Certified Information Systems Auditor (CISA) — Question 590

During an exit meeting, an IS auditor highlights that backup cycles are being missed due to operator error and that these exceptions are not being managed.
Which of the following is the BEST way to help management understand the associated risk?

Answer options

• A. Explain the impact to resource requirements.
• B. Explain the impact to disaster recovery.
• C. Explain the impact to backup scheduling.
• D. Explain the impact to incident management.

Correct answer: B

Explanation

The correct answer is B because the failure to complete backup cycles directly impacts the organization's ability to recover from disasters, making it a critical risk for management to understand. Options A, C, and D, while relevant, do not capture the immediate and severe consequences associated with inadequate disaster recovery preparedness.