SUBSCRIBE TO
CONTINUITY BRIEFING


Business continuity news

Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Business Continuity Software Survey

Add to Google  

Use Google?
Click the button to add Continuity Central news to your Google home page
.

Follow us on Twitter  

Get immediate news
and information updates via our Twitter feed.

SUBMIT YOUR NEWS
To submit news stories to Continuity Central, e-mail the editor.

NEWSFEED
Want an RSS newsfeed for your website? Click here

OUR COOKIE POLICY
Before using this website ensure that you understand and accept our cookie policy. More details

Redefining the BIA

By Geary Sikich

If we agree on the basic premise that business continuity can be defined as sustaining what is critical to the enterprise’s survivability during periods of discontinuity; then we must recognize that the activity known as the business impact assessment / analysis (BIA) needs to be redefined.

The BIA, as currently practiced does not necessarily achieve the following:

  • Define what is critical to the organization;
  • Develop strategies to recover/sustain during times of discontinuity.

I posit a two-phase BIA framework consisting of a pre-event general analysis and a post-event identification and assessment of business impacts and potential consequences for the enterprise.

Events are nonlinear and therefore carry uncertain outcomes. As a result, traditional pre-event BIAs are of little value when conducted using concepts such as mission critical, recovery time objectives, recovery point objectives, etc. Events evolve; the elements of randomness and nonlinearity create opaqueness (opacity: the quality of being difficult to understand or explain) that a traditional BIA underestimates.

Pre-event general analysis: points and questions to address in a BIA

  • Customers: sustainability within current markets, capacity to overcome disruptions and continually transform to meet the changing needs and expectations of customers, shareholders and stakeholders.
  • Current competitors: define immediate market areas and determine strength of competition to influence market share, human capital, customer base.
  • Providers: sustainability, strength in markets served, loyalty, capacity to manage surge.
  • Suppliers: ability to influence capabilities to provide product/services, readily available alternatives.
  • Stakeholders: capability to meet expectations.
  • Government/geo-political: regulatory agencies and compliance scrutiny, potential actions – direct impact, potential actions – indirect impact.
  • Substitutes: readily available alternatives, differentiating qualities.
  • New Entrants: barriers to entry, financial challenges, customer loyalty, customer tolerance level.
  • Economic: changing market demands for services/products (internal/external).
  • Social: human capital, skills, perception/image, moral, ethical impacts.
  • Technology: infrastructure (internal/external) ability to handle surges, vulnerabilities, cascade effects of failure.
  • Financial capacity: ability to draw on reserves to offset cash flow disruption.

Post-event impact and consequence analysis: points and questions to address in a BIA

The second phase BIA focuses on the evolving situation (nonlinearity, uncertain outcomes, etc.) – identification and assessment of business impacts and potential consequences for the enterprise as they are unfolding. We rarely make a credible attempt to identify post-incident impacts and consequences in any significant detail. So, re-entry, recovery, restoration and resumption of operations are often skimmed over or ignored in the traditional BIA process.

Below are key areas for an ‘active analysis’ framework:

  • Human capital: consisting of management, employees, stakeholders, suppliers, providers, partners, contract/vendor entities, etc.
  • Clients: consisting of current, new and former customers.
  • Systems: consisting of internal operating systems and critical external infrastructures.
  • Suppliers: consisting of providers of essential business logistics/services, etc.
  • Utilities: consisting of electric, gas, water and telephone service providers.
  • Telecommunications: consisting of internal telecommunications systems linked to external telecommunications providers.
  • Energy supply: consisting of energy delivery systems and energy support systems.
  • Government services: consisting of emergency management, police, fire, emergency medical, Federal, State and local government bodies and political support systems.
  • Transportation: consisting of air, land and water transportation system and support systems.
  • Financial services: consisting of financial markets, investments, statutory deposit requirements and cash flow systems.

Each of these elements would be constantly assessed as part of an ‘active analysis’ post-event BIA framework to determine the potential impact of loss or degradation to the enterprise and its networks. The above is an example and is not meant to be exhaustive. In the post-event environment you will have to be creative and you will have to be responsive.

Conclusion

When it comes to building your BIA program, focusing on survivability is the right approach, provided you have thoroughly done your homework and understand what survivability means to the organization. Post-event opacity will produce numerous situations that challenge survivability. Just looking in the rearview mirror of the traditional BIA can result in confusion, chaos and unintended consequences.

About the author
Geary Sikich is a seasoned risk management professional who advises private and public sector executives to develop risk buffering strategies to protect their asset base. With a M.Ed. in Counseling and Guidance, Geary's focus is human capital: what people think, who they are, what they need and how they communicate.

Geary is well-versed in contingency planning, risk management, human resource development, ‘war gaming,’ as well as competitive intelligence, issues analysis, global strategy and identification of transparent vulnerabilities.

A well-known author, Geary’s books and articles are readily available on Amazon, Barnes & Noble and the Internet.

Contact G.Sikich@att.net or gsikich@logicalmanagement.com.

MAKE A COMMENT

References

Apgar, David, Risk Intelligence – Learning to Manage What We Don’t Know, Harvard Business School Press, 2006.

Davis, Stanley M., Christopher Meyer, Blur: The Speed of Change in the Connected Economy, (1998).

Jones, Milo and Silberzahn, Philippe, Constructing Cassandra: Reframing Intelligence Failure at the CIA, 1947–2001, Stanford Security Studies (August 21, 2013) ISBN-10: 0804785805, ISBN-13: 978-0804785808

Kami, Michael J., “Trigger Points: how to make decisions three times faster,” 1988, McGraw-Hill, ISBN 0-07-033219-3

Klein, Gary, “Sources of Power: How People Make Decisions,” 1998, MIT Press, ISBN 13 978-0-262-11227-7

Sikich, Geary W., Graceful Degradation and Agile Restoration Synopsis, Disaster Resource Guide, 2002

Sikich, Geary W., "Integrated Business Continuity: Maintaining Resilience in Times of Uncertainty," PennWell Publishing, 2003

Sikich, Geary W., "Risk and Compliance: Are you driving the car while looking in the rearview mirror?” 2013

Sikich, Geary W., "Risk and the Limitations of Knowledge” 2014

Tainter, Joseph, “The Collapse of Complex Societies,” Cambridge University Press (March 30, 1990), ISBN-10: 052138673X, ISBN-13: 978-0521386739

Taleb, Nicholas Nassim, “The Black Swan: The Impact of the Highly Improbable,” 2007, Random House – ISBN 978-1-4000-6351-2, 2nd Edition 2010, Random House – ISBN 978-0-8129-7381-5

Taleb, Nicholas Nassim, Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets, 2005, Updated edition (October 14, 2008) Random House – ISBN-13: 978-1400067930

Taleb, N.N., “Common Errors in Interpreting the Ideas of The Black Swan and Associated Papers;” NYU Poly Institute October 18, 2009

Taleb, Nicholas Nassim, “Antifragile: Things that gain from disorder,” 2012, Random House – ISBN 978-1-4000-6782-4

•Date: 10th February 2014 • US/World •Type: Article • Topic: BC general

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

BCM software

BCM software

Phoenix

Business continuity software

The Business Continuity and Resiliency Journal