AAFCPAs Helps Clients Prepare a 360 Degree Action Plan for Business Continuity
On March 11, the World Health Organization (WHO) declared the novel Coronavirus an official global pandemic. Businesses across the globe experienced interruptions, shortages, and other unexpected challenges that impacted multiple aspects of their organizations. Many continue to struggle to adapt.
Some industries, like hospitality, are dealing with acute slowdowns in their operations and revenue. Others, like manufacturers of personal protective equipment (PPE) and disinfectants, are challenged with accelerating to meet demand.
For many organizations, near-term survival is the only agenda item. However, those that remain future-focused and make the most of better insight and foresight will disproportionally succeed.
Business Continuity Management (BCM): Is your business prepared?
BCM is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause. Additionally, BCM provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.
BCM is proactive, and integrates the disciplines of Emergency Response, Crisis Management, Disaster Recovery (technology continuity) and Business Continuity (organizational/operational relocation).
Where do I start?
Assemble Your Business Continuity Team
Start by identifying a program sponsor who will maintain accountability for your BCM program. This person must have authority and a comprehensive understanding of your organization’s strategy, processes, programs, services, and/or products. In cases of emergency, there is no time for laissez-faire leadership. Your program sponsor should have knowledge and authority to make quick and effective decisions. Sponsors are generally from operations, risk management, finance, or even IT.
Appoint a Business Continuity Steering Committee comprised of cross-functional team members to assist in providing input on resource dependencies, recovery objectives, and strategy options.
And finally, engage someone with experience in BCM. An AAFCPAs BCM consultant adds critical value by providing objective insight and hands-on experience developing Business Continuity Plans (BCPs). We assist with facilitating productive dialogue with cross-functional teams, identifying and analyzing risks and their potential impact on business, focusing on the details that matter, and delivering critical training so team members are well-prepared in case of crisis.
Perform a Risk Assessment & Business Impact Analysis
Risk assessment & business impact analysis is the process of analyzing all aspects of your operations and identifying and documenting resource dependencies and threats to the business that could cause potential disruptions.
The process of assessing risk is a methodical examination of two aspects: likelihood and impact. Clients are advised to evaluate a wide range of causes and effects, including global pandemics, system failures, accidents, natural disasters, human-caused catastrophes, legal costs, financial setbacks, operational freezes, etc.
Business impact analyses are also important for balancing your liabilities and your insurance costs. Among affected plans are Business Interruption Insurance and Supply Chain Insurance which, along with your business continuity plan, will minimize losses from disasters. While insurance plays a role in the risk mitigation strategy, they are the last point in the mitigation continuum because they only compensate for damage.
Once threats are identified, the BCM team can compute the financial and logistical costs of undesirable events and assign probabilities to various scenarios. With this information, your BCM team can design and implement risk-management strategies, which prioritize the most significant risks, and devote resources where most needed.
Depending on the event and response, it may be possible that losses can be mitigated entirely. An example would be discovering the need to move critical business processes to the cloud, so your team doesn’t skip a beat when forced to quarantine and perform their jobs remotely.
Keep the Plan Alive
Once you have “completed” your Business Continuity Plan, make sure it is quickly accessible to all employees and stakeholders. Review your contingency plans annually and update them as needed. And seek a fresh look periodically to ensure you have diverse points of views on threats and safeguards.
Keeping the plan alive should also involve testing of the plan. The plan does not need to be tested in its entirety at one time but can be tested in pieces as long as the Business Continuity Team understands the impact of one element of the plan on other elements of the plan. A well tested plan can help ensure you are well prepared to avert a disaster. For example, an AAFCPAs client tested with one third of their call center staff working remote before the pandemic. It was much easier for them to scale the other two thirds to a remote status because they already had the knowledge and tools for scaling up.
How can we plan for all possible contingencies?
While it may not be possible to plan for all possible threats, the process of establishing a Business Continuity Team and ongoing commitment to a risk management strategy will ensure you are well prepared for any hurdles your internal or external environment may provide.
Cross-functional and diverse teams, as well as teams which include input from objective AAFCPAs BCM specialists, will help ensure you have considered as many threats and appropriate safeguards as possible. In addition, should you face an unplanned threat, this team will be well-prepared to mobilize quickly and hit the ground running to make critical decisions that will minimize impact.