I went to the CISA review manual to solve this, and the main concern should be the lack of testing. First: Senior management create a "business continuity policy" (Ref: Review Manual 27th edition 4.15.4). In general, senior management makes policies, and the plebs below make plans and procedures. Therefore a business continuity plan is not necessarily senior management approved. Furthermore there is a passage in the review manual (4.15.11) regarding auditing business continuity. The passage does not really mention senior management, but it does mention plan testing and obtaining historical results of tests during an audit.

Approval by Senior Management: The approval of the BCP by senior management is a fundamental step in ensuring that the BCP is considered a valid and authoritative document within the organization. Without senior management's buy-in and approval, it may not receive the necessary resources and attention it requires for effective implementation. While the other issues mentioned (A, B, and C) are important and should also be addressed, the lack of senior management approval can indicate a more significant problem with the BCP's overall effectiveness and organizational commitment to business continuity planning. This oversight may result in inadequate support, testing, or maintenance of the BCP, ultimately reducing its ability to ensure business continuity during disruptions.

No need to test BCP that is not approved by SM! After test you get information from SM that BCP is not aceptible. Money and time lost likewise your position.

If no one declares the disaster, the BCP would not be invoked, making all other concerns less significant

D. If no one declares the disaster, the BCP would not be invoked, making all other concerns less significant​​.

A is correct answers exam still valid, took it today and all thanks ExamforSure.com

(A is correct) if you want valid Questions and Answers. You have the site name above.

It's D you fucking mongrels, look in the damn CRM 4.15 BUSINESS CONTINUITY PLAN "BCP is primarily the responsibility of senior management, as they are entrusted with safeguarding the assets and the viability of the organization, as defined in the BCP/DRP policy. " you don't even get into testing until the BCP is approved.

This is because a BCP that has not been tested is unproven and may not be effective in an actual disaster or business interruption scenario. Testing is essential to identify gaps, ensure that all components of the plan work as intended, and that staff are familiar with their roles in the event of an incident. Without testing, there is no assurance that the BCP will function correctly, which poses a significant risk to the organization's ability to recover from an incident.

Answer: D

Testing is the best way to assure the BCP works as intended

Answer is D

Note: Assessing the results and the value of the BCP and the DRP tests is an important part of the IS auditor’s responsibility.

The primary concern for an IS auditor evaluating an organization's Business Continuity Plan is its capability to sustain critical business operations during unforeseen events. This includes assessing the plan's thoroughness, testing protocols, and the organization's capacity to recover essential functions. Additionally, the auditor should scrutinize any involvement or reliance on external services or providers, such as Pass4SureHub.com, ensuring their integration aligns with the overall effectiveness of the Business Continuity Plan.

B is coreect answer

dsafdfghjkl

Answer A