Executive Summary
The Business Impact Analysis is tailored to offer management with a report of the possible prospective impacts for each major system component of the business processes should they not be available for a while. After analyzing the results of the BIA for the Omega SAP system, the following is a summary of the analysis. This summary will highlight the priority of the present business functions. It will further show the possiblity for loss in the event of a disaster or sustained outage.
Business Functions Priority
The business processes supported by the system are six in number. They are:
- Cash flow management and Treasury function; monitoring cash flow, managing treasury and short-term funding
- Schedule and billing Information management; delegating the right people to clients, issuing client invoices in a timely manner
- Service Sales; Providing clients with the appropriate consultant/resources as quickly as possible
- Payments of Accounts payable; Paying dues, fees, and other financial obligations
- Payroll processing; Issuing employee paychecks on time
- Audit and compliance; SOX auditing and testing
According to the findings of the BIA the outage impacts can be categorized into three major segments for each of the identified business processes based on either cost or customer response towards the outage. Using these two criteria, we can classify the business processes in order of preference by considering the severity of the impacts of the outage on the business process.
Financial Impact Summary
The following is the priority order according to the amount of money the company loses for every 24 hours that the particular business component is not available, or at the event of an outage.
The findings above suggest that the Cash flow management and function should be the highest priority of the company. This is because, with every 24 hours of the service not being available, or in the event of an outage, the financial repercussions are severe. The company loses to the tune of $300,000 to $500,000 per day.
The classifications according to the findings are:
- Cash flow Management and treasury function – SEVERE
- Schedule & Billing Information Management - SEVERE
- Payments of Accounts Payable - MODERATE
- Service Sales - MINIMAL
- Audit Compliance - MINIMAL
- Payroll Processing - MINIMAL
As such, the business processes should be treated and handled with such urgency as the diagram depicts. The most urgent and sensitive gets the most and specialized attention to ensure quality of the service.
Customer Confidence Impact Summary
The following is a summary of the impact on customer’s confidence should any of the components of the business processes is not available or in the event of an outage.
The findings above suggest that in terms of impact on customer confidence, Schedule and Billing Information Management is the most potentially risky business process. This is because should the service not be available for an extended amount of time, or in the event of an outage, the customer will withdraw from the company’s services and even possibly resort to taking legal action against the company. This can be attributed to the sensitive nature of the information handled.
The classifications according to the findings are:
- Schedule & Billing Information Management – SEVERE
- Service Sales - MODERATE
- Payments of Accounts Payable - MINIMAL
- Audit Compliance - MINIMAL
- Payroll Processing – MINIMAL
- Cash flow Management and treasury function – MINIMAL
Networking and Systems Administration Summary and Recommendations
The management of the company systems and network causes an element of worry.
- Access to any site LAN should be restricted such that access to any site LAN does not automatically grant access to the entire WAN. A breach in the Salem office could pose risk to the other satellite offices, with the possibility of an outage.
- A common user policy should be created to ensure that there is a regular analysis of accounts, their authenticity, their level clearance and their purpose. This should be managed by one office’s system engineer and not independently by each office’s engineer.
- A formal backup and recovery policy should be implemented at all of the sites. A centralized, unified and uniform backup should be created. Such an opportunity could be using cloud computing to achieve this.
- An automated anti-virus update feature should be installed or activated on all sites.
- All Firewall logs, host packet analysis, application logs, event and error logs should be documented and presented to the relevant engineers at the end of each day.
Environmental Risk
Because three of the office sites are located in natural disaster potent areas, the company has taken measures to mitigate the extent of loss experienced at the event of these disasters occurring. The insurance policies taken out to cover the losses expected to be incurred during the event of these disasters is a wise step, however it is still not sufficient. While moving seems to be near impossible due to the client base already created, the option of cloud computing would ensure safety of all of the client’s information. This will significantly reduce the recovery response time greatly.
Conclusion
The company needs to implement major changes in management of the network and systems to ensure that the outage does not occur again. Further use of available and affordable technology such as cloud computing would greatly enhance security of data.
Bibliography
Cardoza, B. (2007). Building a business impact analysis (BIA) process: A hands-on blueprint. Tulsa, Okla.: K & M Publishers, Inc.
Hiles, A. (2002). Enterprise risk assessment and business impact analysis: Best practices. Brookfield, Conn: Rothstein Associates.
Roebuck, K. (2011). Business impact analysis: High-impact strategies - what you need to know. S.l.: Emereo Pty Ltd.