During an audit, management presents a disaster recovery plan that was tested three years ago with successful results. The IT infrastructure has undergone significant changes since then including cloud migration and new applications. What is the auditor's PRIMARY concern?

Home › MCQs › CISA › Question #6821

CISA QUESTION #6821

Question 1

Plan documentation needs updating
Plan effectiveness cannot be validated without recent testing reflecting current environment✔️
Test results are too old to be useful
Management commitment is questionable

Correct Answer Explanation

A DRP must be tested regularly and after significant changes. Successful testing three years ago provides no assurance that the plan works with the current infrastructure. Cloud migration and new applications represent material changes that could render the old plan ineffective. Current validity cannot be assumed.

More Options