Certified Information Systems Auditor (CISA) — Question 76

Which of the following should be an IS auditor's GREATEST concern when reviewing a business continuity plan (BCP)?

Answer options

• A. Some critical business processes are not included in the BCP.
• B. Business unit personnel are not aware of the BCP.
• C. There is no evidence that the BCP has been tested.
• D. An offsite storage location is not documented in the BCP.

Correct answer: A

Explanation

The correct answer is A because missing critical business processes can severely impact the effectiveness of the BCP during a crisis. While options B, C, and D are also important concerns, they do not address the fundamental issue of ensuring that all essential processes are covered by the plan.