Business impact analysis is used to identify and mitigate the impact of potential risks. Some business processes are more critical than others -- for example, a crash in the central computer server could mean disaster, while an isolated roof leak might not be cause for serious concern. The purpose of business impact analysis is to collect data on the potential risks and vulnerabilities, analyze and prioritize the risks and plan recovery solutions.
Planning involves getting senior management support, followed by meetings with other managers to understand the various process vulnerabilities. A project team should be assembled, with representatives from all business units, including the information technology department. Some members will participate on a part-time basis because business units are usually not able to afford losing key personnel for extended periods of time.
Using observations and questionnaires, data is collected on process vulnerabilities, linkages with other processes and the process' relative importance to the organization. For each business process, the data collected includes a list of all inputs and outputs, maximum outage time before impact is felt, dollar value of the potential impact during outages, human and physical resources required for maintenance, history and frequency of past outages, potential legal implications and possible short-term, workaround solutions.
Data analysis involves processing the collected data to evaluate the cost implications of process vulnerabilities, such as extended service outages or virus attacks on the company servers. The analysis should identify the criticality level, recovery time objective (RTO) and recovery method for each process within a business unit. Some processes are critical -- for example, the corporate intranet – with RTOs of an hour or two, while a disruption in others might be tolerated for two days or longer. The recovery method for a high-criticality process might be data backup and replication; for low-criticality functions, longer lead-time solutions, such as relocating operations to a new facility, might be considered.
Prioritization flows from the criticality level and RTO assessments of the analysis phase. A formal meeting with business unit managers should be used to prioritize the processes because multiple units are often affected due to dependencies. The RTOs should be organized into bands or groups, starting with the highest criticality functions -- the ones with the shortest RTOs -- and building up to the longer RTO groups.
The final element is the preparation of a report for senior management approval. A cost-benefit analysis should be included showing the potential losses for each business unit if disaster recovery and other risk mitigation measures are not implemented, along with the costs for those measures. Senior management must sign off on the risk reduction and recovery solutions and approve related contingency budgets. Companies should review their risk management policies on a regular basis because business conditions, technologies and process vulnerabilities change constantly.
The Impact of Computers in Business
Computers are used in every industry and type of business today. They come in many different forms and new uses are being...
What Is Impact Analysis?
Business impact analysis is an important but often overlooked part of being prepared for any kind of disaster that could befall a...
Business Trend Analysis
Business trend analysis is a way for companies to determine future results in economic marketplaces. Reviewing past information can help management understand...
SWOT Business Analysis
A SWOT business analysis is identifying strengths, weaknesses, opportunities and threats of a business plan. Put together a SWOT business analysis with...
How to Write a Literary Analysis Paper
The literary analysis paper is a rite of passage for any scholar. No English class is complete without the dreaded literary analysis...
Importance of SWOT Analysis
A SWOT analysis is a tool for companies to assess the industry and to develop strategies to remain competitive. This is a...