ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 271 discussion

Actual exam question from Isaca's CISA
Question #: 271
Topic #: 1
[All CISA Questions]

During an audit of a disaster recovery plan (DRP) for a critical business area, an IS auditor finds that not all critical systems are covered. What should the auditor do NEXT?

  • A. Evaluate the impact of not covering the systems
  • B. Escalate the finding to senior management
  • C. Evaluate the prior year's audit results regarding critical system coverage
  • D. Verify whether the systems are part of the business impact analysis (BIA)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by mibg83 at June 7, 2023, 3:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
starzuu
Highly Voted 1 year, 8 months ago
Selected Answer: A
i think its A
upvoted 6 times
...
analuisamoreira
Most Recent 10 months ago
Selected Answer: D
The question is about "to do NEXT". First he should verify if the systems are in the BIA, then evaluare the impact of not including them in the DRP
upvoted 1 times
...
Swallows
10 months, 3 weeks ago
Selected Answer: D
While evaluating the impact of not covering the systems (option A) is also important, verifying their inclusion in the BIA is a more direct way to identify any discrepancies or oversights in the planning process. It helps the auditor understand the context behind the absence of these systems in the DRP and guides further actions to address the deficiencies in the planning process.
upvoted 1 times
...
46080f2
10 months, 4 weeks ago
Selected Answer: D
If with D. the question is obviously open as to whether the systems in question were taken into account in the business impact analysis that had already been carried out, but were then not included in the DRP for whatever reason. Only then does it make sense to use A. to complete the last, possibly incomplete, business impact analysis. So D. is the next step.
upvoted 1 times
...
echo_cert
1 year, 1 month ago
Selected Answer: D
How will an Auditor just proceed to assess impact? The Auditor should first seek further evidence like the BIA conducted to ascertain the asset/Business process coverage.
upvoted 1 times
...
dan08
1 year, 2 months ago
Selected Answer: D
The BIA identifies critical systems and their importance to the organization. By cross-referencing the systems with the BIA, the auditor can assess the significance of the gaps in coverage. Confirm first if already documented in the BIA instead of evaluating immediately.
upvoted 1 times
...
mibg83
1 year, 10 months ago
Selected Answer: D
BIAits an importante part of DRP
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago