To optimize an organization’s business contingency plan (BCP), an IS auditor should recommend
conducting a business impact analysis (BlA) in order to determine:
the business processes that generate the most financial value for the organization and therefore
must be recovered first.
the priorities and order for recovery to ensure alignment with the organization’s business strategy.
the business processes that must be recovered following a disaster to ensure the organization’s
the priorities and order of recovery which will recover the greatest number of systems in the shortest
To ensure the organization’s survival following a disaster, it is important to recover the most critical
business processes first, it is a common mistake to overemphasize value (A) rather than urgency.
For example, while the processing of incoming mortgage loan payments is important from a
financial perspective, it could be delayed for a few days in the event of a disaster. On the other
hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical
because of the possibility of regulatory problems, customer complaints and reputation issues.
Choices B and D are not correct because neither the long-term business strategy nor the mere
number of recovered systems has a direct impact at this point in time.