IDENTIFYING CRITICAL BUSINESS PROCESSES FOR BUSINESS CONTINUITY PLANNING

There are several aspects of a business impact analysis managers should consider to effectively manage emergency response.

Share this post

Business impact analyses (BIA) should be conducted in order to establish appropriate response priorities in business continuity plans. Identifying the implications of a sudden loss for each business unit can determine process dependencies required to maintain operations of critical business processes. The BIAs should be used to evaluate critical recovery time objectives (RTO) for each unit and establish a comprehensive understanding of core business needs.

The ability to identify and quantify which critical business processes that, when not functional, may damage a company’s reputation or ability to operate, is a critical stage in the business continuity planning process. Overall resilience capabilities should be prioritized to mitigate any interruption. Operational and process managers should explore and quantify the following aspects to initiate the BIA process:

Timing: Identify critical operational time periods when an interruption would have greater impact (seasonal, end of quarter, specific month, etc.). Priorities should be determined if an interruption during high-output timeframes creates amplified operational and financial impacts.

Likelihood Level: Indicate how likely each specific threat could occur, considering existing capabilities, mitigation measures, and history.

Duration: Identify the duration and point in time when an interruption would impair operational processes and have financial impact. Estimate the maximum allowable downtime for each specific business function: Typical durations may include:

  • Less or greater than 1 hour
  • Less or greater than 8 hours or a typical single shift
  • Greater than 24 hrs
  • Greater than 36 hours
  • Greater than 72 hours
  • Greater than one week
  • Greater than one month

Staffing minimums: Identify staffing level needs (including contractors or suppliers) to meet typical daily, as well as recovery time objectives.

Operational Impacts: Identify the effects associated with a business unit interruption, considering existing mitigation measures. These may include, but are not limited to:

  • Lost sales and income
  • Negative cash flow resulting from delayed sales or income
  • Increased expenses due to overtime, outsourcing or other operations that increase costs
  • Regulatory fines and legal implications
  • Contractual penalties or loss of contractual bonuses
  • Customer dissatisfaction or withdrawal
  • Delay of business plan execution or strategic initiatives

Recovery Time: Identify the time frame necessary to recover specific critical processes under existing capabilities and, if possible, potentially altered conditions.

Financial Impact: Determine and quantify impacts in financial terms considering existing mitigation measures. Critical functions that have the highest financial impacts should be prioritized in business continuity plans.

Within each business unit, additional business functions should be considered and evaluated. By identifying cross business unit dependencies, the need for integrated risk mitigation solutions can be highlighted and proactive measures taken. Access to these additional functional requirements may be necessary if operations are moved to offsite locations. A workflow analysis may prioritize those business functions and processes that must be recovered. Functions within each business unit may include, but are not limited to:

  • Finance
  • Contracts
  • Supply and Trading
  • Personnel and Payroll
  • Benefits
  • Accounts Payable
  • Environmental Health and Safety
  • Information technology

Adverse information technology (IT) conditions may affect numerous company departments, units and functions. IT components may include networks, servers, desktop and laptop computers and wireless devices. The ability to utilize both office productivity and enterprise-wide software may be essential to restore normal operations. Therefore, time critical recovery strategies for information technology, such as exercised data backup and restoration procedures, should be developed in order to limit the effects of interruptions across multiple business units.

If a business continuity incident affects two or more critical business processes, the incident has a greater potential for impact. Interoperable communication and coordination among departments must be exercised for a swift recovery. The effects of a multi-tiered business continuity event can extend beyond the facility borders to affect personnel, multiple critical business processes, vendors or suppliers, and customers. Utilizing business impact analyses can create effective business continuity plans, ensuring a faster state of recovery.

Comments

More blog posts from Jensen Hughes


The Russia-Ukraine War Has Clear Cyber Security Implications for Your Organization

Mar 10, 2022

The Russian invasion of Ukraine has escalated the threat of Russian state-sponsored cybercrime worldwide.

Read more
World Engineering Day + Nuclear Safety: The Future of Nuclear Safety

Mar 4, 2022

Marlene Delaney addresses the common misconceptions about nuclear power and discusses the future of nuclear technology.

Read more
Fire Risk Assessments As PART OF A preventative strategy

Feb 23, 2022

Learn how Fire Risk Assessments can help building managers effectively identify fire safety risks within their building.

Read more