Working for a construction business through Florida hurricanes has made Jennifer Elder, CPA/CFF, CGMA, an expert in disaster recovery and business continuity. She offers these tips for organizations.
Understand the necessity and the objectives. "It's sort of a false sense of security when people say, 'This will never happen to me,'" Elder said. She said a disaster plan should outline a two-part process. The first part involves boarding up windows, making sure employees are safe, and taking steps to minimize the immediate damage. The second part should describe business continuity. "Now you figure out how to get back to [your] normal level of business," she said.
Consider the most likely scenarios.
These may not be natural disasters. "Right now, for every company, the most likely disaster ... is an IT disaster," Elder said. "What happens if you get hit with malware or ransomware? What happens if there's a power outage and you can't access your computer database? ... Everybody should have a plan for that." Forming a team from various parts of your organization can help you brainstorm for possible scenarios and determine the biggest risks.
Assess your operations. Decide what's truly critical and make plans to protect it in various scenarios. "As much as I'd love to say the accounting department in an organization is critical, if you're trying to recover from a disaster, it's probably not your number one focus," Elder said. Your response strategies will differ depending on the nature and likelihood of the risk and the potential threat to critical operations. "We can ignore them," Elder said. "We could defend against them. We can insure them. Or we can just plan for a response. So we need to tailor how we respond."
Put your plan in writing. The plan can be simple. "Disaster planning doesn't have to be a monstrous event," Elder said. "This doesn't...