what disaster recovery readiness means for accountants.
by donny c. shimamoto
think back just a short while ago when you first found out that hurricane harvey was poised to hit texas. or when you first heard irma was about to hit florida.
more: focus on cyber risk, not just security | making it matter to accountants | it nerds need budget help | 8 ways to wrestle software subscriptions into submission | it hardware gets even more complex (great!) | how accounting geeks and techie nerds can play nicely together
exclusively for pro members. log in here or 2022世界杯足球排名 today.
if a hurricane or other natural disaster were coming to your town would you know what to do to ensure that the damage and impact to your it environment was prevented or minimized?
do you know how to bring all your systems back up once the threat has passed? if something happened to your office, is your data backed up somewhere offsite? how quickly would you be able to get replacement equipment in place so that you can get operations running again? do your employees know how restart operations without access to the computer systems?
disaster risk increasing
the frequency of natural disasters seems to be increasing each year, and our reliance upon computer systems to run our businesses has been increasing every year too. this combination means that we are at greater risk of a natural disaster interrupting our businesses and the potential impact when that disaster occurs is even greater than before. more than 40 percent of businesses never reopen after a disaster, and for those that do, only 29 percent were still operating after two years (source: fema via forbes). will your business be one of those casualties?
disaster recovery plans are much like a traditional fire drill and evacuation plan. someone has to think through what has to happen, people need to be informed what to do, and you need to practice doing it at least once a year. just as doing fire drills can help save human lives, disaster recovery drills can help save your business. disaster recovery plans have two major components: disaster preparedness and business recovery.
implement preventive measures to reduce impact
disaster preparedness is having thought through the possible threats in the event of a disaster and developed plans to prevent or minimize damage. for example, if flooding were to occur, is all of your equipment raised off the floor so that the water doesn’t damage it?
some of you may be thinking that your office is above the first floor so the risk of that is low. well, how about flooding caused by a water pipe bursting on an upper floor, or flooding caused by the water sprinklers being triggered because of a fire in the building? these may not be major water events, but they can cause pooling and depending on how much water there is and how well the area drains, a significant pool of water may develop in your office. so you could take preventive steps to elevate your equipment above potential water pools and ensure that there isn’t anything on the floor that would deter drainage.
address business processes for recovery
business recovery is having thought through what it would take to resume operations if the various threats materialized and how you would deal with the varying levels of damage they could cause. some of the key questions to consider are:
- are you able to operate manually (i.e., without your systems back up and running.)?
- if the answer is no:
- do you have detailed procedures ready to get your systems back up and running?
- if equipment was damaged, how quickly and from where would you get replacements?
- is it possible to leverage cloud infrastructure solutions to get yourself back up and running faster?
- if the office itself was damaged or inaccessible, do you have your data backed up somewhere offsite?
- are you reliant upon an it server provider to get your systems running again?
- if yes, where are you in the priority list compared to all the rest of their customers?
- have you discussed business resumption and system priorities with them so that they know which systems are mission-critical so should be brought back up first?
this list is just a starting point for developing your business recovery plan. some of these questions also feed back into the disaster preparedness area. for example, if you can’t operate without your systems, then you should have a warm or hot site available so that you can resume operations with a minimal amount of downtime.
if you are able to operate manually, another thing to consider is how will you get all those manual transactions recorded in your systems once they are back up? will someone have to do data entry? can you do batch posting? this is particularly important if any of your planning or forecasting processes are based on prior year metrics.
and what controls have you built into your manual procedures to ensure that employees aren’t able to commit fraud and to help prevent manual errors? automated controls are great, because the system enforces them, but when the system isn’t there, how has your risk posture changed? what is the risk that someone will take advantage of the control deficiencies?
do you need business interruption insurance?
lastly, you can also transfer some of this risk and purchase business interruption insurance to cover the loss of revenue. in this case, what you want to ensure that you are able to do is quantify the amount of revenue that was lost. check your policy to see whether it dictates how lost revenue will be computed. if it doesn’t, ask your insurance agent. in the event of a catastrophic loss where your systems are destroyed, do you have the data available somewhere else to be able to quantify your claim?
being prepared for both disaster and recovery is key
disasters like harvey and irma seem to be occurring more frequently. it is important for every business owner to protect their business by proactively taking measures to minimize the impact from the disaster and enable the quick resumption of business activities.
accountants and finance managers should also ensure that they are prepared to get the information needed from manual procedures back into financial systems, and in the worst-case scenario of a catastrophic loss, to be able to substantiate the business interruption insurance claim. being prepared will help to ensure that your business doesn’t become one of the casualties of the disaster too.