380 likes | 394 Views
Join us for a presentation on the Business Impact Analysis (BIA) and learn why it is important for your organization. Discover the goals, objectives, and process of conducting a BIA, and how it can benefit your business recovery strategy. Presented by Dave Shimberg, CBCP.
E N D
Welcome Charlotte NC Chapter Wednesday, May 12, 2004 Hosted by:
The Business Impact Analysis Presented by Dave Shimberg, CBCP Based on materials from: Ken Jaunais, KPMG May 14, 2004
Agenda • The Business Impact Analysis • Why do I have to do this? – the Goals • Now that I’ve taken my time to do it, what’s in it for me and my organization – the Objectives? • Sounds easy, how do I do it – the Process? • Questions and Answers
BIA: The Goals • Two Primary Objectives 1) Information Gathering • Establish the value of each unit or resource as they relate to the function of the total organization • Provide the basis for identifying the critical/time-sensitive resources required to develop a business recovery strategy • Establish an order of priority to restoring the function of the organization in the event of an unplanned event 2) Sell / Justify BCP program
BIA: The Objectives • Assess the impact(s) of an outage • Determine time criticality of business processes, functions, departments, and work areas as related to total organization function • Risk Analysis (threat – impact – likelihood of occurrence) • Determine time critical applications systems, data, and telcom • Determine required availability time(s) for functional departments • Determine interdependencies between processes • Determine recovery resource requirements • People, work area, equipment, supplied, applications, other
The BIA - Phases • Project Planning • Data Collection • Data Analysis • Reporting Findings • Approval for Next Phase
The BIA Phases – Project Planning • Objectives - identify critical business functions and dependencies, impact of disruptions and resources • Scope • departmental, facility/complex, region, organization • At what level will BIA and planning be carried out? • Department Function • Process (based on process owner, may cross departments or other boundaries)
The BIA Phases – Planning (cont.) • What are you trying to analyze? • - Mission • - Service Objectives • - Dependencies • - Impacts over time – SLA, Financial, Legal or Regulatory, Customer Service, Market Share . . .
The BIA Phases – Planning (cont.) • Reference Materials? • - Business unit or Corporate Mission Statement • - SLAs • - Org Charts • - Policies and Procedures • - Annual Reports
The BIA Phases – Planning (cont.) • How are you going to collect the data? • - Questionnaire • Variety of tools, documents, applications • - Interview • - Combination
The BIA Phases – Data Collection • End user should be able to provide: • - Potential impact of mitigation • - Critical time periods • - Legal, regulatory, contractual requirements • - Financial impact • - Operational impact
The BIA Phases – Data Analysis • Quantitative Impact • Losses identified in quantities, percentages, or factor of standard that can de described in monetary terms • Sales, market share, penalties, assets, revenue, income • Actual or order of magnitude • Quick Risk Rating tool may help
Effort Priorities are set by Risk and Impact • Threat is something that poses a danger • Risk is the probability that a threat will materialize measured in impact $
The BIA Phases – Data Analysis (cont.) • Qualitative Impact • Intangible losses that can impact operations but that can not be quantified in monetary terms • Losses with financial impact that can not be quantified • Reputation, public image, moral, others? • Efficiency, satisfaction, control, inter/intra-departmental • Order of magnitude
The BIA Phases – Reporting Findings • Who’s the audience • Policy and procedures • Keep it Simple • Graphical or narrative
The BIA – Sample BIA Results • The next several slides are for informational purposes
The BIA: It’s an Iterative Process SME, and/or whomever, complete questionnaire(s) on critical business processes/functions (Collect Data) SME, and/or whomever, analyze process flows and BIA dependencies/impacts for critical processes/functions (Analyze Data) BIA Workshop Core Business Function(s) SME, and/or whomever, review financial/capacity/time-dependent attributes for critical business processes/functions (Analyze/report Data) SME, and/or whomever, level-set process/function against benchmark to determine if additional drill-down into sub-processes is needed, if “Yes”, sub-process goes through cycle (Report/approval of Data)
The BIA – Questions and Answers • That’s all folks
The BIA – Focus Areas • The following slides represent traditional focus areas of the BIA • We can entertain discussing these slides as time permits
BIA: Focus Areas • Section 1 – Critical Functions • Section 2 – Cyclical Processing • Section 3 – Processing Profile • Section 4 – Service Level Agreements • Section 5 – Estimated Personnel Requirements • Section 6 – Business Relationships
BIA: Focus Areas (continued) • Section 7 – Vital Records Identification • Section 8 – Infrastructure Requirements • Section 9 – Operational Impacts • Section 10 – Financial Exposure Due to Loss of Function • Section 11 – Operational Procedures • Section 12 – Previous Disruptions • Section 13 – Other issues and/or concerns
The BIA: Section 1, Critical Functions • Define the functions that are most important to your business. What triggers the function to start, and how do you know that the function has been successfully completed?
The BIA: Section 2, Cyclical Processing • Define during which months and weeks the performance of your functions are most important.
The BIA: Section 3, Processing Profile • Quantify the peak period daily production of your critical functions. Also, quantify, in dollars, the daily peak production of your critical functions in terms of cost and revenue
The BIA: Section 4, Service Level Agreements • Identify who you have agreements with, what kind of agreements are they, and what are penalties for non-compliance.
The BIA: Section 5, Personnel Requirements • Quantify the total number of personnel required to perform each critical function (same day). Identify the staffing requirements to recover the critical functions over time. Consider that critical functions do not necessarily have to be fully staffed immediately.
The BIA: Section 6, Business Relationships • Identify who you support and how do you support them. What do you provide and how critical is it? What do others provide you and how critical is it to your processes?
The BIA: Section 7, Vital Records • Identify documents by type that you require to perform your processes, how long can you be without them, and what form they take?
The BIA: Section 8, Infrastructure • What infrastructure requirements do you need to perform your critical functions – phones, fax, imaging system, etc.?
The BIA: Section 9, Operational Impact • Quantify the impact that the loss of a critical business function would have over time?
The BIA: Section 10, Financial Exposure • If the current recovery time is 48 – 72 to restore data, what financial impact will this have on your processes over time?
The BIA: Section 11, Operational Procedures Are procedures documented; when were they last updated; are there alternate procedures; have they ever been tested; do people know about them?
The BIA: Section 12, Previous Disruptions • Identify disruptions, such as hurricanes (Isabel), that have had an impact on your critical functions and what the impact was.
The BIA: Section 13, Other Issues and Concerns • What hasn’t been addressed that you know will have an impact on your processes? • Loss of intellectual property – internal and those entrusted to to you by your customers • Other Single Points of Failure