Isaca Updated CISA Exam Questions and Answers by andrei

The primary purpose of a Business Impact Analysis (BIA) is to prioritize the restoration of systems and applications (D) based on their criticality to business operations. A BIA assesses the impact of disruptions, identifies critical processes, and determines recovery time objectives (RTOs) and recovery point objectives (RPOs).

Other options:

Identifying legal obligations (A) is an aspect of compliance but not the primary benefit of a BIA.

Providing updates on disaster risk levels (B) falls under risk management rather than BIA objectives.

Delineating employee responsibilities (C) is part of business continuity planning (BCP), not the BIA’s main goal.

Comprehensive and Detailed Step-by-Step Explanation:

Awalk-through of job functionsprovides direct evidence thatseparation of duties (SoD)is implemented effectively. It involves observing employees as they perform tasks to confirm that no single person has excessive privileges.

Walk-through of Job Functions (Correct Answer – D)

Confirms that duties are appropriately divided in real-world operations.

Helps verify whether security policies and controls are enforced.

Example:An auditor observes that the same person cannot create and approve financial transactions.

Review of Personnel Files (Incorrect – A)

Personnel files contain job details but do not confirm how duties are performed.

Analysis of Documented Job Descriptions (Incorrect – B)

Job descriptions may be outdated or inaccurate.

Review of Organizational Chart (Incorrect – C)

Shows reporting relationships but does not confirm SoD implementation.