Our Blog - Segal Insider

Segal Celebrates: Convocation and Honour Roll Night

It was a busy weekend for several members of the Segal team!

On Friday night, our very own Chris Ball was one of the honorees at Chartered Professional Accountants of Ontario (CPA Ontario)’s annual CFE Honour Roll dinner at the Four Seasons Hotel in Toronto. The 2018 Honour Roll is made up of the top 1% of all CFE writers across Canada! Segal Principal, Jason Montgomery, was in attendance at the event and says; “It was a privilege to be there in support of Chris, on behalf of Segal LLP, and to witness him being recognized for his incredible achievement.”

The CFE Convocation was also held this weekend with five members of our team- Chris Ball, Chris Luk, Cheryl Vanderland, Katelyn Li and Victoria Huang- in attendance.

Congratulations to all on your accomplishments!

20190308_201846

20190308_201857

Jason and Chris

CFE Convocation

Segal Team Members Take Top Honours

Segal LLP is pleased to congratulate two of our team members on stellar results and achievements.

Our own Cheryl Vanderland is the Recipient of the Alumni Gold Medal for the Lazaridis School of Business & Economics at Wilfrid Laurier University. The gold medal is awarded at convocation in acknowledgment of outstanding academic excellence. Cheryl joined the Segal team last year after completing her co-op terms with us.

Chris Ball, Laurier grad and full-time member of the Segal team, earned a coveted place on the 2018 CFE honour roll. The CFE honour roll recognizes the top one percent of Common Final Examination (CFE) writers across Canada. The CFE is the final examination of the Chartered Professional Accountant (CPA) professional designation in Canada and is the culmination of the rigorous CPA program

To learn more about these talented young professionals, please enjoy these short video interviews:

When and How to Engage a CBV

when & how to engage (1)

 

When and How to Engage a Chartered Business Valuator (“CBV”)

When to involve a CBV

Business owners and legal advisors are often unsure when the services of a CBV are needed and to what extent. Depending on the situation, a CBV could be engaged to act as an independent expert or in an advisory role, where there is no expectation of independence. CBVs are often engaged to work in conjunction with other professionals such as lawyers, accountants and tax specialists.

Examples of situations where a CBV can be involved in are as follows:

Litigation Related Non-Litigation Related
Breach of contract Income tax matters
Loss of profits Estate planning and corporate reorganizations
Business interruption Mergers, acquisitions and divestitures
Personal injury Management buy-outs
Expropriation Financial reporting (IFRS and ASPE)
Shareholder disputes Unanimous shareholder agreements (USA)
Matrimonial disputes Employee share ownership plans (ESOP)


Range of involvement of the CBV

As a trusted expert, the CBV typically provides an expert report containing an independent professional opinion. In doing so, the CBV exercises significant professional judgment and employs his/her experience and independent research. Independent opinion reports prepared on objective basis include the following:

  • Expert Reports related to loss quantification in a litigation context;
  • Limited Critique Reports where one CBV comments on the opinion of another CBV usually in a litigation context; and,
  • Valuation reports (e.g. Calculation, Estimate or Comprehensive level or reporting) defined as follows:
    • Calculation Valuation Report – Contains a conclusion as to the value of shares, assets or an interest in a business that is based on minimal review, analysis and little or no corroboration of relevant information, and is generally set out in a brief Valuation Report
    • Estimate Valuation Report – Contains a conclusion as to the value of shares, assets or an interest in a business that is based on limited review, analysis and corroboration of relevant information, and generally set out in a less detailed Valuation Report
    • Comprehensive Valuation Report – Contains a conclusion as to the value of shares, assets or an interest in a business that is based on a comprehensive review and analysis of the business, its industry and all other relevant factors, adequately corroborated and generally set out in a detailed Valuation Report

CBVs can act in an advisory capacity where there is no requirement for objectivity or independence, such as:

  • Reviewing draft agreements and summarizing financial information;
  • Providing general valuation analytics, observations and recommendations:
  • Providing calculations using directed methodology, techniques, assumptions and inputs:  and,
  • Interpretations only in verbal discussions and schedules summarizing computations which would not qualify as an expert opinion.

How to engage a CBV – the Engagement Letter

The engagement letter identifies the parties to the engagement and by whom the CBV is being retained (e.g. client, legal counsel or jointly). Additionally, it provides a written record of agreed terms that eliminate potential misunderstandings and expectation gaps, sets out fee rates, and outlines conduct of the engagement including the expectations of the client’s cooperation and responsibilities. It also sets out the following:

  • Nature of services and type and level of report being provided;
  • Type and level of report being provided;
  • Valuation Date and period of indemnity (if applicable);
  • What is being valued or quantified and purpose of report;
  • Reference to the applicable Standards of the Canadian Institute of Chartered Business Valuators (“CICBV”);
  • Statement of retention of CBV as Independent or as an Advisor;
  • Any restrictions or limitations in the Engagement;
  • Any specific assumptions we have been asked to make; and,
  • Provide definitions of the terms to be used to arrive at our opinion (for instance, “Fair Market Value” vs. “Fair Value”).

Look for accreditation and experience  

A CBV designation is the accreditation from the CICBV which entails carrying out a comprehensive program of studies and experience requirements. CBVs are nationally and internationally recognized as financial experts in valuing businesses and components of cash flow (e.g., losses, financial and intangible assets). Experience in a particular industry may be an advantage in certain valuations and provides some comfort, but on its own is not a substitute for qualified professional valuation knowledge and broad industry experience.  CBVs are recognized by the courts and the business community as reliable experts.

Finally, it may be tempting to use a valuation report that was prepared at a previous date and/or for another purpose. This may not be appropriate since the different purpose or the passage of time may have rendered to valuation report inappropriate at the current date – valuations can have a short shelf life.  Business owners and legal advisors should be aware of when to engage a CBV to ensure risks related to valuation or litigation are managed appropriately through qualified valuation experts whether it is in an independent expert or in an advisory role.

Irrespective of the purpose for which the CBV is being engaged, involve the CBV as early in the process as possible.

Region Firm Contact
Edmonton Mowbrey Gil Michael Frost, m.frost@mowbreygil.com
Montreal Demers Beaulne Michel Hamelin, mhamelin@demersbeaulne.com
Toronto Segal Nathan Treitel, ntreitel@segaladvisory.com
Vancouver DMCL Danny Loo, dloo@dmcl.ca
Ottawa Marcil Lavallee Keith Chabot, kchabot@mlcpa.ca

____________________________________

Contributed by Michael Frost, CPA, CA, CVA from Mowbrey Gil.

This piece was produced as a part of the quarterly Canadian Overview, a newsletter produced by the Canadian member firms of Moore Stephens North America.

Simple & Effective Ways to Improve Web Security

SECURITY

 

Simple, Yet Effective Ways for SMBs to Improve Their Security Posture

As we enter 2019, the security challenges faced by small to medium sized businesses will only continue to escalate and as such, it may be a good time to re-evaluate your company’s security posture. SMBs are often challenged by the fact that they do not possess the internal expertise required to correctly safeguard against current and persistent threats. As such, it is a good time to evaluate solutions that can greatly increase your security while being simple to deploy. All this, of course, does not ignore the fact that many more complex solutions—such as firewalls, multi-factor authentication, data-loss prevention systems, VPNs, vulnerability assessment tools, SIEM, and more—are advised. Yes, all of these should exist in your security tool set, however, there are certain solutions that require very little technical expertise and may provide far better returns than some of these more complicated safeguards.

The “Human Firewall”

One of the most neglected elements of a network is the human element. In order to better safeguard your network, it is important to improve your “Human Firewall”. This refers to an end-user’s ability to detect harmful links or sites. According to the “2018 DATA SECURITY INCIDENT RESPONSE REPORT,” an analysis of 560 security events by BakerHostetler, one of the U.S.’s largest law firms, 34 percent of security incidents were related to phishing and as many as 18 percent of those involved ransomware. To this day the human element remains one of the most targeted in the security landscape. We can therefore greatly improve our security posture through better security and user awareness training programs. Many of these programs use a combination of simulated attacks, onboard and continued training program, and informative newsletters. With a simulated phishing attack, you can identify everything a user did with a phishing e-mail, such as:

  • Opening the malicious e-mail
  • Clicking on bad links within the e-mail
  • Opening dangerous, attached documents
  • Even running a macro within a contained document

Once the user’s actions are reported, it is easy to rectify the issue by enrolling them in additional awareness training. Certain sites will even report on e-mail addresses within the company that are at risk of phishing due to their external exposure. They obtain the information by crawling business social media networks and breach databases.

Although the success of a user awareness program may differ from one company to the next, some vendors of these platforms claim as much as a ten-fold reduction on users clicking on bad links within 12 months of having introduced the program.

DNS Security and Filtering

Another simple yet effective option in increasing your security posture is to deploy Domain Name System (DNS) based security and filtering. DNS is used to convert internet domain names into internet protocol (IP) addresses so that people can type in a friendly name, such as google.com, instead of remembering an IP address. The issue with DNS is that it was not designed with security in mind. In other words, standard DNS servers, either from your internet service provider or the widely used Google DNS servers, do not provide any safeguards to prevent you from going to malicious sites. As stated on the Google website:

Does Google Public DNS offer the ability to block or filter out unwanted sites?

No. Google Public DNS is purely a DNS resolution and caching server; it does not perform any blocking or filtering of any kind, except that it may not resolve certain domains in extraordinary cases if we believe this is necessary to protect Google’s users from security threats. But we believe that blocking functionality is usually best performed by the client. If you are interested in enabling such functionality, you should consider installing a client-side application or browser add-on for this purpose.

Source: https://developers.google.com/speed/public-dns/faq

Secure DNS solutions, of which there are many, provide filtering of bad content such as phishing sites or botnets. The good news is that basic use of this type of service is free and can literally be set up in minutes, the only caveat being that you have no visibility into the data that is being blocked by the service. The paid service offers full notification of events as well as reporting and category-based filtering to block such things as adult websites, social media, and weapons and drug related content. The nicest part of this service is the simplicity of the setup.

DNS-based security services have been successful in preventing ransomware, phishing attacks, malicious sites and spyware. They can also help a company identify internal resources that have been compromised as these will continually be showing up in the logs as trying to communicate to bad infrastructure. In an instance like this the issue can be remedied before the damage is done. Additionally, most DNS security offerings provide solutions for equipment that is outside of the corporate network.

Keep in mind that these two often overlooked suggestions—your human firewall and DNS security—should be part of a more holistic solution that takes into account the complexities of protecting all aspects of your organization.

_______________________________

Contributed by Keith Chabot, IT Director from Marcil Lavallee.

This piece was produced as a part of the quarterly Canadian Overview, a newsletter produced by the Canadian member firms of Moore Stephens North America.

Manage Risks to Ensure Your Company’s Long-Term Success

Risk Management (1)

Manage your risks to ensure your company’s long-term success

Risk management 

It is impossible to completely eliminate the risks that can threaten a company’s success, but we can manage and minimize them by implementing a risk management process.

The main risk categories are:

  • Strategic: Related to running the business, including industry developments
  • Operational: Related to the company’s operational and administrative procedures
  • Financial: Related to the company’s financial structure and external factors such as exchange and interest rates
  • Conformity: Related to the obligation to comply with laws and regulations
  • Other: Related to reputational and human risk

The risks a company faces are constantly changing. They change based on the market (new competitor, new product), the organization (international expansion strategy, acquisition of another company, initial public offering), products (product obsolescence, major recall of a defective product), etc. As such, risks must be re-evaluated regularly according to changes within the company, the business sector, or regulations, for example.

According to a study on the state of enterprise risk management in Canada conducted in 2015, 61% of respondents confirmed that their organization did not have a chief risk officer or equivalent. [1] With no designated manager for risk assessment, it is hard to plan and adjust strategies before threats arise. As a result, companies end up encountering emergency situations, and they often do not have the time to evaluate possible solutions, leading to less-informed decision-making and sometimes the wrong decision.

A risk management process is therefore the solution for being proactive and managing threats faced by your company.

What about you?

  • Do you have a risk management process?
  • When was your most recent risk assessment?
  • Are front-line employees as aware of the company’s risks as upper management and the board of directors?

Aspects of the risk management process 

The risk management process involves five steps:

  1. Risk identification
  2. Risk assessment
  3. Strategy development for addressing risks
  4. Implementation of strategies
  5. Follow-up and re-assessment, as necessary

After risks are fully identified, they must be assessed. This allows you to determine the probability that the risk will arise, as well as the company’s tolerance for each risk, so a strategy can be established for each one.

A company might decide to accept, transfer, minimize, or eliminate the risk.

Strategies might be as simple as periodic maintenance of machines to prevent damage that would have a major impact on production (operational risk), obtaining an exchange rate contract to protect the company from a currency’s volatility (financial risk), or even performing due diligence during acquisition of a new company (strategic risk).

Remember: we are your risk management partners. We want to hear from you!

_______________________________________

Contributed by Jacqueline Lemay, CPA, CA, CA-EJC, CFF, from Demers Beaulne.

This piece was produced as a part of the quarterly Canadian Overview, a newsletter produced by the Canadian member firms of Moore Stephens North America.


[1] Chartered Professional Accountants of Canada and the Canadian Financial Executives Research Foundation, “The State of Enterprise Risk Management in Canada.”