CISA Certified Information Systems Auditor – Question1765 - CISA Certified Information Systems Auditor

An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization?

A. Review and evaluate the business continuity plan for adequacy
B. Perform a full simulation of the business continuity plan
C. Train and educate employees regarding the business continuity plan
D. Notify critical contacts in the business continuity plan

Correct Answer: A

Explanation:

Explanation:
The business continuity plan should be reviewed every time a risk assessment is completed for the organization. Training of the employees and a simulation should be performed after the business continuity plan has been deemed adequate for the organization.
There is no reason to notify the business continuity plan contacts at this time.