Disaster Planning – Part 1
Disaster Planning – Part 1
Introduction
This article is the first in a 3-part series on the subject of Disaster Planning.
Is your real estate investment business or property management business ready for a fire, a hurricane, a flood, or whatever other unexpected event might occur tomorrow, next week, next month, next year, and/or beyond? It is not only 9/11 or Katrina level disasters that should be of concern. Are you even prepared for a hard-drive failure that could occur at any time?
According to the U.S. Department of Labor, over 40% of all businesses that experience a disaster never re-open and 25% of the remaining businesses close within two years. The smaller the business the less likely that it will be prepared.
Many small business owners believe that preparing for disaster requires more money and/or time than is available. However, the most important steps for surviving a crisis cost relatively little. Being totally unprepared can be the costliest plan of all.
The only certainty about the unexpected is that it will happen some day. Even a minor incident can become a disaster if not managed properly. Disaster planning is like insurance in that you have to put things in place prior to occurrence of the disaster, not after the fact.
What Could Go Wrong?
There are an infinite variety of things that could go wrong for a landlord or property management company in the course of running the business.
How about a burglary of your office? Would they get your computer and your backup CDs lying on the desk or the external hard-drive under the computer desk? What if they stole the files containing personal data regarding all applicants for vacancies over the past 5 years? Do you know the legal penalties and potential financial liabilities for not adequately protecting this information?
Most business owners are fully aware that things can go wrong, but this awareness does not always translate into action. The human component of disaster planning is the weak link due to reluctance, fear, or uncertainty on how to plan.
The impact of an event may be quite different for different businesses. What might be considered a disaster for some is just an annoying disruption for another. For effective disaster planning, all those involved in a business need to have the same definition of a “disaster” and an understanding of what to do, how to do it, and who should do it.
The first thing you must do is complete what’s commonly called a risk assessment. The purpose of the assessment is to (1) identify what could go wrong, (2) analyze the effect on your business if something does go wrong, and (3) determine what priority you should place on each event so that you can minimize your risk exposure by committing limited resources to the greatest risks.
During this assessment, you must think of all the risks and threats that your business faces. Threats include anything that could happen to your employees, tenants, family, property, equipment, and records.
The degree of risk for different types of disasters varies significantly in different areas of the country. Every area in the country is subject to some type of natural disaster, whether floods, hurricanes, earthquakes, ice storms, high winds, wildfires, or landslides.
California has a greater risk of earthquakes than Florida, while Florida has a greater risk of hurricanes. However, even though a particular event is unlikely or has never happened before does not mean that it will not happen tomorrow. For example, the biggest earthquake in recorded history that occurred in the continental U.S. was in Missouri in 1812, not in California.
For most other categories of threats, the risks are somewhat similar throughout the country, although infrastructure-related threats can vary greatly between one city and another. Of course, the categories of risks and threats depend upon the type of business. The point is that risk assessment must be customized to each specific business.
Vulnerability
After identifying potential risks and threats, you must decide how vulnerable you are to each of them. You must rank the threats in two different ways. First, rank them in order of frequency. For example, how often does power to your computer get interrupted? List the expected number of months between events. Obviously, this is difficult to do for those events that might occur years apart.
Impact
You must next rank your vulnerabilities to these threats by the financial impact they’ll have on your business. That is, how much would it cost to replace or repair?
For hardware (e.g., a new computer hard-drive), this is not simply the cost of purchasing the hardware or of obtaining a replacement if under warranty. The cost must include (1) the cost of the down-time until you can obtain a replacement or repair and get it installed, (2) the labor costs involved for installation of the drive, (3) the cost to reinstall all the software, and (4) the cost to recover data from your backup or to recreate or update the lost data if a backup doesn’t exist or is not recent, respectively.
Finally, it must take into account lost business during the down-time. For a landlord or a property management company, this might include the inability to collect rents.
Risk Exposure
Now divide the cost of the event by the months between occurrences of that event to give you a measure of risk exposure for each threat. The higher number, the more important it is to protect yourself from that threat or at least minimize the damages resulting from it.
Of course, in the real world, the numbers are not easy to come up with, will not be very accurate, and the answers will not be exact. However, the method does provide a way to prioritize disaster planning tasks. Accordingly, it is much better to do the analysis using guesses than to do nothing.
Leave a Comment
You must be logged in to post a comment.