Examice

Exam CISA All QuestionsBrowse all questions from this exam

Question 577

An IS auditor is reviewing an organization's business continuity plan (BCP) following a change in organizational structure with significant impact to business processes. Which of the following findings should be the auditor's GREATEST concern?

Copies of the BCP have not been distributed to new business unit end users since the reorganization

The most recent business impact analysis (BIA) was performed two years before the reorganization

A test plan for the BCP has not been completed during the last two years

Key business process end users did not participate in the business impact analysis (BIA)

Correct Answer: B

When an organization undergoes significant changes in its structure affecting business processes, it is crucial to update the business impact analysis (BIA) promptly. The BIA identifies critical business processes and the potential impact of disruptions. Conducting the BIA two years before the reorganization means that the analysis may no longer reflect the current organizational requirements, vulnerabilities, and priorities. An outdated BIA can lead to an ineffective or misaligned business continuity plan, which should be the auditor's greatest concern.

Discussion

DeeplaxmiOption: C

BCP should be reevaluated where significant impact is found (Since significant imapct is found on critical business process, we assume BIA has been done). If test plans are older (before reorg) that means that no testing has been done even after the reorg.. So c could be right

AlizadeOption: B

B. The most recent business impact analysis (BIA) was performed two years before the reorganization.

MunaMOption: A

Answer could be A

RS66Option: B

B is correct

InfysenthilOption: D

I choose D. Option B - BCP still be relevant to some extent, Option D - makes the BCP not relevant, adequate and complete which is a greatest risk. Option C - BCP plan may be adequate to some extent.

SwallowsOption: A

During a change in organizational structure with significant impacts on business processes, it's essential to ensure that all relevant personnel have access to the updated BCP. Failure to distribute the plan to new business unit end users could result in a lack of awareness of their roles and responsibilities during disruptions, potentially leading to confusion and inefficiencies during recovery efforts.

takuanismOption: B

I chose B

[Removed]Option: C

BCP testing would determine if the current BCP is still relevant, if not then update should be performed on the BCP which will then involve additional BIA within the process

[Removed]

Ignore above, it says test plan, not actual testing. So the correct answer is B. BIA should be performed after significant change in business process as a result of reorganization to help determine if current critical business processes.

shiowbahOption: D

D. Key business process end users did not participate in the business impact analysis (BIA)

shiowbah

B. The most recent business impact analysis (BIA) was performed two years before the reorganization

ziutek_Option: B

I would go with B