A business impact analysis is done to determine which tasks and functions are critical for the foundation to stay in business (Johri, 2010). This is done by asking a series of questions to determine the value of the task or function, for example:
If not performed at all, how much loss would the foundation suffer?
If not performed in a timely manner, how much financial loss would the foundation suffer?
Is the task/function required to meet:
Legal and/or contractual obligations?
Regulatory compliance obligations?
How long can the foundation go without performing this task/function?
Are there single points of failure (one person departments, only one source of information, etc.)?
BIA scenarios and components
High Level Immediate restoration required. Maximum outage/downtime is between one and five days before the foundation suffers severe legal, reputational or financial impact.
Medium Level Function can continue in default mode (e.g. payroll) or not performed for two to four weeks. Immediate restoration not required. Failure to perform these will eventually impact performance of high level functions, but will not result in severe legal, reputational or financial impact.
Low Level Function can continue in default mode (e.g. payroll) or not performed for 31-plus days. Function can be delayed until operating environment has been restored to normal.
Financial and service impact of components not being available
For some services, the recipients pay directly for the services. A BIA gauges how much of the normal revenue stream is either lost or delayed because of disruptions. For some operations, in fact the revenue stream can continue in spite of a cessation of operations. This effect is captured in cash flow estimates, but it also correlates with estimates of recipient dissatisfaction as captured in the previous category (Lall, 2005). Another revenue effect occurs when the disruption reduces the taxpaying base, either during or after a disruption.
Recovery Time Frameworks
In the context of examining or assessing the continuity risks associated with a particular source or risk cause, planners must estimate the likelihood that government operations that are not directly affected by the immediate cause will be disrupted anyway because of interdependencies. The shutdown of one building in a complex can disrupt government operations in other buildings that depend on activities in the closed building (Peltier, 2001).
Methods For Determining Component Reliance And Dependencies
Component dependencies
The expectations of a BIA are expanding because of several trends and events. As information technology facilitates more rapid performance of services and delivery ...