Reducing the Business Impact

Risk assessment and business impact assessment are increasingly being viewed as synonymous at the executive board level, however companies must have in place an IT manager who knows the difference and understands why each process remains unique.

Risk Assessment

Risk assessment is charged with revealing the threats, vulnerabilities and values of organizational assets. Pivotal to the process is determining the likelihood of an adverse event occurring and its probable impact throughout the organization. Risk assessment is a tool to reduce risk to acceptable levels.

Business Impact Analysis

Business impact analysis facilitates creation and implementation of a successful continuity plan in the event of a critically disruptive event. The process is designed to make management aware of the scope and impact of potential disruption, including the magnitude of financial impacts. An effective business impact analysis allows management to calculate recovery time, need for support services and availability (or unavailability) of critical resources. These may include:

  • Facilities
  • IT infrastructure (including all communications networks)
  • Hardware and software
  • Data
  • Business partners

Business processes map directly to supporting resources, which defines how those resources must be prioritized in the business continuity plan. Obviously, businesses must have a comprehensive and precise understanding of their critical processes and the resources needed to support them in order to craft a successful business continuity plan.