Business Impact, Research Paper Example

The business environment is exposed to many risks in its operations and this raises the need for precautionary measures to be taken to ensure the smooth transition in the case of a disaster occurring. This introduces the concept of business impact analysis that is used in the identification of potential threats to an organization by evaluation of different business functions to establish the critical role they play. The impact analysis establishes how the organization would be affected in the absence of the specified functions (Hiles, 2002).

Component priorities

The assessment of business functions and processes is a multi-faceted process that involves a deeper analysis separating the inherent functions carried out by an organization. The analysis takes cognizance of business processes that are reliant on human labor and those reliant on technological equipment. Information technology systems play a significant role in the progress of business activities and they provide storage for critical information regarding different business transactions. The information systems available in the business environment have witnessed continued evolution and in the present form, they constitute one of the key pillars of business organization. The automation of majority of work processes necessitates security measures to be taken to ensure that data stored on different systems can be recovered in the event of loss or damage to the original information.

The first method of evaluating business processes and their impact is through interviewing individual managers of specific business areas of the identified processes levels. The purpose of conducting interviews is to ascertain the criticality of each process and the impacts associated with the loss of information or technology. The impact assessment should be focused towards determination of environmental damage, deterioration of the services or quality of products, consequences of breaches to compliance with regulatory requirements and statutory duties, and the impact on the staff and the general wellbeing of the public among many other business processes. Other methods to be employed in the analysis include the use of qualitative impact statements alongside the quantitative ones.

The analysis is responsible for determining the different categories of business functions, which include the critical functions touching on the mission of the business organization, essential business functions, necessary functions, and desirable functions. Critical functions are dependent on IT services and an outage would cause undesirable disruptions (Johnson, 2011). The business processes involving financial transactions is critical to an organization and any disruption of the systems would be costly for an organization. Financial services are at the core of all business processes and therefore should be prioritized in terms of system security. The financial managers should be interviewed to find out the differences in the software’s utilized for each process, the accepted minimum levels of downtime that financial information can be utilized, the volume of financial information contained in individual hardware, the type of telephony used, and their minimum acceptable downtime levels.

The business analysis should be carried out on all the ICT and IS operations to ensure that recovery of information is established within the minimum available time (Conrad & Misenar et al., 2012).  Time frameworks are established according to the business process involved and its criticality in the business organization. Essential business activities are assigned higher priority and need to be restored within minutes to hours while other services may take time before being restored. Financial services provide the best example of critical services whose information should be recovered within minutes and in dire circumstances, the recovery could take hours.

The assessment evaluates the risks that can be eliminated in entirety while establishing the risks that cannot be eliminated beforehand. This enables the business organization to be prepared in dealing with the forecasted risks in case of occurrence using the minimum possible time. The periods established are categorized into the maximum tolerable downtime, recovery time objective, work recovery time, and the recovery point objective (Conrad & Misenar et al., 2012). The recovery point objective identifies the maximum data that can be sustained based on any backup available and the data needs of an organization. The time recovery objective considers the amount of time utilized in bringing critical services back online form disruptions. The work recovery time evaluates the time that is required in the recovery of lost data and establishes the time used for data entry because of accumulated backlog (Snedaker, 2013). On the other hand, the maximum tolerable downtime gives the period that an organization can endure without particular information. The periods are broken down as follows:

• Critical processes—0-12 hours
• Vital  processes—13-24 hours
• Important  processes—1-3 days
• Minor processes—time above 3 days

Component reliance and dependencies

Component dependencies are a concept that links different business processes to each other. It is important to note that in the business environment, different processes are interrelated and their functionality cannot be handled in isolation. A good example is the role played by the financial process within the business organization and its importance to all other processes. Every process within the organization depends on the allocation of resources for operationalization, for instance the purchase of equipment, payment of employees, and other financial obligations. It is therefore necessary to evaluate the criticality of a process in relation to other processes within the business setup to ensure that importance is measured on an appropriate scale.

There is need to establish the cost effects of every business process are significant in the case of an outage or negative occurrence. It is important to note that recovery efforts should be done within the maximum tolerable downtime. The maximum tolerable downtime is essential in the calculation of the costs to be incurred in the recovery phase of information loss because of a negative event. The relationship between systems recovery and costs is an inverse one because investments are made according to the time taken for recovery. Quick recovery systems and measures incur more costs to a firm than simplified recovery systems and operations. Investments are made according to the downtime associated with system failures. The investments are made in terms of equipment as well as expertise to handle the identified equipment. In large business organization, it is essential to have an IT department delegated with the responsibility of ensuring different crises are averted while smaller companies utilize the services of contracted experts to minimize on costs.

Recommendations

It is important for every business organization to ensure that it takes up measures to identify and resolve possible crisis resulting from the loss of information. Such preparations involve many processes that should incorporate different stakeholders and more importantly the workforce within the organization. The business impact analysis should be carried out on a department-to-department basis and individual personnel within the organization should be trained in accordance with respective responsibilities. An organization should allocate sufficient resources to aid in the facilitation of its employees to ensure they are well versed with recovery efforts.

References

Conrad, E., Misenar, S. & Feldman, J. (2012). CISSP study guide. Waltham, MA: Syngress

Hiles, A. (2002). Enterprise risk assessment and business impact analysis. Brookfield, Conn.: Rothstein Associates.

Johnson, R. (2011). Security policies and implementation issues. Sudbury, Mass.: Jones & Bartlett Learning

Snedaker, S. (2013). Business Continuity and Disaster Recovery Planning for IT Professionals. Burlington: Elsevier Science