fbpx

Business Continuity and Crisis Management Consultants

You are here: Home / Business Continuity / 3 Business Impact Analysis (BIA) Mistakes to Avoid

By //  by 

“You hit home runs not by chance but by preparation”- Roger Maris

If you want to hit a home run within your organization with your business continuity program, then you need to prepare by conducting a proper business impact analysis and learning how to avoid costly BIA mistakes.

When done right, the business impact analysis (BIA) process is straightforward, concise, and adds value to your organization on multiple fronts. When done wrong, your Business Continuity program loses credibility, leaders and their teams are frustrated, and the process ends up wasting people’s time.

To help you avoid this drastic outcome and ensure you know how to properly conduct a BIA, I’ve listed the top three BIA mistakes we have commonly seen in our engagements here at Bryghtpath.

  1. Not challenging recovery time objectives (RTOs)
  2. Not validating your BIA results
  3. Making BIA a “black box”

What is a Business Impact Analysis, and why should my organization have one?

A Business Impact Analysis (BIA) helps your organization understand what critical parts of your business will be impacted if there is some disruption like a hurricane, losing a key manufacturing supplier, reputational damage, a technology outage, or even experiencing a global pandemic like COVID-19.

These disruptions can negatively impact your organization’s revenue, expenses, operations, and reputation.  A properly scoped Business Impact Analysis can help your organization understand the impact of a disruption on your critical business processes and guide your planning process.

A good BIA will allow your organization to efficiently prioritize your business continuity plan and help you identify potential systems and processes that may be overlooked.

Without a BIA, you will not have a solid foundation for your business continuity program and plans to rest upon, like going on a cross-country trip without a map or GPS navigation app on your phone.

These strategies are part of the approach we use in our 5-Day Business Continuity Accelerator course, where we aim to improve the perception of your business continuity program within your organization.

We offer our 5-Day Business Continuity Accelerator quarterly.

Learn more and get on the waiting list >>

How to Conduct a Business Impact Analysis

Anytime we conduct a Business Impact Analysis for our clients, we follow four simple steps:

  1. Scope the Need. A non-profit will have different resiliency needs than a major utility or healthcare network. The first step is to scope the need specific to the organization so we know which areas to focus on and what data should be collected.
  2. Prepare for Interviews. The organization’s stakeholders must be prepared in advance to make the most of the BIA interview process. We also need to make sure that the right stakeholders participate in the process so we can craft plans that are responsive to the organization’s most critical risks and needs.
  3. Conduct the Business Impact Analysis Interviews. This is the meat of the business impact analysis, where we dig into systems, their impacts on the business, dependencies, and more to uncover their strengths and weaknesses.
  4. Prepare and Present the BIA ReportWe aggregate our interview learnings into a concise report that identifies key systems and business processes, recovery time objectives for each area, and important interdependencies within the organization.

BIA-Process 3 Business Impact Analysis (BIA) Mistakes to Avoid

Three BIA Mistakes Organizations Make

Not Challenging Recovery Time Objectives (RTO)

Our definition for an RTO is the overall length of time a business process can be disrupted before that disruption becomes unacceptable to the organization. In other words, how long could an organization go with payroll being down, an online product not working, or a critical system being hacked before a toll is taken on the organization? Is it minutes, hours, days, or weeks? Those are questions that need to be asked when establishing RTOs.

We have often seen businesses that don’t correctly prioritize their processes because RTOs were not challenged appropriately through the BIA process. Proposed Recovery Time Objectives that seem out of line to the impact of a disruption to the business process should be challenged and discussed during the BIA process to ensure their accuracy.

Not Validating your BIA Results

We wrote an article about the process of validating your BIA but to summarize- validation is the process of meeting with key leaders to ensure that BIAs across the organization align with the most critical areas of the business. This allows your BIA to be as effective as possible.

When validating your BIA results, you will typically work with a senior leader who represents a broad business area – like a Vice President or a direct report of the CEO.

Together you will:

  • Prepare what you want to share with leadership about your BIA results.
  • Approach the executive team about validating your BIA.
  • Consider other leaders that you need to share results with.

Making BIA a “Black Box”

The  “black box” — when the flight goes down, investigators glean through the rubble to mine this secret source of truth.  Your business impact analysis should not be treated like a black box — tightly controlled, released sparingly, and only in case of emergency.

Unfortunately this is often the case.  Business Continuity teams sometimes employ complex BIA formulas that are not easily explainable to business leaders or that don’t make sense in determining the criticality of a business function. Or they decide not to share the results or any other information about the BIA with others in the organization, even if the business leaders aren’t in alignment with the BIA calculations, such as the defined Recovery Time Objective for their business area.

The inputs and calculations, like recovery time objectives, impacts, and other important information used to create your BIA need to be clear, transparent, and visible among your stakeholders.

This creates a transparent and credible process that your business partners can understand, gaining additional credibility for your program.

Want to work with us or learn more about Business Continuity and avoiding BIA mistakes?

About Lydia Harper

Lydia Harper is a communications specialist with experience in communications strategy, interpersonal communications, public speaking, and problem-solving.

Prior to joining Bryghtpath, Lydia was a facilities manager at a rock climbing and CrossFit gym. She aided in developing employee policies, creating social media content, event planning, and corporate finance.

Lydia holds a Bachelor of Communications in Strategic Organization Communications as well as a certificate in Data Analytics, both from Brigham Young University.