• Grant Thornton in Hungary
          • The key to success is a partner with comprehensive knowledge and many years of experience. Our ambition is to serve dynamic organizations and we understand ourselves as specialists for the Central European region.

            Being a member firm of Grant Thornton enables us to represent the interests of our clients even outside of Central Europe. We think that the key to success is to have partners with comprehensive knowledge and many years of experience.

            Our consultants are specialists for the Central European region and our firm has strong links with Grant Thornton member firms in the region.

            Over the past years, Grant Thornton has built a strong position on the Hungarian market as a provider accounting, payroll, valuation and Corporate Finance services.

    • Our values
    • Contact us
    • References
    • Audit & Assurance
          • Audit & Assurance

            • Mandatory audits and voluntary audits of single-entity and consolidated financial statements
            • Obligatory and voluntary audits of annual financial statements and group financial statements
            • Audits of foundations
            • Due diligence audits
            • Audits pursuant to capital market law (listing prospectuses and investment fund annual reports)
            • High Level Reviews
            • Agreed upon procedures
            • Special audits (company transformations, mergers, special audits according to stock corporation law, etc.)
            • Accounting audits and management audits, especially as auditors of associations
            • Audits for fraud detection
    • Tax consultancy
    • Tax compliance
    • Accounting
          • Accounting

            • Journal entry of ongoing business transactions and computer-based record-keeping
            • Compilation of regular analysis reports and information on business development
            • Preparation of single-entity financial statements, notes to financial statements and drafting assistance for the report of the management board
            • Preparation of tax returns
            • Notifications to the Companies Register and other public authorities
    • Payroll
          • Payroll

            • Full-scale payroll services, calculation of salaries, taxes and contributions to be paid
            • Management of payroll reports, online sending of pay slips to employees, with password protection
            • Preparation and filing of data disclosures, returns and notifications to the authorities
            • Administration of new and leaving employees
            • Monitoring and administration of leaves and other absences
            • Preparation of employer’s certificates, tax certificates
            • Administration of terminations of employment, resignations, dismissals
            • Salary payments by bank transfer
            • Completion of tax and social security transfer orders
            • Social security benefit claims and administration
            • Performance of social security paying agent duties
            • Representation before the authorities in case of audits
            • Preparing reports
            • Payroll and employment administration advisory service
    • Human capital services
    • Sustainability, ESG consultancy
    • Strategic consultancy
          • SPECIAL AREAS OF EXPERTISE

            • Corporate governance by owner model
            • Succession management, generational change
            • CEO consulting
            • Creation of corporate strategy
            • Developing effective, collaborative, visible management
            • Development of sales organisations
            • Business mentoring for middle and senior managers
            • Interim management
            • Consultancy in case of planned outsourcing
            • Subsidies related to company formation
            • Business plans and feasibility studies
            • Consultancy and support prior to negotiations with banks
    • Transaction advisory service
          • Corporate Finance

            • Mergers, acquistions (sale side and purchase side Consulting)
            • Organization of tenders
            • Set up transaction structures
            • Due diligence
            • Project, debt and equity financing
            • Valuation services
            • Public and private capital market transactions (ECM, DCM)
    • Valuation
          • Financial Valuations:

            • Company valuation
            • Valuation of intangible assets (know-how, brand name, licence, technology, software, etc.)
            • Business planning
            • Market modelling
            • Capitalization rate structuring
            • Purchase price allocation
            • Impairment testing (IFRS, US GAAP)
            • AMADEUS database research and benchmark studies for transfer pricing
          • Fixed Asset Valuation:

            • Real estate valuation
            • Machinery and equipment valuation
            • Collateral valuation
            • Independent technical advisory
            • Feasibility studies
            • Technical due diligence
            • Valuation for insurance purposes
            • Remaining life estimation
    • Controlling and management reporting
          • Controlling

            • Interim financial management
            • Reviewing of financial systems and processes
            • Design, implementation and operation of controlling and reporting systems
            • Management of the introduction of business intelligence (BI) and enterprise resource planning (ERP) systems
    • Accounting and Tax automation
    • Transfer Pricing Advisory
          • Transfer Pricing Advisory

            • Transfer pricing advisory
            • Preparation of transfer pricing documentation
    • Whistleblowing
          • Whistleblowing

    • NIS2 consultancy
  • Our experts
  • Insights
  • Glossary
    • Build your career at Grant Thornton
          • Build your career at Grant Thornton

            As a dynamic and growth-oriented company, we offer excellent career opportunities in an international environment.

            We welcome applications by both career-starter and experienced candidates in the following areas: tax consultancy, auditing, accounting and payroll, corporate consultancy, corporate finance and asset valuation.

  • Online offer
News

NIS2: mentoring instead of outsourcing

With the entry into force of the Act on cybersecurity certification and cybersecurity supervision, the transposition of the new NIS2 (Network Information System v2) Directive of the EU into Hungarian law has started. These information security requirements cover a wider range of companies than ever before, with preliminary estimates suggesting 2,500-3,000 companies directly covered. Affected companies had until 30 June 2024 to register with the Supervisory Authority for Regulated Activities (SZFTH). However, in addition to providing administrative and technical company details, the identity and contact information of the chief information security officer (CISO) also had to be provided.

Companies established after 30 June 2024 have 30 days from the date of incorporation to register with the Supervisory Authority.

CISO: Who should be the responsible person?

One of the most important issues during the registration process is the designation of the chief information security officer. In our view, this is a difficult decision for companies with an international background even though the CyberCert Act does not contain any specific expectations or requirements regarding the CISO and explicitly allows for the possibility to fill the position even with the involvement of an external expert.

Outsourcing the work of the CISO is only a partial solution for companies with an international background

Outsourcing the tasks of the chief information security officer may at first sight seem a rational solution when the necessary expertise, experience or resources are not available in-house. However, our experience shows that many companies nevertheless register an information security officer from their internal staff on form of SZFTH.

Before we write about the reasons for this, let us consider the tasks and challenges a prospective internal CISO faces when preparing for a NIS2 audit in a Hungarian subsidiary with an international background.

What is the CISO responsible for?

The primary tasks of the CISO are:

  • reducing the risk of cybersecurity incidents, and
  • shortening the time needed to detect such incidents.

Cybersecurity incidents are typically aimed at acquiring a company’s data assets. The severity of incidents is compounded by the fact that in many cases the attempted data theft can result in a complete or partial service outage or even the suspension of business operations, which in all cases can have at least significant and sometimes catastrophic consequences for a company’s operations.

In addition to reducing the likelihood of cybersecurity incidents, reducing the harm they can cause is in fact a measure of a company’s defensibility and resilience, which can be increased by

  • introducing barriers,
  • establishing rules,
  • deploying tools, and
  • providing training.

The novelty of NIS2 lies in its requirement for affected companies to continuously enhance their cyber defence capabilities in line with these principles, while the legislation also seeks to establish a common standard at the EU level.

It is also important for the CISO to ensure that mandatory information security measures are designed in line with the threats and also fit within the available budget.

Cybersecurity measures inevitably slow down the business, and a large part of the company can be expected to actively cooperate in their implementation. The internal CISO needs to consider the business as a whole when thinking about responses to threats and when working with the local IT team, business area managers, legal professionals, the headquarters (abroad) or even the Supervisory Authority.

Hungarian NIS2 for Hungarian companies

Although NIS2 is an EU directive designed to establish a unified cybersecurity framework and level of protection, Member States are incorporating it into their national legislation at varying speeds and with content that is not entirely consistent.

The internal CISO of a Hungarian subsidiary should be familiar with the specificities of the “Hungarian” NIS2 rules, so that he/she can represent them, along with other domestic requirements, in the development and adaptation of a globally managed information security governance system and related policies and procedures.

The compliance of companies established in Hungary will always be assessed based on the Hungarian CyberCert Act, the implementing decrees, as well as the methodological guidelines issued by Hungarian institutions, and the audits will be conducted in Hungarian and by Hungarian auditors.

Thus, preparation in all cases requires the active involvement of the domestic operation and almost certainly cannot be managed solely from abroad using the policies and system elements developed by the headquarters in their unchanged form.

Despite being an obvious choice, it is not advisable to delegate a member of the IT team as compliance manager

In international corporate groups, CISOs face a rather complex set of responsibilities, so fully outsourcing their tasks may not always prove to be an effective solution.

For these companies, it may be advisable to expand the capabilities and resources of the local compliance officer to ensure they can also coordinate preparations for meeting the new compliance requirements set forth by the CyberCert Act. This can be achieved by involving external consultants and experts as needed.

A compliance manager’s local knowledge, existing channels and acceptance by the local IT team, the central IT management, the business areas and management are assets that will be needed during the implementation of the NIS2 information security management system, as it is likely to have a significant impact on most of the company’s current processes and will also shape the organisational culture.

IT will be a key player in the changes but, as in many other areas, will mainly remain in an implementing role, which makes it unfortunate to combine IT and information security management positions.

Professional mentoring can help compliance managers

NIS2 requires companies to continuously improve their cybersecurity capabilities. In doing so, they need to develop an information security system that can be operated effectively and audited robustly. To succeed, a trusted manager must have a good understanding not only of international and domestic rules, but also of the company’s internal processes and operations.

This makes it difficult to fully outsource NIS2 preparation tasks and may push companies towards developing internal competencies instead. Appropriate mentoring can help compliance managers to adapt to the new requirements.

We offer our NIS2 professional mentoring service to compliance officers who wish to become familiar with the NIS2 information security management system established by the Hungarian provisions of law, which will become a requirement from 2025. This service is also aimed at those seeking a supportive partner for covering the role of the chief information security officer with an internal staff member.

Related Services

NIS2 consultancy

The NIS2 rules apply to state and public administration bodies, as well as large and medium-sized private companies, as defined in detail in the law.

NIS2 mentoring

NIS2 mentoring is designed to support the responsible managers’ professional preparedness and effectiveness.

NIS2 pre-audit

NIS2 internal audits are always conducted by a support team within the company.

NIS2 GAP analysis

Comprehensive analysis and action plan to prepare to comply with the requirements.

Newsletter

Stay informed about the latest professional news.

Subscribe

Read our previous news and analysis.