Week 04 - Revisiting the BIA Flashcards
What is Hiles’ definition of Business Impact Analysis (BIA)?
Management level analysis by which an organization assesses the quantitative (financial) and qualitative (non-financial) impacts, effects, and loss that might result if the organization were to suffer a Business Continuity emergency, incident or crisis.
What does a BIA go beyond? (5) and what is it?
- Identifying the mandate and critical aspects of an organization
- Prioritizing critical services or products
- Insurance requirements
- Ranking
- Identifying tendencies
It is a Predictive tool
A Business Impact Analysis (BIA) is a predictive tool that does what? (3)
- Assess the impacts, effects and loss during an incident or crisis
- Assists us to identify what will be lost if business is interrupted.
- Prioritizes which business operations must be restored over others
How does the BIA serve as a useful tool? (3)
- It is the basis for our decision-making
- Informs and qualifies our decisions.
- Assists us in filling in the gaps
When do you initiate a Business Impact Analysis (BIA)? (2)
- When it is supported by senior management in advance of the activity commencing
- Where there must be an appetite for this activity and embracing potential changes
Is Business Impact Analysis (BIA) a fixed approach?
No, there is no set way to conduct a business impact analysis.
What are Hiles’ 4 steps to developing a Business impact analysis?
- Define scope
- Data Collection - scope and Methods
- Moderation
- BIA report
What is scope and how is it determined?
The extent or breadth of thing we are examining determined by asking questions.
In Hiles’ second step of conducting a BIA report, Data Collection, what questions are asked to help define and communicate what you really need to know? (2)
- What should be within the scope of the BIA (and consequently subject to deeper analysis)?
- What may be parked - either because it is outside the scope or because its suspension will not have a damaging impact?
What does Hiles’s Step 2, Data Collection: Scope, require?
Gathering as much information about the business through consultations with stakeholders.
What methods can be used for data collection for Hiles’ second step to conducting a BIA? (3)
- Questionnaires
- Interviews
- Roundtables discussions
What are the benefits of data collection? (3)
- Identifies inconsistencies in what is and is not critical
- Eliminates redundancies and tasks that are considered non-critical which can save time and effort
- Provides opportunities for clarifications.
Hiles’ third step in conducting a BIA is moderation, how can this be achieved? (3)
- Panel or senior figure in an organization to assess findings and ask questions
- Comparison of findings with initial expectations
- Comparison of findings across the divisions to ensure there is balance and little variance.
What is the purpose of Moderation in the BIA process? (3)
- Ensure findings are reasonable and sound.
- Prioritize the BCP findings
- Looking for conclusions and findings that are reasonable, cost-effective and sustainable (can be implemented over short and long-term.
Why is the moderation step important?
It addresses gaps and so that recommendations can be made in a reasonable manner.
What does it mean to be reasonable? (2)
- Realistic - it makes sense
- Sustainable in both short and long-term
In relation to Step 3: Moderation, what should be done if the findings across the divisions are significantly different or there is a large variance? (3)
- Revisit Scope
- Look at the data collected more closely
- Ask more questions
In the Step 4: The BIA Report, it should present what?
A Statement of the operational requirements.
While there is no fixed approach to structuring a BIA report, what should it include? (6)
- A statement of the purpose of the BIA and its context (i.e. why this BIA now)
- A statement of, or reference to, the underlying policy or assumptions that form the background to the BIA
- A description of the methods used to conduct the BIA
- An explanation of the steps taken to validate and moderate the data
- A clear statement of an inconclusive output (areas considered to be indecisive or unresolved)
- A statement of the ramifications of acceptance or non-acceptance of the findings of the BIA.
What is a statement of the ramifications of acceptance?
Acceptance of the finding of the BIA should lead to a comprehensive evaluation of the organizations ability to meet the stated operational requirements following a disaster and implementation of appropriate measures to close any gaps that might be identified.
What is a statement of the ramifications of non-acceptance?
If management chooses not to accept the findings of the BIA, then it must choose to accept the risks of status quo.
What are some challenges with a BIA? (4)
- Time consuming (not a quick process)
- Establishing the criteria and methodology to be used in conducting the BIA (no fixed approach for conducting a BIA)
- Organizations facing constant changes (experience many challenges during BIA)
- Data integrity (BIA is only as effective as the accuracy and integrity of your data)