CISA Certified Information Systems Auditor – Question1046

Which of the following should be of MOST concern to an IS auditor reviewing an organization’s disaster recovery plan (DRP)?

A.
The responsibility for declaring a disaster is not identified.
B. The disaster recovery steps are not detailed.
C. The CIO has not signed off on the DRP.
D. Copies of the DRP are not kept in a secure offsite location.

Correct Answer: B