The OGO Blog

What Is a Business Impact Analysis and Why Does My Credit Union Need One?

What is a BIA?

Whether because of common sense or because of regulation, your credit union needs to be prepared for the worst. So, how do you start preparing for the worst? With a business impact analysis.

In this blog, we’ll give a brief overview of what a business impact analysis is. We’ll discuss the different components of a business impact analysis, what it’s used for, and why your credit union needs one.

What Is a Business Impact Analysis?

In a very real sense, a business impact analysis is the
basis or foundation of all your planning. What kind of planning? Business continuity planning and disaster recovery planning.

And, if you’re weird or very meticulous, maybe also office party planning. Maybe.


A business impact analysis is a high-level overview of your business processes. (In this instance, business processes are the things you do on a day-to-day, week-to-week, routine basis.) Business impact analyses analyze those processes to see any of the following:

  • Which processes can be disrupted?
  • Which are most likely to be disrupted?
  • Which are dependent on one another?
  • Which are affected by one another?
  • How would disrupted processes affect any given business department?
  • How would disruption affect members?
  • What other consequences might there be?
    • Increased risk of fraud?
    • Legal exposure?

The most important question that a credit union’s business impact analysis addresses though is this:

If a business process were unavailable or interrupted, at what point would it have a severe impact on your credit union?

What Are Some Other Components of Credit Union Business Impact Analyses?

Business impact analyses seek to gather information about these subjects. If the information is thorough, then a credit union should have a clear picture of which systems and processes are most critical, which are important, and which are not so important.

A good business impact analysis will prioritize recovery for any systems and processes that are most critical to operations.

And, speaking of recovery, a business impact analysis will also provide recovery time objectives (RTOs) for each process. This recovery time is the target window by which a process must be recovered for an end user.

A business impact analysis should also include recovery point objectives (RPOs), which determine how much—or to what point—a process
must be recovered.

Both RTOs and RPOs are necessary components of credit union business impact analyses. Without them, business continuity plans and disaster
recovery efforts might not be effective.

How Should Credit Unions Use Business Impact Analyses?

A good business impact analysis informs a credit union’s business continuity plan and disaster recovery plan.

The business continuity plan relies on the information provided in the business impact analysis to inform which systems and processes must be
restored first. It also provides insight as to why certain processes are critical, how to fix them, and who might need to get involved.

Disaster recovery is similarly informed, and any disaster recovery efforts take their cue from the information outlined in the business impact analysis. That analysis ensures that any interruptions to a credit union can be quickly and efficiently dealt with!

(Want to know more about business continuity planning vs disaster recovery? Click that link!)

Additional Reading

Would you like to stay abreast of industry information about how to keep your credit union safe, secure, and shipshape? Just follow our blog!

Or, if you’d like to read more about credit union business impact analysis, disaster recovery, or business continuity planning, follow the links below.

Business Continuity Planning (BCP) and Business Impact Analysis (BIA)

10 Common Mistakes Made When Developing Your Credit Union Business Impact Analysis