- 483 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Practitioner's Guide to Business Impact Analysis
About this book
This book illustrates the importance of business impact analysis, which covers risk assessment, and moves towards better understanding of the business environment, industry specific compliance, legal and regulatory landscape and the need for business continuity. The book provides charts, checklists and flow diagrams that give the roadmap to collect, collate and analyze data, and give enterprise management the entire mapping for controls that comprehensively covers all compliance that the enterprise is subject to have. The book helps professionals build a control framework tailored for an enterprise that covers best practices and relevant standards applicable to the enterprise.
- Presents a practical approach to assessing security, performance and business continuity needs of the enterprise
- Helps readers understand common objectives for audit, compliance, internal/external audit and assurance.
- Demonstrates how to build a customized controls framework that fulfills common audit criteria, business resilience needs and internal monitoring for effectiveness of controls
- Presents an Integrated Audit approach to fulfill all compliance requirements
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Practitioner's Guide to Business Impact Analysis by Priti Sikdar in PDF and/or ePUB format, as well as other popular books in Business & Auditing. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1
Understanding Organizational Context
Practitioners are versatile; they are conversant with a large number of organizations having varied technological environments, different management structures, and diverse geographical expanses. Business environment is increasingly becoming complex; new styles of business are emerging; and e-commerce is coming up in a big way that affects styles of managing business and marketing of products.
Conducting a business impact analysis (BIA) for an organization makes it imperative for a practitioner to understand the business and the manifold dependencies and relationships and to study the enterprise as an extended enterprise (Figure 1.1).
The Internet provides a good means of obtaining information about organizations, which includes news stories, articles, and financial data published by organizations. Increasing velocity of data makes mining of information really difficult!
Business environment is dynamic and is constantly evolving to realize benefits through optimizing the resources. Every organization aims at carrying on business perpetually and being able to serve its customers almost on a 24/7 basis. We live in customer-centric markets operating in different time zones, and it is critical to keep our systems up and running to meet the requirements of all stakeholders.
A preclude to business impact analysis is understanding the organizational context. Some of the trends impacting the business landscape include globalization, electronic commerce, enterprise resource planning, outsourcing business operations, and increasing legal and regulatory norms and crossborder laws for international businesses. In understanding the organizational context, it is important to consider external vendors, business partners, regulatory bodies, and customers as a part of “Extended Enterprise.”
Figure 1.1 Extended enterprise.
Where to Begin?
When a practitioner gets introduced to a new organization for BIA, he or she will first exercise his or her energies in getting information about the business organization from industry publications, company web site, and published information to get a first-hand idea of the size, geographical expanse, and management of the organization.
Use of Work Breakdown Structure (WBS)
In large multinational organizations, there are multiple products and many diverse processes; some are linked and some are independent. The presence of huge workflows in different geographical and global locations makes the determination of the impact on these business processes indeed a challenge! Understanding business processes is important in studying the organizational context. Hence a work breakdown structure will be useful.
A work breakdown structure is a key project deliverable that organizes the team’s work into manageable sections. It can be applied in breaking complex organizational structures into manageable sections and in studying complex processes (Figure 1.2).
A business continuity management process is considered as a project and will follow the same principles as followed under project management. The Project Management Body of Knowledge (PMBOK) defines the work breakdown structure as a “deliverable oriented hierarchical decomposition of the work to be executed by the project team.”* In this process, complex business functions are broken down into activities and subactivities in order to better comprehend each part and its relevant importance to the overall business function (Figure 1.3).
Figure 1.2 Work breakdown structure (WBS).
Figure 1.3 Factoring of processes.
The culture and management philosophy gets reflected in the vision, mission, policies, and procedures adopted by the organization. As-is documentation is a big tool while attempting an organization-wide exercise. Our best assumption is that we are doing the BIA at the behest of top management, and the intent of top management can be easily read in existing vision, mission, and policy documentation (Figure 1.4).
Figure 1.4 Understanding mission, vision, and policies.
Generally, the objects clause present in the Memorandum of Association (company formation documents) of the company designates the boundary of business that may be conducted by the organization. Vision and mission statements throw light on the long-term proposed planning and management foresight in relation to the business. The team leader (TL) will be able to grasp the tone at the top and plan his or her activities accordingly.
A mission statement expresses the organization’s purpose in a manner that solicits support and continuous commitment. It lays a basis to set the tone of the company and to outline its concrete goals.
Let us have a few examples of published mission/vision statements:
1. Nike: “To bring inspiration and innovation to every athlete in the world.”
2. Starbucks: “To inspire and nurture the human spirit—one person, one cup, and one neighbourhood at a time.”
3. eBay: “Provide a global trading platform where practically anyone can trade practically anything.”
4. Oxfam: “A just world without poverty.”
Vision statements on the other hand are short one liners that outline the primary goals of the company. When you go through the vision, mission, and objectives, it will answer a few vital questions:
1. What are the opportunities and needs that the organization wants to address?
2. What is the current business of the organization? Does it address the needs outlined in the mission statement? In the case of Starbucks, it is to have a coffee chain in every neighborhood.
3. How does the organization address change in the mission or vision as originally drafted?
4. What levels of service are being provided?
5. What are the underlying principles that guide the business? In the case of Nike, it is to cater to the needs of athletes. In case of Oxfam, a nonprofit-making organization, it is striving to fight poverty.
A statement should express the organization’s purpose in a way that inspires support and ongoing commitment. It is up to the mission statement to set the tone of the company and to outline concrete goals. A good mission gives employees something to bind them together in terms of common goals and, at the same time, helps brand building to influence public perception of the enterprise.
The TL who initiates the business impact analysis determines whether the mission and vision are duly exhibited and communicated to all key stakeholders: management, staff, suppliers, partners, customers, and outsourced vendors. According to a recent study conducted by Harvard Business Review, up to 70% of employees do not understand their company’s strategy. Communicating the mission/vision can serve to guide employees/executives in taking day-to-day decisions. A comparison chart shown in Table 1.1 depicts the significance of the mission and vision projected by the enterprise and throws light on why it is advantageous to start with examining them when performing a BIA.
Table 1.1 Queries on Vision-Mission Statements
Vision Statement | Questions Addressed by Vision Statement | Mission Statement | Questions Addressed by Mission Statement |
Denotes purpose and value of business | Where do you want to be? | States primary objectives for customer needs and corporate values | How do you want to get where you want to be? |
It is futuristic | It helps answer the question why you are working here | It talks of present leading to future, it can form the base for long-term planning | Where do we aspire to be say in the next five years? |
It influences how the world views your organization, it is image building | It helps prospective customers to decide whether they will like to do business with you | It gives direction to middle management and employees to carry on day-to-day activities of business | Why do we do things? What for and for whom? |
Policies are high-level statements; they are directive controls formulated by top management. Resultant procedures are an outline of boundaries, giving clear rules of authority and delegation of responsibility and accountability. For instance, a policy can be as follows: “The entire office area on first and second floors will remain a nonsmoking zone.” Workplace policies deal with operational practices and ongoing management and administration. It removes doubts and misunderstanding in respect of work and provides transparency and consistency at work.
Organization may have different types of policies. It may include the following:
1. Code of conduct policy for employees
2. Communication policy
3. Health and safety policy
4. Staff recruitment policy
5. Termination of employment policy
6. Nondisclosure policy, which may include employees signing a Nondisclosure Agreement (NDA) at the time of joining the organization
7. IT security policy, e-mail policy, social media policy, and so on
Please note the above is not a comprehensive list. Organizations may make policies for the following two reasons:
1. Necessitated by legislative or regulatory requirement. For instance, in many countries, BCM is mandated by regulators, and hence organizations need to have the BCM policy and procedures in place.
2. Policies for running the administration of the company and forming a framework for business planning.
Policy is a top-down control, and all procedures in line with these policies will be strictly adhered to and will be interwoven into the work culture of th...
Table of contents
- Cover
- Half Title
- Title Page
- Copyright Page
- Dedication
- Table of Contents
- Foreword
- Preface
- About the Author
- 1 Understanding Organizational Context
- 2 Business Impact Analysis
- 3 Risk Assessment and Reporting
- 4 Business Impact Analysis Reporting and Commitment of Resources
- 5 BCM Strategy and Plans
- 6 Information Technology Is All Pervasive in an Organization
- 7 Business Continuity Tests and Exercises
- 8 Aligning IT with Business Requirement
- 9 Comparative Analysis of Requirements for Common Standards/ Compliances
- Appendix: Annexures, Templates, Questionnaires, BIA and RA Forms, Graphs, and Illustrations
- Index