Business Continuity Management | BCM

Writing the Business Impact Analysis Report

Written by Rose Lam | Mar 21, 2021 12:07:19 PM

Preparing the Business Impact Analysis Report

There is no standardized format for a business impact analysis report and, as with many other processes, this document will likely follow your company’s standard format.

At minimum, the report should include the business functions, the criticality and impact assessments and the recovery time objective (RTO) assessment for each. Dependencies, both internal and external, should be noted and the correlation to IT systems should be delineated.

This report should be prepared in draft format with initial impact findings and issues to be resolved. The participating business unit BCM coordinators, business unit heads and managers, subject-matter-experts (SMEs), and BC/DR team members should review the findings. Revise the report based on participant’s feedback to the draft document.

If needed, you can schedule a review meeting to discuss the finding in the draft. Often this is helpful (and needed) to resolve conflicts with regard to the criticality and maximum tolerable downtime ratings, since there is a correlation between these ratings and the cost of mitigating the risks and reducing downtime.

Once the feedback has been gathered, revise the draft and finalize the document. This document is used along with the risk assessment as an input to the risk mitigation process.

Key Elements in BIA Report

To assist you in preparing your final report, we’ve recapped the elements you may choose to include.

  • Key processes and functions
  • Process and resource interdependence
  • IT dependencies
  • Criticality and impact on operations
  • Backlog information
  • Key roles, positions, skills, knowledge, expertise needed
  • Recovery time requirements
  • Recovery resources
  • Service level agreements
  • Technology (IT and non-IT technology)
  • Financial, legal, operations, market, staff impacts
  • Work-around procedures
  • Remote work, workload shifting
  • Business data, key records
  • Reporting
  • Competitive impact
  • Investor/market impact
  • Customer perception impact
  • Other (business-specific data not already included)

Additional key elements an organization may choose to include in preparing a final BIA report:

  • Internal and external dependencies
  • Vital records
  • Service level agreements
  • System and application Recovery Point Objectives
  • Level of reliance on internal and external systems and applications
  • Specialized equipment required
  • Backlog information
  • Workaround procedures
  • Critical staffing by offices
  • New systems, legal requirements, partnerships, etc. in the next 12 months
Reference

10 Elements in a Business Impact Analysis Report https://www.mha-it.com/2013/06/25/business-impact-analysis-report/

Snedaker, S. (2007). Business Impact Analysis. Business Continuity & Disaster Recovery for IT Professionals(May), 209-260.

More Information About Blended Learning BCM-5000 [BL-B-5]

To know more about our blended learning program and when the next course is scheduled, feel free to contact our friendly course consultant colleagues via sales.ap@bcm-institute.org.  They are the BL-B-3 Blended Learning BCM-300 ISO22301 BCMS Implementer and the BL-B-5 Blended Learning BCM-5000 ISO22301 BCMS Expert Implementer.
 

Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org

  

 
View full post