Part 3: Impact Over Time of Business Functions
CBF 1: Risk Assessment and Guarantee Issuance
The "Impact Over Time of Business Functions" assessment is a core component of the Business Impact Analysis (BIA) within the crisis management and business continuity planning framework. For CBF-1: Risk Assessment and Guarantee Issuance, this section evaluates how the disruption of specific sub-functions affects Credit Guarantee Corporation Malaysia (CGC) over varying time horizons, from a few hours to several weeks.
Given CGC’s critical role in supporting SMEs through financial guarantees, uninterrupted execution of risk assessment and guarantee issuance is paramount. Delays or disruptions in these processes could lead to financial bottlenecks, reputational damage, regulatory non-compliance, and erosion of stakeholder trust.
This section presents a structured evaluation of each Sub-CBF using a standardised impact scoring model (1 to 5) aligned with the BCM Institute’s guidelines on functional time-based impact. It identifies the time-sensitive nature of each task, the highest-impact areas (e.g., financial exposure, compliance risk, customer trust), and assigns a Recovery Time Objective (RTO) and Maximum Tolerable Period of Disruption (MTPD). These insights help prioritise recovery strategies, resource allocation, and resilience-building measures.
Here is the requested table for CBF-1 Risk Assessment and Guarantee Issuance for Credit Guarantee Corporation Malaysia, using the impact over time methodology from BCMpedia:
Table 3: [BIA] [P3] Impact Over Time of Business Functions (Sub-CBF) for CBF 1: Risk Assessment and Guarantee Issuance
|
Sub-CBF |
Sub-CBF Code |
Highest-Impact Area |
4 Hour |
8 Hour |
1 Day |
2 Day |
3 Day |
5 Day |
7 Day |
10 Day |
14 Day |
21 Day |
30 Day |
60 Day |
RTO |
MTPD |
Vulnerable Period |
|
Application Intake |
1.1 |
Customer Satisfaction, Ops |
2 |
2 |
3 |
3 |
4 |
4 |
4 |
4 |
3 |
3 |
2 |
2 |
2 Day |
14 Day |
Business hours |
|
Preliminary Eligibility Check |
1.2 |
Operational Efficiency |
2 |
2 |
3 |
3 |
3 |
4 |
4 |
4 |
3 |
3 |
2 |
2 |
2 Day |
14 Day |
Business hours |
|
Credit Risk Assessment |
1.3 |
Credit Risk, Reputation |
3 |
3 |
4 |
4 |
5 |
5 |
5 |
4 |
4 |
3 |
3 |
2 |
1 Day |
7 Day |
Pre-approval |
|
Site Visits / Due Diligence |
1.4 |
Credit Risk, Compliance |
1 |
1 |
2 |
3 |
3 |
4 |
4 |
4 |
3 |
3 |
2 |
2 |
3 Day |
21 Day |
Application window |
|
Guarantee Structuring |
1.5 |
Financial Exposure |
2 |
2 |
3 |
4 |
4 |
4 |
4 |
4 |
3 |
3 |
2 |
2 |
2 Day |
14 Day |
Pre-approval |
|
Approval Process |
1.6 |
Governance, Risk Control |
3 |
3 |
4 |
5 |
5 |
5 |
4 |
4 |
3 |
3 |
2 |
2 |
1 Day |
7 Day |
End-of-cycle |
|
Issuance of Guarantee |
1.7 |
Service Continuity, Legal |
4 |
4 |
5 |
5 |
5 |
5 |
4 |
4 |
3 |
3 |
2 |
2 |
1 Day |
5 Day |
Disbursement stage |
|
Post-Issuance Monitoring Setup |
1.8 |
Compliance, Operational Risk |
2 |
2 |
3 |
3 |
3 |
4 |
4 |
4 |
3 |
3 |
2 |
2 |
3 Day |
21 Day |
1st 30 days post-issuance |
Key Notes
- Impact scores: Based on BCM Institute’s Impact Over Time v2.0 guidelines.
- RTO (Recovery Time Objective) reflects how quickly each sub-function must be resumed to avoid unacceptable consequences.
- MTPD (Maximum Tolerable Period of Disruption) defines the absolute time limit for recovery before serious consequences occur.
- Vulnerable Period denotes when disruption is most likely to cause maximum impact, such as before approval, disbursement, or early post-issuance phases.
These MBCOs are indicative and should be validated through a comprehensive Business Impact Analysis (BIA) to align with your organisation's specific operational priorities and risk thresholds.
Summing Up ... for Part 3
The impact analysis for CBF-1: Risk Assessment and Guarantee Issuance highlights the time-critical dependencies and cascading effects that could arise from prolonged interruptions. Sub-functions such as Issuance of Guarantee, Approval Process, and Credit Risk Assessment demonstrate high-impact ratings within the first 24 to 72 hours of disruption, underlining their role in upholding CGC’s operational integrity and client confidence.
By mapping out these impacts over time, CGC is better equipped to determine which activities require immediate recovery and which can tolerate longer downtimes. This approach informs the development of targeted recovery strategies and ensures that business continuity measures are aligned with the organisation’s risk appetite, stakeholder expectations, and regulatory obligations.
Ultimately, the time-based impact assessment ensures that CBF-1 is not only protected but also resilient under crisis conditions, reinforcing CGC’s mission to facilitate financial stability for Malaysian businesses through reliable guarantee services.
CBF 1: Risk Assessment and Guarantee Issuance
Part 2: Impact Area Of Business Functions
The efficient execution of the Critical Business Function (CBF-1) — Risk Assessment and Guarantee Issuance — at Credit Guarantee Corporation Malaysia (CGC) relies heavily on the integration and resilience of its supporting IT systems and applications. These digital tools enable the organisation to process guarantee applications, assess credit risk accurately, and ensure timely issuance and monitoring of guarantees.
In an environment where credit decisions must be both rapid and rigorously compliant, the supporting IT infrastructure plays a critical role in automating workflows, facilitating real-time data analysis, and maintaining secure communication channels. From initial application intake to post-issuance monitoring, each sub-process under CBF-1 is aligned with purpose-built applications that are interdependent and must maintain high availability and recoverability to avoid business disruption.
This chapter outlines the essential IT systems supporting each sub-CBF, the associated Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO), as well as the physical and technological resources required to ensure operational continuity under various scenarios.
Here is the requested table for CBF-1 Risk Assessment and Guarantee Issuance for Credit Guarantee Corporation Malaysia, incorporating the sub-processes and key business continuity planning elements:
Table 4: [BIA] [P4] Supporting IT Systems and Applications for CBF 1: Risk Assessment and Guarantee Issuance
|
Sub-CBF |
Sub-CBFCode |
IT Systems and Applications |
RPO |
System RTO |
Supporting Special Equipment or Resources |
Remarks |
|
Application Intake |
CBF-1.1 |
Customer Portal, Guarantee Application System (GAS) |
4 hours |
8 hours |
Scanners, secured internet, user authentication tools |
Manual backup intake may be used temporarily during outages. |
|
Preliminary Eligibility Check |
CBF-1.2 |
GAS, Internal Policy Database |
4 hours |
8 hours |
Access to internal risk policy frameworks |
Automated filtering helps reduce turnaround time. |
|
Credit Risk Assessment |
CBF-1.3 |
Credit Risk System, Financial Analysis Tools |
2 hours |
4 hours |
Financial statement databases, risk scoring engines |
Requires updated client financials and credit history. |
|
Site Visits / Due Diligence (if required) |
CBF-1.4 |
CRM, Field Visit Mobile App |
24 hours |
48 hours |
Vehicles, mobile devices, on-site verification kits |
Required only for complex or high-risk applications. |
|
Guarantee Structuring |
CBF-1.5 |
GAS, Structuring Calculator Tool |
4 hours |
8 hours |
Custom structuring templates |
Tailored per application based on risk appetite and product types. |
|
Approval Process |
CBF-1.6 |
Approval Workflow System, Email System |
2 hours |
4 hours |
Secure digital approval tokens |
Multi-tiered approval based on guarantee value and risk class. |
|
Issuance of Guarantee |
CBF-1.7 |
Guarantee Issuance Module, Document Gen System |
1 hour |
2 hours |
e-Signature tools, template document libraries |
Legal documentation is generated and digitally signed. |
|
Post-Issuance Monitoring Setup |
CBF-1.8 |
Monitoring Dashboard, CRM |
4 hours |
8 hours |
Notification systems, automated trackers |
Trigger alerts based on repayment patterns or covenant breaches. |
Summing Up ... for Part 4
The effectiveness of CGC's Risk Assessment and Guarantee Issuance process is tightly linked to the reliability and responsiveness of its IT systems and digital platforms.
Ensuring that these systems are resilient and well-integrated supports CGC's mandate to provide timely and responsible credit guarantees, even in adverse operational conditions.
By mapping each sub-process to specific IT applications and defining clear RTO and RPO benchmarks, CGC enhances its preparedness to respond to disruptions while maintaining regulatory compliance and service quality.
Going forward, continued investment in technology upgrades, cybersecurity, and business continuity planning will be essential to sustaining operational resilience across this critical business function.
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
