Business Continuity Management (BCM) Planning – Lessons Learned
7.9.20 | Vision 2020 – (Updated 2.14.22)
Business operations can be adversely affected by a catastrophic event. How well each organization can ride out a storm, deeply depends on their preparedness level. Extreme weather, failure of mission-critical systems, pandemics, cyberattacks, earthquakes, civil unrests and fires are just some examples of events that can have a significant impact on an organization and its ultimate survival.
Unfortunately, many companies don’t anticipate or plan on potential threats to their operations until the damage has already been done. During these occasions, which often come with little or no warning, a business’ operations are at risk of severe interruptions. With limited time to react, many routine activities—such as working in the office, having in-person meetings, or accessing company systems, applications and data—may not be possible under such circumstances.
Additional impacts significant events, such as the COVID-19 pandemic, can have on businesses may include decreased production, missed deadlines, destruction of property, personal injury and even death. As situations evolve, many of the associated risks also evolve and change—presenting businesses with a variety of business continuity and disaster recovery challenges.
The spread of the pandemic caught many businesses off-guard. They lacked a proper business continuity plan which triggered major problems, including:
- Full or partial suspension of operations
- Inability to effectively manage remote employees
- Employee terminations
- Lack of sufficient tools or applications to supervise or communicate with employees
- Outdated company policies and procedures that could not support or sustain remote operations
- Information technology issues that prevented or hindered remote operations
- The inability to effectively communicate with clients
- Major supplier and vendor disruptions
- The realization that the formal BCM plan in place was outdated and could not effectively address the challenges presented by the pandemic
Don’t Let History Repeat Itself
As the old proverb suggests “Practice Makes Perfect”, companies should take time, effort and resources to prepare themselves for known and unknown external and internal events and the possibility that we could have a repeat performance of the previous pandemic. As we move to our “new normal”, businesses should perform risk assessments as well as BCM and Disaster Recovery (DR) planning.
Based on what took place over the last few months, it is a best practice for companies to make developing and/or revising their Business Continuity Management strategies a priority. By focusing on contingency planning, emergency responses, crisis management, IT disaster recovery and resumption and recovery planning, businesses will be helping to better position themselves and their employees for success during times of crisis. To assist in this effort, the following steps are suggested:
- Perform a risk assessment establishing potential scenarios, business impact analyses and “play books” addressing:
- Key people
- Key processes
- Design/establish a crisis management team or teams covering each type of interruption/disaster
- Assign specific roles and responsibilities before, during and after the occurrence of an event
- Address customer relations and contingencies
- Address employees’ needs during the interruption, including family needs
- Address working from home or alternative location environment risks and necessary tools to mitigate them
- Set-up external and internal communication channels that will be operational during a disruption
- Understand and document existing (under normal circumstances) processes and controls
- Design potential scenarios operating in the emergency modes for 30, 60, 90, or 180 days
- Research other companies, including competitors’ successes and failures
- Address Third-Party service provider risks
- Prepare formal BCM and IT Disaster Recovery (ITDR) documentation
- Regularly test BCM/ITDR plans as much as practicable to ensure readiness
- Assess and continuously improve BCM/ITDR strategies and planning
If you have questions regarding Business Continuity Management and Disaster Recovery planning for your business, contact Alexander Moshinsky, Director, Operational Advisory and Risk Management at 212.331.7448 | AMoshinsky@BERDONLLP.com.
Berdon LLP, New York Accountants