By Robert Gibson, Director, Audit & Assurance, Grant Thornton in Belfast
Anticipating events that could have a catastrophic impact on your business is the responsibility of owners and senior management. Whether that event is a natural disaster or a cyber-attack, or indeed a pandemic, every business needs a business continuity plan.
The best time to build a roof is when the sun is shining. It’s often too late to develop a robust plan in the middle of the storm, as many businesses are finding today.
Business continuity planning is not something new. Whether it was the last financial crisis in 2007 or terrorist attacks, businesses must identify those events that are unlikely to occur, but if they do, will have a significant impact on their very survival.
For example, it is widely quoted that more than 40% of businesses affected by the 1996 Manchester bombing went out of business.
In today’s fast moving world where companies are prone to a host of disasters that vary from minor to catastrophic, it is no longer an option not to have some form of Business Continuity Planning in place. This is an agreed system of prevention and recovery from potential threats.
Business Continuity Planning is all about protecting personnel and assets and making sure they can function quickly when disaster strikes. It is about outlining the planning processes for developing prior arrangements and procedures to enable the organisation to respond to an event, so that critical functions can continue within planned levels of disruption.
It is more comprehensive than simply a plan focusing on recovery of an IT system after a crisis, as it contains contingencies for every aspect of the company which might be affected such as business processes, human resources and business partners.
There are several steps many firms need to follow to develop an effective Business Continuity Plan; identifying functions and resources that are time sensitive, the potential effects of disruption of processes and functions, steps which need to be taken to recover critical business functions, which functions to prioritise, and who should be driving both the planning and recovery phases.
As no two businesses are alike, these plans must be bespoke and built from an in-depth knowledge of what makes a particular organisation work. There is good guidance on the web, together with a number of templates businesses can use to build this up but this is not something where one size fits all.
A UK government publication titled, ‘Expect the unexpected, Business Continuity in an Uncertain World’, published in late 2014 contains good advice on creating simple but effective plans. Whilst it was written from the different perspective of counter terrorism, it is just as relevant today for dealing with the COVID-19 issue.
For further information or advice, Robert Gibson can be contacted at robert.gibson@ie.gt.com
Grant Thornton (NI) LLP specialises in audit, tax and advisory services.