• Guest Author

Planning for the Unexpected: IT Business Continuity Key to Navigating Emergencies



By: Christopher Stark, President & CEO, Cetrom


If 2020 has taught CPA firms anything it is this: Anything can happen, anytime, and your IT staff and infrastructure need to be prepared for the worst, always. Creating a business continuity plan, refining it over time and being able to apply new learnings to rapid deployment are all critical to keeping operations running during a crisis.


Rightfully so, the business world has been laser-focused on adjusting and responding to the pandemic. And most public health experts agree COVID-19 won’t be the last pandemic coming our way. So, yes, COVID-19 is top of mind, to say the least.


But a health crisis isn’t the only unexpected event that can potentially threaten your CPA firm’s ability to do business and protect its sensitive client data. Hurricanes, fires, tornadoes, power outages, floods, break-ins and cyberattacks can come out of nowhere as well.


At Cetrom, we’re a happy and optimistic group, but we also understand from experience that planning carefully for the worst possible IT scenario is the only way to survive it when — not if — it occurs.


Let’s take a look at some practical tips for creating an effective Business Continuity Plan (BCP) that includes an effective IT Disaster Recovery Plan (DR).


First, Let’s Define Business Continuity and Disaster Recovery Plans


It’s always important to remember that your CPA firm will not be able to stop a crisis from occurring; in most cases, a natural disaster event, power outage and even some cyberattacks cannot be prevented. A BCP is for the aftermath — it is your organization’s and team’s roadmap for how to respond when disaster strikes in order to minimize the damage and make a return to normal operations as quickly as possible following the crisis event.


A solid BCP will cover all aspects of your organization from human resources and IT to finance and external partners. A Disaster Recovery Plan (DR) is only one component, albeit a very important component, of a BCP.


Businesses are destroyed by a crisis not because of the initial event itself, but rather in their failure to recover quickly enough. In the IT world, extended outages and downtimes are killers; for CPA firms in tax season, not having a strong BCP that includes an IT DR plan in place could literally be the end of your firm.


We’d like to think that nearly all CPA firms now have some type of BCP and DR plan in place after the upheaval caused by the pandemic. So, some good has come from COVID-19, as more CPA firms now have plans in place for the next unexpected disaster.


The key question for these firms is this, however: Are they committed to constantly revising and updating their BCP and DR plan? Has their firm assessed what it learned from COVID-19 and found a way to integrate these learnings into their BCP and DR plans?


Everyone has been moving at the speed of light to survive, but it’s important to remember to reflect, assess and make needed changes to your plans to make them more effective than ever before.


Assess How Your IT Infrastructure and Team Performed During COVID-19


This is not a time to be walking on eggshells and dancing around how your CPA firm’s IT infrastructure held up or how well your team responded to the pandemic crisis. It is time to be fair, honest and practical about what your firm did well, what it did adequately, and where it failed. Ask these questions to assess overall performance:

§ How long did it take your firm to adjust to 100% remote work?

§ Have staff productivity levels changed during the pandemic?

§ Has data security remained strong even while interacting with more vulnerable home networks and the use of more personal devices?

§ Have your clients been receiving the same level of service and performance during the pandemic?

§ What IT needs, challenges and requests for equipment were expressed by staff members?

§ Did planned backups occur or were they disrupted?