Week 04 - Revisiting the BIA Flashcards

1
Q

What is Hiles’ definition of Business Impact Analysis (BIA)?

A

Management level analysis by which an organization assesses the quantitative (financial) and qualitative (non-financial) impacts, effects, and loss that might result if the organization were to suffer a Business Continuity emergency, incident or crisis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does a BIA go beyond? (5) and what is it?

A
  1. Identifying the mandate and critical aspects of an organization
  2. Prioritizing critical services or products
  3. Insurance requirements
  4. Ranking
  5. Identifying tendencies

It is a Predictive tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A Business Impact Analysis (BIA) is a predictive tool that does what? (3)

A
  1. Assess the impacts, effects and loss during an incident or crisis
  2. Assists us to identify what will be lost if business is interrupted.
  3. Prioritizes which business operations must be restored over others
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does the BIA serve as a useful tool? (3)

A
  1. It is the basis for our decision-making
  2. Informs and qualifies our decisions.
  3. Assists us in filling in the gaps
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When do you initiate a Business Impact Analysis (BIA)? (2)

A
  1. When it is supported by senior management in advance of the activity commencing
  2. Where there must be an appetite for this activity and embracing potential changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Is Business Impact Analysis (BIA) a fixed approach?

A

No, there is no set way to conduct a business impact analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Hiles’ 4 steps to developing a Business impact analysis?

A
  1. Define scope
  2. Data Collection - scope and Methods
  3. Moderation
  4. BIA report
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is scope and how is it determined?

A

The extent or breadth of thing we are examining determined by asking questions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In Hiles’ second step of conducting a BIA report, Data Collection, what questions are asked to help define and communicate what you really need to know? (2)

A
  1. What should be within the scope of the BIA (and consequently subject to deeper analysis)?
  2. What may be parked - either because it is outside the scope or because its suspension will not have a damaging impact?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does Hiles’s Step 2, Data Collection: Scope, require?

A

Gathering as much information about the business through consultations with stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What methods can be used for data collection for Hiles’ second step to conducting a BIA? (3)

A
  1. Questionnaires
  2. Interviews
  3. Roundtables discussions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the benefits of data collection? (3)

A
  1. Identifies inconsistencies in what is and is not critical
  2. Eliminates redundancies and tasks that are considered non-critical which can save time and effort
  3. Provides opportunities for clarifications.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hiles’ third step in conducting a BIA is moderation, how can this be achieved? (3)

A
  1. Panel or senior figure in an organization to assess findings and ask questions
  2. Comparison of findings with initial expectations
  3. Comparison of findings across the divisions to ensure there is balance and little variance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the purpose of Moderation in the BIA process? (3)

A
  1. Ensure findings are reasonable and sound.
  2. Prioritize the BCP findings
  3. Looking for conclusions and findings that are reasonable, cost-effective and sustainable (can be implemented over short and long-term.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is the moderation step important?

A

It addresses gaps and so that recommendations can be made in a reasonable manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does it mean to be reasonable? (2)

A
  1. Realistic - it makes sense
  2. Sustainable in both short and long-term
17
Q

In relation to Step 3: Moderation, what should be done if the findings across the divisions are significantly different or there is a large variance? (3)

A
  1. Revisit Scope
  2. Look at the data collected more closely
  3. Ask more questions
18
Q

In the Step 4: The BIA Report, it should present what?

A

A Statement of the operational requirements.

19
Q

While there is no fixed approach to structuring a BIA report, what should it include? (6)

A
  1. A statement of the purpose of the BIA and its context (i.e. why this BIA now)
  2. A statement of, or reference to, the underlying policy or assumptions that form the background to the BIA
  3. A description of the methods used to conduct the BIA
  4. An explanation of the steps taken to validate and moderate the data
  5. A clear statement of an inconclusive output (areas considered to be indecisive or unresolved)
  6. A statement of the ramifications of acceptance or non-acceptance of the findings of the BIA.
20
Q

What is a statement of the ramifications of acceptance?

A

Acceptance of the finding of the BIA should lead to a comprehensive evaluation of the organizations ability to meet the stated operational requirements following a disaster and implementation of appropriate measures to close any gaps that might be identified.

21
Q

What is a statement of the ramifications of non-acceptance?

A

If management chooses not to accept the findings of the BIA, then it must choose to accept the risks of status quo.

22
Q

What are some challenges with a BIA? (4)

A
  1. Time consuming (not a quick process)
  2. Establishing the criteria and methodology to be used in conducting the BIA (no fixed approach for conducting a BIA)
  3. Organizations facing constant changes (experience many challenges during BIA)
  4. Data integrity (BIA is only as effective as the accuracy and integrity of your data)