Here at Grant Thornton, we’re close to mid-market businesses internationally. Around the world our member firms support mid-market companies across all sectors, from retail to manufacturing.

This gives us considerable insight into how the mid-market is feeling about the changing risks and opportunities it faces. Every year we deepen this understanding through our International Business Report (IBR), the longest running survey of mid-market attitudes, including views on sustainability.

We know that mid-market companies are keen to become more sustainable, reflecting their forward-looking, entrepreneurial nature. We also recognise the vital role we, as service providers can play in supporting the transition to net-zero. This is why we recently joined the Net Zero Financial Service Providers Alliance. As the COP26 goals point out: “We can only rise to the challenges of the climate crisis by working together.”

Mid-market businesses see action on sustainability as a business imperative, rather than just ‘doing the right thing’, given increasing pressure from their large multinational supply chain customers, consumers and competitors. Our most recent IBR research confirms this – 62% of those surveyed say sustainability is as important as, or more important than, financial success. And 72% say that prioritising sustainability has become more important than it was pre-pandemic.

Read the full article here.

Next article

Going public is a good way to help your business grow. However, it’s important to be well prepared and rely on a solid team of internal and external specialists.

This was the message to entrepreneurs from Paul Raymond, President and CEO of Alithya, during a one-on-one meeting with Emilio B. Imbriglio, Raymond Chabot Grant Thornton President and CEO.

Alithya, a Québec-based digital strategy and technology company, was first listed on the Toronto Stock Exchange and NASDAQ in November 2018. Under Raymond’s leadership, Alithya has completed 11 acquisitions in the past 10 years, the latest being R3D Conseil (600 professionals) in April 2021. Alithya now employs over 3,300 people, 16 times more than in 2011.

An accelerated IPO

“Alithya decided to launch an initial public offering to address growth objectives in response to client requirements,” explained Paul Raymond.

Its clients were asking it to quickly reach a certain critical mass so they could use its services for strategic projects. Alithya therefore increased its acquisitions and began planning an IPO, in particular, in order to make it easier to share the wealth created among its shareholders.

While the organization was quietly preparing for a potential IPO, the 2018 purchase of U.S.-based, publicly-traded Edgewater Technologies pushed the process into high gear. “The only way we were going to be able to complete the transaction was to become a public company through the acquisition of this company,” Paul Raymond said.

“In my mind, we had two years to prepare for our IPO, but with this transaction, we had to pull out all the stops to complete both the acquisition and the IPO in just six months,” he added.

When Alithya started to negotiate with Edgewater, “We already had a committee consisting of management and external experts, we had external investors and we had started to put governance mechanisms in place, but we were a long way from the governance of a public company”.

Alithya hired a Chief Financial Officer and a Chief Legal Officer with public company experience to successfully complete the transaction and go public.

Advice to CEOs

Paul Raymond and Emilio B. Imbriglio both stressed that preparing an IPO is a demanding process that requires the support of external specialists in all aspects of finance, law, corporate strategy and management.

Before taking the company public, “you need to have a very good vision of its next two years,” advises Alithya’s President. A CEO must be well surrounded in order to be able to delegate certain tasks to trusted managers, because investor and analyst relationships can be time-consuming.

“These people want the CEO to explain the company’s strategy,” said Paul Raymond, who advises entrepreneurs thinking of taking their companies public to get public communications training.

“I’m a big believer in having a good plan when going public, but you also have to be willing to listen and change, which is not always easy for a CEO,” said Paul Raymond, recipient of Investissement Quebec’s CEO Emeritus Award in 2020.

“I’ve seen entrepreneurs who have completely transformed themselves during an IPO process, but I’ve seen others who didn’t anticipate having to deal with this new category of partners (investors) and thought they could continue to do everything just like before,” said Emilio B. Imbriglio.

Paul Raymond also recommend that entrepreneurs learn from their peers and the many support resources in the business community: “In Québec, public company executives are very generous with their time and advice. And there is a whole ecosystem to help entrepreneurs who are considering going public.”

Benefits of being public

According to Paul Raymond, the demands placed on public companies dictate a rigorous management framework and transparent accountability that is to their benefit. “I really like the discipline and quality of governance that being a public company brings because you answer to more than just one shareholder.”

An added benefit of being publicly traded is that there is no need to look for a buyer for the company when the principal executive retires. “There is a natural transfer of power, and the company can continue to grow,” said Paul Raymond.

However, being on the stock market does have some drawbacks. For example, the transparency required means that competitors can see the company’s financials and learn its strategy. “We’re still discovering downsides,” he acknowledged, noting the level of complexity associated with a Québec company being listed on the U.S. stock exchange.

That said, Emilio B. Imbriglio reminds us that public financing is a good way to grow. “Many Québec companies that have become national and international leaders have been able to realize their dreams thanks to public financing. Nevertheless, Québec accounts for only 7% of Canadian companies listed on the two main TMX Group stock exchanges. This is still too few, considering that Québec’s economic weight (GDP) accounts for about 20% of the Canadian economy,” he said.

Emilio B. Imbriglio and Paul Raymond would like the government to consider creating a new plan based on the old Stock Savings Plan (SSP). They say this would allow many companies to benefit from new capital.

The human side above all

Paul Raymond believes it is essential for people to be at the heart of a company’s technological progress and strategic decisions, whether it be employees, customers or shareholders.

“I have always felt that people have an incredible capacity to adapt. We’ve seen that over the last year and a half. When employees understand why changes are being made, it’s much easier to introduce those changes and train them.”

He said the rise of telework as a result of the pandemic is now a fact of life and is beneficial on many levels, from increased employee productivity to a reduced environmental footprint, for example.

The rollout of high-speed internet across the province is a major wealth-creating project, he said. “We’re sitting on a gold mine in Québec with green energy, high-speed internet in every home and the world’s largest market less than an hour’s drive from Montréal.”

Next article

Alexandre Blanc
CISO - VARS | Digital and technology consulting

Your data is worth a fortune on the dark web. To keep it safe, you have to think like cybercriminals. How do they do it and how do you hinder them?

Understanding how cybercriminals work is key to ensuring that your corporate computer data is safe. How do they gain access to your data? They steal your identity information, either by using phishing emails sent to your users or by exploiting vulnerabilities in systems and applications that may be out of date. They then determine which of your data are the most sensitive so they can exploit them.

Cybersecurity is constantly evolving, and your organization needs to keep up. It has to be forward-thinking about what is going to happen so it is prepared for fraud and theft attempts.

To protect your computer data, make sure you have a good computer security posture.

Classify your data by importance
Be aware of internal threats
Choose the best means of protection

Classify your data by importance

The first step in a process to improve your computer security posture is to classify your data by importance. Here are a few key questions you need to answer BEFORE starting to implement efficient controls in a governance context:

  • What needs to be protected?
  • What is the level of sensitivity?
  • Where is the data?
  • Who has access to the data and when was the last time they accessed it?

Once you are able to properly answer these questions, you can begin to build a defence system to protect your most critical data according to your organization’s risk level. Too often, organizations spend a lot of money on controls to mitigate attacks, without ever taking that crucial first step.

Be aware of internal threats

A ransomware attack is the act of breaking into your systems and taking over your data by encrypting it and compromising your backups.

The criminals will demand a ransom in exchange for the encryption key that will allow you to recover your data. However, in many cases, even if you pay the ransom, your data will already be made available to other criminal organizations on the dark web. This is the multiple extortion model where a second lever can be used through blackmail, or worse, making you lose access to your data forever, since criminals find that selling this data on the dark web is of greater interest. This is why it’s important to protecting yourself against it.

However, the threat to your data can also come from within and you must also take this into account in your protection plan. For example:

  • Careless workers may unintentionally put the organization at risk (storing sensitive data on an unencrypted USB drive or disk, leaving a laptop or other device unattended where that data could be stolen, leaving confidential documents on a desk).
  • Employees who are terminated or voluntarily leave could take organizational data with them (intellectual property or organization data generated or used by the employee, customer lists, trade secrets).
  • Employees could circumvent security because it hinders their productivity (saving files to a personal hard drive, using applications not approved by the organization, unapproved collaboration).
  • Malicious employees who have a grievance against an organization may choose to act on it (disclose confidential data, commit sabotage, alter or delete sensitive data).
  • Infiltrators, working on behalf of an outside group may want to commit a data breach or other industrial espionage attack (these insiders may be malicious, deceived through social engineering, or coerced through bribery or blackmail, and allow an outside group to gain access and user privileges).

Note that third-party partners can pose the same threats and cause the same damage as an organization’s employees with similar access. According to Threatpost, 94% of organizations provide their vendors, suppliers, business partners and others with access to their networks and systems, and 72% of these third parties have elevated permissions on those systems. If they have poor cybersecurity hygiene, they put you at risk every time they log into your systems.

Choose the best means of protection

Once you have classified your data, there are practical and simple ways to protect your most sensitive and critical data from any type of attack.

Encryption

Make your data virtually unreadable by anyone who doesn’t have the key, both while in storage and while in transit or in use.

Secure, offline backups

Make sure your backups are not only online, otherwise they could also be compromised, making them impossible to restore.

Eliminate unauthorized file editing, deletion and movement

If you are using Active Directory (AD), there are simple solutions to protect your unstructured data and set up monitoring of your dark web footprint.

Email threat filtering

No single solution can eliminate all malware and attacks, but by eliminating most of them, you will significantly reduce your attack surface and risks.

User awareness

Your users have phones, tablets and social media accounts. Make sure they are aware of their dangers to the organization.

Password policy

How many of your users have the same password for work, their social media or their bank accounts?

Multi-factor authentication

The second static factor is no longer sufficient and hasn’t been for a long time. You need a solution that incorporates time and location and other attributes to prevent remote access to your data.

Third-party suppliers and super-administrator access

You need an approval process for all external and internal access to sensitive systems, as well as a complete audit trail and indexed log of every action, including orders.

24/7 detection and response management year round

Monitoring of your files, desktops, servers, networks, mailboxes, and user behaviour should be ongoing and include real-time automated risk mitigation, isolation and remediation.

Zero trust model

This innovative security model ensures a secure connection by eliminating transitive trust and continuously identifying and authenticating each device and user before granting them access to network applications. Your onsite and remote users can securely log in to their work environment with trusted user and endpoint identification and multi-factor and biometric authentication.

You need to construct layered data protection with redundant controls to make it more difficult for cybercriminals to access your data. No single solution will eliminate all threats. However, knowing what your IT security posture is and what IT data needs to be protected to ensure your business’s health provides your organization with solid protection against cyberattacks.

This article was written in collaboration with Harold Walker, Senior Director of VARS, a subsidiary of Raymond Chabot Grant Thornton, specialized in cybersecurity.

21 Oct 2021  |  Written by :

Alexandre Blanc is a cybersecurity expert at Raymond Chabot Grant Thornton.

See the profile

Next article

Frédéric Pinard
Advisor | Organisational psychologist, D.Ps., CRHA | Human resources consulting

How can being kind to yourself make your team more effective? Learn more about self-compassion.

Overwhelmed, resigned, powerless. These feelings are all too common among managers and employees, especially when things are in flux, as they are now. The situation can sometimes seem insurmountable, leaving workers wondering if their individual contributions really make a difference. Yet, there is a simple solution, albeit counter-intuitive, if you want to overcome these feelings : self-compassion.

The concept, which recently surfaced in scientific literature, involves shifting your focus back to yourself so that you are better prepared to face the challenges ahead. Interestingly, self-compassion is not just good for the person who practices it. Their direct and indirect entourage can also reap the benefits.

What is self-compassion?

We are all familiar with how to be compassionate toward others. It is a matter of being attentive and helping those in need. But what is self-compassion? How do you go about practicing it? And how might this attitude trickle down to your colleagues?

Self-compassion consists in being kind with yourself—and not self-critical—when you are faced with a challenging situation. Of course, it is easier said than done. Indeed, many people have an innate tendency to expect more from themselves than they would from others, especially when things aren’t going as planned. This is particularly true for people in management positions.

So, what is involved in being self-compassionate? There are three things to keep in mind:

  • Know your strengths and focus on them (self-kindness);
  • Keep things in perspective and remember that dissatisfaction and disappointment are normal and part of the human experience (common humanity);
  • Stay focused on the here and now (mindfulness).

How do you apply self-compassion in the workplace?

Let’s look at a case study. You and your colleagues are leading a large-scale digital transformation at work. During the implementation phase, it becomes clear that you underestimated the extent to which changing certain software would impact your suppliers. Their adjustment period forces you to extend the implementation phase, which frustrates those who have been clamouring for the new program and galvanizes the ire of those who were not on board with change to begin with. You are beside yourself. How could you have failed to foresee the impacts? What a terrible mistake!

In a situation like this, many people would hang their heads and tell themselves that the situation is all their fault. But will wallowing in guilt help them do better next time? Probably not, though that is nonetheless how a lot of people tend to respond.

Instead, a self-compassionate approach would involve:

  • Recognizing that some aspects of the process went smoothly;
  • Rallying your strengths, particularly the qualities that can help you address the situation (self-kindness);
  • Remembering that pitfalls are part of the change management process (common humanity);
  • Focusing on what you can do to correct the situation (mindfulness).

Compassion is not complacency

It is not about making excuses or shirking your responsibilities. Compassion is not complacency. Rather, it is about being kind and fair to yourself when things go wrong, while still being accountable.

Adopting this attitude will make life easier for you and for those around you. According to some studies, people who are self-compassionate tend to:

  • Be better equipped to help others because they have a better understanding of their own limits;
  • Create a more positive work climate because they are more attuned to other peoples’ acts of kindness and are therefore more likely to reciprocate;
  • Promote team innovation by helping create an environment where people are not afraid to fail and recognize that it is part of the creative process.

If a leader is self-compassionate, it can serve as a good example and inspire their team members to be more compassionate toward themselves.

Benefits for the whole team

Like any skill, self-compassion can be learned, but it involves making a constant conscious effort to change unhelpful thought patterns.

People can learn how to be self-compassionate through individual and group activities.

Given all the advantages of self-compassion, it is likely that tomorrow’s leaders will be both high-achievers and compassionate toward themselves.

14 Oct 2021  |  Written by :

Frédéric Pinard is an expert in Human Resources at Raymond Chabot Grant Thornton.

See the profile