exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 1 discussion

Actual exam question from Isaca's CISA
Question #: 1
Topic #: 1
[All CISA Questions]

Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?

  • A. The BCP has not been tested since it was first issued.
  • B. The BCP is not version-controlled.
  • C. The BCP's contact information needs to be updated.
  • D. The BCP has not been approved by senior management.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
GenPatton
Highly Voted 1 year, 6 months ago
Selected Answer: A
I went to the CISA review manual to solve this, and the main concern should be the lack of testing. First: Senior management create a "business continuity policy" (Ref: Review Manual 27th edition 4.15.4). In general, senior management makes policies, and the plebs below make plans and procedures. Therefore a business continuity plan is not necessarily senior management approved. Furthermore there is a passage in the review manual (4.15.11) regarding auditing business continuity. The passage does not really mention senior management, but it does mention plan testing and obtaining historical results of tests during an audit.
upvoted 11 times
...
AbdulQadirKhan
Highly Voted 1 year, 5 months ago
Approval by Senior Management: The approval of the BCP by senior management is a fundamental step in ensuring that the BCP is considered a valid and authoritative document within the organization. Without senior management's buy-in and approval, it may not receive the necessary resources and attention it requires for effective implementation. While the other issues mentioned (A, B, and C) are important and should also be addressed, the lack of senior management approval can indicate a more significant problem with the BCP's overall effectiveness and organizational commitment to business continuity planning. This oversight may result in inadequate support, testing, or maintenance of the BCP, ultimately reducing its ability to ensure business continuity during disruptions.
upvoted 5 times
...
RichardJose
Most Recent 4 days, 7 hours ago
Selected Answer: D
Answer is D Thanks to P A S S 4 S U R E X A M S
upvoted 1 times
...
Vinsystraining
3 weeks, 1 day ago
Selected Answer: D
When an IS auditor is reviewing an organization's Business Continuity Plan (BCP), the greatest concern should be the effectiveness and clarity of the recovery strategies and procedures. Specifically, the auditor would focus on
upvoted 1 times
...
SalemAlomari
3 weeks, 4 days ago
Selected Answer: D
The correct answer is: D. The BCP has not been approved by senior management. Explanation: A Business Continuity Plan (BCP) is critical for ensuring that an organization can continue operations during and after a disruption. The lack of senior management approval is the most significant concern because: Governance & Authority – Without senior management approval, the BCP may lack legitimacy, authority, and organizational commitment. Resource Allocation – Approval ensures that necessary resources (budget, personnel, technology) are allocated for business continuity efforts. Accountability & Enforcement – Senior management's endorsement reinforces compliance with regulatory requirements and internal policies.
upvoted 1 times
...
transf0rmer
1 month ago
Selected Answer: A
how will the management approve it if its not even tested? so logically would go for A
upvoted 1 times
...
Rasaki
3 months, 4 weeks ago
Selected Answer: A
testing is very crucial in this case
upvoted 1 times
...
KAP2HURUF
6 months, 1 week ago
Selected Answer: A
This is because a BCP that has not been tested is unproven and may not be effective in an actual disaster or business interruption scenario. Testing is essential to identify gaps, ensure that all components of the plan work as intended, and that staff are familiar with their roles in the event of an incident. Without testing, there is no assurance that the BCP will function correctly, which poses a significant risk to the organization's ability to recover from an incident.
upvoted 1 times
Examtopicsn
6 months, 1 week ago
Please can anyone help me with contributor access ?
upvoted 1 times
...
...
scriptkiddie
8 months, 2 weeks ago
Selected Answer: D
If no one declares the disaster, the BCP would not be invoked, making all other concerns less significant
upvoted 1 times
...
scriptkiddie
8 months, 2 weeks ago
D. If no one declares the disaster, the BCP would not be invoked, making all other concerns less significant​​.
upvoted 1 times
...
a84n
11 months, 1 week ago
Selected Answer: D
Answer: D
upvoted 1 times
...
5b56aae
11 months, 3 weeks ago
Selected Answer: A
Testing is the best way to assure the BCP works as intended
upvoted 1 times
...
Olatoyimika
12 months ago
Answer is D
upvoted 1 times
...
fori12
1 year ago
Selected Answer: A
Note: Assessing the results and the value of the BCP and the DRP tests is an important part of the IS auditor’s responsibility.
upvoted 1 times
...
FAGFUR
1 year, 4 months ago
Answer A
upvoted 1 times
...
isaphiltrick
1 year, 7 months ago
I meant "BCPs" in my previous post.
upvoted 1 times
...
isaphiltrick
1 year, 7 months ago
I think those of you who selected A assume that there was a long period of time from inception to current. However, the question never said anything about time. How do we know that the document hadn't been tested because it was just created today or yesterday? Therefore, the answer is D --> BIAs must always have senior management approval for it to be valid.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago