CISA Governance and Management of IT • Set 2
CISA Governance and Management of IT Practice Test 2 — 15 questions with explanations. Free, no signup.
During an IT audit, the auditor discovers that the IT department has not conducted a business impact analysis (BIA) for three years. The organization's disaster recovery plan (DRP) is based on the previous BIA. The IT manager argues that the DRP is still valid because no major changes have occurred. What should the auditor recommend?