CISA Certified Information Systems Auditor – Question1770

An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:

A.
alignment of the BCP with industry best practices.
B. results of business continuity tests performed by IS and end-user personnel.
C. off-site facility, its contents, security and environmental controls.
D. annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.

Correct Answer: B

Explanation:

Explanation:
The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the BCP.