Which of the following would be an IS auditor's GREATEST concern when reviewing the organization's business continuity plan (BCP)?
Which of the following would be an IS auditor's GREATEST concern when reviewing the organization's business continuity plan (BCP)?
The greatest concern for an IS auditor when reviewing an organization's business continuity plan (BCP) would be if the recovery plan does not contain the process and application dependencies. This is because understanding the dependencies is crucial for effective recovery of the organization's critical functions. Without a clear identification of process and application dependencies, the recovery efforts may be ineffective or inefficient, potentially leading to prolonged downtime and disruption of business operations.
A is the answer here
A business continuity plan (BCP) is a document that outlines how an organization will continue its critical functions in the event of a disruption or disaster. A BCP should include the following elements1: Business impact analysis: This is the process of identifying and prioritizing the key business processes and assets that are essential for the organization's survival and recovery.
Tabletop exercises are simulations to check response plans and procedures in the event of a disaster or failure, and to ensure that relevant parties are prepared in advance. If the time required for the exercise is longer than the RTO, there may not be enough time to restore systems and services as planned in the event of an actual disaster. This has a significant impact on the reliability and effectiveness of the business continuity plan.