Using business impact analysis to supercharge your IT decisions

The traditional definition of business impact analysis (BIA) focuses on predicting the impact of disruption in business processes and functions and using the insights to develop recovery strategies.

Modern businesses operate under more risk than what is generally known. Apart from natural calamities such as hurricanes and floods, there are risks from cybercriminals, malicious insiders, and competitors.

In a modern business, a majority of functions and processes are dependent on IT. Naturally, this has resulted in a massive overlap between the traditional BIA definition and IT.

Even innocuous IT disruptions such as unavailability of shared documents can bring specific business processes to a grinding halt.

Given the far-reaching consequences of IT mishaps, it makes sense for all stakeholders of IT to thoroughly understand the key concepts of business impact analysis and apply them to make smarter decisions. Here are the key BIA concepts that will help any IT manager conduct the impact analysis in a comprehensive and controlled manner.

Seek and get executive sponsorship

Here’s the fact — nobody wants to be told of the pitfall ahead. For instance, project managers will like to be told that the switchover to a new document management platform will jeopardize the availability of process-critical documents during cutover. As a decision maker in the IT department of your organization, you need executive support to be able to drive your BIA results into action plans.

The best practices to remember are:

  • Express the impact in clear financial terms.
  • Highlight the number of employees that will be affected.
  • Explain the impact of disruption in the context of the senior executive’s key responsibilities.
  • Organize a meeting (video-conference, if a face-to-face meeting isn’t feasible) to showcase the executive involvement to rest of the teams.
  • Stress the importance of IT to support crucial business processes.

Executive sponsorship will give you the clout, power, and confidence to conduct business impact analysis and implement the learning in a seamless manner.

Thoroughly understand the organization

Your business impact analysis will not be comprehensive unless you understand IT as an undercurrent running across the entire organizational stream. IT cuts across all major business functions in an organization — financial management, human resource planning, sales and distribution, compliance and regulation, quality management, customer support, and more.

Build a dependable database of business processes, assign process owners, and get their first level and second level contacts.

These people can share highly nuanced insights about how they use specific IT systems for which the impact analysis is being conducted. The one-time effort of sifting through the organizational structure, channels, and departments will reveal tremendously valuable information that can support your business impact analysis.

Remember, different teams use IT assets in different manners, which makes impact analysis complicated. By differentiating among user groups, you can make your BIA more accurate.

Business Impact Analysis
Pixabay

Master the art of using BIA tools

IT managers are inherently tuned to the idea of using tools to automate task and simplify complex analyses. Thankfully, you can choose from a large number of BIA tools to estimate the impact of IT disruptions on business functions. Some of these are:

  • Organizational charts: For a pictorial representation of the ripple effect of IT disruptions.
  • Interviews and questionnaires: To uncover lesser-known impacts of IT disruptions, based on the nuances of how user groups interact with tech assets.
  • Data flow diagrams: To detect paths and networks of interaction among IT systems, which could eventually expand the scope of business impact in case of IT failure.
  • BIA software: To build a database of important information and key findings, for monitoring purpose, and to communicate the BIA to the right people through the right channels.

The operational aspects of BIA

Now’s the time to get down to business and build your business impact analysis case. Whether it’s a server or cloud migration, vendor switchover, new applications go live, a change in architecture, or any major IT change, your BIA will save your business from unsavory circumstances.

Here are some of the operational aspects you need to cover:

  • Assign a label to each process, such as “critical,” “non-critical,” etc.
  • Go deeper for critical processes. Find out and list details pertaining to:
    • Who performs the key tasks within the process.
    • Who’s the backup?
    • The step-wise breakup of the tasks.
    • Operational impact of disruption.
    • Financial impact of disruption.
  • Determine the target recovery dates for all processes.
  • List workarounds that the business teams can use till the time the systems are restored.
  • Establish communication matrixes to share information about system downtimes to third parties, vendors, customers.

Finalize and present the BIA findings

Now that you’re done with the operational phase of the BIA, it’s time to finalize it, verify the information, and present it to the right people. Consult with department managers and apprise them of your findings to get their first-hand feedback.

Set a date and time to present the BIA to your company’s executives, and include the mitigation plan on the agenda. Do your homework on which teams can help you prepare the mitigation plan and recovery strategies.

business impact analysis
Flickr / Luc Galoppin

Remember the phases of BIA we discussed until now when you work on an impact analysis. Also, make sure your business impact analysis includes the following details (how to make a delicious pumpkin pie is not a priority here!):

  • Recovery Point Objective (RPO): A measure of the system timestamp until which you need your data to be recovered, so that related business functions are not significantly impacted.
  • Maximum tolerable downtime (MTD): The amount of time for which an IT asset can be out of service after which it starts causing a significant financial impact.
  • Interdependencies: A rating measure used to indicate how heavily other systems are dependent on the IT system for which the BIA is being done. Hopefully your IT system rates higher than “Star Wars The Last Jedi,” “Logan,” “Thor III,” and “Kill Bill”! If it does not, back to the drawing board it is!

Business impact analysis: More than checking boxes

Business impact analysis is not merely about checking boxes to keep regulators and quality boards happy. The BIA exercise can help you visualize the unforeseen impacts of major IT decisions. The insights you draw during the BIA process, and present in your report, could save your organization tens of thousands of dollars every day by preventing critical business process breakdown.

Featured image: Flickr / Reynermedia

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top