What is a business impact analysis?

Reading time: about 7 min

Topics:

Ideation and planning

“It’s difficult to make predictions—especially about the future.”

This quotation has been attributed to a variety of people, including Danish physicist Neils Bohr, baseball legend Yogi Berra, writer Mark Twain, astrologer Nostradamus, and more. No matter who said it, the phrase rings true. It is hard to predict exactly what will happen in the future.

That includes the future of your business. It’s hard to anticipate when a disruption in business operations will occur. That’s why companies are wise to plan for inevitable disruptions and find ways to mitigate issues ahead of time.

Sometimes these interruptions are more predictable, such as seasonal business or moving to a new location. However, most business disruptions are the result of unplanned events like breakdowns in processes, bottlenecks in the supply chain, faulty equipment, and other unanticipated issues. So how do companies plan for the unknown?

Business impact analysis

What is a business impact analysis?

A business impact analysis (BIA) helps you to think about how the consequences of disruptions will impact your business. Considering worst-case scenarios helps you recognize and understand the financial and operational impacts that could come from disruptions. Creating a BIA helps you build a plan for coping with downtime and estimate how much time it will take to get up and running again.

A BIA is an important part of your business contingency plans because it can help you to determine your organization’s capability to continue with an acceptable level of product and services delivery following a disruptive incident.

We can’t keep issues from happening, but, this article will explain how the BIA process can help you to ease the pain and develop recovery strategies.

Business impact analysis vs. risk assessment

If you want your organization to be ISO-compliant when it comes to preparing for risks and disasters, a risk assessment (RA) and BIA are both necessary tools to help you identify and plan how you will handle disruptions.

While BIAs and RAs are linked to each other, understanding how they differ will give you a better idea of how they contribute to your business contingency plans.

What is a risk assessment?

A risk assessment is a process used to:

Identify risks and hazards that can potentially cause harm
Analyze and evaluate the risk associated with the hazard
Determine how to get rid of the hazard or reduce the chance of risk if the hazard can’t be eliminated

For example, operating a table saw without eye protection could result in pieces of wood getting into the operator’s eye (hazard identification). Pieces of wood in the eye could cause eye damage, requiring a visit to the doctor (risk analysis/evaluation). Proper training on how to use a table saw and wearing proper eye protection can help to control the risk of eye damage (risk control).

Risk assessment is also used to look at other types of risks such as bottlenecks in processes, equipment failure, network outages, and the financial and operational impact those risks will have on the business. This is similar to a BIA, but they have some key differences.

How do BIA and RA differ?

The main difference between a BIA and a RA is that a RA is more concerned with identifying all things that could possibly go wrong, how they could go wrong, and analyzing the likelihood that each will go wrong.

On the other hand, a BIA does not worry so much about how likely it is that a disruption will occur. Instead, it focuses on worst-case scenarios. In each scenario, a BIA can help you to determine which areas of business will be impacted the most and what the consequences might be, such as revenue loss, decreased customer confidence, low morale, decreased productivity, etc. In addition, a BIA helps you to determine how resolution time might bring greater impacts. .

You can go through the RA process without doing a BIA. But you can’t complete a BIA without an RA because part of the BIA process is identifying and assessing risks before you can determine worst-case scenarios.

Risk impact scale template (click on image to modify online)

Common impacts in a business impact analysis

Business impacts will differ from one business to the next. Here are a few you might see in your organization:

Broken contracts and the penalties that might come with them
Customer dissatisfaction
Increase in spending while getting up and running again (for example, overtime, consulting fees, new equipment purchases, etc.)
Lost sales and income
Fines associated with non-compliance with regulations
Repairs to physical damage
Supply chain interruption
Power outages
Corrupted or lost data

Steps for performing a business impact analysis

Here are some suggestions for going through the BIA process for your organization.

Preparation

You’ll need to put together a team to conduct your BIA; that may include consultants who are skilled in performing an impact analysis. This team will work with senior management to define and document the project’s objectives and scope. This document should also identify who will be involved and how information will be gathered and documented. You should also include a timeline that defines when the BIA will be completed.

Collect information

Information gathering could include interviewing subject matter experts, conducting surveys, analyzing previous projects that are similar to this one, and distributing BIA questionnaires.

If you do an interview, you should talk to managers, team members, supervisors, and other people who are knowledgeable about the business processes you want to analyze. If you choose to do a BIA questionnaire, make sure it has detailed questions that will get the information you need to assess the potential impact of a business disruption. The survey should be given to people who are expert in or have a good knowledge of the business processes you are looking at.

Be sure that you collect the following information:

Process name
Where the process is performed
All of the process inputs and outputs
Resources and tools used by the process
Who uses the process
Timing impacts
Financial and operational impacts
Regulatory, legal, and compliance impacts
Historical data

Review and analyze the information

Once you’ve collected enough information, it’s time to review and analyze it. The review and analysis will help you to:

Create a prioritized list of the processes and functions that are most important to your business operation continuity, so you can prioritize which processes to fix first after a disruption
Identify the resources (technical and human) that are needed to maintain an optimal level of operation
Establish a timeline for recovering processes

Before you finalize your prioritized list, be sure to review it with stakeholders and subject matter experts to make sure that you aren’t missing any information and that everything is prioritized correctly.

Create the BIA report

Your BIA report presents your results to stakeholders. The report will help your leadership teams decide how to proceed.

The BIA report should include:

An executive summary
The project’s objectives and scope
Methods you used to collect information and to evaluate and analyze the data
Detailed findings on each department of the business, including:
- Their most crucial processes
- The impact of disruption
- An acceptable amount of time that the disruption can last
- The level of losses that your business can tolerate
- How much recovery will cost
All supporting documents
Recommendations for recovery

How to get started creating a BIA

Check out the templates and tools available in Lucidspark—a virtual whiteboard that lets you collaborate on documents in real time from any location in the world and bring your ideas to life. You might want to try the impact effort matrix template in Lucidspark to help you to visually organize and prioritize tasks.

Want to learn more about how Lucidspark can help you with strategic planning?

Try the tool

About Lucid

Lucid Software is the leader in visual collaboration and work acceleration, helping teams see and build the future by turning ideas into reality. Its products include the Lucid Visual Collaboration Suite (Lucidchart and Lucidspark) and airfocus. The Lucid Visual Collaboration Suite, combined with powerful accelerators for cloud and process transformation, empowers organizations to streamline work, foster alignment, and drive business transformation at scale. airfocus, an AI-powered product management and roadmapping platform, extends these capabilities by helping teams prioritize work, define product strategy, and align execution with business goals. The most used work acceleration platform by the Fortune 500, Lucid's solutions are trusted by more than 100 million users across enterprises worldwide, including Google, GE, and NBC Universal. Lucid partners with leaders such as Google, Atlassian, and Microsoft, and has received numerous awards for its products, growth, and workplace culture.

How to write an executive summary (example of an executive summary + free template)
We’ll teach you how to write an executive summary and provide a foolproof template to remove the guesswork.
All about business process design
In this article, we’ll explore how to use business process design to make your entire business run more efficiently.

Bring your bright ideas to life.

By registering, you agree to our Terms of Service and you acknowledge that you have read and understand our Privacy Policy.