PrepAway - Latest Free Exam Questions & Answers

The IS auditor should:

During a business continuity audit an IS auditor found that the business continuity plan
(BCP) covered only critical processes. The IS auditor should:

PrepAway - Latest Free Exam Questions & Answers

A.
recommend that the BCP cover all business processes.

B.
assess the impact of the processes not covered.

C.
report the findings to the IT manager.

D.
redefine critical processes.

Explanation:

The business impact analysis needs to be either updated or revisited to assess the risk of not
covering all processes in the plan. It is possible that the cost of including all processes might
exceed the value of those processes; therefore, they should not be covered. An IS auditor should
substantiate this by analyzing the risk.


Leave a Reply