Business impact analysis
Business impact analysis (BIA) is an important aspect of business continuity management (BCM) that helps organisations understand the potential impact of disruptive events on their operations.
The first step in conducting a BIA is to identify the organisation’s critical functions, systems and processes. These are the functions, systems and processes that are essential for the organisation’s continued operation, and that would have a significant impact on the organisation if they were disrupted.
Examples of critical functions include IT systems, transaction processing, trading/treasury (for banks), manufacturing plants, among others. This information can be obtained by involving various functions of the organisation through questionnaires, interviews and workshops. It is important to note that any critical functions or systems identified at this point should be in line with the scope defined for the organisation’s BCM.
Next, organisations assess the potential impact of a disruption to these critical functions, systems and processes. This includes evaluating the financial impact, the impact on staff, customers and other related parties, and the impact on the organisation’s reputation as well as the environment. For example, a disruption to an organisation’s manufacturing function could result in lost revenue, dissatisfied customers, and damage to the organisation’s reputation.
It is important for organisations to also consider the impact that certain disruptions may have on the environment. In April 2010, an explosion on British Petroleum (BP) Deepwater Horizon oil rig and related incidents caused the discharge of oil into the Gulf of Mexico. The explosion caused the death of 11 workers and injured 17 others. Apart from the impact on marine life surrounding the spill, as many as 800,000 birds were thought to have died as a result of the spill. This incident is regarded as one of the largest environmental disasters in history.
After identifying the critical functions, systems and processes, and assessing their potential impact, organisations can develop plans and strategies to mitigate the impact of a disruption. Some types of strategies which have been used by organisations include either back up arrangements, multi-site operations, third party arrangements, among others, or a combination of these. During this process, the specific time frames for recovery from disruptions should also be ascertained and documented.
As the organisation and its environment change, so do the critical functions, systems and processes. Therefore, organisations should regularly review and update their BIA to ensure they are aware of the latest impact of disruptive events.
>>>The writer is a certified ISO 22301 Lead Implementer with 13+ years Banking experience in Enterprise Risk Management, Modelling & Portfolio analytics. She can be reached via email at [email protected]