by Jennifer Wilson

In my last article, we reviewed why we should have a crisis management plan in place for situations such as a client lawsuit, the loss of a major client or key employee, or an unexpected death. This article identifies the components, or steps, to building a successful crisis management plan.

A crisis, by definition, is an unpredictable, unexpected and potentially damaging event. To be realistic, it is difficult to plan “perfectly” for one. Even so, preparing ahead of time is the first step in taking control of the unexpected and turning a potentially damaging situation to your advantage. There are three critical steps in planning for crises.

Establish a team
Begin your planning by developing a crisis management team that consists of leaders in your firm who represent all the different disciplines and functions so that your entire CMT has visibility to all aspects of your firm. This way, in developing a crisis plan, your cross-functional CMT will clearly understand the impact that certain crisis situations will have on different elements of your information technology practice and can plan to address them.

Select leaders who have natural leadership capabilities, and are accountable, consistent, loyal and discrete. Once you have selected your crisis team, have them meet regularly to plan for potential crises, test the plans and update them when necessary. Be sure to communicate the purpose of the CMT and who its members are to your staff members and key clients. Include information on how to reach them when necessary.

Identify your vulnerabilities
Your CMT should begin by identifying your top areas of vulnerability. Hold a brainstorming session to list all of the potential areas of vulnerability to crisis that you have in your IT practice. Be sure to consider events driven by those inside your firm, those outside your firm (clients, competitors and your community) and those crises created by forces far greater than you can control, including those brought on by nature and world events.

When identifying your vulnerabilities, be sure to consider crises that will impact leadership, staffing, facilities, computer and telephone systems, client relationships, service delivery, the firm’s reputation or legal standing, firm economics (for instance, embezzlement), your competitive environment, and your vendors or alliance partners.

Once you have an exhaustive list of potential vulnerabilities, work with your CMT to prioritize the most critical events based on the potential of the event to occur and the impact on your IT practice if the event should occur.

Once you have identified your top three to five potential scenarios, focus on those areas first and determine a resolution plan for each.

Prepare for the worst
Preparing for the “worst” begins by developing a detailed resolution plan to manage each scenario. When creating your resolution plans, be sure to establish a chain of command for the scenario that details who will lead the CMT during that particular crisis and how communications should occur among the CMT and other firm members in the event of each particular crisis. Be clear on what role each person in the chain of command will play.

Identify who will do what and in what order. Detail the steps that the CMT thinks will be most important and prudent when the crisis hits and as it plays out in a step-by-step fashion, being sure to give consideration to what actions are taken within your IT practice and those taken with parties that are external to your practice.

Outline who your internal and external “audiences” are in each particular crisis and what level of communication will be required with each. Be sure that someone on your CMT owns each audience and understands their responsibility to communicate with them, as well as when that communication is expected to occur. Where possible, centralize communications to one person to ensure the most consistent message possible.

Commit the plan to writing and share copies with all members of the CMT. Place the document in your external storage facility, safe deposit box or at the home of each member of the CMT in the event of a crisis that impacts your ability to access your facility or systems.

Always practice or “test” the plan at least once per year. This requires discipline and planning — it is not necessary to test the plan without warning (in fact, to reduce the fear factor, scheduling a test will work best). Play the scenario out as close to the way that it might actually occur and see how well your plan holds up.

As your organization changes and grows, the composition of your CMT may change, which will drive changes to roles and responsibilities. In addition, your top three to five potential crisis scenarios today may be far different from those you would identify and plan for two to three years from now. Re-assess your plans at least quarterly to be sure that you’re genuinely prepared.

With the hectic pace of public accounting and the IT sector, it is easy to ignore the potential that “something bad will happen.” We all share this natural denial mechanism. It’s really not a question of if a crisis event will happen in your firm — it’s a matter of when.

Shake off your complacency and get into action. Start your crisis planning by undertaking these three steps in your IT practice today.

And remember: Be prepared.

Jennifer Wilson is co-founder and owner of ConvergenceCoaching LLC (, a leadership and marketing consulting firm that specializes in helping CPA and IT firms achieve success.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access