Certified Information Systems Auditor (CISA) — Question 1384

An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives.
Which of the following findings should be the IS auditor's GREATEST concern?

Answer options

• A. Mobile devices are not encrypted.
• B. Users are not required to sign updated acceptable use agreements.
• C. The business continuity plan (BCP) was not updated.
• D. Users have not been trained on the new system.

Correct answer: C

Explanation

The greatest concern for the IS auditor is that the business continuity plan (BCP) was not updated, as this could lead to significant issues in case of an incident affecting document accessibility. While user training and acceptable use agreements are important, they do not directly impact the organization's ability to recover from disruptions like an outdated BCP would. Mobile device encryption is critical for security but is not as immediate a concern as ensuring continuity of operations.