It’s worth thinking about the long term impact a fire, a burglary, loss of an insecure laptop or sensitive financial information being sent to the wrong person would have on your practice. Each of these situations could have both short-term and long-term implications. This is particularly important with the penalties associated with GDPR compliance breaches.
Here are five steps for effectively avoiding and managing a crisis.
Take some time to think of potential risks and situations that your practice could face. Here are two scenarios to think of. It’s the 28th January 2020 and your team is still finalising personal tax information onto spreadsheets which are saved to your team’s desktops. That night, your practice suffers a fire or a burglary. Your practice will have lost all the relevant data and will instantly lose its ability to meet the 31st Jan personal tax deadline.
You have attracted several high-profile clients and one of them is in the last stages of some M&A activity. One of your team members erroneously sends sensitive financial information to someone else in the industry. What steps will you have to undertake to remedy the situation and what will be the long-term damage to your client’s and the practice’s reputation?
Prevention is key
After you’ve created your scenarios, and before a crisis strikes, it’s prudent for practice owners to mitigate against potential threats. Create a working group of employees in your organisation whose role is to advise on preventative measures to de-risk how you operate. For example, moving from using spreadsheets to an online document management system will allow you to store information in a single central location safely online which can be accessed by your team or your clients from any location. Central storage of documents secured by individual user logins helps protect client information and make disaster recovery easier. Sensitive or personal information can be encrypted and shared with only authorised recipients rather than being shared via email with the risk of the message accidentally sent to the wrong person.
The next stage is put together a documented plan. Larger companies maintain a risk register and scenario plan how they would deal with anticipated risks. Regardless of the size of your practice, it’s a good first step to bring together a working group of experienced execs within your practice.
Create a step by step plan on how you would tackle the crisis when you can think calmly. Allocate roles and responsibilities to people in your organisation. Ensure that you have out of hours contact details for key people within your organisation as well as your clients in an easily accessible location. Allocate some time to role play a crisis.
You may have planned and documented but there is no substitute for a real test. Often, it’s only when properly role-playing your plan which may include shutting down servers & preventing staff from entering your office that you discover a key item of information is saved on a network drive or on a piece of paper in the office safe.
Ensure you have already nominated a communications lead as part of your planning process and role play how your practice will communicate transparently and honestly. Tell impacted parties as soon as possible, let them know what actions you’ll take and know how regularly you’ll communicate with them. Keep employees informed. Maintaining open communication channels will ensure that business continues to flow as smoothly as possible.
Review and learn
Once you’ve created a crisis plan, it’s prudent to review it regularly. Compliance changes, such as Making Tax Digital (MTD), may impact how your processes operate. Ensure your crisis plan and the technology your practice uses is future proofed. Installing the latest technology in your practice could make or break how efficiently and robustly your practice operates during a crisis. Once you’ve role played your crisis, take some time to review where the bottlenecks were, and which part of the process is potentially weak. Continue to test & tweak your process and improve on it.
For more information on how CCH Document Management and CCH One Click could help you better prevent a crisis leaving your and your team out in the lurch, click here.