 |
ISG711S - INFORMATION SYSTEMS STRATEGY AND GOVERNANCE - 1ST OPP - JUNE 2023 |
|
|
1 Page 1 |
▲back to top |
nAmlBIA UnlVERSITY
OF SCIEnCE Ano TECHnOLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENT OF INFORMATICS
QUALIFICATIONS: Bachelor of Informatics
QUALIFICATION CODE: 07BAIT
LEVEL: 7
COURSE CODE: ISSG710S
COURSE: Information Systems Strategy and Governance
DATE: June 2023
SESSION: 1
DURATION: 3 Hours
MARKS: 100
EXAMINERS:
MODERATOR(S):
FIRST OPPORTUNITY EXAMINATION QUESTION PAPER
Dr Suama Hamunyela
Mrs Sinte Mutelo
Mrs Helena Nahum
THIS EXAMINATION PAPER CONSISTS OF 4 PAGES
(INCLUDING THIS FRONT PAGE)
INSTRUCTIONS FOR THE CANDIDATE
1. Answer ALL QUESTIONS.
2. When writing, take into account: The style should inform than impress, it should be formal,
in third person, paragraphs set out according to ideas or issues, and the paragraphs flowing
in a logical order.
3. Information should be brief and accurate.
4. Please ensure that your writing is legible, neat and presentable.
|
|
2 Page 2 |
▲back to top |
SECTION A
[70 MARKS]
QUESTION 1
(10 Marks)
TRUE/FALSE STATEMENTS
1. The need for effective internal controls is key element of enterprise IT governance.
2. Internal control reviewers are IT experts and accountants.
3. Adherence to framework such as COSOallows senior managers as well as enterprise professionals in their
area of expertise to be recognized as specialists in their fi eld of operations.
4. Val IT addresses assumptions, costs, risks, and outcomes related to a balanced portfolio of IT-enabled
business investments.
5. In the field, COBIT, RISKIT,and VALIT are strong reference frameworks guiding managers to implement
enterprise governance of IT in their organization.
6. Governance is the only key portion of GRCprinciples.
7. Enterprise history and culture often play a major role in forming this internal control environment.
8. COBITalso provides samples of outcome metrics to measure each of those goals and to really build a
scorecard for IT-related activities.
9. Risk management should create value and it should not be an integral part of organizational process.
10. The leading role of IT people in IT governance of IT can be used interchangeably to refer to the concept
of corporate governance of IT.
llPage
|
|
3 Page 3 |
▲back to top |
QUESTION 2
[60 marks]
1. List four Governance Risk and Control (GRC)elements of effective enterprise risk management. For each
element state two examples of activities or aspects that should be considered.
(12
marks)
2. Discuss the concept of IT and Business Alignment.
(5 Marks)
3. State two (2) types of functional integration.
(2 marks)
4. GRC is consist of three principles. Each principle has four components. List three of the components
of GRC principles.
(3 marks)
5. Outline any four (4) IT governance risk issues and explain how they can be mitigated or activated.
(8 marks)
6. The control environment should be viewed as a foundation for all other components of internal
control and has an influence on each of the objectives and overall unit and entity activities. List
seven (7) of the essential components of the control environment.
(7 marks)
7. GRC are popularly known as corporate governance principles for effectiveness. Discuss how GRC
contributes to effective governance.
(6 marks)
8. Briefly outline Three (3) roles of the Audit Committee according to Sox.
(6 marks)
9. Discuss three (3) Committee of Sponsoring Organisation (COSO) Risk Assessment steps.
(6 marks)
10. Internal controls are the most important and fundamental concepts that Senior managers
and business professional at all levels must understand. List five (5) indications of an
Enterprise good internal controls.
(5 marks)
SECTION B
[30 marks]
Case study: Namtech Corporation is a global manufacturing company with operations in multiple countries. Over
the years, the company has grown significantly, and with that, the IT infrastructure has become increasingly
complex. To manage the IT systems, the company has a dedicated IT department with several teams responsible
for different areas of IT, such as network infrastructure, software development, and cybersecurity.
IT Governance Challenges:
Despite having a dedicated IT department, the company was facing several IT governance challenges, such
as:
21Page
|
|
4 Page 4 |
▲back to top |
• Inadequate communication: The IT department did not have effective communication channels with
other business units, leading to a lack of alignment between IT and the business.
• Insufficient oversight: The IT department did not have sufficient oversight from the executive
management, leading to a lack of accountability and ineffective decision-making.
• Cybersecurity risks: The increasing complexity of the IT infrastructure and the lack of a comprehensive
cybersecurity strategy put the company at risk of cyber-attacks.
Based on the scenario above, Answer the following questions.
1. What were the IT governance challenges faced by Namtech Corporation?
(10 marks)
2. How did the lack of oversight affect the IT department's decision-making making.
(5 marks)
3. Discuss the cybersecurity risks faced by the company, and how did they address these risks?
address these risks?
(10 marks)
4. How can the IT governance committee help address the challenges faced by the IT department?
(5 marks)
END OF QUESTION PAPER
3IPage