ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 917 discussion

Actual exam question from Isaca's CISA
Question #: 917
Topic #: 1
[All CISA Questions]

Which of the following observations should be of MOST concern to an IS auditor reviewing an organization’s business impact analysis (BIA) practices?

  • A. A combination of questionnaires, workshops, and interviews is used.
  • B. Outsourced business processes are excluded from the scope of the BIA.
  • C. Resource dependencies for critical processes are not determined.
  • D. Recovery objectives are identified without conducting risk assessments.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by saado9 at March 20, 2023, 2:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
saado9
Highly Voted 1 year, 9 months ago
D. Recovery objectives are identified without conducting risk assessments.
upvoted 6 times
Swallows
9 months, 1 week ago
I think it's D for me too.
upvoted 1 times
...
...
maxson69
Most Recent 1 week, 2 days ago
Selected Answer: B
Option B: This is more critical because: Many organizations outsource key business processes (e.g., payroll, customer service, supply chain logistics). Excluding them leads to blind spots in continuity and risk planning. The organization may assume resilience where none exists and fail to account for vendor downtime, SLA breaches, or data unavailability. This creates a systemic risk that cannot be easily corrected later, especially if vendors are not contractually obligated to meet the organization’s recovery needs.
upvoted 1 times
...
Swallows
9 months, 2 weeks ago
Selected Answer: D
In a BCP, it is important to conduct a risk assessment. The result of the risk assessment is the BIA.
upvoted 1 times
...
KAP2HURUF
12 months ago
Selected Answer: B
Given the choice between the two options, I would choose B. Outsourced business processes are excluded from the scope of the BIA. This is because outsourced processes can be vital to the functioning of an organization. Excluding them means not considering a potentially significant portion of the business operations, which can lead to a substantial gap in understanding the full impact of a disruption. In today's interconnected business world, the failure to include these outsourced processes could render the BIA incomplete and potentially jeopardize the entire continuity plan.
upvoted 1 times
...
SuperMax
1 year, 3 months ago
Selected Answer: C
The MOST concerning observation for an IS auditor reviewing an organization's business impact analysis (BIA) practices would be: C. Resource dependencies for critical processes are not determined. D. Identifying recovery objectives without conducting risk assessments is a concern, but it's not as critical as failing to determine resource dependencies. Risk assessments help identify potential threats and vulnerabilities, which inform the establishment of recovery objectives. While this is important, understanding resource dependencies is fundamental to the BIA process as it helps identify critical components that must be protected and recovered to ensure business continuity. In summary, option C is the most concerning because it represents a fundamental gap in the BIA process, potentially leading to an inadequate understanding of what resources are critical for the organization's operations and how they might be impacted during a disruption.
upvoted 3 times
...
JONESKA
1 year, 5 months ago
Should be D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel