SlideShare a Scribd company logo

Buisness Impact Analysis - way to justify IT spending

Konstantin Smirnov
Konstantin Smirnov

A brief presentation on how BIA can help justify spending on IT

1 of 14
Business Impact Analysis - a way to justify budgets Konstantin Smirnov CISA, CBCP Konstantin.Smirnov@ex-oracle.org
Purpose – why bother? • Often “cheapest strategy of doing nothing” proved to be costly • More often companies waste their time and money on technology/other things they do not need and will never use while ignoring simple helpful advice • I want to share my thoughts, so they will act as a “germ of idea” for others. Absolute perfection is a myth. But we can change (what we can) to the better – one little step at a time.
What is Business Impact Analysis? First of all, for those who can’t remember what it is. Business Impact Analysis is: • This is a way to understand what kind of resources your business relies upon and how soon it needs them if something bad happens • Business Impact Analysis is a part of Business Continuity Planning – an effort to help your company to get through interruptions caused by disasters, infrastructure failures, pandemics and so on.
What affects your business
How it usually goes • Customers can wait a bit, they’ll understand • So how long can we stand still? Is it going to be expensive for us? • I do not need any analysis! Let protect everything. That will make a recovery quick! • Sorry, I did not know it is going to be so expensive. Maybe we do not need such a quick recovery?
So, are we doomed to lose? No! We can protect pretty much against anything! And we can recover fast! Hmm… so How much expensive! Do downtime can we need this we afford? much and so fast at all?
Is there any way to make sense? • You can’t afford to overspend, unless you print money*  • The cost of doing nothing can be high – business may go bust • The remedy: spend a bit upfront**, so you will not spend or lose too much in the future * Not a joke. Heard it from a man from Central Bank of <…> ** Not necessarily money. It could be your time – still a valuable resource.
Way to make sense! Monetary losses, USD IS downtime $10 000 000.0 Risk reduction (money-wise) – when RTO or RPO IS data loss ВВ is reduced to the target level RPO and RTO to comply with. $1 000 000.0 ВС Were taken from MTS Potential losses are reduced internal document СС (risk reduction RP354-1 “MTS data money-wise) backup and recovery” СН $100 000.0 “Unsafe” Curremnt state is НН compliant (losses “Target” are below the “Safe” ОН target level) $10 000.0 Curremnt state is non-compliant (losses are above the RTO or RPO is reduced target level) to the target level $1 000.0 до 2 Up to 2 from 2 to4 от 2 до 4 from до 88 от 4 4 to from 8 to 16 от 8 до from 16 to 32 от 16 до 32 от 3232 to64 from до 64 свыше 64 beyond 64 Hours
Do the homework! • Prepare well – interview sheets, questionnaires • Agree on what the losses are – legal, finance, reputation, etc. • Make sure the losses evaluation framework is communicated to the personnel (whom you will be interviewing)
Run a series of interviews • See where the dependencies are • Use common sense • Use a common framework • Do not make it too complicated – remember, other people will have to understand it too!
Analyse the results • See where critical dependencies are (and what are specific risks) • See, how quickly losses grow if a particular risk scenario happens
Make sure you do not overspend* • Plan the risk mitigation controls (counter-measures) • Calculate two or three business cases • Compare the costs of implementing each case (strategy) against risk reduction • Pick the best one!* * To be continued in a separate presentation ** Sounds simple. In reality it is a bit more complicated
Some things to consider • All the losses are calculated for a single event • In a business case make sure you plan for 3-5 years • Calculate Capex AND Opex • Consider transformation costs – how much it will cost to go from AS IS to WILL BE
Buisness Impact Analysis - way to justify IT spending

Recommended

BPHR Area Dimensioning
BPHR Area DimensioningBPHR Area Dimensioning
BPHR Area DimensioningDomenico Fama
 
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...Revolution Analytics
 
Lecture 4
Lecture 4Lecture 4
Lecture 4otmanjavier
 
Lecture 5
Lecture 5Lecture 5
Lecture 5otmanjavier
 
Lecture 6
Lecture 6Lecture 6
Lecture 6otmanjavier
 
Lecture 4
Lecture 4Lecture 4
Lecture 4otmanjavier
 
Case write up_sample_2
Case write up_sample_2Case write up_sample_2
Case write up_sample_2Puneet Jaggi
 
Debt basics
Debt basicsDebt basics
Debt basicssudhanshuarora1
 

Recommended

BPHR Area Dimensioning
BPHR Area DimensioningBPHR Area Dimensioning
BPHR Area DimensioningDomenico Fama
 
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...Revolution Analytics
 
Lecture 4
Lecture 4Lecture 4
Lecture 4otmanjavier
 
Lecture 5
Lecture 5Lecture 5
Lecture 5otmanjavier
 
Lecture 6
Lecture 6Lecture 6
Lecture 6otmanjavier
 
Lecture 4
Lecture 4Lecture 4
Lecture 4otmanjavier
 
Case write up_sample_2
Case write up_sample_2Case write up_sample_2
Case write up_sample_2Puneet Jaggi
 
Debt basics
Debt basicsDebt basics
Debt basicssudhanshuarora1
 
Justifying IT Spending
Justifying IT SpendingJustifying IT Spending
Justifying IT SpendingdotCMS
 
Marketing strategy for marketing diploma
Marketing strategy for marketing diplomaMarketing strategy for marketing diploma
Marketing strategy for marketing diplomaCharith De Silva
 
Marketing concept of today
Marketing concept of todayMarketing concept of today
Marketing concept of todaydipikasingh
 
Production Concept. Summer Homework
Production Concept. Summer Homework Production Concept. Summer Homework
Production Concept. Summer Homework amydedman1
 
Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10Muhammad Talha Salam
 
Marketing concepts an evolution
Marketing concepts an evolutionMarketing concepts an evolution
Marketing concepts an evolutionSundeepkbabu Babu
 
Management
ManagementManagement
ManagementAkila Jayarathna
 
Introduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsIntroduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsRishabh Maity
 
M&amp;CL Group
M&amp;CL GroupM&amp;CL Group
M&amp;CL Groupodelia
 
Indian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisIndian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisShashikant Tewary
 
Show 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioShow 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioErin Sparks
 
Solo Latin Tango Prat
Solo Latin Tango PratSolo Latin Tango Prat
Solo Latin Tango PratHOME
 
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoA Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoDavid Yeh
 
Nlf Bio 2009
Nlf Bio 2009Nlf Bio 2009
Nlf Bio 2009neilfrizzell
 
Vanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin TVanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin THOME
 
Guaranty Association
Guaranty AssociationGuaranty Association
Guaranty Associationbigfaz2009
 
Aggregate rubric scribblar
Aggregate rubric scribblarAggregate rubric scribblar
Aggregate rubric scribblarJen Thoman
 
Marketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet AnhMarketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet Anhphamvietanh
 
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsAdvanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsGoogleTecTalks
 
QUEST Alliance Overview of work
QUEST Alliance Overview of workQUEST Alliance Overview of work
QUEST Alliance Overview of workaakashs
 

More Related Content

Viewers also liked

Justifying IT Spending
Justifying IT SpendingJustifying IT Spending
Justifying IT SpendingdotCMS
 
Marketing strategy for marketing diploma
Marketing strategy for marketing diplomaMarketing strategy for marketing diploma
Marketing strategy for marketing diplomaCharith De Silva
 
Marketing concept of today
Marketing concept of todayMarketing concept of today
Marketing concept of todaydipikasingh
 
Production Concept. Summer Homework
Production Concept. Summer Homework Production Concept. Summer Homework
Production Concept. Summer Homework amydedman1
 
Marketing concepts an evolution
Marketing concepts an evolutionMarketing concepts an evolution
Marketing concepts an evolutionSundeepkbabu Babu
 
Introduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsIntroduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsRishabh Maity
 
M&amp;CL Group
M&amp;CL GroupM&amp;CL Group
M&amp;CL Groupodelia
 
Indian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisIndian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisShashikant Tewary
 
Show 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioShow 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioErin Sparks
 
Solo Latin Tango Prat
Solo Latin Tango PratSolo Latin Tango Prat
Solo Latin Tango PratHOME
 
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoA Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoDavid Yeh
 
Vanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin TVanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin THOME
 
Guaranty Association
Guaranty AssociationGuaranty Association
Guaranty Associationbigfaz2009
 
Aggregate rubric scribblar
Aggregate rubric scribblarAggregate rubric scribblar
Aggregate rubric scribblarJen Thoman
 
Marketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet AnhMarketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet Anhphamvietanh
 
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsAdvanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsGoogleTecTalks
 
QUEST Alliance Overview of work
QUEST Alliance Overview of workQUEST Alliance Overview of work
QUEST Alliance Overview of workaakashs
 

Viewers also liked (20)

Justifying IT Spending
Justifying IT SpendingJustifying IT Spending
Justifying IT Spending
 
Marketing strategy for marketing diploma
Marketing strategy for marketing diplomaMarketing strategy for marketing diploma
Marketing strategy for marketing diploma
 
Marketing concept of today
Marketing concept of todayMarketing concept of today
Marketing concept of today
 
Production Concept. Summer Homework
Production Concept. Summer Homework Production Concept. Summer Homework
Production Concept. Summer Homework
 
Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10
 
Marketing concepts an evolution
Marketing concepts an evolutionMarketing concepts an evolution
Marketing concepts an evolution
 
Management
ManagementManagement
Management
 
Introduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsIntroduction to marketing and marketing concepts
Introduction to marketing and marketing concepts
 
M&amp;CL Group
M&amp;CL GroupM&amp;CL Group
M&amp;CL Group
 
Indian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisIndian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic Analysis
 
Show 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioShow 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web Radio
 
Solo Latin Tango Prat
Solo Latin Tango PratSolo Latin Tango Prat
Solo Latin Tango Prat
 
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoA Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
 
Nlf Bio 2009
Nlf Bio 2009Nlf Bio 2009
Nlf Bio 2009
 
Vanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin TVanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin T
 
Guaranty Association
Guaranty AssociationGuaranty Association
Guaranty Association
 
Aggregate rubric scribblar
Aggregate rubric scribblarAggregate rubric scribblar
Aggregate rubric scribblar
 
Marketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet AnhMarketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet Anh
 
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsAdvanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
 
QUEST Alliance Overview of work
QUEST Alliance Overview of workQUEST Alliance Overview of work
QUEST Alliance Overview of work
 

Buisness Impact Analysis - way to justify IT spending

  • 1. Business Impact Analysis - a way to justify budgets Konstantin Smirnov CISA, CBCP Konstantin.Smirnov@ex-oracle.org
  • 2. Purpose – why bother? • Often “cheapest strategy of doing nothing” proved to be costly • More often companies waste their time and money on technology/other things they do not need and will never use while ignoring simple helpful advice • I want to share my thoughts, so they will act as a “germ of idea” for others. Absolute perfection is a myth. But we can change (what we can) to the better – one little step at a time.
  • 3. What is Business Impact Analysis? First of all, for those who can’t remember what it is. Business Impact Analysis is: • This is a way to understand what kind of resources your business relies upon and how soon it needs them if something bad happens • Business Impact Analysis is a part of Business Continuity Planning – an effort to help your company to get through interruptions caused by disasters, infrastructure failures, pandemics and so on.
  • 4. What affects your business
  • 5. How it usually goes • Customers can wait a bit, they’ll understand • So how long can we stand still? Is it going to be expensive for us? • I do not need any analysis! Let protect everything. That will make a recovery quick! • Sorry, I did not know it is going to be so expensive. Maybe we do not need such a quick recovery?
  • 6. So, are we doomed to lose? No! We can protect pretty much against anything! And we can recover fast! Hmm… so How much expensive! Do downtime can we need this we afford? much and so fast at all?
  • 7. Is there any way to make sense? • You can’t afford to overspend, unless you print money*  • The cost of doing nothing can be high – business may go bust • The remedy: spend a bit upfront**, so you will not spend or lose too much in the future * Not a joke. Heard it from a man from Central Bank of <…> ** Not necessarily money. It could be your time – still a valuable resource.
  • 8. Way to make sense! Monetary losses, USD IS downtime $10 000 000.0 Risk reduction (money-wise) – when RTO or RPO IS data loss ВВ is reduced to the target level RPO and RTO to comply with. $1 000 000.0 ВС Were taken from MTS Potential losses are reduced internal document СС (risk reduction RP354-1 “MTS data money-wise) backup and recovery” СН $100 000.0 “Unsafe” Curremnt state is НН compliant (losses “Target” are below the “Safe” ОН target level) $10 000.0 Curremnt state is non-compliant (losses are above the RTO or RPO is reduced target level) to the target level $1 000.0 до 2 Up to 2 from 2 to4 от 2 до 4 from до 88 от 4 4 to from 8 to 16 от 8 до from 16 to 32 от 16 до 32 от 3232 to64 from до 64 свыше 64 beyond 64 Hours
  • 9. Do the homework! • Prepare well – interview sheets, questionnaires • Agree on what the losses are – legal, finance, reputation, etc. • Make sure the losses evaluation framework is communicated to the personnel (whom you will be interviewing)
  • 10. Run a series of interviews • See where the dependencies are • Use common sense • Use a common framework • Do not make it too complicated – remember, other people will have to understand it too!
  • 11. Analyse the results • See where critical dependencies are (and what are specific risks) • See, how quickly losses grow if a particular risk scenario happens
  • 12. Make sure you do not overspend* • Plan the risk mitigation controls (counter-measures) • Calculate two or three business cases • Compare the costs of implementing each case (strategy) against risk reduction • Pick the best one!* * To be continued in a separate presentation ** Sounds simple. In reality it is a bit more complicated
  • 13. Some things to consider • All the losses are calculated for a single event • In a business case make sure you plan for 3-5 years • Calculate Capex AND Opex • Consider transformation costs – how much it will cost to go from AS IS to WILL BE