9.4 – Preparation and Prevention: Where to Start?

First you need to understand how your business operates. Do you have a plan for the steps to take in the event of an absence or catastrophic event? The scope of some of the steps will obviously be different depending on whether you are ill for a week, or a fire sweeps through your office destroying all your on-site files. A plan to deal with one eventuality will not be sufficient to deal with all others. Keep a copy of your plan off-site in a secure location so it remains intact and accessible.

For you to perform risk assessments, you must analyze:

  1. the likelihood of the risk; and
  2. the cost/consequences to the firm should the risk manifest.

Some risks might be so remote that the only practical way of dealing with them is to purchase insurance against the risk. Other risks might be more common, but their impact on the practice might be negligible, so an assessment should be made as to the amount of effort needed to protect against the risk. Still other risks fall into the “no-brainer” category, such as installing and updating virus protection software on your computers.

PracticePRO has created a spreadsheet that you can use to help identify and assess your areas of risk. You can access a downloadable copy, with instructions and a sample chart, on their website.

Consider ways to mitigate risk. For example, would converting paper files to an electronic format on a secure server reduce the impact of a potential disaster?

Remember that just because you have formulated a plan, risk management does not stop thereā€”it is an ongoing process. You should continually be evaluating:

  • what your practice risks are; and
  • how to minimize both the likelihood of these risks occurring and the consequences if they do occur.