The OGO Blog

What is a BIA, Business Impact Analysis?

As you look at your Business Continuity and Disaster Recovery Planning efforts, start at the core. Include all departments and functional areas in the Business Impact Analysis. Each of them outlines processes and functions within the area and ranks them according to criticality. The report describes potential risks, financial impact and outlines criticality of business processes helping determine needs/requirements to sustain the business even in a disastrous timeframe. Based on the outcome of this analysis, departments are able to focus on those areas in which documentation, cross training and additional planning are needed. Single Points of Failure can be identified and plans for resolution created. Data for the analysis is collected in a Workshop Environment with participants providing the following information:

Key Information to Gather

  1. Can the process be performed manually?
  2. Timeframe for severe impact to the Credit Union
  3. At what point will the member be impacted by the disruption?
  4. At what point will the member begin to lose confidence in the Credit Union?
  5. At what point with the Credit Union be at risk for increased fraud?
  6. Recovery Time Objective (RTO) – the period of time within which systems, applications or functions must be recovered after an outage.
  7. Recovery Point Objective (RPO) – the maximum amount of data loss an organization can sustain during an event (0 hours means that only the transaction in progress at time of the disaster could be lost)
  8. Systems and equipment needed to support the process

Processes are then ranked

A) Critical – Processes that MUST be online within a single day
B) Vital – Processes that can be restored tomorrow
C) Important – Processes that can take up to 3 days
D) Non-essential – Processes that can be a week or more

**Something to keep in mind – your business is constantly changing. Updating these changes in your BIA data is important. We help focus those efforts and update your reports on at least a bi-annual basis. This ensures you are meeting FFIEC requirements for the report.

Credit Union Pointers

Credit Unions generally have between 75 and 150 different business processes and should include at a minimum the following:

  • ACH (Payroll)
  • Sharedrafts
  • Online Banking
  • Consumer Lending
  • Mortgage Lending
  • ATM Processing
  • Debit Processing
  • Credit Card Processing

Do you wonder about the next step to take after creating your business impact analysis? Does your management team or board not believe the financial impact based on your data? If you are looking to the answers to these or other questions related to Business Impact Analysis please contact us at info@ongoingoperations.com or by filling out this form on our contact us page.