PART 3:
BUSINESS IMPACT ANALYSIS
Business impact analysis (BIA) is an important aspect of business continuity management (BCM) that helps organizations understand the potential impact of disruptive events on their operations.
The first step in conducting a BIA is to identify the organization’s critical functions, systems, and processes. These are the functions, systems, and processes that are essential for the organization’s continued operation and that would have a significant impact on the organization if they were disrupted. Examples of critical functions include IT systems, transaction processing, trading and treasury (for banks), and manufacturing plants, amongst others. This information can be obtained by involving various functions of the organization through questionnaires, interviews, and workshops. It is important to note that any critical functions or systems identified at this point should be in line with the scope defined for the organization’s BCM.
Next, organizations assess the potential impact of a disruption to these critical functions, systems, and processes. This includes evaluating the financial impact, the impact on staff, customers, and other related parties, and the impact on the organization’s reputation as well as the environment. For example, a disruption to an organization’s manufacturing function could result in lost revenue, dissatisfied customers, and damage to the organization’s reputation.
It is important for organizations to also consider the impact that certain disruptions may have on the environment. In April 2010, an explosion on the British Petroleum (BP) Deepwater Horizon oil rig and related incidents caused the discharge of oil into the Gulf of Mexico. The explosion caused the deaths of 11 workers and injured 17 others. Apart from the impact on marine life surrounding the spill, as many as 800,000 birds were thought to have died as a result of the spill. This incident is regarded as one of the largest environmental disasters in history.
After identifying the critical functions, systems, and processes and assessing their potential impact, organizations can develop plans and strategies to mitigate the impact of a disruption. Some types of strategies that have been used by organizations include either or a combination of back-up arrangements, multi-site operations, and third-party arrangements, amongst others. During this process, the specific timeframes for recovery from disruptions should also be ascertained and documented.
As the organization and its environment change, so do the critical functions, systems, and processes. Therefore, organizations should regularly review and update their BIA to ensure they are aware of the latest impact of disruptive events.
