An important part of the business continuity process is Business Impact Analysis, or BIA, which is defined as the process that identifies and evaluates the potential effects (financial, safety, regulatory, legal, reputation and other) of natural and man-made events on business operations. This is usually done in tandem with risk analysis, or RA, which is the process of gathering data that can be used to identify risks and possible threats to business operations.
However, there is no standard one-size-fits-all when it comes to Business Impact Analysis. The article “Creating an optimal business impact analysis format” suggested a simple approach on how to conduct BIA. An often missed step in this is Risk Assessment , which should be the starting point of the Business Impact Analysis process.
It’s human to focus on the more visible and apparent threats in a business like power outages, network problems and IT issues. Disaster recovery focuses solely on IT and technology disruptions as if they are the only type of disruptions that can occur in a business. Sadly very, very wrong. There are other areas that are often overlooked, such as public relations.
If you have worked in a customer service environment, you know the wonderful feeling of being on the receiving end of an irate person’s rant. It is human nature to complain about service than compliment it. In a world where cute kitty videos go viral in minutes, a badly handled public relations incident can prove to have long and irreversible effects. Key services such as customer engagement, production and operations need to be thoroughly analyzed to see what effect they can have on public relations.
A flaw in the billing software can lead to millions of dollars in lost revenue. Fraud and embezzlement are also common known leaches. Above all, protect key financial areas like wages and personal information. The Protection of Private Information (POPI) Act is heavily legislated and failure to comply with this can lead to costly fines and even imprisonment.
Research and development and future-proofing
You may ask how on earth research and development fit in with BIA? An integral part of growth strategy is future-proofing and research and development. Data derived from R&D and market research should be used in risk assessment and Business Impact Analysis to discover areas of vulnerability and how best to deal with it. An often overlooked area, future-proofing is integral to your business having a bright and prosperous future.
The increasing cyber-threat
Unless you have been off the grid for the last two years or so, you should know that the cyber-threat is perhaps one of the most talked-about topics on the internet these days, even trumping the Kardashians. Despite the fact that even major corporations are getting hacked almost at will, the vast majority of businesses out there stick to outdated and naïve security practices. Far from being a waste of time and effort, Business Impact Analysis not only highlights weak areas and threats but also areas for improvement. Most importantly , analyse everything, because the threat you overlook may come back to haunt you.