August 24, 2009
When it comes to business continuity management (BCM) and disaster recovery planning (DRP), for most companies, it does not fall high on the radar screen. Talk to a company that has had the unforgettable experience of living through any form of disaster first-hand and they will undeniably tell you that planning for such an event should be a number one priority.
In this year’s AICPA sponsored annual top technology survey, conducted in late 2008 and released earlier this year, respondents identified the most important technology initiatives for 2009. Business Continuity Management and Disaster Recovery Planning made it to the “Honorable Mention” list, falling into the #11 position overall!
The initiatives included in the survey are intended to represent the CPA’s unique perspective regarding the initiatives they believe will impact financial management and the fulfillment of other fiduciary responsibilities such as safeguarding of business assets, oversight of business performance, and compliance with regulatory requirements.
In prior years, voting was limited to an exclusive community including CPAs and IT professionals including the Information Technology Section members and CITP credential holders as well as members of ISACA, IIA (Institute of Internal Auditors) and the ITA. For 2009, the Information Technology Membership Section invited AICPA members to participate in determining the 2009 list.
This year, the taskforce that compiled the results of the survey, defined “Business Continuity Management and Disaster Recovery Planning” as: “the holistic processes organizations use to mitigate the risks to systems and people when unexpected events occur, and include the maintenance of a documented plan that is periodically tested. This process includes identification, prioritization and documentation of key systems, associated risks and individuals responsible for ensuring the maintenance of these key systems.”
So where does your company begin in the process of addressing these issues and where and when does it stop? This diagram (available from Wikipedia, downloaded under the terms of the GNU Free Documentation License) reflects the lifecycle of business continuity planning:
All organizations experience change over time. Some change is small, like changes in personal and job functions, while other changes are extreme, such as mergers, acquisitions, site relocations and applications and/or operating systems.
Change causes this process to be continually reviewed and examined. A disaster recovery plan is a “living” document that grows in size and scope as a business changes.
In the event of disaster, the time and effort that an organization invested into its plan will result in helping to insure the continuity of the operations of the business and the future stability of its stakeholders.
For more information on the Disaster Recovery and Business Continuity Planning, listen to Jim in this podcast.
James C. Bourke, CPA.CITP, is a partner at WithumSmith+Brown where he is director of Firm Technology. He is a past president of the New Jersey Society of CPAs and currently serves on AICPA Council and the Chair of the AICPA CITP Credential Committee. He was recently named as one of the Top 100 Most Influential People in the Profession.