Determining the effects that a major disaster can have on your business will help establish realistic expectations if your business falls victim of a natural disaster. None of us are strangers to the process of risk assessment, in fact, we do it all the time in any number of different situations. Turning left on a busy street is an exercise in risk assessment to some degree. “Do I have time to turn, and what will happen if I don’t. Will the other guy slow down? How will I get to work if my car gets T-boned?”
So if assessing risk is an everyday occurrence, why then are many business Owners not comfortable with the process when it comes to their internal Business Systems? I am NOT just talking about assessing IT resources but business operations in general. Let’s discuss what is involved in a risk assessment and see if we can’t get you a bit more comfortable with the process. Trust me, you don’t have to have a background in Information Technology, just an understanding of your business.
I find that a good starting point to any risk assessment is to start big, and work your way down. One common way I ask people to start big is to think in terms of the full scale natural disaster that you don’t have any control over. Depending on where you business is located, this might be a Hurricane, Spring Flood from a nearby river, a severe Winter Storm, a Fire, those kinds of things. Basically, anything that can happen that leaves you little or no time to prepare, and that can effectively shut your business down for some extended period of time. (Generally speaking, anything from a few hours, to a few days.)
What I like to do to assess risk is to come up with a few basic numbers. For instance, start with your budgeted Gross Revenue for the year and divide it out by the number of business days that you are open. This will come up with a real, rough dollar figure to use as the “potential lost business” number for each day you might be affected by a natural disaster. Once you have that number, then move on to fixed expenses that don’t go away if you have to close for this type of unplanned event. Are many of your Employees salary based instead of hourly? Better consider the payroll expense that you’ll still incur if the business is down. Do you rent your property? Rent will still be due as usual in that case.
It shouldn’t take too long to come up with some numbers of potential lost income and cumulative expenses that you’ll still incur with this kind of an event. You might find that things don’t look too bad because your people are all hourly and you own your property. In this scenario there will be no payroll expense while you’re closed, no rent to pay and ultimately, the biggest hit might just be to the year end EBITDA number. Whatever your circumstance you now have a good starting point to understand how big of a risk this type of incident is to your business.
Next, you have to be realistic about how likely an event of this type will actually happen. Has your business had to close for severe winter storms before? If that’s the case, better to consider that it is something that’s fairly likely to happen again. Does the river flood every spring, are you in an area of the country prone to Hurricanes or Tornadoes? It’s better to consider the likelihood of these natural disaster and prepare than be left without a plan.
Armed with some simple financial information and a reasonable “best guess” about how likely the situation is to happen, you can begin to plan and consider the actions that you might take to reduce the risk. We have one Customer who was flooded by spring thaws two times in four years, creating a higher probability that this type of disaster would occur again. With this knowledge it was worthwhile to go through the cost associated with moving the business to a building on higher ground. Another example of a justifiable cost to avoid a continual expense, was a company that get’s hit by a big winter storm at least once per year. Each year this storm is strong enough to knock the power out for a considerable length of time. For them, it made sense to install an on-site generator to keep the business fully functional, no matter what Old Man Winter brought their way.
It really is that simple. Once your identify potential natural disasters in your area, you work you way through the types of events that might impact your business. Maybe there’s never been a severe weather event that has closed your business, so you don’t really have to plan for that, but you might want to consider the impact of a simple power outage that maybe drag on for several hours. If the unexpected occurs have you taken steps to ensure that the business can operate or is it more effective to close the doors for that period of time. Planning to stay open might require an investment in higher capacity battery backups or even a generator. It may be determined, once you’ve done the math, that it’s easier to balance the potential lost revenue against the known costs of the remedy that you might need to put in place.
The same process is done when a risk assessment is completed for IT services. We evaluate software tools, everything from Firewalls to Anti-Virus software, considering a “worst case”scenario. We analyze the impact to the business that could result from a cyber attack. How much will it cost the business if ransomware gets inside and takes all your data hostage? We then balance the potential impact against the costs associated with security solutions that protect the business from these attacks.
We repeat the assessment, this time from an IT Infrastructure standpoint. We analyze the physical infrastructure of every one of our managed customers, so that we’ve given the proper thought and planning to things like a hard disk crash or other breakdown. (Now you might understand a bit better why we get so nervous as a Server gets near the point where we can’t keep it covered by a good Hardware Maintenance plan)
This infrastructure assessment is part of what we’re starting to review with you in our Technology Strategy Meetings. If you would like to engage with us for a full scale, in-depth assessment just let me know and we can get that on the schedule. There is a charge for this type of high level engagement, but the full scale assessment should really only have to be done once and then simply reviewed from time to time.
If you take just one thing away from this, it’s that you should know where your main risk points are so that you are able to make your business decisions from an informed standpoint. We can’t stop bad things from happening, but working off a plan to protect the business no matter what happens can help you sleep at night knowing you’ve made solid decisions.