CISA Certified Information Systems Auditor – Question0672

While reviewing an organization’s business continuity plan (BCP), an IS auditor observes that a recently developed application is not included. The IS auditor should:

A.
ensure that the criticality of the application is determined.
B. ignore the observation as the application is not mission critical.
C. include in the audit findings that the BCP is incomplete.
D. recommend that the application be incorporated in the BCP.

Correct Answer: A