Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization's backup processes?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
When auditing an organization's backup processes, the IS auditor's primary concern should be the organization's ability to restore critical data and systems in the event of an outage. Therefore, the auditor should be most concerned about the restoration process being slow due to connectivity issues (option C) since this could result in significant downtime and lost productivity for the organization.
Option A, the absence of a written backup policy, is a concern, but it is not as significant as the ability to restore critical data and systems. The lack of a written policy may indicate a lack of organizational controls, but this alone does not mean that the backup processes are ineffective.
Option B, backup failures not resolved in a timely manner, is also a concern, but it is less significant than the ability to restore critical data and systems. It is important to resolve backup failures quickly, but as long as the organization can restore its critical data and systems, the impact of a backup failure will be limited.
Option D, service levels not achieved, is a concern, but it does not directly impact the organization's ability to restore critical data and systems. Service levels are important to ensure that the backup processes are operating as intended, but they are not as critical as the ability to restore critical data and systems.
In summary, the restoration process being slow due to connectivity issues (option C) is of the greatest concern to an IS auditor conducting an audit of an organization's backup processes.