Bia Stakeholder Analysis Business Impact Assessment and Essay

Total Length: 1292 words ( 4 double-spaced pages)

Total Sources: 4

Page 1 of 4


Stakeholder Analysis

Business Impact Assessment and disaster management

A business impact assessment (BIA) is designed to evaluate the impact of a disaster upon the functioning of the organization and ideally, determine ways for the organization to remain operational, even during the stressors of a full-blown attack on its informational systems or a widespread catastrophe like a national disaster. "BIA report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them. The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance. Where possible, impact is expressed monetarily for purposes of comparison. For example, a business may spend three times as much on marketing in the wake of a disaster to rebuild customer confidence" than it did before the catastrophe (BIA, 2013, Search Storage). Another definition of a BIA is "to identify the organization's mandate and critical services or products; rank the order of priority of services or products for continuous delivery or rapid recovery; and identify internal and external impacts of disruptions" (A guide to business continuity planning, 2013, Public Safety). Prioritization is thus another critical component of BIA: not every situation can be planned for nor can every risk be perfectly controlled, but through prioritization and the determination what are mission-critical components of the organization, it can be assured that the organization can continue to function and offer necessary services within the least possible number of disruptions (BIA, 2013, FEMA).

One of the first steps is thus component priority, determining which components are most important for the business to function (Johnson 2010: 278). The second step is component reliance, which means, of these important components, which ones are critical because of the interrelation between those components and others necessary to do business (Johnson 2010: 278). Functions, dependencies, and the human intelligence required to fulfill them are all assessed, and this will better enable the company to prevent and mitigate damage when and if it occurs.
A BIA takes into consideration risk exposure (likelihood of risk) and the damage that risk could entail. For example, a tornado might be an extremely impactful risk for a mid-Atlantic state like NJ, but lower in likelihood than a Midwestern state such as Kansas. There must be a prioritization of risks, threats, and vulnerabilities (Johnson 2010: 278-279). All are equally important yet critically different components of the BIA. "Once all relevant information has been collected and assembled, rankings for the critical business services or products can be produced. Ranking is based on the potential loss of revenue, time of recovery and severity of impact a disruption would cause. Minimum service levels and maximum allowable downtimes are then determined" (A guide to business continuity planning, 2013, Public Safety).

Approaches to dealing with risk include risk avoidance, risk management, risk acceptance, and risk transference. Although all strategies are likely to be included, they will vary from organization to organization and scenario to scenario. Yet while a variety of coping strategies are afforded to the organization, the ultimate ideal is prevention. To prevent damage to an organization, continual screening is demanded. For example, to determine the resources needed to cope with a threat to the IT system, a vulnerability assessment might simulate a firewall attack, to see if the system can withstand such an impingement. Then, once the vulnerabilities are determined the system designers attempts to rectify them -- but given that complete prevention is not possible, there must also be contingency plans in place to determine what to do if the system is broached. "The assessment must also address the cost to business and the cost of remediation" (Johnson 2010: 282).

Then, the financial costs to the business of various risks may be determined. For example, a common threat to a business is a power failure. For some businesses, being 'offline' for a….....

Have Any Questions? Our Expert Writers Can Answer!

Need Help Writing Your Essay?