How to create an effective business continuity plan?

Prepare for the worst with an effective business continuity plan

Business disruption can pose a serious threat to the stability of a business. It can be caused by anything from a natural disaster to an economic crisis or even a cyber-attack.

As a result, businesses can struggle to keep up with their daily operations. A proactive approach to dealing with a business crisis is to develop a Business Continuity Plan (BCP).  A  Business Continuity Plan is a comprehensive document that consists of a contingency plan for all the aspects of a business. It may include resources, assets, business processes, and stakeholders that are directly or indirectly involved with the business operations.   

What do you need to know about a Business Continuity Plan?

A Business Continuity Plan requires extensive research and in-depth analysis of business operations. Therefore, a comprehensive plan is necessary to keep different aspects of the business up and running during times of crisis. A business Continuity Plan is a crucial part of Risk Management; our in-house specialists have curated a comprehensive guide explaining how to perform effective risk management if you want to plan to manage the overall risk of your business. 

Managing your finances at a time of economic uncertainty is quite difficult. However, speaking to a good accounting firm can help you manage your finance duties effectively to save yourself more time to focus on other critical functions of your business, such as risk management, growth and business continuity. Our Accounting Services have been developed, keeping in mind the potential disruptions your business can face due to non-compliance or ineffective financial management.

What are the key elements of a Business Continuity Plan?

The Business Continuity Plan includes details of all the procedures that need to be implemented to ensure that the business operations are running smoothly during an ongoing emergency situation. It can include inventory, data backups, backup site locations and any necessary emergency equipment. The BCP may even designate administrators for plan implementation as well as include contact information for key employees, emergency responders and other relevant personnel. Most importantly, the plan must include the following:

• All the elements that are critically related to the skills, communication, structure and responsibilities of the employees.
• All strategic components that are used by the business on a daily basis to ensure continuous running of business operations.
• Every component that is related to the software your company utilizes to carry out its day-to-day activities.
• All features that are necessary to continue key business processes.
• Any object that is related to the systems, network and industry-specific technology.
• All components and factors that are relevant to provide a temporary worksite in case the primary site is no longer available.

Having worked with a large number of businesses our in-house accountants have observed fast-growing businesses fail due to a lack of planning for risk and continuity, we have therefore shortlisted three primary items a business continuity plan should include:

1. Complete availability: Your Business Continuity Plan must provide a strategy that makes it easy for the business to access information even at a time of complete failure.
2. Up and running operations: A BCP must guarantee the continuity of business operations in the case of disruption of services due to an unfortunate event. The plan must also be implementable in case of an expected interruption such as regular maintenance of the IT infrastructure.
3. Planned backup: The plan must also establish a method to reinstate the company’s data centre at a different location in case a disaster damages the primary location.

What are the steps to develop a Business Continuity Plan?

The Business Continuity Plan can be developed in five phases, as shown below:

Phase I. Risk Assessment

The development of a complete Business Continuity Plan begins with risk assessment.

Here’s what you need to know about Risk Assessment

The Risk Assessment Process is an integral part of any project.  It helps to identify the level of risk associated with a certain decision or an element within a company. 

Steps to an effective Risk Assessment:

Here is a step-by-step layout of how to conduct an effective Risk Assessment:

1. Complete an evaluation of the company’s risks and exposures.
2. Take different business disruption scenarios under consideration and estimate the potential impact they can have on your business.
3. Once the scenarios have been identified, shortlist the threat they impose on the business and the probability of their occurrence. We have created a Risk Matrix Template to help with this step.

Phase II. Business Continuity Impact Analysis

After the Risk Assessment is complete, the next step is the Business Impact Analysis. This will help identify and separate all the situational and time-sensitive functions and processes of your business, along with the resources that support them.

Here’s what you need to know about the Business Continuity Impact Analysis

As a business owner, you face numerous situations that will affect your business operations. A thorough Risk Assessment will help identify the potential risks and the level of impact they will have on your business. Hence, the next step is to do a Business Continuity Impact Analysis. A Business Continuity Impact Analysis will help you identify the effects of a certain incident on your business and will facilitate making decisions that are in the best interest of your company. 

An Operation and Financial Impacts worksheets can help you in your analysis. You can use this Financial Ratios worksheet curated by our expert in-house management accountants to boost operational efficiency and profitability during any disruption in service. The worksheet can then be used to deduce the intensity of the impact on your business operations and finances from the disruption in business functions and processes. 

With the help of this critical information, you can identify the most vulnerable functions that will be operationally or financially impacted. Prioritize those functions and start working on their restoration. Once you have finalized the information, you can move towards the execution of the second phase.

Related: In the current dynamics, as a small business in the UK, it might become hard to survive as a small business.  Read our guide to help prepare your small business for economic uncertainty. 

Steps to conduct an effective Business Impact Analysis

Follow these steps to perform a complete Business Impact Analysis:

• Design a questionnaire to help gather information for each relevant business function. You may meet the key managers to refine an in-depth procedure to conduct a Business Impact Analysis.  
• Once the meetings have been successfully completed, compile all of the questionnaires.
• Analyze and evaluate the data gathered from Business Impact Analysis questionnaires.
• After the assessment and evaluation,  conduct follow-up interviews to check the authenticity of the information provided and fill in on any missing data.

Phase III: Recovery Strategies

After conducting an analysis, identify, highlight and implement Recovery Strategies to reinstate key business functions and processes during the disruption of services.

Here’s what you need to know about Recovery Strategies

Recovery Strategies refer to procedures which are implemented to restore business operations to a minimum acceptable level even at the time of severe disruption. These strategies highlight the company’s plan to tackle disturbances and generate a response during an incident. Moreover, it helps identify key applications that are essential to smoothly run business operations.

An important operational metric used to determine the duration of a business being non-functional is the Recovery Time Objective (RTO). Whereas, the Recovery Point Objective (RPO) is the time in which operations should be reinstated in order to avoid serious or unacceptable consequences.

When crafting a Recovery Strategy for the company, focus on the following factors:

1. Insurance Protection
2. Budget
3. Plan of Action and time to recovery
4. Resources Availability
5. Management’s Perspective on Risks
6. Data
7. Vendors/Suppliers
8. Technology
9. Compliance Requirements

It is also important to keep in mind that the Recovery Strategy is aligned with the company’s goals and vision.

Steps to craft Recovery Strategies

• Identify and highlight resource requirements, which you can achieve with the help of your business impact analysis.
• Conduct a gap analysis to identify the cracks between the existing capabilities of the organization and the recovery requirements.
• Research Recovery Strategy options that are suitable for your business.
• Shortlist Recovery Strategies and present to senior management for approval. 

What resources will you need to implement the Recovery Strategies?

Recovery of any critical and time-sensitive processes require resources. After the Business Continuity Team and Process Managers prepare the Business Continuity Resource Requirements Worksheet. You can determine the exact type and amount of resources you will need to support your recovery strategies.

Necessary resources can be acquired from within your company or externally. Here is a list of resources you may need:

1. Key company records (digital and paper form)
2. Capital (machinery and equipment)
3. Inventory (raw materials and finished goods)
4. Human resource
5. Office space, equipment and furniture
6. Basic utilities (Electricity, gas, internet, telephone, water, etc.)
7. Third-party support in the form of funding/sponsorship or experts
8. Financial and compliance records

It might not be possible to acquire all of the above resources at once. Therefore, you must plan for the acquisition of the relevant resources from a financial standpoint as well as an availability one. 

Video: 10 Benefits of Business Continuity Planning

A Business Continuity Plan can protect your business during economic uncertainty and a crisis situation. Watch this video to learn 10 additional benefits of a Business Continuity Plan that can help your business.

Phase IV: Planning and Development

The next phase of your Business Continuity Plan is Planning and Development. For the successful implementation of your plan, it is recommended that you hire a separate Business Continuity Team so that they can compile the plan to handle the disruption of services effectively.

Here’s what you need to know about the Planning and Development Phase

The Planning phase should include rigorous and meticulous development of strategies before you can move to the next phase. Once the Planning phase is complete, the next step is to move the Development Phase. During the Development Phase, it’s imperative to get input from different key employees from various departments before sending it to the executive team for review. It is important to keep the company’s goals in mind while finalizing this phase. 

Related: Our strategic planning services could help build long-term strategic goals for your business.

Steps to follow during the Planning and Development Phase:

1. Establish a framework for the Business Continuity Plan.
2. If possible, recruit a team to ensure the Plan’s Development and Implementation.
3. Document a standard procedure for Business Continuity and IT recovery during any disruption of service.
4. Develop and document a manual workaround to the initial plan.
5. Once done, assemble the plan and get it approved by the senior management before Implementation.

Phase V: Testing phase

In order to ensure that the Business Continuity Plan will operate as and when it’s needed, it is imperative that an in-depth training of the Business Continuity Team is carried out. It is also important that the team tests different methods to assess if the strategies in the Business Continuity Plan operates as planned.

Steps to follow during the Testing Phase:

1. Create testing and implementing requirements, followed by developing maintenance standards. 
2. Conduct training for the Business Continuity Team, along with orientation exercises to help them get familiar with the processes.
3. After conducting tests, document the results obtained from testing.
4. Include any lessons learned from testing and exercises in your Business Continuity Plan to keep it updated and reliable for future use.

Why is it important to rigorously test your Business Continuity Plan?

Testing the Business Continuity Plan is the only way to determine whether it is going to work or not. Moreover, testing is the most crucial part of the entire process of creating a Business Continuity Plan. Testing provides an opportunity to identify potential gaps and provide insights to improve it further.

It is possible that you may have to test the plan several times before it is finalized. The plan should be tested for the worst possible scenarios. The more rigorous the testing, the better the chances of your business surviving uncertain conditions. While you test the plan for the most challenging scenarios, the objectives that are set must be flexible and measurable. It’s also common practice to test the Business Continuity Plans at least two to four times a  year to ensure its viability. The frequency also depends on the type of business, revenue, the number of processes involved and any changes made since the last testing took place. 

Golden tip: Review and modify your business continuity plan 2-4 times every year.

What else do you need to know?

It is important to schedule monthly or quarterly meetings with all the relevant stakeholders to review the plan and identify any areas that need modifications.

It’s also important to take feedback from staff regarding the  Business Continuity Plan. You could also request branch managers from different locations or from other remote units, to review the company’s Business Continuity Plan from time to time. Moreover, any updates or lessons learnt should be recorded in a separate section in the BCP.

Other things you need to know

What is a  Disaster Recovery Plan?

A Disaster Recovery Plan is an essential component of a Business Continuity Plan. This plan specifically pinpoints strategies to counter any IT-related issues such as networks, business servers, business desktops and other electronic devices arising from a disaster. 

Your Disaster Recovery Plan should consist of all guidelines on how to resume operations if disaster strikes.

Related: Cloud accounting apps are a great way to backup your data.

Can Business Insurance be a part of a Business Continuity Plan?

A Business Insurance plan can help provide your business with the coverage that it needs to steer its way out of a crisis and can be a useful resource to keep your entire organization afloat.  It can, therefore, be a key part of your recovery plan, we have worked hard in collaboration with our insurance broker partners and in-house strategic advisors to curate an in-depth insurance guide which you can read to get a better understanding of the types of insurances and how to select one.

Clear House Accountants are qualified Accountants in London with years of experience in dealing with financial, tax, managerial and operational affairs for businesses of different sizes. We help businesses stay compliant, plan for growth and prepare for scenarios which can hinder growth and financial productivity.

Anam Rehman

Director Operations & Finance

+44 (0)207 117 2639

info@chacc.co.uk

chacc.co.uk

Author Bio

---

Anam has a degree in accounting from the Prestigious St John’s University, and works as a senior director in Clear House.

Before working in Clear House, Anam worked in various commercial roles, the last one being the VP Operations for a prestigious business organisation,working on improving the organisation’s operational efficiency, growth and high level client management.

Anam manages clients ranging from software companies to large property developers and managers. Notably, she recently worked with a large property development company building large scale developments in London and the surrounding area.

You Might Also Want to Read: