Planning for the Unexpected
Proactive and careful planning is an essential part of managing a successful Silicon Valley business. Executives often spend the closing months of the year engaged in a comprehensive analysis of business performance and identifying future goals and benchmarks. Typically, this process includes a close look at sales numbers, account management, production timelines, new service/product innovation and budgeting. In addition, time is spent reviewing department performance, conducting individual employee reviews and determining whether it is time to bring additional resources to the table. While all of these are necessary tasks to maintain the vitality of a business, it is important to also dedicate time to planning for the unexpected. Businesses in California need to operate against the backdrop of natural disasters such as earthquakes and wildfires. For this reason, it is imperative to have a disaster recovery plan in place should the unexpected occur. Below is a summary of key planning issues to consider.
Current State of Readiness
The unfortunate reality is that many small business owners have no disaster recovery plan. Whether it is a natural disaster or cyber security issue that causes the problem, it appears lack of formal planning is a key issue. According to a study conducted by Nationwide Insurance, 75% of small business owners do not have a recovery plan and 52% indicated it would take at least three months to recover from an incident. Perhaps the most surprising is that 66% of businesses don’t even have business interruption insurance.
Disaster Recovery Planning
While it may be comforting to believe that a disaster is not likely to happen at your company, it is still important to develop a plan to protect the business. In fact, disaster recovery plans are designed specifically to protect employees, maintain cash flow, reassure customers and vendors, and defend the business owners from legal action. Consider the following tasks:
- Identify Threats – Depending on the size of the company, this exercise may require a task force or committee to drive change. At a minimum, make sure a C-level executive is involved in championing the process and ensuring accountability. The first step should be an assessment of threats including natural disasters such as fire, floods and earthquakes to electronic ones including computer viruses, network attacks and data threats. Rank these items in terms of potential level of damage they could cause to the company.
- Review Insurance Protection – Once the threats are prioritized, the next step is to review existing insurance protections and perform a gap analysis. Many managers are surprised to learn their current business insurance may not provide adequate protection against top threats. A proper gap analysis will reveal whether additional coverage, such as business interruption insurance, should to be acquired.
- Document Critical Components – When developing the plan, make sure to document the most critical components necessary for the business to return to normal operations. Consider conducting the evaluation in segments, for example, start with information technology infrastructure and then progress to other areas. During this process, be sure to work with staff members from all parts of the business to ensure there is a 360-degree view of essential elements.
- Create an Information Repository – An important step in the process is to develop an information repository. This should include inventory, employees and their emergency contact information, a list of all equipment, vendors and suppliers and an accounting of all mission-critical software. The more information collected the easier it will be to recover should the unexpected occur.
- Develop the Formal Plan – Be sure to be as specific as possible when writing the plan. For each potential threat identified, you should include the conditions in which they could occur, what assets/resources will be impacted and detail out a plan for how to return to normal business conditions. The more comprehensive and detailed, the more useful the plan will be when a time of crisis strikes.
Contact Us
While most businesses focus on traditional planning, it is imperative not to forget about disaster recovery planning. Although a business may only need to use the plan in a few instances, it will provide the direction and guidance needed to get through a chaotic situation. If you have questions about disaster recovery planning, disaster insurance or need assistance with a tax planning or compliance issue, Abbott, Stringham & Lynch can help. For additional information call us at 408-377-8700 or click here to contact us. We look forward to speaking with you soon.
About the Author
Patrick Ngai
Patrick Ngai, CPA, is an Assurance Director with eighteen years of public accounting and audit experience serving nonprofit organizations, including those subject to audit requirements…