No one can predict the future or how events beyond the control of a company will affect its ability to operate. An interruption to daily operations is not just costly—it could wipe out your organization. The American Management Association has stated that, “About 50% of businesses that suffer from a major disaster without a disaster recovery plan in place never re-open for business.” But even minor disasters can be devastating. One study by a business continuity group revealed that 54% of businesses surveyed estimated that an hour of downtime would cost them anywhere from $51,000 to $1 million. A similar survey found that the average time to restore availability of critical information systems was nine to twelve hours. Without mitigation plans in place, such costs could quickly add up to cripple or even shut down a business. And a report from a major CPA and auditing firm reveals that if a company loses access to core data for two weeks, it will take up to nine months to make up the loss in revenue caused by that two-week breach. Most firms can’t survive such a scenario.
However, businesses can plan for these kinds of events. Preparing for and responding to negative events, whether they are small or large, predictable or not, requires planning and focus. A contingency is anything that happens outside the range of normal operations that can affect the company’s ability to operate. All businesses should develop contingency plans and risk management models defining possible scenarios and threats including those from financial, legal, personnel, physical, strategic and more. Contingency planning is about being prepared for these incidents and having a policy in place to keep you and your employees safe. All plans should include both risk management, as well as business continuity management elements in order to allow a business to deal with interruptions and execution of duties.
The most important reasons to implement business continuity plans in your organization as soon and as thoroughly as possible are:
- It will save lives when (not if) a disaster strikes.
- The survival of your business may depend on it.
- It meets your obligation to your stakeholders, shareholders and customers to exercise a minimum standard of care and preparedness.
- In many cases it is the law, and without a business continuity plan, your top executives and your corporation could face criminal charges, heavy fines, and even jail time.
- It’s good business. It will help you maintain service to your customers, protect your employees and assets, and minimize financial losses.
Risk management is basically concerned with reducing or negating the probability of an event occurring, while Business Continuity (BC) is concerned with minimizing any impact if an event should occur. It also contains plans to restore a business to normal operations as quickly and safely as possible. Business interruptions constantly occur, making business continuity planning not only a good business practice but also a necessary precaution. BC planning helps organizations maintain their highest levels of service to customers, preserve revenue, profits, reputation and shareholder value. Plus, in this age of regulatory scrutiny, failure to take adequate precautions could result in lawsuits and even federal prosecution. Organizations of all types and sizes must make BC planning a standard part of their daily operations and culture to protect themselves and their constituents.
A good plan includes developing and staffing well-organized teams, establishing response protocols and report templates, designing recordkeeping policies, staging post-incident reviews, and maintaining monitoring programs.
Here are 3 basic steps to preparing a business contingency plan:
- Complete a Risk Assessment. It is important to first identify what is considered a critical incident. It may be a death or injury of one or multiple employees, any situation that may attract unusual attention from the news or media (such as an active shooter), or any Act of God or event that will severely interfere with the continuous operation of business functions. Do not leave this definition open to employees’ interpretation. Ensure your plan clearly identifies all types of incidences that will trigger the plan of action.
- Develop the Plan. Keep it simple and to the point. Your main goal is to keep your business open, even if it is housed in temporary quarters for a set time period. Outline time periods and what must be done at various times following the incident. Make sure no details are left out. Delegate jobs and responsibilities using simple language. Designate a spokesperson in case of media questions or the need to make public statements. You may also want to develop a special website or new pages for your existing website and have them ready to go in case of a disaster.
- Maintain the Plan. After preparing your contingency plan, ensure all employees are aware of the plan and provide training for new employees, as well as for existing employees, so everyone knows their roles. Also provide training such as “drug free workplace training” in order to prevent possible disasters. As your business changes, the plan may need to be reviewed and updated. Conduct disaster drills to prepare employees. And it is important to review the plan regularly and to keep copies of the plan off-site in a place that is easily accessible in case of emergency. A secure cloud-based platform is a good place that also allows employees access to the plan anytime, from anywhere and from any device.
If there are changes that need to be implemented, make sure to distribute new copies of the plan to all employees and discard any old copies to avoid confusion.
A plan team should also be established. The makeup and size of this team will vary depending on the type and size of the organization but typically includes someone from senior management and a BC coordinator who will report directly to the senior management official. The coordinator will manage the process and lead the team. Lower level teams and staff may also be needed depending upon the size and type of your organization. If your organization is larger, matrix team management will be the most effective approach. The team will consist of existing managers from key divisions, departments and locations. Your team should include expertise and functional responsibility in all the business processes and technical aspects of your organization, of which many or all will come into play during an event. You may want to include representatives who can take responsibility for damage assessment and recovery, facilities and security, logistics and transportation, supply chain and procurement, IT, telecommunications, accounting, HR, PR/communications, marketing, sales and customer service, and legal counsel.
Following these steps and creating a business contingency plan can help keep your company cool, calm and collected when disaster strikes. Ensuring all employees know their role and what to do in a disastrous situation is paramount in keeping your business up and running smoothly.
This article discusses issues of general interest and does not give any specific legal or business advice pertaining to any specific circumstances. Before acting upon any of its information, you should obtain appropriate advice from a lawyer or other qualified professional.
This article may not be duplicated, altered, distributed, saved, incorporated into another document or website, or otherwise modified without the permission of TASA.