Business Continuity Management | BCM

[BCM] [BIA] [R] Writing the Business Impact Analysis Report

Written by Rose Lam | Mar 21, 2021 12:07:19 PM

Preparing the Business Impact Analysis Report

There is no standardised format for a business impact analysis report, and, as with many other processes, this document will likely follow your company’s standard format.

At a minimum, the report should include the business functions, criticality and impact assessments, and the recovery time objective (RTO) assessment for each.

Dependencies, both internal and external, should be noted, and the correlation to IT systems should be delineated.

This report should be prepared in draft format, including initial impact findings and issues to be addressed.

The participating business unit BCM coordinators, business unit heads and managers, subject matter experts (SMEs), and BC/DR team members should review the findings. Revise the report based on participants’ feedback on the draft document.

If needed, you can schedule a review meeting to discuss the draft's findings.

Often, this is helpful (and necessary) to resolve conflicts concerning the criticality and maximum tolerable downtime ratings, as there is a correlation between these ratings and the cost of mitigating risks and reducing downtime.

Once the feedback has been gathered, revise the draft and finalise the document. This document is used in conjunction with the risk assessment as input to the risk mitigation process.

Key Elements in BIA Report

To assist you in preparing your final report, we’ve recapped the elements you may choose to include.

  • Key processes and functions
  • Process and resource interdependence
  • IT dependencies
  • Criticality and impact on operations
  • Backlog information
  • Key roles, positions, skills, knowledge, and expertise needed
  • Recovery time requirements
  • Recovery resources
  • Service level agreements
  • Technology (IT and non-IT technology)
  • Financial, legal, operations, market, and staff impacts
  • Work-around procedures
  • Remote work, workload shifting
  • Business data, key records
  • Reporting
  • Competitive impact
  • Investor/market impact
  • Customer perception impact
  • Other (business-specific data not already included)

Additional key elements an organisation may choose to include in preparing a final BIA report:

  • Internal and external dependencies
  • Vital records
  • Service level agreements
  • System and application Recovery Point Objectives
  • Level of reliance on internal and external systems and applications
  • Specialised equipment required
  • Backlog information
  • Workaround procedures
  • Critical staffing by offices
  • New systems, legal requirements, partnerships, etc. in the next 12 months

 

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the  BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].

Please feel free to send us a note if you have any questions.

 
View full post