An IS audit reveals that an organization operating in business continuity mode during a pandemic situation has not performed a simulation test of the business continuity plan (BCP). Which of the following is the auditor's BEST course of action?
A.
Raise an audit issue for the lack of simulated testing.
B.
Review the effectiveness of the business response.
C.
Interview staff members to obtain commentary on the BCP's effectiveness.
The auditor’s best course of action is to raise an audit issue for the lack of simulated testing (Option A). This directly addresses the identified control gap, ensures it is formally recorded, and prompts the organization to mitigate the risk by implementing testing in the future. While understanding the BCP’s current effectiveness is important, the priority is to acknowledge and report the deficiency, consistent with auditing principles.
effectiveness of the business response can be reviewed (B) after the result of the stimulated test
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
46080f2
2 months agoYejide03
8 months, 3 weeks agoYejide03
8 months, 3 weeks ago