CISA Certified Information Systems Auditor – Question1751

An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor?

A. Recommend that an additional comprehensive BCP be developed.
B. Determine whether the BCPs are consistent.
C. Accept the BCPs as written.
D. Recommend the creation of a single BCP.

Correct Answer: B

Explanation:

Explanation:
Depending on the complexity of the organization, there could be more than one plan to address various aspects of business continuity and disaster recovery. These do not necessarily have to be integrated into one single plan; however, each plan should be consistent with other plans to have a viable business continuity planning strategy.