Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?
1. Evaluate the business continuity plans for adequacy and currency.
2. Prepare a business impact analysis regarding the loss of critical business.
3. Identify key personnel who will be required to implement the plans.
4. Identify and prioritize the resources required to support critical business processes.
During an audit of an organization's business continuity plans, an internal auditor should evaluate the business continuity plans for adequacy and currency to ensure they are up-to-date and relevant (1). The auditor should also identify key personnel who will be required to implement the plans, as having the right people in place is crucial for effective execution during a crisis (3). Additionally, it is important to identify and prioritize the resources required to support critical business processes to ensure that the organization can maintain essential operations during a disruption (4). Preparing a business impact analysis (2) is typically not within the scope of an audit but more aligned with the development and maintenance of the business continuity plan itself.
Why currency..
It's not about the money, it is whether the plan is currently relevant.
2 is the only wrong statement here because it is the responsibility of management or a business continuity planning team not IA.
to prepare and identify is the responsibilities of the first line