Before he became the 34th President of the United States, General Dwight D. Eisenhower served as Supreme Commander of the Allied forces in Europe during World War II. He may have known a thing or two about risk in that role. But Eisenhower was not a man to lay out a plan and then let it collect dust on a shelf. He found that the act of planning in itself was the true value of the exercise.
In Part 2 of our Business Continuity Planing series, we take a look at the critical steps needed to ensure a responsible approach to developing plans and measures to combat business interruptions. No matter the cause, there is a systematic way to analyze, prepare and respond to any threat to make sure your business survives.
So let's get going...
Step 2 - Business Impact Analysis
In this step, you will take the potential risks identified in Step 1 and work to predict the consequences of disruption to a business function and gather information needed to develop recovery strategies. You will then review this information to determine financial impact and formulate a Business Continuity Plan.
Taking the potential risks identified earlier, evaluate what the potential effects on business operations would be if those risks were realized. These would be things like Financial, Life/Safety, Regulatory, Legal/Contractual, Reputation and so forth. Then they should be quantified in terms of lost productivity, system downtime, inaccessibility, etc.
Assess Financial Impact
Based on the previous actions, you now know what the probable risks are and what the business impact would likely be. In this activity, you will use our Business Impact Analysis Worksheet (downloadable HERE) to estimate the financial impact of these events. The value of this activity is in awareness and prioritization. Using this information to communicate to the business what the financial exposure is helps to justify the time and resources needed to prepare. This information can also be used to prioritize which of the risks should be focused on first based on the magnitude of impact.
Now you want to formally document the risk, exposure and financial impact and use the documentation for internal conversations about the true nature of business risk, areas of exposure and the quantified impact of emergency events. These conversations provide a basis for decisions and actions moving forward.
The Business Continuity Plan (BCP) is the documentation of the strategy to mitigate and respond to the threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster. The plan itself is the culmination of all the previous work and serves to define potential risks, determine how those risks will affect operations, guide the implementation of safeguards and procedures designed to mitigate those risks, testing those procedures to ensure that they work, and periodically reviewing the plan to make sure that it is relevant.
Use our Business Impact Analysis Worksheet (downloadable HERE) to evaluate each of the threats to your organization.
Just as Eisenhower believed that the act of planning in itself was the true value of the exercise, through these activities you, too, will discover the value of the planning actions and see how they reveal a more complete view of your organization, and more importantly, how you can protect it.
For more information on securing the future of your business, contact me directly at: firstname.lastname@example.org