SlideShare a Scribd company logo

ISSC490_Project_John_Intindolo

Download as DOCX, PDF
John Intindolo
John Intindolo
1 of 15
Running head: BUSINESS IMPACT ANALYSIS 1 Business Impact Analysis John Intindolo August 30, 2014 ISSC490- Business Continuity Dr. Ronald Booth American Public University
BUSINESS IMPACT ANALYSIS 2 A Business impact analysis is perhaps the most significant opening research segment of business continuity planning. It is where questions are formulated, the lists of individuals desired to be interviewed are arranged, interviews are conducted, and the results of said interviews are then thoroughly analyzed. The significance of those results is to help an organization identify the areas of the business that are the most critical, and the impact that a loss of those areas would have on the organization financially. The BIA performed ranges depending on both the size of the organization and what sector the organization falls under. A BIA for a small to medium sized business will differ from a large consulting firm for example. Additionally, a BIA in the Private Sector will differ than one performed in the Public Sector. Regardless of the size or sector of the organization there are options such as BIA companies who will perform a BIA for the organization, or having a BIA team on the company payroll who will use software tools, and decide the best practices for a successful BIA. A successful BIA is one that enables the organization to effectively recover its business operations no matter what the circumstance may be. Furthermore, it will help to identify both direct (such as the immediate cost of a disruption in service) and indirect (such as the loss of customer goodwill and the cost associated with restoring it) costs. Then once the BIA has been performed, analyzed, and the shown to the executives of the company what the financial impact of losing a critical component of the company is, they can see why it is reasonable to spend more money on preventing a disruption. Since a BIA is a part, and perhaps the most important part, of business continuity planning it is a good idea to first have knowledge of BCP, its history, and the regulatory compliance associated with it. BCP was at one time merely a method for operations managers to simply protect an organization’s data, but over the years it has evolved to become a comprehensive approach to
BUSINESS IMPACT ANALYSIS 3 ensure that critical business functions remain available in the event of a disaster. After the 9/11 attacks, the Federal Reserve Board, U.S. Securities and Exchange Commission, and Office of the Comptroller or the Currency (OCC) developed the Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, which required all financial institutions to upgrade their DRP/BCP and allowed the OCC to take punitive actions against financial institutions that were non-compliant (Thomasson, 2014). Some of the improvements included annual testing of their BCP, a Recovery Time Objective (RTO), and a Recovery Point Objective (RPO). RTO defines the maximum time that a process will remain down, while the RPO details what is an acceptable restore point. The surge in business continuity regulations and standards after 9/11 did not only apply to financial institutions however. Prior to 9/11 hospitals did not have well- thought-out disaster plans implemented, and were ill-equipped to suitably respond to large-scale events. In order to improve upon hospitals’ response capabilities, President Bush developed the Hospital Preparedness Program or HPP in 2002 (Hartwell, 2012). Some of the improvements made include preparing for surge capacity, working with other local agencies, preparedness for chemical/bioterrorist attacks, making different systems and areas of hospitals collaborate in communications, training and practicing drills with first respondents, and re-evaluating the standards of care. Some of the other major regulatory standards that have been updated are the Sarbanes-Oxley Act of 2002 (SOX), National Institute of Standards and Technology (NIST) Special Publications, and the Control Objectives for Information and related Technology (COBIT). SOX is applied to publicly traded companies and is meant to protect investors from financial fraud, while NIST SP 800-37 is a standard published by the U.S. government specifically for computer systems that they
BUSINESS IMPACT ANALYSIS 4 own or operate (Wallace & Webber, 2011, pp. 481, 239). COBIT is a list of best practices for IT management, and can help to develop appropriate IT governance and control within an organization. Noncompliance may result in fines and/or legal fees. It is the responsibility of the organization to comply with the laws and regulations and not the enforcement agency, therefore it is important to make inquiries if unsure of any laws. Now that the history of BCP and regulatory compliance has been discussed, it is time to move on to the topic of a Business Impact Analysis. The BIA “predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies”, and in doing so allows the higher ups in the organization to determine how much money will be invested in recovery strategies, disaster prevention, and mitigation strategies (“Business impact analysis,” 2014). It will show what the critical business operations (that must be functional to maintain business continuity) are, the cost associated with keeping them functional, and the priority level of maintaining their functionality based upon their cost. In other words, if a disruption of service will be high, then it makes sense to put more resources into preventing the outage from occurring. When speaking of a BIA there are several terms that need to be understood and play a key role. First is the maximum acceptable outage or MAO which is defined as the amount of time that is able to pass before a disruption in service becomes intolerable (“Plain english iso,” 2014). Therefore, if the MAO is two hours, that means that a failed systems needs to be restored within two hours before it affects normal business operations. Two other important terms of a BIA are RPO and RTO which were both discussed earlier. The RPO describes what needs to be done in order to restore a system following a disruption. The RPO must fall within the MAO timeframe in
BUSINESS IMPACT ANALYSIS 5 order to maintain business continuity. Meanwhile, the RTO describes the amount of time it takes to recover from a disruption, and once again must be within the MAO. The last two terms of focus are critical business functions (CBFs) and critical success factors (CSFs). CBFs are any functions that are vital to the organization that upon failing will cause essential operations to cease, and CSFs are anything that is necessary to maintain business continuity (Gibson, 2010, p. 311). If for instance, a Verizon Wireless Sales department was down due to a power outage, then they would be unable to sell to their customers. Therefore, the Verizon Wireless Sales department can be considered a CBF of Verizon Wireless. An example of a CSF would be a company’s network infrastructure, because if it fails so will all other business functions. So what are the benefits of a BIA? The next area of a BIA to be discussed is the benefits and importance of a BIA. A BIA can provide many benefits to an organization some which have already been discussed previously. Some of those benefits include the following: identifying and prioritizing the most critical business functions that are in need of protection, determining the impact of a loss of a critical function and its associated costs, determining the MTO, RTO, and RPO of critical business functions, and recognizing the critical resources required for the operation of business functions. For example, the people or equipment that operates them. The significance of conducting a BIA varies as well. One way that a successful BIA can show its importance is that it illustrates to executive management where the organization is vulnerable. Additionally, a disruption of a system or function can negatively impact an organization monetarily; therefore, a BIA is important because it can help to mitigate these disruptions. These disruptions can have both a tangible and an intangible effect on the organization’s financial well-being. The following
BUSINESS IMPACT ANALYSIS 6 is a list of tangible items that could negatively impact the business fiscally: loss of revenue because items cannot be shipped or services are unable to be delivered, penalties imposed by customers because they are late or lost, and legal penalties for noncompliance of government regulations (Shannon, 2010, p. 18). Intangible losses include: loss of customer goodwill, damage to the organization’s image, and reduced assurance that the organization is a dependable merchant. The next area of focus is conducting a BIA. Performing a BIA is not a simple manner, and requires a well-thought out and executed plan (that stands as its own assignment within the overall disaster recovery plan) in order to be deemed a success. The very first step in a BIA is to appoint a sponsor. The sponsor should be an executive within the organization because the BIA will deal with every aspect of the organization. Having an executive sponsor will help to ensure the BIA’s success and will get other departments within the organization to cooperate as well as place a priority on the BIA (Hogan, 2014). The role of the sponsor is to select the project manager, ensure communication between other departments of the BIA’s importance of participation, address any inquiries about the BIA, and to approve the BIA report to be submitted to the higher ups within the organization. The project manager of the BIA is going to be the centerpiece of the entire BIA. This person will be the moderator for all discussion amongst the different department heads about the actual value of each department to the organization. This can sometimes be a highly contested debate between department heads as to which department has a greater value to the company. Furthermore, it is the project manager’s responsibility to assemble a BIA Team, and create a formal plan for the project (that outlines the duties of the individuals within the BIA team). If choosing a project manager from within the organization that person has the advantage of knowing the inner
BUSINESS IMPACT ANALYSIS 7 workings of the organizational structure, but could also be swayed by in-house relations that they may have with department heads. Choosing a person from outside of the organization will keep that from being an issue, but also exposes any possible company issues to a third party. Once a project manager has been chosen they will begin to form a BIA team. The BIA team is consisted of several business analysts who will report directly to the project manager. Once the BIA team has been created, the process of BIA data collection may begin. Finding out the most vital functions within an organization can differ depending on who is being asked; therefore, having every department head within the organizational (based on the organizational flow chart) take a questionnaire that will help to put a quantifiable value on each function’s financial and legal impact to the organization. The data collection process is performed in the following manner: identify who will be given the questionnaire, develop the questionnaire to collect data from each department, provide training on how to properly respond to the questionnaire, follow up with each department to ensure the questionnaire has been completed in a timely fashion, review unclear or incomplete responses with those given the questionnaire, conduct review meetings with each department to discuss their responses, and finally compile and summarize the BIA data so that they may be reviewed by the various executives within the organization (Wallace & Webber, 2011, p. 27). Once the data is collected, each process is assessed for how critical they are to the organization’s ability to maintain business operations. This is also where the Maximum Acceptable Outage, Recovery Time Objective, and Recovery Point Objective are all determined. The process of a BIA varies depending on the size of the business. When dealing with a small to medium-sized business versus a large business the biggest variant between the two is the frequency of exercising
BUSINESS IMPACT ANALYSIS 8 and reviewing business continuity management. In a larger business that sees a high rate of change the exercising will be more frequent, for example. The following four exercises will help to ensure that the organization has a reliable and proven to work BCP: testing different elements of the plan, discussion based exercises for training purposes and to validate a new plan, table-top exercise to validate plans and rehearse the BCP with key staff, and live exercise such as a fire evacuation (“Business continuity management,” n.d.). What about the difference between the private sector and public sector? All organizations no matter what sector they fall under are at risk of an incident causing a disruption in service. A disruption could be simply a small inconvenience that only lasts for a short period of time, or it could something massive enough to bring the organization crumbling down altogether. The differences between the public sector and private sector vary depending on the situation. For instance, in accounting in the private sector, financial managers and accountants must comply with the Generally Accepted Accounting Principles (GAAP) methodology for accounting, while in the public sector financial managers may use these methods, but are not necessarily bound by accrual accounting methods (Lewis, 2014). Additionally, when it comes to profits those in the private sector are motivated to maintain a bottom line while the public sector is more concerned with completing tasks and not maintaining a specific margin of profit. The two sides have a negative perception of what the other one is such as the private sector viewing the public sector as overstaffed, overpaid, over-pensioned and grossly inefficient; meanwhile, the public sees the private sector as ruthless, uncaring, overpaid, and who only care about how much money they can make as rather than people (Wright, 2011, p. 402).
BUSINESS IMPACT ANALYSIS 9 There are many companies that can do the work for an organization, and be hired to perform a BIA. Three of those companies are Avalution Consultants, Ongoing Operations, and iCi Digital. Avalution Consulting is one of the most prominent providers of business continuity and IT disaster recovery consulting, outsourcing, and software solutions to both the public and private sectors. According to their web their reasons for conducting a BIA are to enable the proper money to be allocated to business continuity strategies and capabilities, have clear unified understanding of external stakeholder business continuity requirements, to confirm or modify the business continuity program scope, and to be leveraged as a method to start the data collection process for business continuity plans (Rupert, 2014). Business continuity and IT disaster recovery is the only thing that Avalution Consultants does and would be a great company to consult if looking for outside help. Ongoing Operations has business continuity solutions intended for financial institutions that require exceptional security and dependability. Additionally, Ongoing Operations offer a cloud support team consisting of highly trained technicians in the U.S. iCi Digital has decades of experience working with enterprise technologies and offer strategic assessments to some of the leading multifaceted organizations across the globe. Each offers its own benefits and no matter which one is chosen, an organization can rest knowing they are getting a well-respected and experienced company. What are some of the software tools that can be used when conducting a BIA? When performing an organization does not want a third party to perform their assessment and decides to go internally to perform a BIA there are a number of tools that can be used to assist the BIA team. Some vendors will include spreadsheet formats, document templates, etc. Deciding which format spreadsheets or documents works best for the organization is the first step in deciding
BUSINESS IMPACT ANALYSIS 10 which vendor will be chosen. Talend Enterprise Data Integration is built on open standards with over 800 connectors and components, offers swift integration, better collaboration than ever before, and is the “only integration platform natively optimized to deliver the highest performance” (“Talend*,” 2014). Another reputable BIA Software tool is BIA Professional from SunGard which can be used as a standalone application or be ported into SunGard’s Continuity Management Solution platform to formulate an organization’s plans. Furthermore BIA Professional streamlines the survey process in the following ways: question sequencing to prompt survey respondents to only answer relevant questions to their duties, question validation to direct respondents to provide the most needed responses, question library to manage questions for future use and reference, and allows responders to work through a web-based interface which provides instant feedback when data is unanswered or answered incorrectly (“Sungard bia,” 2011). The best practices for business continuity can be done in many different ways. There is no one single way that is going to guarantee the continuity of business operations, and in fact it should constantly be updated to account for necessary changes, new regulations and policies, and new risks. There is however some measures that may be taken to assure that everything possible is being done to keep the organization’s disaster recovery planning up to date. Some of the best practices that will ensure this are: adopting a systematic approach to risk tracking, outlining the critical actions necessary if an incident affects the company or its partners, understanding how susceptible the organization is to disasters, conducting a BIA that addresses any gaps within the recovery plan, integrating business continuity with other areas such as emergency preparedness, crisis management,
BUSINESS IMPACT ANALYSIS 11 and incident response (Redmond & Sinha, 2014). The best course of action is to combine all of those elements into one common view of governance, risk, and compliance management, which will make the entire disaster recovery plan more successful for the entire organization. Now knowing everything from the benefits and importance of a BIA, to how one is performed, and all the way to the best practices it is time to illustrate what the future holds for BIA in relation to business continuity planning. The future of BIA is contingent upon a unified and comprehensive methodology to government and business protection. In other words, it is going to have to coincide with similar disciplines such as physical and information security, facilities and emergency management, and homeland security. As a matter of fact according to Kirvan, “It must earn the respect and acceptance of business and government leadership, the same as other professions like engineering and accounting” (2014). Failure to do so will risk the continued growth of business continuity planning and more specifically the business impact analysis aspect of it. Performing a BIA can serve both negative and positive effects on an organization. Its results can also help an organization by detailing the most critical elements of the business, and by quantifying the financial impact that losing those elements would have on a company. No matter if it is for a small to medium sized business or a large corporation, a BIA is an integral part of business continuity planning as it shows the executives within the organization what aspects are the most important to the business and does so by putting a dollar value on its loss. Whether an organization decides to use a company to perform their BIA (such as Avalution Consultants) or decides to hire their own BIA Team, the bottom line is that following the best practices illustrated above will ensure that the organization will be able to recover its business
BUSINESS IMPACT ANALYSIS 12 operations no matter the circumstance. Furthermore, the BIA will provide the business with ways to increase cost-effectiveness. This makes the need for BIA more feasible to executives within the organization who may not value the importance of business continuity over other areas.
BUSINESS IMPACT ANALYSIS 13 References Business continuity management for small to medium-sized businesses. (n.d.). Retrieved from http://www.normit.org/documents/Business Continuity Plan.pdf Business impact analysis. (2014, January 29). Retrieved from http://www.ready.gov/business- impact-analysis Gibson, D. (2010). Managing Risk in Information Systems. Sudbury, MA. Jones & Bartlett Learning. ISBN-13: 978-0-7637-9187-2 ISBN-10: 0763791873 Hartwell, C. (2012, August 28). The effects of 9/11 & katrina on hospital preparedness. Retrieved from http://www.continuityinsights.com/articles/2012/08/effects-9/11-katrina- hospital-preparedness Hogan, M. K. (2014). What are the 5 elements of a business impact analysis?. Retrieved from http://smallbusiness.chron.com/5-elements-business-impact-analysis-44844.html Kim, D. & Solomon, M. (2012). Fundamentals of Information System Security. Information Systems & Security Series. Sudbury, MA. Jones & Bartlett Learning Kirvan, P. (2014, January 03). Business continuity: Business continuity, a history of challenges. Retrieved from http://survivalinsights.com/modules.php?name=News&file=article&sid=6 Lewis, J. (2014). What are the fundamental differences between public and private sector financial management?. Retrieved from http://smallbusiness.chron.com/fundamental- differences-between-public-private-sector-financial-management-37395.html Plain english iso 22301 2012 business continuity definitions. (2014). Retrieved from http://www.praxiom.com/iso-22301-definitions.htm
BUSINESS IMPACT ANALYSIS 14 Redmond, M., & Sinha, S. (2014, August 19). Planning for resilience- best practices for developing reliable disaster recovery plans. Retrieved from http://www.continuityinsights.com/articles/2014/08/planning-resilience-best-practices- developing-reliable-disaster-recovery-plans Rupert, J. (2014, March 10). Establishing the business case for the business impact analysis. Retrieved from http://perspectives.avalution.com/2014/establishing-the-business-case-for- the-business-impact-analysis/ Shannon, H. F. (2010, April 30). The importance of business impact analysis. Retrieved from http://www.slideshare.net/Timothy212/the-importance-of-business-impact-analysis Sungard bia professional. (2011). Retrieved from http://www.sungardas.com/Documents/bia- professional-SEL-111.pdf Talend*. (2014). Retrieved from http://www.talend.com/landing-trial/enterprise-big- data?device=c&utm_source=google&utm_medium=cpc&utm_campaign=TLD:Brand Search:NA&src=GoogleAdwordsOD_US&kid=null&utm_term=talend&utm_content=tale nd - phrase&lang=en Thomasson, W. (2014). The evolution of business continuity and disaster recovery. Secondary Marketing Executive, 28(4), Retrieved from http://www.mortgageorb.com/issues/SME1403/FEAT_03_The-Evolution-Of-Business- Continuity-And-Disaster-Recovery.html
BUSINESS IMPACT ANALYSIS 15 Wallace, M., & Webber, L. (2011). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. (2nd ed.). New York, NY: AMACOM Wright, T. (2011). Can business impact analysis play a meaningful role in planning a cost-saving programme?. Journal Of Business Continuity & Emergency Planning, 5(1), 400-408.

Recommended

NEMEA Compliance Automation
NEMEA Compliance AutomationNEMEA Compliance Automation
NEMEA Compliance AutomationNEMEA Security Services
 
Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...
Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...
Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...Emptoris, Inc
 
A Rule Does Not a Decision Make
A Rule Does Not a Decision MakeA Rule Does Not a Decision Make
A Rule Does Not a Decision Maketoxiz77
 
Dodd-Frank Act: Impact on Business and IT
Dodd-Frank Act: Impact on Business and ITDodd-Frank Act: Impact on Business and IT
Dodd-Frank Act: Impact on Business and ITInfosys
 
My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...
My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...
My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...Guan Khoo
 
Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...
Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...
Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...Everest Group
 
Does external stakeholder orientation in corporate governance influence in su...
Does external stakeholder orientation in corporate governance influence in su...Does external stakeholder orientation in corporate governance influence in su...
Does external stakeholder orientation in corporate governance influence in su...Shahadat Hossain
 
Impacts of a New Lease Accounting Standard for the Mid Sized Business
Impacts of a New Lease Accounting Standard for the Mid Sized BusinessImpacts of a New Lease Accounting Standard for the Mid Sized Business
Impacts of a New Lease Accounting Standard for the Mid Sized BusinessCIT Group
 

Recommended

NEMEA Compliance Automation
NEMEA Compliance AutomationNEMEA Compliance Automation
NEMEA Compliance AutomationNEMEA Security Services
 
Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...
Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...
Transforming the Global Enterprise -- A C-Level Perspective on Contract Manag...Emptoris, Inc
 
A Rule Does Not a Decision Make
A Rule Does Not a Decision MakeA Rule Does Not a Decision Make
A Rule Does Not a Decision Maketoxiz77
 
Dodd-Frank Act: Impact on Business and IT
Dodd-Frank Act: Impact on Business and ITDodd-Frank Act: Impact on Business and IT
Dodd-Frank Act: Impact on Business and ITInfosys
 
My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...
My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...
My ERM Chapter (9) in "Operational Risk 2.0", (Riskbooks, 2007) introducing B...Guan Khoo
 
Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...
Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...
Anti-Offshoring Pressures and Offshoring of IT and Business Processes Survey ...Everest Group
 
Does external stakeholder orientation in corporate governance influence in su...
Does external stakeholder orientation in corporate governance influence in su...Does external stakeholder orientation in corporate governance influence in su...
Does external stakeholder orientation in corporate governance influence in su...Shahadat Hossain
 
Impacts of a New Lease Accounting Standard for the Mid Sized Business
Impacts of a New Lease Accounting Standard for the Mid Sized BusinessImpacts of a New Lease Accounting Standard for the Mid Sized Business
Impacts of a New Lease Accounting Standard for the Mid Sized BusinessCIT Group
 
02 006.13 finding a suitable form of financial shared services
02 006.13 finding a suitable form of financial shared services02 006.13 finding a suitable form of financial shared services
02 006.13 finding a suitable form of financial shared servicesLiesbeth Bout
 
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for Compliance
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for ComplianceBroker-Dealer Outsourcing: Key Regulatory Issues and Strategies for Compliance
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for ComplianceBroadridge
 
BCM Glossary by BCI
BCM Glossary by BCIBCM Glossary by BCI
BCM Glossary by BCIhaemmerle-consulting
 
JOSF-CCAR:DFAST
JOSF-CCAR:DFASTJOSF-CCAR:DFAST
JOSF-CCAR:DFASTLarry Lee
 
Cat 2018 slot 2 proton training solutions
Cat 2018 slot 2 proton training solutionsCat 2018 slot 2 proton training solutions
Cat 2018 slot 2 proton training solutionsProton Training Solutions
 
Zhameir
ZhameirZhameir
ZhameirJankous GerdeNation
 
business ethics and corporate governance
business ethics and corporate governancebusiness ethics and corporate governance
business ethics and corporate governanceKalpesh Arvind Shah
 
A critical analysis of equity ownership structure on firm’s performance
A critical analysis of equity ownership structure on firm’s performanceA critical analysis of equity ownership structure on firm’s performance
A critical analysis of equity ownership structure on firm’s performanceAlexander Decker
 
Bolton Sox Article
Bolton Sox ArticleBolton Sox Article
Bolton Sox Articledbolton007
 
Balance sheet items
Balance sheet itemsBalance sheet items
Balance sheet itemsFred Mmbololo
 
A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...
A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...
A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...National Association of State Boards of Accountancy (NASBA)
 
Cpd ch 10 enlightned selfinterest
Cpd ch 10 enlightned selfinterestCpd ch 10 enlightned selfinterest
Cpd ch 10 enlightned selfinterestRONAK SUTARIYA
 
popelyuk2-2016
popelyuk2-2016popelyuk2-2016
popelyuk2-2016Александр Попелюк
 
Jg25
Jg25Jg25
Jg25augusto jose vasquez urbina
 
phd_unimi_R08725
phd_unimi_R08725phd_unimi_R08725
phd_unimi_R08725Alessandro Adamo
 
advertisement analysis
advertisement analysisadvertisement analysis
advertisement analysisJackyBoi1998
 
Info ori
Info oriInfo ori
Info oriaugusto jose vasquez urbina
 
Casting, Welding and Metal forming Lab
Casting, Welding and Metal forming LabCasting, Welding and Metal forming Lab
Casting, Welding and Metal forming Labsyed bava bakrudeen abdul jabhar
 
Características de la situación actual de las relaciones entre docentes y est...
Características de la situación actual de las relaciones entre docentes y est...Características de la situación actual de las relaciones entre docentes y est...
Características de la situación actual de las relaciones entre docentes y est...Pamela Castellanos
 
DAS BAUSYMPOSIUM 13 DBS
DAS BAUSYMPOSIUM 13 DBSDAS BAUSYMPOSIUM 13 DBS
DAS BAUSYMPOSIUM 13 DBSThomas Hofbauer
 
Service Learning Curriculum_8_27_15
Service Learning Curriculum_8_27_15Service Learning Curriculum_8_27_15
Service Learning Curriculum_8_27_15Katelyn Johnston
 
Video editing tips - Colin J Smith
Video editing tips - Colin J SmithVideo editing tips - Colin J Smith
Video editing tips - Colin J SmithDr Colin Smith
 

More Related Content

What's hot

02 006.13 finding a suitable form of financial shared services
02 006.13 finding a suitable form of financial shared services02 006.13 finding a suitable form of financial shared services
02 006.13 finding a suitable form of financial shared servicesLiesbeth Bout
 
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for Compliance
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for ComplianceBroker-Dealer Outsourcing: Key Regulatory Issues and Strategies for Compliance
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for ComplianceBroadridge
 
JOSF-CCAR:DFAST
JOSF-CCAR:DFASTJOSF-CCAR:DFAST
JOSF-CCAR:DFASTLarry Lee
 
business ethics and corporate governance
business ethics and corporate governancebusiness ethics and corporate governance
business ethics and corporate governanceKalpesh Arvind Shah
 
A critical analysis of equity ownership structure on firm’s performance
A critical analysis of equity ownership structure on firm’s performanceA critical analysis of equity ownership structure on firm’s performance
A critical analysis of equity ownership structure on firm’s performanceAlexander Decker
 
Bolton Sox Article
Bolton Sox ArticleBolton Sox Article
Bolton Sox Articledbolton007
 

What's hot (11)

02 006.13 finding a suitable form of financial shared services
02 006.13 finding a suitable form of financial shared services02 006.13 finding a suitable form of financial shared services
02 006.13 finding a suitable form of financial shared services
 
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for Compliance
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for ComplianceBroker-Dealer Outsourcing: Key Regulatory Issues and Strategies for Compliance
Broker-Dealer Outsourcing: Key Regulatory Issues and Strategies for Compliance
 
BCM Glossary by BCI
BCM Glossary by BCIBCM Glossary by BCI
BCM Glossary by BCI
 
JOSF-CCAR:DFAST
JOSF-CCAR:DFASTJOSF-CCAR:DFAST
JOSF-CCAR:DFAST
 
Cat 2018 slot 2 proton training solutions
Cat 2018 slot 2 proton training solutionsCat 2018 slot 2 proton training solutions
Cat 2018 slot 2 proton training solutions
 
Zhameir
ZhameirZhameir
Zhameir
 
business ethics and corporate governance
business ethics and corporate governancebusiness ethics and corporate governance
business ethics and corporate governance
 
A critical analysis of equity ownership structure on firm’s performance
A critical analysis of equity ownership structure on firm’s performanceA critical analysis of equity ownership structure on firm’s performance
A critical analysis of equity ownership structure on firm’s performance
 
Bolton Sox Article
Bolton Sox ArticleBolton Sox Article
Bolton Sox Article
 
Balance sheet items
Balance sheet itemsBalance sheet items
Balance sheet items
 
A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...
A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...
A Peek at PEEC - Gaylen Hansen, Lisa Snyder, Wes Williams - Friday - Regional...
 

Viewers also liked

Cpd ch 10 enlightned selfinterest
Cpd ch 10 enlightned selfinterestCpd ch 10 enlightned selfinterest
Cpd ch 10 enlightned selfinterestRONAK SUTARIYA
 
advertisement analysis
advertisement analysisadvertisement analysis
advertisement analysisJackyBoi1998
 
Características de la situación actual de las relaciones entre docentes y est...
Características de la situación actual de las relaciones entre docentes y est...Características de la situación actual de las relaciones entre docentes y est...
Características de la situación actual de las relaciones entre docentes y est...Pamela Castellanos
 
Service Learning Curriculum_8_27_15
Service Learning Curriculum_8_27_15Service Learning Curriculum_8_27_15
Service Learning Curriculum_8_27_15Katelyn Johnston
 
Video editing tips - Colin J Smith
Video editing tips - Colin J SmithVideo editing tips - Colin J Smith
Video editing tips - Colin J SmithDr Colin Smith
 
Tenant services hawaii
Tenant services hawaiiTenant services hawaii
Tenant services hawaiiCertifiedps
 
Orthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel Meeting
Orthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel MeetingOrthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel Meeting
Orthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel MeetingDeborah Moore
 
Subrat resume (final 424242)
Subrat resume (final 424242)Subrat resume (final 424242)
Subrat resume (final 424242)Subrat Pattnaik
 
Mb0044 production and operation management
Mb0044 production and operation managementMb0044 production and operation management
Mb0044 production and operation managementconsult4solutions
 
Thong tu 21_2016_tt_bxd_30062016
Thong tu 21_2016_tt_bxd_30062016Thong tu 21_2016_tt_bxd_30062016
Thong tu 21_2016_tt_bxd_30062016Tuấn Vinh Huỳnh
 
Amber Reed Portfolio
Amber Reed PortfolioAmber Reed Portfolio
Amber Reed PortfolioAmber Reed
 
Mf0012–taxation management
Mf0012–taxation managementMf0012–taxation management
Mf0012–taxation managementconsult4solutions
 
Travel in doha, qatar
Travel in doha, qatarTravel in doha, qatar
Travel in doha, qatarqatpedia
 

Viewers also liked (20)

Cpd ch 10 enlightned selfinterest
Cpd ch 10 enlightned selfinterestCpd ch 10 enlightned selfinterest
Cpd ch 10 enlightned selfinterest
 
popelyuk2-2016
popelyuk2-2016popelyuk2-2016
popelyuk2-2016
 
Jg25
Jg25Jg25
Jg25
 
phd_unimi_R08725
phd_unimi_R08725phd_unimi_R08725
phd_unimi_R08725
 
advertisement analysis
advertisement analysisadvertisement analysis
advertisement analysis
 
Info ori
Info oriInfo ori
Info ori
 
Casting, Welding and Metal forming Lab
Casting, Welding and Metal forming LabCasting, Welding and Metal forming Lab
Casting, Welding and Metal forming Lab
 
Características de la situación actual de las relaciones entre docentes y est...
Características de la situación actual de las relaciones entre docentes y est...Características de la situación actual de las relaciones entre docentes y est...
Características de la situación actual de las relaciones entre docentes y est...
 
DAS BAUSYMPOSIUM 13 DBS
DAS BAUSYMPOSIUM 13 DBSDAS BAUSYMPOSIUM 13 DBS
DAS BAUSYMPOSIUM 13 DBS
 
Service Learning Curriculum_8_27_15
Service Learning Curriculum_8_27_15Service Learning Curriculum_8_27_15
Service Learning Curriculum_8_27_15
 
Video editing tips - Colin J Smith
Video editing tips - Colin J SmithVideo editing tips - Colin J Smith
Video editing tips - Colin J Smith
 
Tenant services hawaii
Tenant services hawaiiTenant services hawaii
Tenant services hawaii
 
Orthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel Meeting
Orthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel MeetingOrthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel Meeting
Orthopedics This Week - The Agony and Ecstasy of Cartivas FDA Panel Meeting
 
Subrat resume (final 424242)
Subrat resume (final 424242)Subrat resume (final 424242)
Subrat resume (final 424242)
 
Mb0044 production and operation management
Mb0044 production and operation managementMb0044 production and operation management
Mb0044 production and operation management
 
Thong tu 21_2016_tt_bxd_30062016
Thong tu 21_2016_tt_bxd_30062016Thong tu 21_2016_tt_bxd_30062016
Thong tu 21_2016_tt_bxd_30062016
 
Amber Reed Portfolio
Amber Reed PortfolioAmber Reed Portfolio
Amber Reed Portfolio
 
ARLD Wessex datapack
ARLD Wessex datapackARLD Wessex datapack
ARLD Wessex datapack
 
Mf0012–taxation management
Mf0012–taxation managementMf0012–taxation management
Mf0012–taxation management
 
Travel in doha, qatar
Travel in doha, qatarTravel in doha, qatar
Travel in doha, qatar
 

Similar to ISSC490_Project_John_Intindolo

BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperGreg Cybulski, CBCP, ARM
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Acct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comAcct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.commiddle12
 
Learning Outcomes.pptx
Learning Outcomes.pptxLearning Outcomes.pptx
Learning Outcomes.pptxAminulIslamNur
 
TISA-Important-Business-Services-Guide-November-2021.pdf
TISA-Important-Business-Services-Guide-November-2021.pdfTISA-Important-Business-Services-Guide-November-2021.pdf
TISA-Important-Business-Services-Guide-November-2021.pdfAbdetaImi
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
Launching and organizing an enterprise
Launching and organizing an enterprise Launching and organizing an enterprise
Launching and organizing an enterprise AkhilaYaramala
 
EquityEquity calculations are not discussed in any detail he.docx
EquityEquity calculations are not discussed in any detail he.docxEquityEquity calculations are not discussed in any detail he.docx
EquityEquity calculations are not discussed in any detail he.docxrusselldayna
 
Term Paper: Towards a Definition of Organizational Sustainability
Term Paper: Towards a Definition of Organizational SustainabilityTerm Paper: Towards a Definition of Organizational Sustainability
Term Paper: Towards a Definition of Organizational SustainabilityAntony Upward
 
Corporate reputation on performance of banking industries in nigeria
Corporate reputation on performance of banking industries in nigeriaCorporate reputation on performance of banking industries in nigeria
Corporate reputation on performance of banking industries in nigeriaAlexander Decker
 
What are the different types of organizatio.docx
What are the different types of organizatio.docxWhat are the different types of organizatio.docx
What are the different types of organizatio.docxalanfhall8953
 
11152018 Strayer University Online Libraryhttpseds.b..docx
11152018 Strayer University Online Libraryhttpseds.b..docx11152018 Strayer University Online Libraryhttpseds.b..docx
11152018 Strayer University Online Libraryhttpseds.b..docxdrennanmicah
 
The Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActThe Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActDana Boo
 
Business environment and ethics2
Business environment and ethics2Business environment and ethics2
Business environment and ethics2vibuchandran
 
Acct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comAcct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comstudent234511
 

Similar to ISSC490_Project_John_Intindolo (20)

BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRM
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
 
Business Mgmt Office - Grant Thornton
Business Mgmt Office - Grant ThorntonBusiness Mgmt Office - Grant Thornton
Business Mgmt Office - Grant Thornton
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Acct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comAcct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.com
 
Learning Outcomes.pptx
Learning Outcomes.pptxLearning Outcomes.pptx
Learning Outcomes.pptx
 
TISA-Important-Business-Services-Guide-November-2021.pdf
TISA-Important-Business-Services-Guide-November-2021.pdfTISA-Important-Business-Services-Guide-November-2021.pdf
TISA-Important-Business-Services-Guide-November-2021.pdf
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
 
Whitepaper ISO41001: 2018 (English)
Whitepaper ISO41001: 2018 (English)Whitepaper ISO41001: 2018 (English)
Whitepaper ISO41001: 2018 (English)
 
BBALLB205 PPT Unit-1.pptx
BBALLB205 PPT Unit-1.pptxBBALLB205 PPT Unit-1.pptx
BBALLB205 PPT Unit-1.pptx
 
Launching and organizing an enterprise
Launching and organizing an enterprise Launching and organizing an enterprise
Launching and organizing an enterprise
 
EquityEquity calculations are not discussed in any detail he.docx
EquityEquity calculations are not discussed in any detail he.docxEquityEquity calculations are not discussed in any detail he.docx
EquityEquity calculations are not discussed in any detail he.docx
 
Term Paper: Towards a Definition of Organizational Sustainability
Term Paper: Towards a Definition of Organizational SustainabilityTerm Paper: Towards a Definition of Organizational Sustainability
Term Paper: Towards a Definition of Organizational Sustainability
 
Corporate reputation on performance of banking industries in nigeria
Corporate reputation on performance of banking industries in nigeriaCorporate reputation on performance of banking industries in nigeria
Corporate reputation on performance of banking industries in nigeria
 
What are the different types of organizatio.docx
What are the different types of organizatio.docxWhat are the different types of organizatio.docx
What are the different types of organizatio.docx
 
11152018 Strayer University Online Libraryhttpseds.b..docx
11152018 Strayer University Online Libraryhttpseds.b..docx11152018 Strayer University Online Libraryhttpseds.b..docx
11152018 Strayer University Online Libraryhttpseds.b..docx
 
The Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActThe Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) Act
 
Business environment and ethics2
Business environment and ethics2Business environment and ethics2
Business environment and ethics2
 
Acct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comAcct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.com
 

More from John Intindolo

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloJohn Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloJohn Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloJohn Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloJohn Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloJohn Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloJohn Intindolo
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloJohn Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloJohn Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloJohn Intindolo
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloJohn Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloJohn Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloJohn Intindolo
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloJohn Intindolo
 
ISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloJohn Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloJohn Intindolo
 

More from John Intindolo (17)

Power_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_IntindoloPower_Point_Presentation_ISSC458_Intindolo
Power_Point_Presentation_ISSC458_Intindolo
 
ISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_IntindoloISSC368_Final_Project Proposal_Wk8_Intindolo
ISSC368_Final_Project Proposal_Wk8_Intindolo
 
ISSC456_Final_J_Intindolo
ISSC456_Final_J_IntindoloISSC456_Final_J_Intindolo
ISSC456_Final_J_Intindolo
 
ISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_IntindoloISSC456_Project_Presentation_Intindolo
ISSC456_Project_Presentation_Intindolo
 
Research_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_IntindoloResearch_Paper_Final_ISSC431_Intindolo
Research_Paper_Final_ISSC431_Intindolo
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_Intindolo
 
Research_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_IntindoloResearch_Paper_ISSC461_Intindolo
Research_Paper_ISSC461_Intindolo
 
Attack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_IntindoloAttack_Project_Presentation_ISSC461_Intindolo
Attack_Project_Presentation_ISSC461_Intindolo
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
Project_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_IntindoloProject_Paper_Presentation_ISSC471_Intindolo
Project_Paper_Presentation_ISSC471_Intindolo
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_Intindolo
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_Intindolo
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
 
ISSC361_Project_John_Intindolo
ISSC361_Project_John_IntindoloISSC361_Project_John_Intindolo
ISSC361_Project_John_Intindolo
 
Project_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_IntindoloProject_Presentation_ISSC361_Intindolo
Project_Presentation_ISSC361_Intindolo
 

ISSC490_Project_John_Intindolo

  • 1. Running head: BUSINESS IMPACT ANALYSIS 1 Business Impact Analysis John Intindolo August 30, 2014 ISSC490- Business Continuity Dr. Ronald Booth American Public University
  • 2. BUSINESS IMPACT ANALYSIS 2 A Business impact analysis is perhaps the most significant opening research segment of business continuity planning. It is where questions are formulated, the lists of individuals desired to be interviewed are arranged, interviews are conducted, and the results of said interviews are then thoroughly analyzed. The significance of those results is to help an organization identify the areas of the business that are the most critical, and the impact that a loss of those areas would have on the organization financially. The BIA performed ranges depending on both the size of the organization and what sector the organization falls under. A BIA for a small to medium sized business will differ from a large consulting firm for example. Additionally, a BIA in the Private Sector will differ than one performed in the Public Sector. Regardless of the size or sector of the organization there are options such as BIA companies who will perform a BIA for the organization, or having a BIA team on the company payroll who will use software tools, and decide the best practices for a successful BIA. A successful BIA is one that enables the organization to effectively recover its business operations no matter what the circumstance may be. Furthermore, it will help to identify both direct (such as the immediate cost of a disruption in service) and indirect (such as the loss of customer goodwill and the cost associated with restoring it) costs. Then once the BIA has been performed, analyzed, and the shown to the executives of the company what the financial impact of losing a critical component of the company is, they can see why it is reasonable to spend more money on preventing a disruption. Since a BIA is a part, and perhaps the most important part, of business continuity planning it is a good idea to first have knowledge of BCP, its history, and the regulatory compliance associated with it. BCP was at one time merely a method for operations managers to simply protect an organization’s data, but over the years it has evolved to become a comprehensive approach to
  • 3. BUSINESS IMPACT ANALYSIS 3 ensure that critical business functions remain available in the event of a disaster. After the 9/11 attacks, the Federal Reserve Board, U.S. Securities and Exchange Commission, and Office of the Comptroller or the Currency (OCC) developed the Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, which required all financial institutions to upgrade their DRP/BCP and allowed the OCC to take punitive actions against financial institutions that were non-compliant (Thomasson, 2014). Some of the improvements included annual testing of their BCP, a Recovery Time Objective (RTO), and a Recovery Point Objective (RPO). RTO defines the maximum time that a process will remain down, while the RPO details what is an acceptable restore point. The surge in business continuity regulations and standards after 9/11 did not only apply to financial institutions however. Prior to 9/11 hospitals did not have well- thought-out disaster plans implemented, and were ill-equipped to suitably respond to large-scale events. In order to improve upon hospitals’ response capabilities, President Bush developed the Hospital Preparedness Program or HPP in 2002 (Hartwell, 2012). Some of the improvements made include preparing for surge capacity, working with other local agencies, preparedness for chemical/bioterrorist attacks, making different systems and areas of hospitals collaborate in communications, training and practicing drills with first respondents, and re-evaluating the standards of care. Some of the other major regulatory standards that have been updated are the Sarbanes-Oxley Act of 2002 (SOX), National Institute of Standards and Technology (NIST) Special Publications, and the Control Objectives for Information and related Technology (COBIT). SOX is applied to publicly traded companies and is meant to protect investors from financial fraud, while NIST SP 800-37 is a standard published by the U.S. government specifically for computer systems that they
  • 4. BUSINESS IMPACT ANALYSIS 4 own or operate (Wallace & Webber, 2011, pp. 481, 239). COBIT is a list of best practices for IT management, and can help to develop appropriate IT governance and control within an organization. Noncompliance may result in fines and/or legal fees. It is the responsibility of the organization to comply with the laws and regulations and not the enforcement agency, therefore it is important to make inquiries if unsure of any laws. Now that the history of BCP and regulatory compliance has been discussed, it is time to move on to the topic of a Business Impact Analysis. The BIA “predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies”, and in doing so allows the higher ups in the organization to determine how much money will be invested in recovery strategies, disaster prevention, and mitigation strategies (“Business impact analysis,” 2014). It will show what the critical business operations (that must be functional to maintain business continuity) are, the cost associated with keeping them functional, and the priority level of maintaining their functionality based upon their cost. In other words, if a disruption of service will be high, then it makes sense to put more resources into preventing the outage from occurring. When speaking of a BIA there are several terms that need to be understood and play a key role. First is the maximum acceptable outage or MAO which is defined as the amount of time that is able to pass before a disruption in service becomes intolerable (“Plain english iso,” 2014). Therefore, if the MAO is two hours, that means that a failed systems needs to be restored within two hours before it affects normal business operations. Two other important terms of a BIA are RPO and RTO which were both discussed earlier. The RPO describes what needs to be done in order to restore a system following a disruption. The RPO must fall within the MAO timeframe in
  • 5. BUSINESS IMPACT ANALYSIS 5 order to maintain business continuity. Meanwhile, the RTO describes the amount of time it takes to recover from a disruption, and once again must be within the MAO. The last two terms of focus are critical business functions (CBFs) and critical success factors (CSFs). CBFs are any functions that are vital to the organization that upon failing will cause essential operations to cease, and CSFs are anything that is necessary to maintain business continuity (Gibson, 2010, p. 311). If for instance, a Verizon Wireless Sales department was down due to a power outage, then they would be unable to sell to their customers. Therefore, the Verizon Wireless Sales department can be considered a CBF of Verizon Wireless. An example of a CSF would be a company’s network infrastructure, because if it fails so will all other business functions. So what are the benefits of a BIA? The next area of a BIA to be discussed is the benefits and importance of a BIA. A BIA can provide many benefits to an organization some which have already been discussed previously. Some of those benefits include the following: identifying and prioritizing the most critical business functions that are in need of protection, determining the impact of a loss of a critical function and its associated costs, determining the MTO, RTO, and RPO of critical business functions, and recognizing the critical resources required for the operation of business functions. For example, the people or equipment that operates them. The significance of conducting a BIA varies as well. One way that a successful BIA can show its importance is that it illustrates to executive management where the organization is vulnerable. Additionally, a disruption of a system or function can negatively impact an organization monetarily; therefore, a BIA is important because it can help to mitigate these disruptions. These disruptions can have both a tangible and an intangible effect on the organization’s financial well-being. The following
  • 6. BUSINESS IMPACT ANALYSIS 6 is a list of tangible items that could negatively impact the business fiscally: loss of revenue because items cannot be shipped or services are unable to be delivered, penalties imposed by customers because they are late or lost, and legal penalties for noncompliance of government regulations (Shannon, 2010, p. 18). Intangible losses include: loss of customer goodwill, damage to the organization’s image, and reduced assurance that the organization is a dependable merchant. The next area of focus is conducting a BIA. Performing a BIA is not a simple manner, and requires a well-thought out and executed plan (that stands as its own assignment within the overall disaster recovery plan) in order to be deemed a success. The very first step in a BIA is to appoint a sponsor. The sponsor should be an executive within the organization because the BIA will deal with every aspect of the organization. Having an executive sponsor will help to ensure the BIA’s success and will get other departments within the organization to cooperate as well as place a priority on the BIA (Hogan, 2014). The role of the sponsor is to select the project manager, ensure communication between other departments of the BIA’s importance of participation, address any inquiries about the BIA, and to approve the BIA report to be submitted to the higher ups within the organization. The project manager of the BIA is going to be the centerpiece of the entire BIA. This person will be the moderator for all discussion amongst the different department heads about the actual value of each department to the organization. This can sometimes be a highly contested debate between department heads as to which department has a greater value to the company. Furthermore, it is the project manager’s responsibility to assemble a BIA Team, and create a formal plan for the project (that outlines the duties of the individuals within the BIA team). If choosing a project manager from within the organization that person has the advantage of knowing the inner
  • 7. BUSINESS IMPACT ANALYSIS 7 workings of the organizational structure, but could also be swayed by in-house relations that they may have with department heads. Choosing a person from outside of the organization will keep that from being an issue, but also exposes any possible company issues to a third party. Once a project manager has been chosen they will begin to form a BIA team. The BIA team is consisted of several business analysts who will report directly to the project manager. Once the BIA team has been created, the process of BIA data collection may begin. Finding out the most vital functions within an organization can differ depending on who is being asked; therefore, having every department head within the organizational (based on the organizational flow chart) take a questionnaire that will help to put a quantifiable value on each function’s financial and legal impact to the organization. The data collection process is performed in the following manner: identify who will be given the questionnaire, develop the questionnaire to collect data from each department, provide training on how to properly respond to the questionnaire, follow up with each department to ensure the questionnaire has been completed in a timely fashion, review unclear or incomplete responses with those given the questionnaire, conduct review meetings with each department to discuss their responses, and finally compile and summarize the BIA data so that they may be reviewed by the various executives within the organization (Wallace & Webber, 2011, p. 27). Once the data is collected, each process is assessed for how critical they are to the organization’s ability to maintain business operations. This is also where the Maximum Acceptable Outage, Recovery Time Objective, and Recovery Point Objective are all determined. The process of a BIA varies depending on the size of the business. When dealing with a small to medium-sized business versus a large business the biggest variant between the two is the frequency of exercising
  • 8. BUSINESS IMPACT ANALYSIS 8 and reviewing business continuity management. In a larger business that sees a high rate of change the exercising will be more frequent, for example. The following four exercises will help to ensure that the organization has a reliable and proven to work BCP: testing different elements of the plan, discussion based exercises for training purposes and to validate a new plan, table-top exercise to validate plans and rehearse the BCP with key staff, and live exercise such as a fire evacuation (“Business continuity management,” n.d.). What about the difference between the private sector and public sector? All organizations no matter what sector they fall under are at risk of an incident causing a disruption in service. A disruption could be simply a small inconvenience that only lasts for a short period of time, or it could something massive enough to bring the organization crumbling down altogether. The differences between the public sector and private sector vary depending on the situation. For instance, in accounting in the private sector, financial managers and accountants must comply with the Generally Accepted Accounting Principles (GAAP) methodology for accounting, while in the public sector financial managers may use these methods, but are not necessarily bound by accrual accounting methods (Lewis, 2014). Additionally, when it comes to profits those in the private sector are motivated to maintain a bottom line while the public sector is more concerned with completing tasks and not maintaining a specific margin of profit. The two sides have a negative perception of what the other one is such as the private sector viewing the public sector as overstaffed, overpaid, over-pensioned and grossly inefficient; meanwhile, the public sees the private sector as ruthless, uncaring, overpaid, and who only care about how much money they can make as rather than people (Wright, 2011, p. 402).
  • 9. BUSINESS IMPACT ANALYSIS 9 There are many companies that can do the work for an organization, and be hired to perform a BIA. Three of those companies are Avalution Consultants, Ongoing Operations, and iCi Digital. Avalution Consulting is one of the most prominent providers of business continuity and IT disaster recovery consulting, outsourcing, and software solutions to both the public and private sectors. According to their web their reasons for conducting a BIA are to enable the proper money to be allocated to business continuity strategies and capabilities, have clear unified understanding of external stakeholder business continuity requirements, to confirm or modify the business continuity program scope, and to be leveraged as a method to start the data collection process for business continuity plans (Rupert, 2014). Business continuity and IT disaster recovery is the only thing that Avalution Consultants does and would be a great company to consult if looking for outside help. Ongoing Operations has business continuity solutions intended for financial institutions that require exceptional security and dependability. Additionally, Ongoing Operations offer a cloud support team consisting of highly trained technicians in the U.S. iCi Digital has decades of experience working with enterprise technologies and offer strategic assessments to some of the leading multifaceted organizations across the globe. Each offers its own benefits and no matter which one is chosen, an organization can rest knowing they are getting a well-respected and experienced company. What are some of the software tools that can be used when conducting a BIA? When performing an organization does not want a third party to perform their assessment and decides to go internally to perform a BIA there are a number of tools that can be used to assist the BIA team. Some vendors will include spreadsheet formats, document templates, etc. Deciding which format spreadsheets or documents works best for the organization is the first step in deciding
  • 10. BUSINESS IMPACT ANALYSIS 10 which vendor will be chosen. Talend Enterprise Data Integration is built on open standards with over 800 connectors and components, offers swift integration, better collaboration than ever before, and is the “only integration platform natively optimized to deliver the highest performance” (“Talend*,” 2014). Another reputable BIA Software tool is BIA Professional from SunGard which can be used as a standalone application or be ported into SunGard’s Continuity Management Solution platform to formulate an organization’s plans. Furthermore BIA Professional streamlines the survey process in the following ways: question sequencing to prompt survey respondents to only answer relevant questions to their duties, question validation to direct respondents to provide the most needed responses, question library to manage questions for future use and reference, and allows responders to work through a web-based interface which provides instant feedback when data is unanswered or answered incorrectly (“Sungard bia,” 2011). The best practices for business continuity can be done in many different ways. There is no one single way that is going to guarantee the continuity of business operations, and in fact it should constantly be updated to account for necessary changes, new regulations and policies, and new risks. There is however some measures that may be taken to assure that everything possible is being done to keep the organization’s disaster recovery planning up to date. Some of the best practices that will ensure this are: adopting a systematic approach to risk tracking, outlining the critical actions necessary if an incident affects the company or its partners, understanding how susceptible the organization is to disasters, conducting a BIA that addresses any gaps within the recovery plan, integrating business continuity with other areas such as emergency preparedness, crisis management,
  • 11. BUSINESS IMPACT ANALYSIS 11 and incident response (Redmond & Sinha, 2014). The best course of action is to combine all of those elements into one common view of governance, risk, and compliance management, which will make the entire disaster recovery plan more successful for the entire organization. Now knowing everything from the benefits and importance of a BIA, to how one is performed, and all the way to the best practices it is time to illustrate what the future holds for BIA in relation to business continuity planning. The future of BIA is contingent upon a unified and comprehensive methodology to government and business protection. In other words, it is going to have to coincide with similar disciplines such as physical and information security, facilities and emergency management, and homeland security. As a matter of fact according to Kirvan, “It must earn the respect and acceptance of business and government leadership, the same as other professions like engineering and accounting” (2014). Failure to do so will risk the continued growth of business continuity planning and more specifically the business impact analysis aspect of it. Performing a BIA can serve both negative and positive effects on an organization. Its results can also help an organization by detailing the most critical elements of the business, and by quantifying the financial impact that losing those elements would have on a company. No matter if it is for a small to medium sized business or a large corporation, a BIA is an integral part of business continuity planning as it shows the executives within the organization what aspects are the most important to the business and does so by putting a dollar value on its loss. Whether an organization decides to use a company to perform their BIA (such as Avalution Consultants) or decides to hire their own BIA Team, the bottom line is that following the best practices illustrated above will ensure that the organization will be able to recover its business
  • 12. BUSINESS IMPACT ANALYSIS 12 operations no matter the circumstance. Furthermore, the BIA will provide the business with ways to increase cost-effectiveness. This makes the need for BIA more feasible to executives within the organization who may not value the importance of business continuity over other areas.
  • 13. BUSINESS IMPACT ANALYSIS 13 References Business continuity management for small to medium-sized businesses. (n.d.). Retrieved from http://www.normit.org/documents/Business Continuity Plan.pdf Business impact analysis. (2014, January 29). Retrieved from http://www.ready.gov/business- impact-analysis Gibson, D. (2010). Managing Risk in Information Systems. Sudbury, MA. Jones & Bartlett Learning. ISBN-13: 978-0-7637-9187-2 ISBN-10: 0763791873 Hartwell, C. (2012, August 28). The effects of 9/11 & katrina on hospital preparedness. Retrieved from http://www.continuityinsights.com/articles/2012/08/effects-9/11-katrina- hospital-preparedness Hogan, M. K. (2014). What are the 5 elements of a business impact analysis?. Retrieved from http://smallbusiness.chron.com/5-elements-business-impact-analysis-44844.html Kim, D. & Solomon, M. (2012). Fundamentals of Information System Security. Information Systems & Security Series. Sudbury, MA. Jones & Bartlett Learning Kirvan, P. (2014, January 03). Business continuity: Business continuity, a history of challenges. Retrieved from http://survivalinsights.com/modules.php?name=News&file=article&sid=6 Lewis, J. (2014). What are the fundamental differences between public and private sector financial management?. Retrieved from http://smallbusiness.chron.com/fundamental- differences-between-public-private-sector-financial-management-37395.html Plain english iso 22301 2012 business continuity definitions. (2014). Retrieved from http://www.praxiom.com/iso-22301-definitions.htm
  • 14. BUSINESS IMPACT ANALYSIS 14 Redmond, M., & Sinha, S. (2014, August 19). Planning for resilience- best practices for developing reliable disaster recovery plans. Retrieved from http://www.continuityinsights.com/articles/2014/08/planning-resilience-best-practices- developing-reliable-disaster-recovery-plans Rupert, J. (2014, March 10). Establishing the business case for the business impact analysis. Retrieved from http://perspectives.avalution.com/2014/establishing-the-business-case-for- the-business-impact-analysis/ Shannon, H. F. (2010, April 30). The importance of business impact analysis. Retrieved from http://www.slideshare.net/Timothy212/the-importance-of-business-impact-analysis Sungard bia professional. (2011). Retrieved from http://www.sungardas.com/Documents/bia- professional-SEL-111.pdf Talend*. (2014). Retrieved from http://www.talend.com/landing-trial/enterprise-big- data?device=c&utm_source=google&utm_medium=cpc&utm_campaign=TLD:Brand Search:NA&src=GoogleAdwordsOD_US&kid=null&utm_term=talend&utm_content=tale nd - phrase&lang=en Thomasson, W. (2014). The evolution of business continuity and disaster recovery. Secondary Marketing Executive, 28(4), Retrieved from http://www.mortgageorb.com/issues/SME1403/FEAT_03_The-Evolution-Of-Business- Continuity-And-Disaster-Recovery.html
  • 15. BUSINESS IMPACT ANALYSIS 15 Wallace, M., & Webber, L. (2011). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. (2nd ed.). New York, NY: AMACOM Wright, T. (2011). Can business impact analysis play a meaningful role in planning a cost-saving programme?. Journal Of Business Continuity & Emergency Planning, 5(1), 400-408.