Jay Sachetti joined Jeff O’Brien, partner at Husch Blackwell and Dyanne Ross-Hanson, president of Exit Planning Strategies talked about the market for mergers and acquisitions, exit planning opportunities for companies that don’t end up for sale and how companies can maximize their eventual sale price during an early October panel at the first Upsize on Tap event at Summit Brewing Co. in St. Paul.
When the state Legislature passed a law requiring employers to provide paid leave and safe time for employees, Justin Bieganek started hearing differing details from friends, colleagues and peers.
A YEAR OF WILDFIRES, corporate scandal, war and a terrorist attack has left an indelible mark on the U.S. economy. Many companies have reacted by placing a renewed emphasis on business risk management, and specifically, disaster recovery and business continuity planning.
Faced with rising exposure to new risks and declining tolerance for disruptions to operations, business owners have been evaluating their capabilities to respond to crises and mitigate future risk. These leaders embrace the moral imperative to protect their people, and they understand that the ability to con- tinuously perform and satisfy customers is fundamental to sustaining competitive advantage in the 21st century.
Simultaneously, threats to information assets are quickly becoming significant for enterprises of almost any size. Computer viruses, information security issues, software quality, inadequate data storage, complex technology architectures, and ineffective information asset management practices can open the doors to a catastrophe with the same business impact (if not a more severe one) as that posed by a physical threat.
Our round-the-clock business environment demands a rapid-response approach that mitigates disruption risks and allows for fluid continuity of core business operations in the event of a catastrophe.
Here are three basic steps that organizations should take to prepare: Identify your most critical business processes and the resources that support those processes. Resources can include people, facilities, systems and data, among others. These processes should be those that have a direct and immediate impact on an organization’s ability to carry out its mission and vision.
Identify any existing threats to those critical processes and resources. Work to eliminate or substantially reduce the likelihood that a threat would harm the organization’s ability to perform critical business processes.
Threats could include intentional sabotage of vital equipment or systems, single points of failure that could be diversified like telecommunication providers or product vendors, network and system security breaches such as computer viruses or hackers, fires or other environmental disasters, or unintentional employee errors such as poorly tested computer system changes that are moved into a production environment and cause processing errors or complete break-downs.
Develop business continuity and system and network restoration plans to further manage the risks posed by threats that cannot be eliminated or reduced. These plans should address the traditional information system and computer data restoration, and the continuance of critical business processes that are vital to the life of the company.
The case for implementing these steps is compelling. If disaster strikes, and an organization cannot recover in a timely way, the consequences could include loss of revenue, defection of customers, deterioration of brand equity, and permanent loss of shareholder value. In fact, 40 percent of businesses that suffer a disaster go out of business within two years.
Research indicates that enterprises with prepared business continuity plans are significantly more likely to recover as a viable entity, than those without. With corporate risk management attracting increased scrutiny in the wake of a calamity, business continuity planning can satisfy many of the growing demands upon companies.
Although data is the lifeblood of this country’s economic system and its protection is essential for a business’s survival, disaster recovery is no longer solely a data-center operation. In fact, organizational leaders err when they equate disaster recovery with business continuity.
Organizations must also consider the human elements. There are customers who expect supplies and services to continue in all situations. There are employees who expect their lives and livelihoods to be protected. There are suppliers who expect to receive their revenue stream. And, there are the regulators who expect their requirements to be met, regardless of the circumstances.
It’s true that disaster recovery plans have historically been the responsibility of an organization’s information technology (IT) department, but today’s technological advances have altered the ground rules. Recovery schedules plotted in days and weeks are now charted in hours and minutes, thereby multiplying the risk to business operations.
The development of viable business continuity plans must begin with the business. Although information technology and data are significant resources for any business, it is the business units that must mandate recovery requirements for IT resources to the IT department.
Internal affairs While business continuity encompasses a range of technologies — old and new, paper-based and electronic, manual and automated, individual and integrated — it is the internal business aspects, such as justifying the plan, executive buy-in and broad organizational support, that represent the key challenge in instituting a successful business continuance strategy.
If an organization is to maintain continuity of its core business operations in the aftermath of a disruption, it cannot rely on antiquated methods of data-center disaster recovery. Developing highavailability capabilities — a necessity in today’s round-the-clock business climate — requires an examination of business processes and the organization’s data in addition to existing technology infrastructure.
A strong business continuity plan can help companies recover quickly.
[contact] Andrew LaFrence is a partner in the consumer, industrial and manufacturing line in accounting and tax firm KPMG’s Minneapolis office. He focuses on serving emerging companies and life sciences organizations. Thomas Skoog is a senior manager in KPMG’s Risk and Advisory Services practice, also in Minneapolis: 612.305.5000; www.us.kpmg.com
