Business Impact Analysis and Risk Categories

When conducting Business Impact Analysis we need to answer following questions:

  1. What are critical business services?
  2. What is the order of priority of those critical business services?
  3. What is the impact of losing critical business services?
  4. How to protect those critical business services?
  5. What is the order of recovery?
  6. What is the timeframe of recovery?

Basically Business Impact Analysis classifies activities and resources needed to deliver crucial services.

It´s important to consider following factors when conducting Business Impact Analysis:

  • regulatory and contractual obligations,
  • strategic investments.

One might ask then what is the difference between Risk Assessment and Business Impact Analysis, right? Well… Risk Assessment is about threats, frequency and the impact. Whereas Business Impact is about impact and the path to recover.

RISK CATEGORIES

Inherent Risk – the level of risk that exists before any action or control is put in place to manage it. Ever present risk.

Residual Risk – the level of risk that remains after action or controls have been implemented.

Current Risk – the level of risk at the current moment, taking into account current effectiveness of controls.

Inherent risk is the risk at the start, before any controls.
Residual risk is the risk left after controls are applied.
Current risk is the risk right now, based on the current situation and effectiveness of controls.

Above I mention action or control taken to manage a risk. What is the difference?

Action:

  • Actions taken can be one-time or occasional measures.
  • Actions taken are often responses to specific risk events or assessments.
  • After noticing that a door lock is broken, you fix it to secure the door.

Control

  • Controls implemented are usually ongoing and continuously function to manage risk.
  • Controls implemented are part of an established system or procedure to prevent or mitigate risks regularly.
  • You install a new, high-security lock and establish a regular maintenance check to ensure all locks in the building are functioning properly.

Leave a Reply

Your email address will not be published.