Free ISACA CISA Actual Exam Questions - Question 7 Discussion

It’s B because outsourcing doesn’t mean the organization loses control; they still must work with the vendor to ensure disaster recovery efforts are aligned and effective, not just rely on internal audit or a third party.

B/D? I agree B makes sense because the organization can’t just outsource and ignore DRP. But D could also fit since internal audit might need to check if the vendor’s disaster recovery measures meet company standards. Still, coordination with the vendor seems more immediate and essential.

B imo, because even with outsourcing, the org still needs to coordinate closely to ensure the vendor’s plans align with their own recovery goals. They can’t just hand it off and forget about it.

B