To Our Valued Clients and Friends:

This is the eighth in our series on preparing your business to weather unexpected events. Read Parts I – VII here, here, here, here, here, here, and here. This week, we discuss the top 10 things businesses should do in preparation for a crisis.

Preparedness is everything here – if we fail to plan, we are in effect planning to fail. If we don’t prepare in advance for the unexpected (to the extent possible), we get caught flat-footed and have to scramble when an unexpected crisis arises, such as a severe weather event (we in the Gulf Coast know a good bit about these!), or even a global pandemic such as COVID-19.

Top 10 Things to do in Preparation for a Crisis

1. Assess your situation, and identify the Top Three Threats to your business. Develop 5 first steps to take in preparation for each threat.
2. Create a plan to address each of your Top Three Threats.
3. Ensure you have cash reserves on hand to handle any unexpected expenditures and/or delays in receipt of client payments – we recommend at least 3 months’ worth of regular operating expenses.
4. Secure your data – it should be backed up, preferably on a daily basis, but weekly at a minimum, to a secure offsite location, readily accessible via remote connection but with all possible security in place. Ensure files and folders are accessible to those who need them, and not to those who don’t. Store passwords in a central, secure location such as LastPass.
5. Equip your team with laptops and secure network software (e.g., Citrix) to enable them to access the data they will need to work remotely. Keep all hardware and software up-to-date.
6. Make sure there is a central application for team communications. A Microsoft Teams group is a good option, as is GroupMe, but you can use group texts, group emails, an internal-access-only page on your website, or another method that works for you and your team.
7. Establish clear, specific team roles during a crisis – and make sure there’s some redundancy – i.e., if x cannot do something, y will take over. This strategy goes for business owners, too – someone, whether a team member, a colleague, or other designee(s), should be ready to take over leadership in case you cannot fulfill this role. Be very clear with each and every member of your team as to their roles and responsibilities, and whom they can turn to if they are unable to carry them out. Let them know what you or your designee will be taking on.
8. Communications with clients and other key players (such as key suppliers, outside IT administrators, etc.) will be a necessary element of crisis response – ensure this job gets delegated appropriately, and that each team member knows whom they will need to reach out to if necessary.
9. Communicate your plan to all team members. If questions arise, or if anything requires further clarification or detail, incorporate this into your plan.
10. Test your plan – in all its steps and phases – at least annually. Revise as necessary when testing reveals gaps or flaws.

If you are having trouble formulating your preparedness plan, we recommend you consult with your CPA.

How prepared are you? What did the most recent test of your preparedness plan reveal? Are you ready for the next crisis when it happens?

Please click here to email me directly – I’d love to hear about your experiences.

Until next Wednesday –

Peace,

Eric

To Our Valued Clients and Friends:

Welcome to the seventh in our series on preparing your business to weather unexpected events. Read Parts I – VI here, here, here, here, here, and here. This week, we discuss in more depth how to communicate your plan. 

Communicating your plan begins with the plan’s inception. It’s of paramount importance that your team understands they are an integral part of your risk-preparedness plan – right from the start and at every step. Remember that your people are stakeholders in the continuity of your business.

For the purpose of risk-preparedness planning, consider that your team includes not only your business’s employees but key service providers as well (think outsourced IT services, etc.).

• Get your team’s input as to what the Top Three Threats to your business are. While you will ultimately make this determination, you may choose differently after hearing from your team. 
• When you have determined these three likeliest business threats, hold a team brainstorming meeting on the best five steps to take to mitigate against each threat. Again, you will make the final decision on which five steps are most essential, but input can be enlightening.
• It’s essential to delegate someone who will assume the leadership of your business in the event you are unable to fulfill this role yourself. If this person is not a member of your team, schedule time for the team to become acquainted with him/her, ask questions and provide input. 
• Make sure there is a central application for team communications as a backup. This application should be separate from your server and emails and can be via group text, GroupMe, or other applications. Get your team and yourself in the habit of checking the group message application regularly – and using it.
• Ensure every team member knows what you will be relying on them for, what they can depend on one another for, and what they can count on you or your delegate to handle.
• If one of your top three threats could require evacuation, make sure everyone on your team – including yourself – has an individual plan for this; you should incorporate each of these into the overall plan. A map of each individual’s evacuation route is an excellent inclusion – especially if your team is small enough that you can superimpose everyone’s route onto a single map as well.
• Are you confident that key contact information – for team members, clients, and key service providers is up-to-the-minute accurate? If not, delegate that task and make sure it gets updated and maintained.
• Make sure your team members are communicating with each other as well as with you. In your own communications, make sure your team knows they are listened to and any concerns are heard. This strategy will foster confidence and camaraderie; in an emergency, these are assets worth having.
• Whenever you test your plan(s), hold a preparatory team meeting – clearly communicate what will be happening, and gauge responses to determine whether any steps can be improved before testing. Communicate with your key service providers so that they can participate, just as they would in a real emergency.
• Keep your clients informed when you are testing your plan – make sure they know they will be contacted as if this were an unexpected real-time event. 
• After testing, review the plan for newly evident vulnerabilities, any failures in communication, any confusion as to team members’ responsibilities. Schedule a full team meeting to discuss the results, and ask for their input. Revise your plan to address any issues or concerns before your next test.
• Once the plan is revised, hold another meeting to communicate the changes you’ve made to your team. 

Communicate to clients and key vendors your new business operation plans once you are settled into your new business model.

I think we’ve all learned during the pandemic, despite the unavoidable isolation we’ve experienced, that teamwork counts, communication is imperative, and – in the end, aren’t we all on the same team?

What’s the best way you’ve found to keep your team fully engaged in your preparedness planning process?

Please click here to email me directly – I’d love to hear your own experiences.

Until next Wednesday – 

Peace,

Eric

To Our Valued Clients and Friends:

This email is the sixth in our series on preparing your business to weather unexpected events. Read Parts I – V here, here, here, here , and here. This week, we discuss how to test your plan for preparedness, once it is in place.

Most failures of businesses’ emergency preparedness plans are due to a lack of testing before the unexpected occurs. Get ahead of the curve, and test your plan at least once annually.

Steps to take:

• Schedule a test day in advance; notify every party involved – your team members as well as any necessary outside parties (clients, essential service providers, vendors, and suppliers, etc., who would need to be notified in the event of an actual emergency) that you will be testing your preparedness plan on that date.
• Have every team member make the contacts for which they are responsible – this should be spelled out clearly in your plan.
• If your plan requires evacuation, team members should know their evacuation routes and should have communicated them to you in the plan’s design phase. Agree on a point beyond which they need not travel, whether it’s a landmark or coffee shop they are familiar with or a set distance in miles from their homes. 
• Have your team members all log in remotely to your secured server(s); they should make certain they can access the data they require for the tasks and projects they would be responsible for if the unexpected occurred today.
• If you have a backup generator to maintain power during an outage, ensure it is tested automatically on a weekly basis, but test it again on this day. Make sure beforehand that your generator’s fuel source (natural gas or other) is topped off.
• If a data breach is one of your top threats, have an outside expert to attempt to breach  your system in consultation with your IT provider 

 

Look for vulnerabilities, failures in communication, confusion. Schedule a full team meeting to review the results and ask for their input. Revise and specify your plan to address any issues or concerns before your next test.

Once the plan is revised, hold another meeting to communicate the changes you’ve made to your team. 

Have you tested your emergency preparedness plan? What did you find? If there were issues, how did you address them?

Please click here to email me directly – I’d love to hear how your testing went.

Until next Wednesday – 

Peace,

Eric

To Our Valued Clients and Friends:

This email is the Fifth in our series on preparing your business to weather the unexpected events that we know will occur. Read Parts I-IV here, here, here, and here. This week, we discuss businesses’ technological risks.

Businesses rely increasingly on technology and automated systems; we expect our technology, hardware, and software, to work as designed and advertised. Unfortunately, software glitches occur, hardware breaks down, and often at the most inconvenient times. 

And there’s worse, of course – we’ve all read about cases of identity theft and consumers’ fears their personal data is beyond their own control. High-profile data breaches have occurred at many prominent companies and even within several U.S. Government departments. 

Technology gives us so much in our businesses and our private lives. Yet our reliance on it places us in a position of vulnerability – and it’s a relatively new vulnerability construct, not one that humans have been accustomed to protecting ourselves against for multiple decades.

Ironically, one of the best ways to prepare for an unexpected event impacting your business is to ensure that you and your team can work from anywhere, as long as a secure internet connection is present. 

This makes it all the more crucial to protect your technological infrastructure, as well as sensitive data relevant to both your clients and your team.

Here are some ideas you may want to consider:

• Ensure that you keep your equipment up to date so that your servers, laptop, and desktop workstations don’t become obsolete.
• Update your software to make sure you have the most up-to-date version offered by the vendor.
• The best way to implement the two points above is to ensure that someone is responsible for maintaining your equipment and its security (firewalls, anti-virus, etc.), and keeping your software updated. This person can be your in-house IT specialist or an outside provider.
• Ensure that you have security protocols in place (firewalls, passwords, locked files/folders, who may access what) and that team members are thoroughly educated on these protocols.
• Make sure you are using software such as LastPass so that all your encrypted passwords are stored securely in one place.
• Make sure all data is backed up regularly and frequently (we recommend backing up on a daily basis – if this is not feasible, at least on a weekly basis); ensure backup data can be readily accessed if necessary. 
• At least annually, hire someone to attempt to hack your system and restore your backups. A successful attempt will expose vulnerabilities, which can then be addressed, while an unsuccessful attempt means your systems are reasonably secure – for now.

 

It’s another irony that we make ourselves much more secure when we expect our tools may fail and prepare to counter that likelihood. 

We recommend that, if you do not use an outside provider for your IT, you consult with one on how best to secure your equipment, software, and sensitive data. 

To best prepare for the unexpected, consult your CPA on creating your response strategies.

Has your business experienced a data breach? If not, what strategies have you used to prevent one?

Please click here to email me directly – I’d love to hear how you protect your technological infrastructure.

Until next Wednesday – 

Peace,

Eric

 

To Our Valued Clients and Friends:

This is the fourth in our series on preparing your business to weather the unexpected events that we know will occur. Read Part I here, Part II here, and Part III here. This week, we will discuss how business owners can ensure their businesses will continue in the event they are temporarily or permanently incapacitated.

In any disaster, or even in their absence, there is the chance a business owner may be injured, become ill, or even pass away. As business owners, we have a multifold of responsibilities – to our clients and our employees, as well as to our families, and ourselves. And a business continuity plan is the best way to ensure the first two responsibilities are met when we cannot meet them ourselves.

Since you’ve already identified your Top Three Threats as well as the general steps to have in place to deal with the unexpected swiftly, it’s time to create your Business Continuity Plan(s). Note that you may need more than one if your Top Three Threats differ significantly from one another in precisely how they would impact your business.

Steps to take:

• If your location makes weather-related events a top threat, make sure you have an evacuation plan and an alternative location from which to conduct your business. This plan may involve physical facilities, or it may just require that your team is properly evacuated, along with their laptops if they are set up for remote work and have access to your servers. If they aren’t and don’t, consider remedying that.
• Designate someone – this can be a team member, a member of your family, or a colleague, as appropriate – to take over the leadership of your business if you are unable to maintain it, temporarily or otherwise. Then designate an alternate – redundancy here is essential, as consequences of unexpected events tend to be unpredictable. Consider giving this person a springing power of attorney, which would only go into effect if certain circumstances occur.
• Spell out every team member’s role and responsibilities in ensuring business continuity. Update this at least quarterly as projects and tasks are completed and replaced with new ones.
• Ensure that communications remain open – have a central voice mail, team text group or message board, or other means of obtaining up-to-date information. Designate someone to maintain and update information daily if you are unable to do this. Microsoft Teams is a great tool for this task.
• List your key vendors and suppliers, and make this list available, with up-to-date contact information, to your designated successor and your team.
• Ensure your team’s computer equipment is portable, secured, and able to access your data remotely.
• List your key software programs – if you have an outside provider of IT services, coordinate with them, and ensure all software is remotely accessible.

Communicate your plan(s) to your team and request their input. Revise the plan(s) as appropriate afterward.

Test your plan – at least once annually: 

• Enact or simulate your evacuation plan, if that is part of it.
• Ensure that each team member can list their responsibilities, and the order in which they should execute them, if possible (be flexible). 
• If a data breach is among your Top Three Threats, hire someone to try to hack your system. 
• Keep an eye on your cash reserves – you may need to provide employee advances to your team under some circumstances, and you will likely need to cover basic business costs for some time, potentially extensive.

While some elements of emergency-preparedness can be used in most plans, your own business situation is unique – it’s an excellent idea to consult your CPA on the specifics.

Do you have your business continuity plan(s) all in place? When did you first institute the plan(s), and Why?

Please click here to email me directly – I’d love to hear about your experiences.

Until next Wednesday – 

Peace,

Eric

To Our Valued Clients and Friends:

Welcome to the third in our series on preparing your business to weather the unexpected events that we know will occur. Read Part I here, and Part II here. This week, we discuss how business owners can begin creating an individual preparedness plan.

As we’ve discussed in Part II, we recommend that first, you identify the top three threats your business is likeliest to face, based on factors including, but not limited to:

• Weather-related events
• Unprotected infrastructure 
• Technological vulnerability

Now it’s time to take a hard look at how to come closer to disaster-proofing your business; you can use RFG’s Top Three Threats Tool to list each of these threats and five first steps you need to take to address the risks arising from these threats.

One strategy we think particularly useful is to start by adopting a ‘meta-readiness’ approach. This approach will enable you to take the steps necessary to be ready, generally, to address the specifics of any threat, having prepared for threats in general.

We recommend the following steps as a start to your Response Strategy:

• Ensure your technology and data storage resources are secured, accessible and that backup systems are in place.
• Set your team up for remote work to the extent possible.
• Review your Business Interruption insurance to ensure it provides sufficient coverage. If you don’t have such coverage, get it.
• Ensure you have a business continuity plan in place in case of an unexpected change in company leadership.
• Keep your business premises in good repair; this will at least mitigate physical damages. And make sure your insurance coverage is up to date!
• Ensure all your contact information is kept current.
• Make certain you have all insurance policies, your articles of incorporation, licenses, and other key documents kept safely and accessible electronically as well as physically.
• Keep your team well-informed of all plans and who will be responsible for what tasks (such as client notifications), records, projects, etc. 
• If evacuation is anticipated, know your team members’ individual evacuation routes and planned landing points, and include them in the plan along with your own.
• If you anticipate power outages that could cause damage to your premises or equipment, consider a backup generator. If you obtain one, set it up for automatic regular testing.
• Clearly delegate one or more decision-makers to take charge in the event you are temporarily unable to fulfill this role yourself.
• Have cash reserves on hand to deal with contingencies as they arise. We recommend at least 90 days of operating cash.

When you’ve developed steps to address the specific challenges each of your top three threats is likeliest to pose for your business, complete your Response Strategy for each of these threats. Provide your team with these Response Strategies, and address any questions, concerns, and/or ideas that arise. Input is essential – other perspectives may complement your own, and your team may very well be able to help you strengthen your Response Strategies.

“Meta-readiness” involves flexibility and adaptability rather than a set of protocols. Because you don’t address the unpredictable successfully by being over-predictable yourself. To maintain this state, review and update all your Response Strategies at least annually, and make sure every update is communicated to your team, and their feedback sought.

We are already better prepared than we were a year ago – we’ve had the lessons the pandemic has taught all of us to learn from. Some of us were at least partly prepared already, having had to deal with severe weather-related events, such as hurricanes, tornadoes, and flooding. 

But the fact that we are better equipped now to deal with the unexpected than before the COVID-19 pandemic just illustrates the need for continually updating our Response Strategies in light of experience, new information, and any new potential threats.

What Response Strategies have you developed for your business? 

Are you “meta-ready?”

Please click here to email me directly – I’d love to hear what strategies you’ve developed.

Until next Wednesday – 

Peace,

Eric

Last week, we provided a general overview of how businesses can plan for the unexpected; this week, we begin taking a closer look at each step business owners should take when creating their individual preparedness plans.

Step 1: Identify Your Risks

Each business’s identity is unique, and so are its risks. However, while we can’t foresee each and every unexpected event, we can winnow our plans down to the most likely threats. Consider your location, your industry, and the individual factors of your business situation.

Narrow your list down to your three largest assessed threats.

Now, drill down on those three threats – how might each of them impact your business?

Is it likely to:

• Shut your office or facility down? If so, does the risk arise via physical damage to your premises or via health concerns?
• Damage the reputation of either your business or yourself?
• Lead to a potentially hazardous misuse of your product(s)?
• Lead to a loss of business leadership (should the disaster cause your death or result in your leaving the firm)?
• Create customer dissatisfaction with your product(s) or service(s)?
• Lead to employee grievances?
• Make your product(s) or service(s) obsolete (via technological or social changes)?
• Interrupt supply chains for key materials and/or vendors?
• Drive your revenue down?
• Create a drastic increase in demand for your product(s) or service(s), which you will not be able to meet?
• Increase your operating expenses to address the challenges you face?
• Cause your technology to fail?
• Cause an extended power outage?

Once you’ve identified the likeliest avenues of risk to your business, you can develop a response strategy, listing the best steps you can take in advance to militate against those risks.

We’ve created a worksheet you can use for this purpose – more on this next week.

Whatever your individual business risks, we recommend the following as general steps to take to prepare your business for the unexpected:

• Make sure your technology and data storage resources are secured and that backup systems are in place.<
• Set your team up for remote work to the extent possible.
• Review your Business Interruption insurance to ensure it provides sufficient coverage. If you don’t have such coverage, get it.
• Ensure you have a business continuity plan in place in case of an unexpected change in company leadership.
• Keep your business premises in good repair; this will at least mitigate physical damages. And make sure your insurance coverage is up to date!
• Ensure your contacts are kept current.
• Make certain you have all insurance policies kept safely and accessible to you electronically as well as physically.

The good news: 14 months into the COVID-19 pandemic, you and your business are almost certainly much better prepared for the unexpected than you were at the start of 2020. Think about all the ways you have had to adapt in order to cope with the barrage of mandates, directives, and regulations. And that’s assuming you’ve had no other significant disruptions to your business operations, and that neither you nor your team members have had to deal with contracting the virus itself, both of which have further challenged businesses during this global crisis.

What specific challenges has your business faced as a result of the pandemic? What strategies did you use to meet those challenges?

And can you see ways in which those strategies can be employed to meet challenges posed by other unexpected events?

Please click here to email me directly – I’d love to hear how you’ve dealt with your pandemic obstacles!

Until next Wednesday –

Peace,

Eric

To Our Valued Clients and Friends:

On August 26, 2005, the Friday before Katrina struck, I was on the 21st floor of an office tower across from the Superdome, wrapping up a project for an important client. As I looked out the window on that dreary, rainy day, I began to hear reports of oil and gas rigs being evacuated due to the oncoming storm.

When the dust of my own evacuation settled, I found myself, a 40+-year-old man living with my wife, Jennifer, and our five-year-old daughter, Meghan, in a spare bedroom of my parents’ Baton Rouge home. I didn’t know whether we had a home to return to. I didn’t know whether I’d have an office to return to – at the time, our firm was on Poydras Street across from the Superdome, as noted, which had suffered significant damage.

I didn’t know whether I had a functioning business left. I did know I had a substantial number of insurance claims to file. My entire future looked and felt very uncertain; this created enormous anxiety for me, and I could do little, at that point, to relieve it. Any action I could take was welcome.

A buddy of mine, also sheltering near Baton Rouge, called me. “Look. I’m going in.” He and his wife had tragically lost their 5-year-old daughter the previous Thanksgiving, and in their rush to safety, had left many of her baby pictures in New Orleans.

As the father of a little girl myself, my heart went out to him, and all of me went with him on his journey.

Well, it was certainly an adventure, I’m here to tell you. We drove down to New Orleans, my friend got us a pass from the State Police so that we could get into the city, and we boarded a flatboat near the Southern Yacht Club on Lake Pontchartrain to navigate down Canal Boulevard.  

The sight still resonates in my mind – I can see it anytime I close my eyes. As we motored down Canal Boulevard, we had to be very careful, because the water was even with the power lines, which were 14 or 15 feet above street level.

But after a painstaking, cautious navigation down what was then a waterway in Lakeview, we finally reached my buddy’s house; the front door was partly opened but jammed in its frame. Together we kicked it down. The dining room table was upside down, chairs were upended all over the place – and that was the least of it. The house had flooded badly, we could see to where the water had risen by the lines of mud on the walls, about 4 feet above floor level. It remains one of the most devastating sights I have ever witnessed in my life.

But none of that mattered – we were on one single mission – get those baby pictures.

And we got them! 

Helping my dear friend in his and his wife’s need was one of the proudest days of my life. 

Katrina was life-changing, and perspective-changing as well, for many of us in the Gulf region. 

What events have shaped your life in a similar way? 

Please click here to email me directly – I’d love to hear from you.

Until next Wednesday – 

Peace,

Eric

To Our Valued Clients and Friends:

Welcome to Part II of our updates on Paycheck Protection Program (PPP) loan forgiveness.

Last week, we discussed changes made to which expenses were designated “eligible covered expenses,” both for businesses generally and for self-employed business proprietors who file Schedule C with their individual income tax returns.

This week, we will discuss the PPP Loan Forgiveness process.

The Process

You have until ten months following the expiration of your 8-week or 24-week coverage period beginning with the date of distribution of your PPP loan proceeds to apply for loan forgiveness from your bank, who will forward your application to the SBA for approval. We strongly recommend that you do not wait until the last minute to apply for forgiveness. Currently, your lender may take up to 60 days to review your application, after which they will either request additional information or begin processing the application. Then the SBA has 90 days to review your application, and either approve or deny it, or request further information from you.

The SBA has communicated that all PPP loans of over $2 million will be closely analyzed, if not subject to a full audit.

In addition, self-employed individuals who file Schedule C with their individual income tax returns – newly eligible to base PPP loan amounts on gross income – are not deemed to have an automatic “Safe Harbor” if the gross income on which the loan calculations are based is over $150,000.

For other PPP borrowers with loans of $150,000 or less, no supporting documentation is required to be submitted in order to apply for loan forgiveness. However, the SBA may request supporting documentation, which all PPP borrowers are required to maintain.

Many lenders, if not all, have specific portals for uploading documents for PPP Loan Forgiveness; some have an online application form of their own, which borrowers must complete.

Some of these lenders’ portals, however, may not yet be accepting PPP Loan Forgiveness applications, as they have been extremely busy processing applications for PPP Round 2 Loans; we suggest you maintain regular contact with your banker if this is true in your case, in order to be sure you get your PPP Loan Forgiveness application submitted timely.

We suggest that, if your PPP loan is greater than $150,000, you consult your CPA for assistance in completing the complex calculations required for payroll costs, ensuring that:

• At least 60% of PPP loan proceeds were spent on eligible covered payroll-related expenses
• The less-than-25% wage reduction requirement has been met
• Full-time equivalency levels have been maintained

Remember that, if all these levels have not been met/maintained, then at least part of your loan might not be forgiven. Your CPA can also help clarify what supporting documentation is required, and prepare your PPP Loan Forgiveness application for you.

When you are confident in your completed application and have amassed all your supporting documentation, submit your prepared PPP Loan Forgiveness application to your lender, either via electronic means or as otherwise directed by your lender. As of April 1, 2021, the SBA had already forgiven $209.1 billion in PPP loans.

Note that the SBA can always require more information from you or audit your loan – be prepared, and if you are unsure about any aspect of the PPP Loan Forgiveness Application form, the calculations, or the process, consult your CPA.

Forgiveness application forms:

Form 3508

Initially, the U.S. Small Business Administration (SBA) issued a one-size-fits-all application for the forgiveness of PPP loans – Form 3508 (the form has since been amended, most recently as of January 19, 2021). This form, still applicable for those ineligible to use either of the simplified forms below, as amended, requires substantial calculations on the part of the applicant, as well as thorough supporting documentation.

Form 3508EZ

Under pressure from Congress and industry to reduce the burden of the forgiveness process for borrowers of smaller amounts and smaller businesses, in June of 2020  the SBA added Form 3508EZ (also amended as of January 19, 2021). This form could be used by certain PPP borrowers who certified that they fulfilled any one of three criteria concerning employees’ retention and hours paid (see our blog post here for more detail).

As amended on January 19, 2021, Form 3508EZ now has two acceptable criteria for eligibility, rather than three, and requires “show your work” calculations on page 1, as well as supporting documentation.

Form 3508S 

As of January 19, 2021, the PPP loan ceiling to use Form 3508S has been increased to $150,000, rather than $50,000, and no supporting documentation is required for submission to the SBA (lenders may have their own requirements).

There will almost certainly be more updates on the PPP to come – stay tuned!

If you have questions regarding applying for forgiveness of your PPP loan, please click here to email us directly – we are here to help.

Until next Wednesday –

Peace,

Eric