Business Continuity Planning
Managing Business Risks
We Help Create, Protect and Optimize Enterprise Value.™
Business Continuity Planning
The management of business continuity falls largely within the sphere of risk management, with some cross-over into related fields such as governance, information security, and compliance. Many organizations may have information technology recovery plans, but we have found that many fail to address business process continuity. Our nationwide team of professionals design and implement high-level Emergency Operations Plans and thorough Business Continuity Plans that address the real impacts on our clients' business operations.
Business Continuity Planning is the proactive process to make sure that the businesses overcome serious incidents or disasters and resume normal operations within a reasonably short period. Typical incidents that business continuity covers may include fires, floods, accidents caused by key people, server crashes, virus infections, insolvency of key suppliers, and negative media campaigns, to name a few.
In a survey commissioned by TD Ameritrade Institutional for closely-held businesses, such as wealth management advisors, family offices, and private equity firms, less than 20% have detailed written instructions for the company operations in the event that a key Owner/Operator is incapacitated for several months and unable to work... or possibly never able to return to work.
Emergency Operations Plan
An Emergency Operations Plan (EOP), usually 2-4 pages, for a closely-held business is a high-level document that informs key people, advisors, and family members about how the business will operate and who will fulfill what roles when the person currently in charge is not available. Although the EOP is not a legal document, it protects employees, vendors, customers, shareholders, shareholders’ families, lenders, and affiliated organizations. Among other directives, an EOP:
- Provides specific steps for what to do if the Owner/Operator cannot work for a stated period of time.
- Presents a plan for what to do if the Owner does not return to the business.
- Addresses operations and not ownership: A Buy-Sell Agreement addresses ownership issues.
- Identifies who takes over the Owner/Operator's duties resulting from triggering events.
- Outlines who takes over the duties of other employees.
- Identifies what authority each senior team member has: hiring, firing, check writing (what limit, counter-signing) etc.
- Spells out the duties of those whose positions will change and what happens if the Owner returns to work.
- Points out when an outside operator should be considered.
- Outline considerations of whether the business should be sold to an insider or third party.
Once completed, the basic provisions of the EOP are shared with major shareholders and key family members, key people, key professional advisors, and the Board of Directors. The original signed EOP document should be stored in a safe place that is known to a trusted advisor, family member, or key person. However, the safe place is not to be in a safe deposit box which may be sealed at the time of death or inaccessible in the event of incapacitation.
Business Continuity Plan
Continuity planning is an important tool for risk management as it provides a structured way to identify the sources of business disruption and assess their probability and harm. It is expected that all business functions, operations, supplies, systems, relationships, etc. that are critically important to achieving the organization's operational objectives are analyzed and included in the continuity planning process.
Effective business continuity planning is a process that moves through five major steps. These steps have key planning activities associated with them and are best described as:
- Threat Assessment – The Threat Assessment allows you to understand which man-made or natural disasters could have the most significant impact on your company.
- Identify Critical Functions – The second step involves identifying the critical functions. A Critical Function can be defined as a part of your operation which, if interrupted, would disrupt your company’s ability to deliver its goods and services to your customers. This step will help you identify those functions that are most important and when a specific function needs to be restored before it has an impact on your company and its customers.
- Business Impact Analysis – The Business Impact Analysis combines the Threat Assessment and Critical Functions steps to help you best prioritize your resources and efforts.
- Prevention and Mitigation Planning – This step will help you identify the sequence of steps that need to be taken to help prevent damage and restore business operations.
- Implement and Maintain the Plan – Your plan should be updated no less than annually (and more frequently if facilities or operations change) and drills should be conducted to be sure the plan is working as designed.
It has been stated that "Plans are useless, but planning is everything." Business Continuity Plans attempt to provide for and address the unpredictable. The actual scenario of a disaster as it unfolds may not be what the planners anticipated, but the business continuity planning process should provide the flexibility to respond to changing circumstances. Our professionals can assist in the development of contingency plans so that a business should have the tools and the resources to take charge of events as they unfold.