Exam CISA topic 1 question 577 discussion

The greatest risk is ensuring the BIA reflects the current organizational structure and processes. The lack of end-user participation can be addressed through a revised BIA.

B is correct

I choose D. Option B - BCP still be relevant to some extent, Option D - makes the BCP not relevant, adequate and complete which is a greatest risk. Option C - BCP plan may be adequate to some extent.

During a change in organizational structure with significant impacts on business processes, it's essential to ensure that all relevant personnel have access to the updated BCP. Failure to distribute the plan to new business unit end users could result in a lack of awareness of their roles and responsibilities during disruptions, potentially leading to confusion and inefficiencies during recovery efforts.

I chose B

BCP testing would determine if the current BCP is still relevant, if not then update should be performed on the BCP which will then involve additional BIA within the process

D. Key business process end users did not participate in the business impact analysis (BIA)

B. The most recent business impact analysis (BIA) was performed two years before the reorganization.

I would go with B

BCP should be reevaluated where significant impact is found (Since significant imapct is found on critical business process, we assume BIA has been done). If test plans are older (before reorg) that means that no testing has been done even after the reorg.. So c could be right

Answer could be A