Last updated on 6/5/2020
It is difficult to predict the timing, velocity, and resulting impact of events like the coronavirus pandemic, hurricanes, and other natural disasters that affect the continuity of an organization’s operations. However, with the implementation of strong internal controls and disaster preparedness and recovery plans, the impact caused by these events can be minimized. Hurricane season is upon us, and it’s more important than ever for organizations to plan ahead for brief and long-term disruptions to operations in order to support continued success, particularly in light of the coronavirus pandemic.
At a high level, disaster preparedness and recovery internal controls for your organization should include:
The basis for disaster preparedness for an organization begins with planning. Scenario planning of what could go wrong and the resulting implications is key to creating a plan for continued operations and success of an organization. Obviously, the number of risks you identify may be astronomical, and you cannot manage them all. So, it’s necessary to identify those key processes and activities that drive your organization and prioritize those when considering risk and business continuity plans.
The coronavirus pandemic brought more attention to the importance of disaster preparedness and overall risk management.
To have a robust risk analysis process, consideration should also be given to the ripple effect caused by a single event. For example, with the coronavirus causing non-essential businesses to close their offices, much of the workforce switched to a remote, work-from-home method. Organizations may have had a plan and made arrangements for remote connections for their workforce. But, with schools and day cares closed as well, regardless of having a remote connection, many employees with young children may not have had as much availability for crucial organization activities. This residual effect probably wasn’t originally evaluated and planned for.
While the priority is placed on key processes and resources, it’s important to keep in mind how those may work with or rely upon other processes of the organization to conduct its operations. Further, as we go into hurricane season, it will be important to consider how to recover from a natural disaster while still operating under restrictions that have been implemented to limit the spread of coronavirus.
Once the risk analysis has been completed and key processes and resources have been identified, detailed plans for how these processes will work must be documented. Considerations should be given to everything from software needed to process critical data to how your team will communicate. When updating policies and procedures for business continuity plans, it’s important to retain sound internal controls. There may be situations that require modification to existing internal controls during these disruptions, but you should not eliminate them completely.
One main consideration when developing a business continuity and disaster recovery plan is how quickly your essential processes and resources need to be available. Does your organization have a disaster recovery plan that allows restoration of your IT systems within an appropriate timeframe for your operations? Does your organization rely heavily on computer access or data processing programs? How will the organization resume operations following a natural disaster when many of its employees may still be working in a remote environment?
Risks to organizations are constantly evolving along with the other internal and external factors that make up an organization’s environment. Things like changes in technology, regulatory changes, and key employee turnover happen often. Frequent evaluation of the established plan should be performed and plans amended as necessary to align with the current environment. Performing periodic audits, or testing, of these plans to evaluate their effectiveness will help provide assurance that the plans reflect the current environment and that they are operating as intended.
The coronavirus pandemic has inherently brought more attention to the importance of disaster preparedness and overall risk management. Throughout this time, even organizations with established risk management plans have realized they may not have been robust enough. And while organizations with robust plans may still feel the impact of an unprecedented event such as a pandemic, it’s likely they are in a much better position to recover and will now be better prepared for the next major event when it happens.
Does your organization need assistance with any of the elements of disaster preparedness? P&N has a number of resources that can assist you in preparing your organization for the next disruption. Contact us to start a discussion.