Page 14 - TNR-V02N2
P. 14
Implementing the Professional Practices
Analyse d’impact sur les entreprises
By/Par Jeff Hortobagyi, CBCP, MBCI
Business Impact Analysis – applications can be confusing and overwhelming, especially
7 Tips for Common Pitfalls for large organizations and ones with legacy systems. IT
departments may have profiles of the applications that
support business processes and may have already identified
he Business Impact Analysis (BIA) is arguably the outage tolerance for the applications. If not, IT has good
most important and difficult part of the business reason to support the BIA to obtain this data.
continuity process. Complex, time-consuming, 3. Speak to people
Tand requiring comprehensive analysis of the Interviews (or workshops) may be the best way to
organization, the BIA can get bogged down in needless approach the BIA. While a survey is more convenient, the
detail (the most common pitfall) or it can be too high- back-and-forth of an interview allows you to provide
level—both pitfalls resulting in difficulty building business guidance, ask questions, and obtain greater consistency
continuity plans and executing them in an event.
across BIAs. Interviews provide an opportunity to have the
1. Start at the top (but don’t stop there) full attention of the interviewee, which may not be easily
Responsibility for completing the BIA is often pushed achieved with surveys. Moreover, interviews may not get as
down the organization to employees who don’t have the easily pushed down the organization as a survey might.
purview, authority, or confidence to prioritize and make the 4. Know how much is too much
difficult decisions around which critical processes must be For one BIA project I managed, a line of business came
maintained and which should be suspended.
back with 500 critical processes. (Yes, 500) So, how do you
Start at the top of the organization. Senior leadership has achieve the right level for defining your critical processes?
the broader vision to set high-level priorities to guide the It’s difficult to nail down, but here are some tactics to avoid
further elaboration of the BIA by resources in the lines of too many or too few critical processes.
business that can provide the operational elements that
senior leaders may not be cognizant of. Define
A definition of a critical process can be used to assess
Use the high-level priorities, and the leadership team, as whether a critical process is at the right level. I’ve used a
touchstones to maintain process discipline in completing rule of thumb where processes that have a similar basic
the BIA. Reference them clearly in the entire process and purpose, similar dependencies, and are conducted by the
close out the BIA by returning to the leadership for sign-off same team members, then it may be beneficial to combine
on how the lines of business interpreted their guidance. them into a single, higher-level process, particularly since
the recovery strategies may be similar.
2. Don’t go it alone
The BIA requires data across the organization. Leverage Pick a number
the organization’s expertise. Other departments own and Identify a small number of buckets and provide approximate
understand the data needed to make decisions in the BIA. guidance on how many critical processes should fit into
Put the accountability on them. each. Mission-critical processes, for example, should
probably garner no more than 10%, business-critical maybe
Finance, for example, can tell you how to measure a little more, and there is likely a large bucket that falls
financial impacts and can contribute to the assessment of under a best-effort designation. Your guidance may not be
financial impacts for the lines of business. IT systems and closely followed, but it may reign in the extremes.
14 Return to TOC True North RESILIENCE magazine - Fall 2023
