Business Impact Assessment

BIA Template BIA Instructions Guidance for completing the Business Impact Assessment (BIA) The following information should be considered when completing the BIA template: 1 2 Please do not adjust the formatting of any cells, as validation and formatting restrictions have been implemented. This extends to ensuring no columns are inserted into the BIA The 'Blue questions' require a response while the 'yellow questions' are automatically calculated based on prior responses. The Yellow fields will automatically update with ratings, please do not over write these calculations. The key activities should form part of a key process within your area. To help keep this as clear as possible please ensure that you use a new worksheet for each of the key processes. Please ensure that for an event which can cause the activity to Fail are separately recorded on individual rows When responding to 'Severity' and 'Likelihood /Occurrence' questions, refer to the 'Risk Ratings' worksheet attached at the end of the template for the relevant values. Each row is required to have values entered. Answer all descriptive questions as concisely as possible. Where a response is not known, please respond by saying 'unknown'. 3 4 5 6 BIA Template {Business Process} BIA Business Unit: Project Sponsor Business Impact Assessment Key Activities Dependencies Critical Time Periods Response Prepared By: Response Date: Potential Failure Events Severity 4/26/2004 Likelihood / Occurrence Current controls Impact to Organisation Maximum Tolerable Outage (hrs) Residual Risk Business Priority Reputation If the business activity cannot be performed the ability to maintain corporate image will be adversely affected. Legal obligations Legal / regulatory requirements would not be met if the activity could not be performed 4 hours 1 Day 1 Week 4 hours 1 Day 1 week 4 hours 1 Day 1 week 4 hours 1 Day 1 week 0 0 0 0 0 0 0 0 2 of 4 = Severity x Occurrence IT - Servers IT - Applications Plant Machinery Other Financial What is the expected financial loss ($) if the activity could not be performed? Consider revenue, public relations, consultant fees etc Calculated based on Residual risk score Briefly describe the main activities within this business process (one activity per row) What are the key activity dependencies? Please be specific Resources (FTE's) Other Activities Locations / Site What are the most critical time Describe how the activity is able to fail (one instance per Please rate the What controls are currently in place to prevent / What is the periods for the business activity? (i.e. row) impact severity on mitigate the event from occurring? likelihood / Daily, End of Week, Month-end, customer service frequency Quarter-end, Year-end, Other) if the that the event may activity was occur? unable to be (refer to 'Risk undertaken? Ratings') (refer to 'Risk Ratings') Please specify the impact to organisation if the activity could not be undertaken Intangible Please rank the impacts (0 - 5, where 0 = no impact, 5 = catastrophic impact) that will occur if each business activity is interrupted for the time periods stated below What is the maximum timeframe that the business process could be Customer Service Operational Efficiency suspended in the Customer service would be impacted if the Operating efficiency of the event of a business activity was not available during a business activity would be disaster? (max of disaster. Where possible, identify in the impacted if the activity could not 1 week = 168 space below those entities which will be be performed following a disaster. hours) affected the most. BIA Template Risk Ratings RATING SEVERITY 1 Customer will not notice the adverse effect on customer services 2 Delay in operations, however customer services will not be impacted 3 Moderate delay in ability to provide customer service within required timeframes 4 Long delay in customer services being able to be provided within required timeframes and contractual penalties may apply. Impacts the ability to retain customer. 5 Significant customer dissatisfaction and contractual penalties would/have been applied. Likely to result in loss of customer Risk Profile Insignificant - No delay, low financial loss, no impact on business processes Minor - Minimal delay, medium financial loss, minor impact on business processes Moderate - delay in critical path, high financial loss, medium impact on business processes Major - Major delay in critical path, major financial loss, medium impact on critical business processes LIKELIHOOD OF OCCURRENCE Likelihood of occurrence is remote. Approx 1 time in 2-3 years Occasional failure rate. Approx 1-2 occurrences in 18 months Relatively moderate failures rate. Approx 3-4 occurrences in 12 months Relatively high failure rate. Approx 5- 6 failure occurrences in 12 months Risk Profile Rare - May occur only in exception circumstances Unlikely - Could occur at some time Possible - Might occur at some time Likely - will probably occur in most circumstances Catasrophic - Project cannot deliver, huge financial loss, major impact on critical business process Significantly high failure rate. Greater than 6 times in 12 months Almost Certain - is expected to occur in most circumstances ISO RISK MATRIX Insignificant 1 H M L L L Minor 2 H H M L L SEVERITY Moderate 3 H H H M M Major 4 E E E H H Catastrophic 5 E E E E H LIKELIHOOD Almost Certain Likely Possible Unlikely Rare Level 5 4 3 2 1 E H M L E H M L 7 9 4 5 Extreme risk, immediate action required High risk, senior management attention needed Moderate Risk, management responsibility must be specified Low risk, manage by routine procedures PMP RISK MANAGEMENT CLASSIFICATIONS Probability High Medium Low M L A Low H M L Medium Impact E H M High E H M L A Mapping Options Option 1 LIKELIHOOD Level 5 4 3 2 1 H H M M L Action Immediately Action after all HH are completed Delegate and Monitor closely Delegate Monitor 1 L M M L L A 2 M H H M M L impact 3 M H H M M L 4 H E E H H M 5 H E E H H M E H M L A 4 8 8 4 1 Option 2 LIKELIHOOD Level 5 4 3 2 1 Option 3 LIKELIHOOD Level 5 4 3 2 1 H H M L L 1 L M M L A A 2 L M M L A A impact 3 M H M M L L 4 H E E H M M 5 H E E H M M H M M L L 1 L M L L A A 2 L M L L A A impact 3 M H M M L L 4 M H M M L L 5 H E H H M M E H M L A 1 4 8 8 4 E H M L A 4 4 9 4 4