QUESTION 2
[60 marks]
1. List four Governance Risk and Control (GRC)elements of effective enterprise risk management. For each
element state two examples of activities or aspects that should be considered.
(12
marks)
2. Discuss the concept of IT and Business Alignment.
(5 Marks)
3. State two (2) types of functional integration.
(2 marks)
4. GRC is consist of three principles. Each principle has four components. List three of the components
of GRC principles.
(3 marks)
5. Outline any four (4) IT governance risk issues and explain how they can be mitigated or activated.
(8 marks)
6. The control environment should be viewed as a foundation for all other components of internal
control and has an influence on each of the objectives and overall unit and entity activities. List
seven (7) of the essential components of the control environment.
(7 marks)
7. GRC are popularly known as corporate governance principles for effectiveness. Discuss how GRC
contributes to effective governance.
(6 marks)
8. Briefly outline Three (3) roles of the Audit Committee according to Sox.
(6 marks)
9. Discuss three (3) Committee of Sponsoring Organisation (COSO) Risk Assessment steps.
(6 marks)
10. Internal controls are the most important and fundamental concepts that Senior managers
and business professional at all levels must understand. List five (5) indications of an
Enterprise good internal controls.
(5 marks)
SECTION B
[30 marks]
Case study: Namtech Corporation is a global manufacturing company with operations in multiple countries. Over
the years, the company has grown significantly, and with that, the IT infrastructure has become increasingly
complex. To manage the IT systems, the company has a dedicated IT department with several teams responsible
for different areas of IT, such as network infrastructure, software development, and cybersecurity.
IT Governance Challenges:
Despite having a dedicated IT department, the company was facing several IT governance challenges, such
as:
21Page