As 2017 winds to a close, organizations across the United States are looking back on the year while also starting to plan for 2018. For most companies, this preparation should involve reassessing their business continuity plan to ensure it is ready for a new year.
Indeed, now is an ideal time to audit your plan—before 2018 even arrives. Let’s take a look at some of the reasons why an end-of-year audit can be helpful:
1. To prepare for changes in 2018.
In any given year, 80 percent or more of companies plan to make changes to their business continuity programs over the following 12 months. Ending the year with an audit of your plan enables you to prepare for these changes by having full visibility into what is working and not working with your plan. This helps you to more strategically invest time and resources and enables you to more effectively update your plan.
2. To incorporate “lessons learned” from 2017.
The end of the year is also a great opportunity to take into account any lessons learned from incidents that affected your business during the preceding year. This includes events within your own company, throughout your industry, and across the broader business landscape.
For example, data breaches were one of the top business continuity stories of 2017—and will be in the news for years to come. In the first six months of the year, we were already seeing a 29 percent jump in the number of breaches compared to the same time period in 2016. Last year was a record-breaker as well, seeing a 40 percent increase in data breaches over 2015. These statistics point to a need for organizations to invest more time and resources into understanding and mitigating their risk of a data breach, as well as improving their business continuity plans to optimize their resiliency against such an attack.
This year’s extreme hurricane season presents another opportunity to apply lessons learned to your own plan. Storms like Hurricane Harvey can cause incredible devastation to residential areas and businesses alike. Your business continuity plan should account for potential incidents like this, in which normal operations could be disrupted not just for a few hours, but for days or even weeks at a time.
3. To prepare for the unknown.
The new presidential administration ushered in a lot of changes this year, ranging from fewer corporate regulations to a proposed overhaul to the nation’s tax system. And while the economy is surging as 2017 winds to an end, many individual businesses are looking ahead cautiously.
Over just the next few months, the U.S. business climate may be significantly affected by factors such as a newly appointed Federal Reserve chair, more overturned Obama-era regulations, tax reform, and more. Depending on your industry and the nature of your business, these types of changes may help or hurt your bottom line, affect your workforce or supply chain, or expose you to new threats. With so many broad government policies potentially influencing your organization in 2018, now is a good time to take stock of your risk preparedness and ensure that your plan accounts for these types of large, external forces.
Auditing Your Plan
No matter what changes come in the next 12 months, you and your team should be able to feel confident that you are prepared for and can respond to them.
To keep up with the rapidly changing BCDR landscape, businesses can begin by auditing your business continuity plan at least once a year, as well as when there are significant changes to the company, such as a merger or expansion. Your end-of-the-year audit should take into account all the changes that happened in the preceding 12 months, like some of those mentioned above, while also looking toward the next year.
Your audit should be fairly exhaustive. Ideally, your team will have been updating and adjusting the plan as needed throughout the year, so the audit can serve as an opportunity to ensure that all the elements are present and working together cohesively.
Your team—or an external consultant—can develop its own audit checklist to suit your organization and your industry. However, an end-of-the-year audit should generally include the following:
- A close review of all documentation, as well as business impact analyses, risk reports, and summaries from previous annual audits
- Input from the organization’s management, executive team, security and IT teams, and other key stakeholders on the current business continuity program and any elements that are missing or not working
- Analysis of gaps in the plan, such as new or emerging threats or changes to the business
- Implementation of new best practices, as well as consideration of any emerging industry standards or regulations
Set Yourself Up for a Successful Year
It’s no surprise that 2018 may bring a variety of new risks and unknowns that could affect your business. However, an up-to-date and effective business continuity plan can help your team mitigate the effect of incidents and improve overall resilience so that no matter what the year brings, you’ll be prepared for anything.
