Business Continuity and Disaster Recovery
Financial and Non-Financial Losses in the Business Impact Analysis
Manal Althobaiti 1800665
Nouf Al-Otibi – 1800670
Ohoud Al-Shawkani – 1800667
Business impact analysis is a core practice that allows the organization to remain flexible. It’s helping to highlight successful planning and effective chain strategy to ensure that no errors occur.
Through this project we have tried to show an understanding of the business impact analysis (BIA), BIA conduct, why need to conduct BIA, The BIA report, reason to evaluate loss categories in BIA, meaning and difference of Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), financial and non-financial losses categories in a BIA,
What is the Business Impact Analysis?
One of the most difficult tasks and hard to crisis response in the right way. You must determine what you need to be recovered quickly and in a short time. BIA identify, a systematic processing that determines and evaluate the possible effects of a handicap to critical business operations as a result of an emergency or disaster?
The main component of Business Impact Analysis is an organization’s business continuance plan and it’s included, an exploratory component to detect any vulnerabilities and planning component to develop strategies for reducing risk. The report of Business impact analysis should be describing the possible risks that the company is prone to. Every component of the organization is relying on the continued functioning of every other component; however, some are more important than others and need a larger allocation of funds when disaster strikes. (Rouse, 2015)
There are some of the impacts that are effects on the organization like reputational, customer, operations, financial, regulatory and Legal.
BIA Questionnaire survey management members and rest of employees of the organization. Those have a view, knowledge, and details what’s going on inside the organization & try to ask questions that help to recognize the possible impacts if certain business functions.
Why need to conduct BIA?
There’re three main reasons to conduct BIA. First, to avoid guesswork when the time of disaster come! Make a decision that depends on strong data ; analysis. Second, to assign business’s resources in a time of intense trouble, building a good design of BIA that help you for restoring your processing with minimum level without taking so much time. Third, make compact test criteria for all your plans and suppliers, both suppliers & your recovery plan can be tested criteria and BIA identifies recovery requirements.
The format of your report should be appropriate for your company’s senior management. For example, some companies would prefer the format of the report information to tables or graphs. Below The component of standard report:
1. Executive summary. This section includes a general overview of the BIA, touching on: The area of the analysis, main objectives.
method ; approach of BIA: any processing that you have already conducted to BIA, interviewing members of the organization, analyzing data, categorize of impact level…etc.
2. Rank of the Business process that critical. Describe which departments of business in your company that was most critical as a result of the BIA, recovery all evaluated business processes ; units …etc. (Herrera,2017)
What is the reason to evaluate losses in the BIA?
To assists us assign Recovery Time Objectives (RTO) Departments, Processes, Application Software/Hardware. And provides reasonable grounds for Strategies: Work Area, Technology. (Sandy,2009)
What’s mean of Recovery Time Objectives (RTO)?
The time span after the occurrence of an incident in which an activity should be restarted or resources and assets should be regained. RTO is related to critically category (impact level) and the purpose sets the boundaries for the whole business continuity management. When the impact on the Very High level will take 8 hours to recover and must actively be available less than an hour, because of these services very important. The impact on a High level will recover 8-24 hours, the activity important and need to be available on a high level but it’s not as critical as the first one. Medium level impact recovering on 1-2 days that activity can be unavailable for 8 hours but need to be on available for 8 hours. On a low level of impact, the recovery will take 1 -2 week. that activity can be unavailable for 1 day but needs to be on available within or after 24 hours.
What’s mean of Recovery point objective (RPO)?
The amount of data lost and the purpose of RPO is the issue of backup frequency. But both RTO and RPO are a crucial role in business impact analysis and for business continuity management. (Kosutic,2012)
There’re two types of losses in BIA, financial and non- financial.
Financial loss categories in a BIA
The purpose of projects is to improve efficiency and reduce costs. many projects that specifically focus on generating additional revenue for the company. Each month of failure will delay the realization of these reduces to another month. For example, Failure to processing new customer orders, customers will buy a product or service from alternate and lack of future sales. At a low level will be a minor impact to customers and will not affect the deliverables of a customer of the organization, medium level impact significantly that on few deliverables of the customer of the organization, and a high level the impact will be severed on severely deliverables of the customer of the organization. (Okolita,2009)
Legal / Regulatory
The organization must avoid legal issues, contract violations, Inability to fulfill obligations, failure to meet service legal agreements and Inability to pay fines levied. On the low level will organization get a warning letter, and medium level penalties, minor lawsuits, and on high-level severe penalties, serious lawsuits. Regulatory means here regulate or direct according to rule, or law. On low level will issue of a warning letter, suspension of license on medium level, and revocation of license on a high level.
Department within an organization related to personnel recruitment. Personnel makes damage on an equipment, employees will be paid a salary depending on their contract, a cost for overtime or new/replacement employee.
According to a study by Becker ; Gerhart although, companies that different in practicing in HR still have a similar HR structure “the similarity is that both links pay to desired behaviors and performance outcomes and both effectively select and retain people who fit their cultures” (p. 4)
A set of such instruments that restraining a control of prices or products, for example, lack of Information for investment opportunities, less control over accounts payable, Production losses in manufacturing.
Replacement facility, furniture, equipment, supplies…etc. Increased travel expenses since company may transport employees to replacement site.
Non-Financial loss categories in a BIA
Ability to provide customer care
The owner of a business needs to continue to require service level to the customer.
The organization needs to take decisions that are working to organization’s viability.
When a crisis occurs, what happens to employee spirit? As a result, we need to raise the employees confident and spirit after the disaster occurred.
A commercial idiom, that measures the range of products and services provided by the organization to achieve customer expectations. Organizations need to retain their customers over some specific time by Increasing engagement with customers provided in a feedback section that received from customers. (Grewal, Roggeveen, Sisodia, and Nordfalt, 2017, p.5).
Companies seek to promote positive public perceptions of themselves, looking after the interests of customers, caring for their employees and the environment.
As discussed in this report,
Becker, B. ; Gerhart, B. (1996). The Impact of Human Resource Management Onorganizational Performance: Progress and Prospects. Academy of Management Journal. 39 (1), 779-801.
Herrera, M. (2017). What Goes Into A Business Impact Analysis (BIA) Report? . Available: https://bcmmetrics.com/what-goes-into-business-impact-analysis-report/. Last accessed 12 Nov 2018.
Kosutic, D. (2012). Difference Between Recovery Time and Recovery Point Objectives. Available: http://www.infosecisland.com/blogview/20017-Difference-Between-Recovery-Time-and-Recovery-Point-Objectives.html. Last accessed 12 Nov 2018.
Okolita, K. (2009). How to perform a disaster recovery business impact analysis. Available: https://www.csoonline.com/article/2124593/disaster-recovery/emergency-preparedness-how-to-perform-a-disaster-recovery-business-impact-analysis.html. Last accessed 11 Nov 2018.
Rouse, M. (2015). business impact analysis (BIA). Available: https://searchstorage.techtarget.com/definition/business-impact-analysis. Last accessed 5th Nov 2018.
Sandy, M. (2009, n.d). Financial and Non-Financial Losses in the Business Impact Analysis (BIA) PowerPoint slides. Retrieved from https://www.coursehero.com/file/16432004/Financial-and-Non-Financial-Losses-in-the-Business-Impact-Analysis-BIA/
Grewal, D. ; Roggeveen, A. ; Sisodia, R. ; Nordfalt, J. (2017). Enhancing Customer Engagement Through Consciousness. Journal of Retailing. 93 (1), 55-64.