 |
ISG711S - INFORMATIO SYSTEMS STRATEGY AND GOVERNANCE - 1ST OPP - JUNE 2024 |
|
|
1 Page 1 |
▲back to top |
nAmI BI AunIVER s ITY
OF SCIEnCE Ano TECHnOLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENTOF INFORMATICS
QUALIFICATION:Bachelor of Informatics
QUALIFICATIONCODE: 07BAIT LEVEL:7
COURSECODE:ISG711S
COURSENAME: Information Systems Strategy and
Governance
SESSION:JUNE 2024
DURATION: 3 HOURS
PAPER: PAPER1
MARKS: 100
FIRST OPPORTUNITY EXAMINATION QUESTION PAPER
EXAMINER(S) Prof Suama Hamunyela
Dr Elizabeth Ujarura Kamutuezu
MODERATOR: Ms Helena Nahum
INSTRUCTIONS
1. Answer ALL the questions.
2. When writing, take the following into account: The style should
inform than impress, paragraphs set out according to ideas or issues
and paragraphs flowing in a logical order.
3. Information should be brief and accurate.
4. Please ensure that your writing is legible, neat, and presentable
THIS QUESTION PAPERCONSISTSOF 4 PAGES{Including this front page)
|
|
2 Page 2 |
▲back to top |
SECTIONA
[SO MARKS]
QUESTION1
[10 MARKS]
TRUE/FALSESTATEMENTS
1. The need for effective internal controls is key element of enterprise IT governance.
2. Internal control reviewers are IT experts and accountants.
3. Adherence to framework such as COSOallows senior managers as well as enterprise professionals
in their area of expertise to be recognized as specialists in their field of operations.
4. Val IT addresses assumptions, costs, risks, and outcomes related to a balanced portfolio of IT-
enabled business investments.
5. In the field, COBIT, RISKIT, and VALIT are strong reference frameworks guiding managers to
implement enterprise governance of IT in their organization.
6. Governance is the only key portion of GRCprinciples.
7. Enterprise history and culture often play a major role in forming this internal control
environment.
8. COBITalso provides samples of outcome metrics to measure each of those goals and to really
build a scorecard for IT-related activities.
9. Risk management should create value and it should not be an integral part of organizational
process.
10. The leading role of IT people in IT governance of IT can be used interchangeably to refer to the
concept of corporate governance of IT.
QUESTION2
[40 MARKS]
Every company, regardless of its size, faces risk. Failing to address these risks may result in substantial
financial and reputational peril. Risk management allows businesses to implement frameworks for
reducing external threats while ensuring continuous business operations.
1. List any six (6) IT Frameworks and Standards to support effective IT Governance. (6 marks)
2. Mention the four (4) interconnected steps in effective enterprise risk management Governance,
Risk and Compliance (GRC)processes.
(4
marks)
llPage
|
|
3 Page 3 |
▲back to top |
3. List four (4) GRCgovernance elements of effective enterprise risk management. For each
element state two examples of activities or aspects that should be considered.
(12 marks)
4. Discuss the concept of IT and Business Alignment.
(5 marks)
5. Outline any FOUR (4) IT governance risk issues and explain how they can be mitigated or
activated.
(8 marks)
6. Mention some of the internal needs of an organisation that drives the need of IS presence in
organisations.
(5 marks)
SECTION B
[50 MARKS]
This section is comprising of two (2) case studies. Answer All questions.
Case study 1:
Case study 1: Telecom Namibia is challenged in solving issues essential for the company to win back
customer confidence and enhance service quality to improve the customer experience. It is unclear if
Telecom Namibia complies with any existing IT governance frameworks when integrating business and IT
strategy to bring about improved service delivery through innovation. It then becomes essential to make
sure that IT functions support business strategy and goals to achieve innovation. Telecom Namibia Board
of Executives is torn between implemented the COBIT (Control Objectives for Information and Related
Technologies) or ITIL (Information Technology Library) framework to enhance its IT governance practices.
As a governance specialist ofTelecom Namibia, it is within your role to ensure successful implementation
of the governance framework.
1. Discuss the concept of clear separation between governance and management in COBIT 5.
(5 marks)
2. Compare and contrast COBIT vs ITIL, to assist them to choose between the two standards
demands a strategic approach. Give five (5) points.
(10 marks)
3. ITIL's remarkable influence lies in its unwavering commitment to a service-centric
philosophy. Elucidate the strength of ITIL to transform and propel organisations forward.
(10 marks}
Case study 2: Namtech Corporation is a global manufacturing company with operations in multiple
countries. Over the years, the company has grown significantly, and with that, the IT infrastructure has
21Page
|
|
4 Page 4 |
▲back to top |
become increasingly complex. To manage the IT systems, the company has a dedicated IT department
with several teams responsible for different areas of IT, such as network infrastructure, software
development, and cybersecurity. Despite having a dedicated IT department, the company was facing
several challenges such as:
a) Inadequate communication:The IT department did not have effective communication channels
with other business units, leading to a lack of alignment between IT and the business.
b) Insufficient oversight: The IT department did not have sufficient oversight from the executive
management, leading to a lack of accountability and ineffective decision-making.
c) Cybersecurityrisks:The increasing complexity of the IT infrastructure and the lack of a
comprehensive cybersecurity strategy put the company at risk of cyber-attacks.
Basedon the scenario above, Answer the following questions.
a) How can lack of oversight affect the IT department's decision-making process? (10 marks)
b) How can IT governance alleviate challenges faced by the IT department?
(10 marks)
c) List some of the effectiveness of internal controls.
(5 marks)
END OF PAPER
3IPage