Which of the following should be an IS auditor's GREATEST concern when reviewing a business continuity plan (BCP)?
Which of the following should be an IS auditor's GREATEST concern when reviewing a business continuity plan (BCP)?
When reviewing a business continuity plan (BCP), the GREATEST concern for an IS auditor should be if some critical business processes are not included in the BCP. The primary objective of a BCP is to ensure that an organization can continue to operate critical functions during and after a disruption. If critical processes are not included, the plan basically fails its core purpose. While testing the BCP, awareness among personnel, and having an offsite storage location are important elements, they are secondary to ensuring that all critical business processes are identified and addressed in the plan.
A. Some critical business processes are not included in the BCP.
Only A
Who provides the answers on these questions?? Aee from the the Isaca? A lot of them answers are misleadinfy
While the absence of evidence that the BCP has been tested (option C) is also a significant concern, ensuring that critical business processes are adequately addressed within the plan is typically the GREATEST concern for an IS auditor. Therefore, it should be the primary focus when reviewing a business continuity plan.
How do we confirm the correct answer?