peace of mind disaster recovery plans can keep your business alive by robert p. green, cpa.citp and...
TRANSCRIPT
8/7/2019 PEACE OF MIND Disaster Recovery Plans Can Keep Your Business Alive By Robert P. Green, CPA.CITP and Rick Mar…
http://slidepdf.com/reader/full/peace-of-mind-disaster-recovery-plans-can-keep-your-business-alive-by-robert 1/4
8/7/2019 PEACE OF MIND Disaster Recovery Plans Can Keep Your Business Alive By Robert P. Green, CPA.CITP and Rick Mar…
http://slidepdf.com/reader/full/peace-of-mind-disaster-recovery-plans-can-keep-your-business-alive-by-robert 2/4
No one knows when—or if—asystems failure will occur
PEACEOFMIND
DisasterRecoveryPlansCanKeepYourBusinessAlive
ByRobertP.Green,CPA.CITPandRickMark,CSE
PublishedbyCaliforniaCPAMagazine,2005
Let’ssayyourclienthasfiveofficesacrossthe
country.Theymanagetheiroperations,accounting,ITnetworkandallsoftwareservices
fortheseofficesfromtheirlocaloffice.
Yourclienthostsitse-commercewebsiteatits
localoffice,and,fromthatoffice,alsoservesall
softwareandinformationusedbyitsstaffatall
locations.
Further,40percentofthecompany’sbusiness
originatesfrom
customertransactions
usingitswebsite.None
ofthecompany’sother
officesstoreinformationontheirlocal
computers.
Then,oneday,yourclient’slocalofficeishitby
amajorstorm,floodingthelowerfloor,which
housestheserverroom,andcausingirreparable
systemsandhardwarefailures.Inthe
aftermath:
•Workcomestoahalt—atalllocationsacross
thecountry.
•Thecompany’swebsiteisdown,thus40
percentofitscustomerscannotconduct
businesswithyourclient.
•Thesetofbackuptapesyourclientlocatesis
morethanoneweekold,andaredamagedfromwaterandotherelements.Noonehasbeen
abletolocateolderbackuptapes.
Yourclientisleftwithnocurrentdata,no
productivity,limitedcustomerordersand
interaction,andnolikelihoodofrestoringany
currentinformationwithwhichtodobusiness.
Thinkthisisanexaggeration?OK,insteadofa
flood,substituteanotherreal
disaster—thepossibilityofa
corporation’sdatabeing
corruptedordeletedbya
hackerorex-employee.Orimaginepower
surgesorinternalstaffsystemsabuse.
AvoidtheHorror
Nooneknowswhen—orif—asystemsfailure
willoccur,whichiswhyit’sevenmore
importantforyourfirm,andyourclients,to
develop,maintainandregularlytestadisasterrecoveryplantomitigatethelossesduetoa
systemfailure.
Disasterrecoveryplanningconfrontsthe
likelihoodofadisasterfromwhichacompany
mustrecovereffectivelyandefficiently.
ERMS WHITE PAPER SER
8/7/2019 PEACE OF MIND Disaster Recovery Plans Can Keep Your Business Alive By Robert P. Green, CPA.CITP and Rick Mar…
http://slidepdf.com/reader/full/peace-of-mind-disaster-recovery-plans-can-keep-your-business-alive-by-robert 3/4
PeaceofMind-DisasterRecoveryPlansCanKeepYourBusinessAlive
ByRobertP.Green,CPA.CITPandRickMark,CSE
2
Businessinterruptioncanoriginatefroma
winterstorm,thelossofelectricity,
inaccessibilitytoafacilityforanextended
periodoftime,ahardwarefailureorsoftware
corruption—alongwiththethreatsofvirusesorhackingandmaliciousintentfrominternalor
externalinfluences.
Intoday’sinformation-centricenvironment,
muchofadisasterrecoveryplanaddressesIT
systemsanddataloss.However,theplansalso
mustaddresslogisticssurroundingsales,
administration,manufacturing/production,
operationsandcommerce-basedfunctions.
Ifsuccessful,adisasterrecoveryplanallowsa
businesstocontinueasusual—orclosetoit—in
theeventofsystemfailures.
Disasterrecoveryplanningrequiresasizable
investmentofcorporatelaborandfinancial
resourcesintheareasofproceduredesign,
implementationandtesting.Theseeffortsrely
ontheexpertiseandfamiliarityofinternal
managers,andoftentheuseofoutsideadvisers,
suchasCPAsandITprofessionals.
Theadage“anounceofpreventioniswortha
poundofcure”cannotbemoreapplicablethan
todisasterrecoveryplanningefforts.
Ifyourclientsresistimplementingarecovery
planbecausetheychoosetoavoiditscommon
senseandprudence,considerthis:disaster
recoveryplaneffortsareaddressed—directlyor
indirectly—inregulatorycompliancedoctrinesinplaceforcompaniesofallsizes,including
Sarbanes-Oxley,HIPAAandotherfederal,state
andlocalprivacyprotectionacts.
Create,Maintain,Test
Thefirststepincreatingadisasterrecoveryplan
istoformadisasterrecoveryplan/crisis
managementteam,whichwillberesponsible
forcreatingandmaintainingtheplan,and
managingitintheeventofanybusiness
interruption.
Thisteammustrepresentallkeydepartmentsandfunctionsofagivencompany,andshould
keepinmindthefollowingobjectives:
•Continuityandsurvivalofthebusiness;
•Protectionofcorporatetangibleand
intangibleassets;
•Creationanddocumentationofspecific
preventativemeasures/activities;and
•Abilityforthedisasterrecoveryplantobe
testedperiodicallyandmodifiedtostaycurrentwiththebusinessandanytechnological
advances.
Thedisasterrecoveryplancreationprocess
involvesassessingthemyriadbusinessrisksthat
acompanywouldfaceintheeventofadisaster,
everythingfromlossofdatatocommunicating
toclientsaboutthedisaster.
Oncetheserisksareidentified,anexerciseof
prioritizationunfoldsandtheteamfocusesonpreparingforthelossofthosecorporate
servicesandresourcesthataredeemedmost
criticaltoprotect.
Subsequently,theteamcreatesactionplansand
underlyingdocumentationofproceduresthat
mitigateeachoftheserisksandthenteststhese
plansandproceduresinrealtimetothe
greatestextentpossible.
Thismaymeanshuttingdownthecompany’s
powerorinternetconnection,forexample,
duringbusinesshoursasatest.It’sextreme,but
itoftenistheonlywayyoucantestyour
disasterrecoveryplan,theemployees’
understandingofitandtheirresponsibilities.
ERMS WHITE PAPER SER
8/7/2019 PEACE OF MIND Disaster Recovery Plans Can Keep Your Business Alive By Robert P. Green, CPA.CITP and Rick Mar…
http://slidepdf.com/reader/full/peace-of-mind-disaster-recovery-plans-can-keep-your-business-alive-by-robert 4/4
PeaceofMind-DisasterRecoveryPlansCanKeepYourBusinessAlive
ByRobertP.Green,CPA.CITPandRickMark,CSE
3
Sadly,manycompaniesdonottesttheir
plannedproceduresinanyway,whichsimply
rendersthedisasterrecoveryplanuseless.
TheITpartoftheRecoveryPlan
Returningtoourcompanydescribedearlier,whichsufferedflooddamage,yourclientwould
havebenefitedgreatlyfromhavingadisaster
recoveryplanthataddressedthelossofits
criticaldataandbusinessinformationsystems
functions.
Amongothers,specificstepsshouldhave
included:
1.Regularandsecureoff-siterotationandstorageofdatabackupmedia,accompaniedby
proceduresonhowtoretrievemediafor
restoringsystemsintheeventofadisaster.
2.Amirroredwebsite.Thisisanalternatelive
websitethatkicksinwhentheprimarysitefails,
providingcontinuingservice.Thiswouldrequire
procedurestopointthealternativewebsiteto
analternativedatasourcetorestoree-
commercefunctionality.
3.Redundantcommunicationsconfigurations
toforwardtelephonestoanalternatelocation,includingcellphones,tohandlecustomers’
needsduringthecrisis.
4.Setupa“hotsite”toprovideforredundant
hardware,loadedwithcurrentversionsof
business-specificsoftware,andaccesstofresh
backupdatathatcouldberestoredintheevent
ofacrisis.Suchasitecouldbearemoteclient
officelocationorthatofathird-partyvendor
whospecializesinthisarea.
5.Moreeffectiveserverroombuild-out.Specifically,locateserversandrelated
equipmentandbackupmediainalocationless
vulnerabletofloodorothernaturaldisasters.
Disasterrecoveryplansarecritical,and
businessesthatinvesttimeandeffortintheir
creation,maintenanceandtestingwillbe
rewardedintheeventofdisasters.
Usingacombinationofinternalbusiness
managerknowledgeandinputfromoutside
advisers—includingCPAs—adisasterrecoveryplancanbecreatedtoprovidepeace-of-mind
andvaluetoanybusiness.
RobertP.Green,CPA.CITP,isPartnerat
SingerLewak,aleadingregionalAccountingand
ConsultingfirmheadquarteredinLosAngeles.
Hecanbereachedviaemailat
[email protected],orbyphoneat818.251.1359.
ScottCooper,CMC,alsocontributedtothisarticle.
ReprintedwithpermissionoftheCalifornia
SocietyofCPAsandCaliforniaCPAMagazine.
ERMS WHITE PAPER SER