Business Continuity from a CPA Firm’s Perspective

MICHELLE THORNBURG, CPA [mthornburg@koskicpa.com]

The Federal Emergency Management Agency (FEMA) describes “continuity” as the ability to provide uninterrupted services, essential functions, and support, while maintaining organizational visibility, before, during and after an event disrupts normal operations.

Most businesses are successful in operating in the “before” side of things, but how the business is prepared to deal with the “during” and “after” of a disruption is critical in their ability to continue the business after an event. Your business can’t simply stop just because something happened. It is important for the business to maintain cash flow and customer relationships.

In today’s interconnected business environment, natural disasters and cyber attacks can severely disrupt operations, damage reputation, and lead to significant financial losses. Climate disasters have become more frequent and more severe, as we have seen here in the Midwest with tornados, flooding, blizzards, hurricane force winds that knocked out power for days, etc. The frequency and sophistication of cyber attacks have also increased dramatically, with ransomware attacks alone causing substantial financial damage globally.

The first step in developing a comprehensive business continuity plan is to conduct a thorough assessment of the potential threats and vulnerabilities. The key word in this is comprehensive. Think about things such as:

Natural – flood, tornado, epidemic, storms, etc.

Technological – IT system failures, hazardous materials release, industrial accident, transportation accident, utility disruptions, etc.

Human Caused – active shooter, cyber attack, explosives, etc.

Process Oriented – supply chain failure, etc.

Keep in mind that where your suppliers are located is also important to your business as their impact from disasters also impacts you if they don’t have a continuity plan in place.

You need to consider what an acceptable downtime is for each essential function and if you will need assistance from other organizations to get you back up and running.

In identifying risk mitigation strategies, you may need to have multiple solutions. For example, telework or an alternate facility may not be an option in every situation if there is widespread disruption to power, communications, etc. so you need to have an alternative secondary plan.

Having a disaster recovery plan in place is the first step. Most plans, however, get filed away and never get tested, updated, and reviewed. As your business and the world changes, so must your business continuity plan be changed to stay relevant. For example, have you added new systems, added new locations, changed personnel?

Actually test your plan. Most organizations back up their important electronic data, but not a lot of companies have tested the retrieval or restoration of that data. Where is your electronic data stored and how long will it take to get your information restored in an emergency? Do you have access to replacement equipment to restore the data to and if not, how long will it take to procure that equipment? of Dealerships

Is your entire team aware of the business continuity plan and do they know specifically what to do if something happens? Generally, in times of disaster, you will not have the luxury of time to figure out what needs to happen.Your team must be ready to execute.

If the employees don’t know what to do, they may make quick judgments that could cause more harm than good. You want to eliminate the panic and make sure employees have clear steps to follow. As an example, in a cyber-attack, certain information will need to be recoverable in order to provide evidence of a hack for the insurance company to cover damages.

In a time of increasing climate disasters and cyber security attacks, business continuity planning is no longer optional. Businesses must implement comprehensive continuity strategies, leverage technology, and foster a company culture of preparedness to protect the future of the business.

Disclaimer: The above information is intended to be current as of the date noted, but may or may not reflect the most current tax laws. This information is intended to be general tax information and is not intended to be tax advice. If you would like to discuss how it may relate specifically to you and your situation, please contact your trusted KPG advisor.

Providing tax, accounting and consulting services to equipment dealers for over 30 years.