ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 602 discussion

Actual exam question from Isaca's CRISC
Question #: 602
Topic #: 1
[All CRISC Questions]

During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?

  • A. Complete a risk exception form
  • B. Report the gap to senior management
  • C. Consult with the business owner to update the BCP
  • D. Consult with the IT department to update the RTO
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by fora at April 5, 2022, 10:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
faed87a
3 months, 1 week ago
Selected Answer: B
C. Consult with the business owner to update the BCP: Adjusting the BCP without senior management's oversight may lead to decisions that do not align with organizational priorities or resource capabilities. D. Consult with the IT department to update the RTO: Changing the RTO without considering business requirements and obtaining senior management approval may result in unrealistic recovery objectives or misallocation of resources. Answer is B
upvoted 1 times
...
Staanlee
9 months, 4 weeks ago
Selected Answer: D
D. Consult with the IT department to update the RTO. When a risk practitioner finds a misalignment between the IT department's recovery time objective (RTO) and the enterprise's business continuity plan (BCP), the next step should be to "D. Consult with the IT department to update the RTO." It's important to ensure that the RTO of the key system aligns with the requirements of the BCP and the overall business needs. By consulting with the IT department, you can address the discrepancy and make necessary adjustments to the RTO to ensure it is consistent with the BCP.
upvoted 1 times
...
Julianleehk
1 year, 1 month ago
should be C
upvoted 1 times
Julianleehk
1 year, 1 month ago
maybe is B
upvoted 1 times
...
...
Koulyo
1 year, 2 months ago
so this is a risk finding, which must be recorded in the RR for a response plan as per the risk owner. I guess informing management comes before consulting with IT. I am going with B.
upvoted 1 times
...
CbtL
1 year, 2 months ago
Selected Answer: B
Agree with the answer B. There is nothing that says either the RTO or the BCP is the correct one. Senior management would need to determine which needs to change.
upvoted 3 times
...
john_boogieman
1 year, 4 months ago
Selected Answer: C
Agree 'C'.
upvoted 1 times
groz
1 year ago
Consult w business owner - like shareholders? nope
upvoted 1 times
...
...
fora
2 years, 2 months ago
I thought C, is C MUST be done. Anyhow, it makes sense to report the test results right after, so, before adjusting the BCM plan. This way B should be a correct answer...
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel