The IS auditor is attempting to evaluate the:

With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to
determine whether they understand their roles and responsibilities. The IS auditor is attempting to evaluate the:

With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to
determine whether they understand their roles and responsibilities. The IS auditor is attempting to evaluate the:

A.
clarity and simplicity of the business continuity plans.

B.
adequacy of the business continuity plans.

C.
effectiveness of the business continuity plans.

D.
ability of IS and end-user personnel to respond effectively in emergencies.

Explanation:
The IS auditor should interview key stakeholders to evaluate how well they understand their roles and
responsibilities. When all stakeholders have a detailed understanding of their roles and responsibilities in the
event of a disaster, an IS auditor can deem the business continuity plan to be clear and simple. To evaluate
adequacy, the IS auditor should review the plans and compare them to appropriate standards. To evaluate
effectiveness, the IS auditor should review the results from previous tests. This is the best determination for the
evaluation of effectiveness. An understanding of roles and responsibilities by key stakeholders will assist in
ensuring the business continuity plan is effective. To evaluate the response, the IS auditor should review results
of continuity tests. This will provide the IS auditor with assurance that target and recovery times are met.
Emergency procedures and employee training need to be reviewed to determine whether the organization had
implemented plans to allow for the effective response.



Leave a Reply 0

Your email address will not be published. Required fields are marked *