Why You Should Have a Business Continuity Plan in Place

Why You Should Have a Business Continuity Plan in Place





Why You Should Have a Business Continuity Plan in Place



Businesses rarely know before a disaster strikes. For this reason, it is crucial to ensure your business is prepared to overcome any damaging threats that could come its way. This is where a business continuity plan comes into action. 

A business continuity plan (BCP) details procedures and processes designed to help maintain operations or restore them as quickly as possible in the event of significant disruption. Without a comprehensive plan, businesses run the risk of experiencing financial loss, extended downtime, and even damage to their brand’s reputation. This guide will help you understand the importance of implementing a disaster recovery plan and how to get started creating one. 


What is Business Continuity? 

Business continuity is the idea of safeguarding your company by preparing for potential crises. Having a plan in place gives you peace of mind that your core business functions and operations will not be severely affected by the known or unforeseen incident, ensuring the business can continue functioning during and after the disruption. 


Why is Having a Business Continuity Plan Important? 

Here are the six main benefits of having a business continuity plan in place:

1. Maintain business operations

The main goal of a BCP is to protect personnel and assets while keeping the business operational during a disaster. 

2. Build customer confidence

Companies that are transparent about their ongoing business continuity efforts show their customers that they are committed to providing service — no matter what. This builds trust and confidence among customers and other outside parties you do business with.

3. Preserve your brand value and reputation

Businesses that are not prepared to handle disruptions risk appearing incompetent to the public. A BCP ensures a smooth recovery, preserving your stellar reputation and carefully crafted brand value.

4. Protect the supply chain

A BCP details processes and procedures necessary to ensure your supply chain will be protected in the event of a disaster, ensuring you can continue delivering products and services as promised. 

5. Mitigate financial risk

Disruptions are costly, but with the right plans to restore operations quickly, you can minimize your losses as much as possible. 

6. Gives you a competitive advantage

Your ability to respond and get back up and running after a disaster will go a long way in showing customers and potential business partners that your brand is one of the best. 


Top Threats to Business Continuity 

Before you start creating a business continuity plan, you need to conduct a vulnerability assessment to understand your company’s potential risks. Every company has different industry-specific threats, but the following are the most common risks affecting businesses in various industries. 

1. Global Pandemics

As we have witnessed through the recent COVID-19 pandemic, global pandemics can throw a wrench in business operations and even force employees to work from home. Companies should establish adequate policies to cover increased employee absence and have an effective succession plan for those with critical roles. You should also implement a reliable communication model to ensure employees can collaborate at all times. Additionally, plan for possible supply chain disruptions by identifying alternative suppliers in your BCP.

2. Natural Disasters

The frequency and severity of natural disasters like earthquakes, flooding, storms, wildfires, and hurricanes are rising. These events often strike with little to no warning. They can throw businesses in disarray, halting operations, disrupting supply chains through affected areas, and causing severe damage to physical infrastructures. Business continuity plans should incorporate the potential economic and operational impact of such events.

3. Utility Outages

Utility disruptions, such as an extended power failure, can present significant challenges and potential financial losses for businesses. They can result in data and production loss and equipment damage. Your BCP should factor in the impact of utility disruptions and provide options to mitigate the risks, such as backup generators. 

4. Cyberattacks

Cyberattacks are critical threats you need to include in your BCP. These refer to any attack on the company’s technical assets such as ransomware, data theft, denial of service (DDOS) attacks, and SQL injections. Therefore, businesses must formulate cybersecurity strategies to ensure they are prepared for incident response and recovery.


Developing a Business Continuity Plan 

Here is a step-by-step guide on how to create a reliable BCP that works.  

1. Identify the Scope of the Plan

The BCP should have a broad scope if it is to effectively address the many disaster situations that could affect the business. A BCP broadly applies to all critical business functions, including IT, operations, public relations, human resources, and more. 

2. Identify Key Stakeholders

Select the critical stakeholders of each department in your company to form a business continuity management team that will implement and execute the BCP. It is advisable to designate one person as the team leader and ensure they have the authority to get things done.

3. Identify Critical Functions

To develop a good BCP, conduct a risk assessment and business impact analysis (BIA) to identify essential functions without which the company cannot operate smoothly. For example, if you are running an e-commerce business, critical functions could be inventory management, order fulfillment, e-commerce platform functionality, or supply continuity.

4. Identify Dependencies Between Various Business Areas and Functions

This helps you determine the order in which lost functions must be restored to understand where to allocate resources. A business function with more business processes relying on it to be operational should have a higher priority during resource allocation. 

5. Determine Acceptable Downtime for Each Critical Function

Document the acceptable minimum levels of operations each function can afford and identify the time frame necessary to restore it to full operation. 

6. Create a Plan to Maintain Operations

Identifying threats to your organization is crucial but knowing how to react and recover is essential to bouncing back after an unanticipated event. This stage involves identifying strategies to maintain operations and describes how to implement them. 

7. Develop a Testing and Training Program

Perhaps the most crucial step is to test and maintain your plan. This could include basic training and an overview of the BCP or more in-depth drills such as tabletop exercises and simulations. This is an effective way to ensure your employees are fully trained on emergency procedures in case of a disruption.


The Importance of Reviewing and Testing Your Business Continuity Plan 

Business continuity planning should evolve with your company. With changing technology, environmental conditions, personnel, and organizational structures, your BCP can quickly become outdated and unusable.

Performing ongoing tests and reviews helps you identify any weaknesses or gaps in the BCP for improvement. This keeps it up to date, ensuring your plan fits your organization’s needs increasing the chances for smooth and safe execution. It is advisable to review your business continuity plan at least once a year. However, review frequency can depend on employee turnover and changes to business processes and IT. 


Bottom Line

No one can predict the future, but companies can minimize financial loss and other adverse effects of business disruption with a sound business continuity plan in place. Contact us if you have any questions or click here to learn more about our technology offerings.





Scott Kroeger is a Lutz Tech Shareholder with over 15 years of technology related experience. His primary responsibilities include overseeing the areas of managed technology services, custom software development, and creative services. In addition, he provides CIO level consulting to clients.

  • Sales and Operations
  • CIO Level Consulting
  • Managed Technology Services
  • Custom Software Development
  • Creative Services
  • Interface Design
  • Web Technologies
  • Systems Infrastructure
  • Databases
  • Programming
  • Application Integration
  • BA in Computer Science, DePauw University, Greencastle, IN
  • Institute of European Studies, Freiburg, Germany
  • Omaha Children’s Museum, Past Board Member


We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

4 Data Analytics Tools Your Company Should Be Using

4 Data Analytics Tools Your Company Should Be Using





4 data analytics tools your company should be using

tony desantis, data analytics manager


If businesses wonder where they can obtain more information about customer insights, leaks in productivity and efficiencies, and how to increase their revenue, they need to look no further than the data they already collect each day. While many organizations understand that the data they collect contains vital information, some may be unsure of the simple tools they can use to analyze it. This article reviews four tools for businesses that want to incorporate data analytics into their overall business strategy.


Microsoft Excel 

For smaller businesses, there is no better place to get started with data analytics than the Excel spreadsheets you likely use every day. While Excel may seem like a less than momentous choice, it is familiarity and reliability are precisely the reasons why businesses should not overlook this tool. Many businesses already use Excel spreadsheets or at least have the package available, which means they will not have to invest money into another software product. In addition, the learning curve for Excel is minimal, so businesses can get up and running very quickly.

Microsoft has also made some enhancements to Excel over the years, which can help businesses construct a variety of analytics ranging from basic models to more complex forecasting. Two such enhancements include their Power Query feature and their Analysis ToolPak.

The biggest drawback of using Microsoft Excel for data analytics projects is its inability to scale; both in volume of data and the ability to connect multiple data sources. As businesses grow, they continue to collect data, requiring a robust, easily adaptable tool that can handle their data analytics projects’ increased size and complexity.


Data Visualization Tools

Data visualization tools are available for both smaller and larger organizations, with some visualization tools either already part of a larger software package or available as an independent application such as Microsoft’s Power BI or Tableau. Regardless, visualization tools are helpful in analyzing data through their ability to connect large volumes of disparate information and present it in useful formats such as a chart or a dashboard. These visual formats allow users to see both trends and patterns, as well as data anomalies. 

The visualization tools today will also allow users to explore their data; allowing users to slice and dice data on the fly. As a result, users can ask questions of the data, identify answers, and highlight anomalies/areas that may need further investigation.


Robotic Process Automation

Robotic process automation (RPA) is an automated technology consisting of software bots or “digital workers” using artificial intelligence. While smaller businesses may have assumed these types of tools are out of their reach, that is not necessarily the case. There are a number of no or low code options available, making these types of tools available to organizations both large and small.

RPAs are capable of performing a multitude of functions, including moving data from legacy applications to a data store or repository, cleaning and standardizing data, saving file attachments to emails, and automatically combining files into a specified folder. By automating the process of aggregating data, RPA can free up resources so users can focus on performing analysis or reviewing analytics output.


Text Analytics Tools

Last but not least are text analytics tools. These tools are invaluable for a multitude of tasks. For companies who have large amounts of unstructured data such as emails, Word documents, call logs, service requests, or customer reviews, text analytics tools can help in the analysis process of these types of information.

Text analytics tools read and process text by way of Natural Language Processing (NLP). They can help determine whether a customer is happy or dissatisfied by identifying high-frequency phrases or words. These tools are also often found in chatbots, utilizing RPA processes, and they can also create written text from analysis of data through Natural Language Generation (NLG).


Selecting the Right Tool

Each company must determine what its particular goals are when it comes to developing a sound analytics strategy. The tools and techniques they employ will depend upon what insights they hope to discover within their data. Depending upon their strategy, organizations may chart a course of gradual expansion of data analytics processes or decide to take a more aggressive approach and employ a variety of tools and techniques to help them reach their goals. If you would like to learn more about leveraging the power of analytical tools to strengthen and grow your business, please contact us.


Tony DeSantis





Tony DeSantis is a Data Analytics Manager at Lutz with over 20 years of experience. He is responsible for interpreting and analyzing data, as well as designing report visuals in support of client engagements. In addition, he specializes in data management and the application of artificial intelligence to simplify business processes.

  • Data Analytics
  • Data Visualization
  • Data Management
  • Artificial Intelligence
  • Forensic Analytics
  • BS in Finance and Operations, Minor in Management Information Systems, University of Delaware, Newark, DE
  • Junior Achievement, Volunteer
  • Gilda's Club Chicago, Past Board Member


We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

Lutz Launches Data Analytics & Insights Service Line

Lutz Launches Data Analytics & Insights Service Line




Lutz launches data analytics & insights service line

Lutz, a Nebraska-based business solutions firm, recently announced a new service offering, Data Analytics & Insights. Offerings include data visualization, data and statistical analytics, analytics strategy development and information management. In addition, our team can assist clients with their data migration, integration, workflow automation and training needs.

Tony DeSantis, Data Analytics Manager at Lutz, said, “Businesses have a wealth of information at their fingertips. However, many struggle to tap into this valuable resource or understand what their data can tell them. Our goal is to simplify the process and help businesses leverage their data to uncover the answers to their most pressing questions. By analyzing your data, we will provide actionable insights that your business can use to increase revenue, decrease costs, anticipate changes and drive client satisfaction.

Lutz’s Data Analytics and Insights service offers a personalized approach to business intelligence, analytics and automation.

“Technology has always been at the forefront of our business. The development of our data analytics service represents our continued commitment to technological advancement and focus on client success. Our combination of deep industry experience and unique analytics skill sets allow us to drive insights and opportunities for our clients. We are excited to see how this offering will help Lutz and our customers grow and prosper,” said Mark Duren, Lutz Managing Shareholder.

Learn more about Lutz’s Data Analytics & Insights offering here: https://www.lutz.us/services/consulting/data-analytics/



We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

How To Avoid Being Negligent When It Comes To Risk

How To Avoid Being Negligent When It Comes To Risk





how to avoid being negligent when it comes to risk

robert keenan, chief information & risk officer


Risk is something that we all face in our day-to-day journeys, no matter who we are or what we do in life. If left unexamined, these risks could either create a small bump in the road or end up providing significant challenges that are difficult to recover from. The only difference between the two is whether you’ve neglected to plan ahead or not. When you’re running a business, you can’t afford to be negligent when it comes to risks and planning for them. These six steps will help you get started.

1. Start With Due Diligence

To properly mitigate your risks and avoid negligence, you first have to know what risks your company may face. Is your customer’s data safe? What about the personal safety of them or your employees? Is your building or product at risk for theft or harm? What events could disrupt your daily business or end up creating lawsuits? Asking yourself these questions will help you assess every way your company can either be a risk or be at risk. In summary, ask yourself, “What keeps you up at night?” or “Why do you have that nagging feeling that you are forgetting something?”

By doing your due diligence, not only are you identifying all the issues you’re prone to run into, but you’re beginning to protect your customers, employees, and business as well. Mitigating risks can save you precious time and money that might otherwise be spent on refunds, lawsuits, or workman’s compensation benefits. It will also help boost your reputation as people will view you as trustworthy and reliable partner.

2. Form A Mitigation Plan

Now that you’ve got a good idea of where your risks are coming from, it’s time to figure out what you need to do about them. 

In an ideal world, simple prevention measures would be enough to take care of all your problems. However, this is often not the case, and you’ll need to come up with a backup plan to ensure that all of your bases are covered. While simply preventing a problem from occurring in the first place is going to be your foremost goal, you always need to have alternate action plans in place to help mitigate worst-case scenarios. For example, you have fire insurance in case something terrible happens, but the follow-up is, “Where will you go when your building burns down. What was in the building that insurance/money can’t replace?”

It’s also important to remember that there are some situations that, no matter what you do, you won’t be able to prevent. However, it’s still vital to ensure you’ve got a plan of action prepared since you never know exactly how an issue will present itself and what other unforeseen problems might arise from it. COVID-19 is a perfect example.

3. Consult With Professionals

When forming your risk mitigation plans, you need to consider all the resources you have at your disposal. One resource you want to be sure to utilize is a risk assessment professional. Their very nature is to help you plan, “What are all the things that can go wrong, and what are the chances that certain things will go wrong?” They can help you be sure that you’re doing everything you can to protect your business. These professionals will have access to resources that you may not, and an outside perspective can help you see issues or view things at angles you might have missed yourself. They help you get over the fear of the unknown.

4. Perform Regular Inspections/Assessments

You’ve assessed your risks and created an action plan, so the job is done, right? No, it is not. Regular inspections and follow-up assessments of your action plan and risk points are an essential part of your risk mitigation journey. Not only are regular inspections required for safety issues, if you’re not assessing and inspecting your problem areas on a scheduled basis, you’ll have no idea if your plans are working properly or not. You’ll also be missing other potential issues that may crop up from the action plans you’ve created if you’re not vigilant. Has your company experienced growth? Are the plans in place now satisfactory for the future? After an issue occurs, how do you put plans in place to ensure that it doesn’t happen again?

5. Establish Clear Communication and Education

Proper education and clear communication with your staff and other involved parties will be the bridge between the plans you put on paper and their successful execution.

Improperly trained employees, lack of clear instructions, and failing to communicate important changes can turn even the best risk mitigation plans into a disaster. Steps could be missed, time and money would be wasted, and dangerous situations could be created, increasing your risk instead of reducing it.

6. Keep Clear, Concise, And Updated Documentation of Everything

The last step in your risk mitigation journey is making sure you’re documenting everything that you do. This should be evaluated against a project plan that you developed with your risk professional in the due diligence phase. Every consultation, plan adjustment, assessment and inspection, all training and communication events, and records of any incidents that occurred all have to be properly documented and easily accessible.

If you miss this step, then when something eventually does happen, you won’t be able to prove that you’ve done everything you possibly can to prevent the incident or mitigate the severity of the outcome. Even if you’ve executed everything flawlessly, you can still end up being negligent if you don’t have the paper trail required to cover you.

No matter where you are in your risk assessment journey, we have the tools necessary to ensure you get it done right. Contact us if you have any questions or to get started with a risk assessment.






Robert Keenan is the Chief Information & Risk Officer at Lutz with over 20 years of compliance and operational risk experience. He focuses on risk management, compliance, and security for the firm, and will partner with the operations team to drive process improvement and operational efficiencies for Lutz.

  • Risk Management & Compliance
  • Operations
  • Association of Certified Fraud Examiners
  • Society of Compliance and Ethics Professionals
  • National Society of Compliance Professionals
  • Certified Fraud Examiner
  • Certified Compliance and Ethics Professional
  • BA in Finance, University of Oklahoma, Norman, OK
  • MPA, Drake University, Des Moines, IA
  • Association of Certified Fraud Examiners - Heartland Chapter, Past Board Member


We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

Does Your Business Have the Proper Internal Controls?

Does Your Business Have the Proper Internal Controls?





does your business have the proper internal controls?

kyle hofeldt, audit director


Internal controls are an integral part of the success of any company. Unfortunately, they are usually not given the due attention they need and are often overlooked by most business owners and stakeholders. Internal controls are mechanisms that safeguard your company’s management and financial data. It is typically a structure that lays out a definitive process of detailing how your company receives and reports transactions, as well as the management and administrative tasks. So, how do you know if your company needs an internal control assessment, and how can you get one?

Understanding the Control Framework

The framework of a good internal control system includes:

  • Control Environment- This sets the tone for your company, creating an awareness of the internal controls within your workforce.
  • Risk Assessment- It identifies and analyzes possible risks to your company’s objectives, giving you a solid basis to manage risks.
  • Control Activities- These are procedures and policies that help your management directives are adhered to and carried out.
  • Information and Communication- Processes and systems that help you identify, capture, and seamlessly exchange information in your business.
  • Reporting and Monitoring- These processes help your employees examine and report the quality, performance, and deficiencies of internal controls to the management team.

Do You Need A Control Assessment?

In response to soaring fraud cases in the 1970s and 1980s, COSO (Committee of Sponsoring Organizations) in the U.S initiated a study to examine the way companies approach internal controls. COSO ruled that internal controls are a means to an end rather than an end in itself.

An internal control’s primary goal should be to enhance financial reports’ dependability and compliance with applicable laws. Consider the following objectives of an internal control assessment to help you determine if you need one.

1. Evaluating the Control Environment

A controlled environment is the building block of an internal control system. It sets the standard for your organization and significantly determines how your employees behave. It helps evaluate the understanding of your management team with regard to company values.

For instance, how can your company’s management prioritize and uphold your company’s values and ethics if they don’t understand all regulations? Equally, if the employees involved in performing the controls, especially financial reporting, lack relevant skills training and education, they will not be effective in running and maintaining the control system. Therefore, having an internal control assessment helps you evaluate your control process, particularly your internal controls personnel, to guarantee your company uses best practices.

2. Investigating Control Activities

Your internal control system is only effective if it can translate into policies and procedures that are easily implementable. Information processing controls, performance reviews, physical controls, and separation of duties are the primary activities to look out for.

Performance reviews will help your management team to monitor an employee’s effectiveness in their respective jobs. Segregation of duties reduces the chances of mistake and fraud and offers an excellent way to fast-track these in your company. An assessment of your internal controls can help you identify, for instance, an employee who is the custodian of your company’s assets and is also a record-keeper to reduce the chances of theft.

3. Examining the Accounting Information System

Your company’s accounting information system has a significant impact on the accuracy of performance reports and the efficacy of the policies you formulate. Assessing your internal controls gives you an excellent way to inspect data entry points and options for all transactions.

An assessment also helps you evaluate whether all the information is captured to create a useful journal or whether the data entry system/process is missing out on important aspects. You can also examine the accounting reports generated by your accounting personnel to check for errors, conformity, and clarity. You can then detect inconsistencies and make the necessary amends.

4. Evaluating the Quality of Monitoring

Internal control assessments allow you to verify how consistently you audit/evaluate your internal controls. Reviews of your internal controls help you actively supervise sensitive activities and follow up on customer complaints. With acceptable checks in place, your employees can make timely recommendations to management.

In summary, an internal control assessment will help your company achieve organization, compliance and will minimize your risk to fraud. If you have any questions or would like to learn more about Lutz’s internal control assessment offering, please contact us today.






Kyle Hofeldt serves as an Audit Director at Lutz with over ten years of assurance and consulting experience. He specializes in providing accounting, auditing and consulting services to privately-held companies in various industries including agriculture, service, manufacturing, construction, technology, and transportation.

  • American Institute of Certified Public Accountants, Member
  • Nebraska Society of Certified Public Accountants, Member
  • Certified Public Accountant
  • BSBA in Accounting, University of Nebraska – Lincoln, Lincoln, NE
  • Omaha Healthy Kids Alliance, Board Member
  • Friends of Nebraska Children Board, Service Chair


We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

Lutz adds Brady Sutfin and Tucker Zeleny

Lutz adds Brady Sutfin and Tucker Zeleny




Brady Sutfin
Tucker Zeleny

Lutz adds brady sutfin and tucker zeleny

Lutz, a Nebraska-based business solutions firm, welcomes Brady Sutfin and Tucker Zeleny to its Omaha and Lincoln offices.

Brady joins the firm’s tax department as a Staff Accountant. He is responsible for preparing individual and business income tax returns, as well as providing general accounting assistance to clients in a variety of industries. Graduating from the University of Nebraska-Omaha, Sutfin received his Bachelor’s degree in accounting. Brady works in Lutz’s Omaha office.

Tucker joins the firm as a Data Analytics Associate. He is responsible for interpreting and analyzing data, data cleanup, advanced analytics, and data science to support customers’ business functions. Zeleny received his Ph.D. in statistics from the University of Nebraska-Lincoln. Tucker works in Lutz’s Lincoln office.



We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021