CISA Certified Information Systems Auditor – Question1731

Regarding a disaster recovery plan, the role of an IS auditor should include:

A.
identifying critical applications.
B. determining the external service providers involved in a recovery test.
C. observing the tests of the disaster recovery plan. determining the criteria for
D. establishing a recovery time objective (RTO).

Correct Answer: C

Explanation:

Explanation:
The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management.