CISA Certified Information Systems Auditor – Question0385

Which of the following findings should be of MOST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?

A.
An application inventory is not included.
B. A resource optimization plan is not included.
C. A business feasibility study was not performed.
D. A business impact analysis (NA) was not performed.

Correct Answer: D