When conducting a business impact analysis (BIA) there are two important words to keep in mind : “business” and “impact”. It sounds obvious but strangely this is often forgotten and the BIA gets confused with a risk assessment.
The BIA is the part of the business continuity process that determines the level of pain an organisation would suffer if it were unable to carry out its critical processes. We’re not really interested in all the possible reasons why at this stage – that’s what the risk assessment is for. And anyway, if the BIA’s done properly, there’s enough to think about without trying to do a risk assessment at the same time.
So don’t make life more difficult for yourself than it needs to be. Concentrate on business impacts during the BIA, then conduct a separate risk assessment to identify potential risks to the critical processes identified by the BIA.
Remember, it’s called a business impact analysis – the clue’s in the name!
Andy Osborne (known as Oz to friends and colleagues) is the Consultancy Director at Acumen, a consultancy practice specialising in business continuity and risk management.
Andy is the author of two books ‘Practical Business Continuity Management‘ and ‘Risk Management Simplified‘ as well as his popular blogs and ‘Tips of the Month’, all of which aim to demystify the subjects of business continuity and risk management and make them more accessible to people who live in the real world.
You can follow Andy on Twitter at @AndyatAcumen and link with him on LinkedIn at http://uk.linkedin.com/in/andyosborneatacumen