Home
Corporate finance Private equity
Business plan
Internal Audit I. Audit basics
I. Audit dept
I. Audit process
Enterprise Risk Mgt What is ERM?
Why risk mgt ?
Risk assessment
Free Downloads IFRS
IAS
Best Practice Business budgets
Capital structure
Capital budgeting
Cash flow mgt
How to notes Personal finance
Financial mindsets
Business Continuity BCM basics
Mgt support
Recovery strategy
Continuity plan
Continuity training
Walk with us Contact us
Your mail
The blog
Link to us
Amazon products
About us

Subscribe To This Site
XML RSS
Add to Google
Add to My Yahoo!
Add to My MSN
Subscribe with Bloglines

Business continuity justifications

There are many business continuity justifications that can be used to buy in stakeholders in setting up business continuity program. In the absence of regulatory requirements, audit findings or specific customer demands can be useful.

However, the best method to sell management on the need for a business continuity program is using the results from a risk assessment and Business Impact Analysis (BIA).

The risk assessment is the process of identifying the continuity-related risks to an organization through a review of the business environment, an evaluation of the probabilities of certain events and a review of risk mitigation controls design and operation.

The BIA is the careful study of an organization’s individual business processes and support functions, as well as the system of business processes in its entirety, to better understand objectives regarding continuity of operations. The key tasks that make up a BIA include:

• Estimating the financial impact of downtime by calculating the quantifiable loss potential
• Measuring the less tangible impacts of downtime
• Identifying process interdependencies
• Estimating the impact of a business interruption on stakeholder perception, and process timing
• Defining recovery time objectives for business processes and applications, as well as application-specific recovery point objectives
• Establishing a level of capability at the recovery time objective

The conclusions drawn by the risk assessment and BIA, together with the corresponding recommendations,are bolstered through industry benchmarking data regarding program scope, recovery objectives, spending and strategies.

The organization’s insurance carrier also may be able to provide information regarding business interruption premium savings offered by a tested business continuity program, as well as insightregarding Director and Officer (D&O) Liability insurance.

The last component of the executive management sales message is the cost-benefit analysis. The cost is the funding and resources necessary to add resiliency and recoverability to the existing business and technology environment, whereas the benefit is impact avoidance.

The process described above is often executed as a special project, although an emerging trend is to execute the risk assessment/BIA as an internal audit sponsored project.

The Institute of Internal Auditors, or The IIA, has issued Practice Advisory 2110-2 stating that internal auditors can play a direct role in the organization’s planning, to include the risk assessment, without compromising independence.


Business continuity justifications go beyond ordinary risk management


Business-Competence.com

The Business Resource
Enter your E-mail Address

Enter your First Name (optional)

Then

Don't worry -- your e-mail address is totally secure.
I promise to use it only to send you Newsletter.

Custom Search

Heard it on the street New!

Get Business Competence Blog delivered by email

Share your experience by writing a page on this website