Wednesday, February 22, 2012
  Search

Business Impact Analysis

A business impact analysis (BIA) is the foundation of developing a private sector preparedness (ps-preparedness) strategy and plan. The purpose of a BIA is to identify the effect of many different external and internal impacts upon the various parts of your organization in times of crisis. A BIA will show which parts of your organization will be most affected by an incident and what effect it will have upon your company as a whole. In other words, the BIA is used to establish which are the most critical business functions to your company's survival. Understanding these elements allows you to allocate resources wisely, to ensure ongoing operations even with unexpected events disrupting normal business processes. Each organization has hundreds of operations in its overall business, but only a percentage of these will be key to its survival, and it is these that you need to build business contingencies for. Of course, you cannot ignore the remainder, but because they are less critical, you can prepare recovery plans for them instead.

A business impact analysis is an analytic process that aims to reveal the business impacts that would result when a critical process exceeds its maximum allowable outage. Clas Consulting’s Consultants can lead your company through the BIA process.

Business impact analysis involves identifying the critical business functions within the organization and determining the impact of not performing the business function beyond the maximum acceptable outage. The types of criteria that can be used to evaluate the impact include: customer service; internal operations; legal/statutory and financial.

Effectively, we are looking to interview line, production, or function managers who are the middle management of the business. Often these are those that understand the objectives of the business but also have a good understanding of the operations they are responsible for. This is often an opportunity to sit down with all of the function heads of the organization. They are busy people so we make sure to take advantage of the time they give us. Our first meetings will be to provide them with the BIA questionnaire and provide them with an overview of the BIA and expectations, such as deadlines. We will discuss the BIA document and answer any questions that the team may have. At an agreed upon date will have follow-up interviews with each function head individually, to provide clarification of answers. Once all BIA documents are returned and follow-up interviews are complete, the results of the BIA will be evaluated and functions of the business prioritized. After initial prioritization, the team is often brought together one more time to discuss and agree upon the final priority list that will be submitted to senior management. 

The BIA Questionnaire Often Consists Of

  • Function description(s) - A brief description of the function being performed.
  • Dependencies - A brief description of the dependencies of the function. What has to happen or needs to be available before the function can be performed?
  • Impact profile - Is there a specific time of day, day of the week, week of the month, month of the year that the function would be more vulnerable to risk/exposure or the impact to the business would be greater if the function is not performed?
  • Operational impacts - When would operational impact to the business be realized if the function was not performed? Describe the operational impact.
  • Financial impacts - When would financial impact to the business be realized if the function was not performed? Describe the financial impact.
  • Work backlog - At what point will the backlog of work start to impact the business?
  • Recovery resources - What kind of resources are needed to support the function, how many are needed, and how soon are they needed after a disruption (phones, desks, PC, etc.)?
  • Technology resources - What software and/or applications are needed to support the function?
  • Standalone PCs or workstations - Does the function require a standalone PC or workstation?
  • Local area networks - Does the function require access to the LAN?
  • Work-around procedures - Are there currently manual workaround procedures in place that would enable the function to be performed in the event that IT is unavailable? If so how long could these workarounds be used to continue the function?
  • Work-at-home - Can the function be performed from home?
  • Workload shifting - Is it possible to shift workloads to another part of the business that might not be impacted by the disruption.
  • Business records - Are there business records needed to perform the function and if so, are they backed up? How? What frequency?
  • Regulatory reporting - Are regulatory documents created as a result of the function?
  • Work inflows - What input is received, either internally or externally, that is needed to perform the function?
  • Work outflows - Where does the output go after it leaves the functional area or in other words who would be impacted if the function was not performed?
  • Business disruption experience - Has there ever been a disruption of the function and if so, a brief description.
  • Competitive analysis - Would there be a competitive impact if the function was not performed, when would the impact occur, and when would a potential loss of the customer occur?
  • Other issues and concerns - Any other issues relevant to the success of performing the function. 
      After the BIA has been completed by all functional areas of the business, the BC team will assign a Recovery Time Objectives (RTO) to each function based on the responses. The RTO is the time at which the function must be back in operation or an impact to the business will result. Once an RTO is established for each function, a prioritization of the functions can take place. Time bands or tiers are created by the BC team based on the functional RTO. Time bands are arbitrary time slots developed to fit each business and functional recovery.











    Clas Consulting, LLC    26 Needham Street, Norfolk, MA 02056   508.613.2171    info@ClasConsulting.com
    Copyright 2011