Co-written by Kevin E. Thompson CPA and Ted Mayeshiba, MBA, Fellow, Institute of Industrial & Systems Engineers.
How do you define “business interruption”? News reports that talk about earthquakes, hurricanes and tornados come to mind. However, the most disruptive for the single person or small business is as simple as an electrical outage maybe due to high winds or an isolated burst pipe. Since most of your business is on computers, how far do you get with no electricity? How far do you get with a computer failure? How willing are your clients to wait for service?
- Let’s help you determine your greatest risk potential. (https://www.sba.gov/blogs/seven-ways-start-your-business-continuity-plan)
|Risk of Failure||Laptop||Desktop||Virtual Terminal||Server||Firewall|
|Low||<2 years||<3 years||<7 years||<3 years||<4 years|
|Moderate||2-3 years||3-5 years||7-10 years||3-4 years||4-6 years|
|High||4+ years||5+ years||10+ years||4+ years||6+ years|
|Ease of Replacement||Moderate||Moderate||Easy||Hard||Moderate|
As a physical asset, hardware replacement must usually be planned for in advance so that you’re not scrambling to replace it after it fails. This proactive replacement is often referred to as performing a hardware refresh. This is done to reduce the risk of failure of a hardware asset. As you can see from the table above, different types of hardware have varying risks of failure as they age.
- Let’s consider recovery
Along with the risk of failure, you should consider how difficult (and how long) it will take to replace the asset. So first, consider Ease of Replacement. If your laptop, desktop or virtual terminal (e.g., Chromebook, Wyse) can be retrieved at your local Best Buy, replacement is easy. What makes laptops and desktops moderately difficult is the time to reinstall all your software from the original disks/licenses. A summary appears below.
- Desktop or Laptop – Moderate: Once the computer is received it must be configured, operating system updated, system software (like antivirus) installed, and user application software installed. Additionally, the user’s profile and data must be loaded from their old computer onto the replacement.
- Virtual Terminal – Very Low: Virtual terminals are used in conjunction with virtual desktops or hosted desktop services. In this case, the user’s “actual computer” is resident on a server in a data center and the terminal is merely there for user input (e.g. keyboard and mouse) and output (e,g. monitors and printers). Because the user’s software and data are sitting on a server, replacing a virtual terminal is simply a matter of switching out the terminal box.
- Server – High to Very High: Once a server is received it must be configured, operating system loaded and uploaded, system and platform (e.g. database server) software installed, business application software installed, business application data restored, and all users reconnected to it. Systems maintenance jobs and backup processes must also be configured to work with the new server, and security monitoring software must also be configured to monitor the new server.
- Firewall – Low to Moderate: Depending on the type of firewall and complexity of the network environment this could be as simple as restoring the backup of a configuration file and reconnecting all the physical wires to the firewall, or it could be as complex as reconfiguring the firewall from scratch (which usually isn’t too bad).
When evaluating your tolerance for business interruption, consider determining the refresh cycle for hardware assets and both the Risk of Failure and Ease of Replacement. How often your organization refreshes its hardware depends on your level of risk tolerance for interruption of critical business processes that are supported by your computing hardware.
Kevin Thompson, CPA has more than 30 years’ experience operating CPA firms (www.kevinthompsoncpa.com) and Income Tax Preparation (www.action-tax.com) and is the CFO for the Aditi Group (www.aditigroup.com) specializing in organizational and technical solutions for the challenges business faces every day.
Ted Mayeshiba, MBA has over twenty-five years of management experience in operations engineering and management from various industries from automotive to satellite to biopharmaceutical and clinical medical practices. He has proven that he can direct and launch new initiatives which transform operations, improve productivity, reduce cycle time or improve decision-making capabilities within highly technical, competitive and legacy entrenched organizations. His latest efforts involve the successful transformation of a Lean Health Care Academy, built upon the successful Lean Academy for Operations under the auspices of the Lean Advancement Initiative based out of MIT. As West Coast Director of LAI EdNet based at USC, Ted plans and executes Operational Academies to improve outcomes for various groups both in manufacturing, engineering and now, health care. Ted is one of the founders of The Aditi Group (www.aditigroup.com).
He is a Fellow of the Institute of Industrial & Systems Engineers