, IT etc. In addition, it is necessary for organisations whose partnership with the state, private sector or NGO sector organisations depends on effective compliance with data security standards.
Source: “Kasvukursil” and itgovernance.eu
Actually, Estonia has its own IT security standard, E-ITS. “It isn’t a set of rules that have to be followed. It’s a standard that ensures that I have set goals or fulfilled requirements. There is a menu of different standards here, like ISO 27001. It is a means of substantiation,” said Aston.
The guests emphasised that the number of cyber incidents is continually growing in Estonia. Meister stressed that IT services are constantly tested. “Someone is always trying to case the joint for some security vulnerability. They are constantly knocking on the doors. Once a vulnerability has been identified, even if it seems innocuous, it means cyber criminals have gained entry and will not fail to exploit the opportunities.”
If you have similar challenges and questions, please contact our specialists.