Large, multi-national CPA firms often have dedicated resources for disaster and recovery planning. Publicly held firms are often required to establish something by their board of directors. Smaller private firms often struggle to justify the resource spending on a plan since the chances of a disaster may be viewed as so small the cost just isn’t worth it.

In truth, today’s IT environment is susceptible to many forms of disaster outside fire and large-scale natural disaster. From malicious hacking to equipment malfunctions and user errors smaller disasters that can affect clients in a big way are all over. For more information on this topic, buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’. Failing to plan for recovery is akin to accepting increasingly probable losses. Even a basic disaster plan can mitigate losses and accelerate restoration of business functionality when problems arise.

Multiple Point in Time Snapshots

Beyond just recovering a client’s bank statement lost to a failed drive, point in time snapshots allow recovery from problems such as user error and malware that encrypts a drive. In traditional single copy backup situations when a user makes a critical error in a file, or malware encrypts it, that problem file gets backed up, overwriting the valid copy and eliminating the possibility of recovery.

Having multiple snapshots of files as they are backed up may seem like overkill. In the preceding situation, those snapshots would allow for recovery of an older version. Some re-work may still be needed, but that would be minimal compared to the effort in re-creating the entire body of work. Most cloud storage solutions offer an ability to maintain multiple versions of a file as a portion of the backup strategy.

Test Disaster Recovery

A disaster recovery plan is only good if it works. Trying to restore a client’s 5-year-old expense records for an audit is not the time to discover backup tapes are unreadable. Without taking time to regularly test the recovery process a firm can’t know if their backup system truly works or if the IT staff understands how to restore systems to functionality.

Testing recovery as per the recovery plan allows a firm to tweak the details as needed without the added pressure of the IRS or a client demanding data. Regular testing should happen to not only the IT recovery plan, but the overall disaster recovery plan. Working with a partner that specializes in these functions allows a firm to rest easy, knowing that the partners, staff, and systems go through regular testing and will not fail when it matters most.

Equipment Replacement

The best backup system in the world won’t help if a hurricane hits, flooding the office and ruining computers. Insurance will pay for the damages, including new equipment. Is there a plan to get that new equipment in place and restore not only the data but the applications to a working state? What if this happens during a big client’s yearly audit?

The chances that a small CPA firm has the in-house know-how and resources to be fully prepared for this are tiny. Off-site backups are only part of the solution. The equipment needs to be replaced and running as soon as possible to keep the business running. Finding a partner that can provide IT as a Utility absolves a small internal team of needing to deal with all the details involved with insurance claims, purchasing, restoring, and testing. The partner can deal with that and leave internal teams free to do final testing and deployment.

The Disaster Recovery Plan

All of this is for nothing if there isn’t a disaster recovery plan in place. The plan doesn’t have to mimic the highly detailed plan that covers every eventuality found in larger firms. The plan is really all about mitigating the potential risks for your CPA firm. For instance, if you have little to no risk of a blizzard, that can be left out of the plan.
Start small with the disaster recovery plan. Establish a point person, set some basic guidelines, and create a testing schedule. Every time the plan is tested, updated it with new processes and information from lessons learned.

The need for a disaster recovery plan may seem like an unneeded expense, until the day it becomes a lifeline for your business. Even still, for small or mid-sized CPA firms it can be a hard expense to justify. On the other hand, being able to confidently tell clients that their data is safe and even during a disaster the firm will respond to their needs is a huge benefit. One of the best ways to mitigate the expense and get the best value is to find a dedicated partner to work with. TOSS C3 can help demystify the process.