ISG711S - INFORMATION SYSTEM STRATEGY and GOVER - IST OPP - JUNE 2022 :: NUST past examination papers between 2020 and 2024

Expand document

Collapse document

ISG711S - INFORMATION SYSTEM STRATEGY and GOVER - IST OPP - JUNE 2022

1 Page 1

2 Page 2

3 Page 3

4 Page 4

5 Page 5

6 Page 6

ISG711S - INFORMATION SYSTEM STRATEGY and GOVER - IST OPP - JUNE 2022

1 Page 1

▲back to top

nAml BIA unlVERSITY

OF SCIEnCE Ano TECHrilOLOGY

FACULTY OF COMPUTING AND INFORMATICS

DEPARTMENT OF INFORMATICS, JOURNALISM AND MEDIA TECHNOLOGY

QUALIFICATION: BACHELOR OF INFORMATICS

QUALIFICATION CODE: 07BAIT

LEVEL: 7

COURSE CODE: ISG711S

COURSE NAME: INFORMATION SYSTEM STRATEGY AND

GOVERNANCE

SESSION: JUNE 2022

PAPER: THEORY

DURATION: 3 HOURS

MARKS: 100

FIRST OPPORTUNITY EXAMINATION QUESTION PAPER

EXAMINER(S) Ms SINTE MUTELO

MODERATOR: MS HELENA NAHUM

INSTRUCTIONS

1. Answer ALL the questions.

2. Write clearly and neatly.

3. Number the answers.

PERMISSIBLE MATERIALS

1. Pen

2. Pencil

THIS QUESTION PAPER CONSISTS OF 6 PAGES (including this front page)

2 Page 2

▲back to top

QUESTION 1: MULTIPLE CHOICE

[5]

Write only the correct letter of your choice in the answer book.

1. .............is an integral part of corporate governance, exercised by the Board, overseeing

the definition, and implementation of processes, structures, and relational

mechanism in the organisation.

[1]

a. Corporate Governance of IT

b. Enterprise Governance of IT

c. IT Alignment

d. IT Investment

2. ........... is a subset of enterprise governance, which at the highest-level drives and sets

what needs to be accomplished by improving overall management processes? [1]

a. IT architecture

b. IT governance

c. IT alignment

d. IT infrastructure

3. ............has caused major changes that have impacted corporate governance,

accounting, and financial reporting audit processes.

[1]

a. COSOinternal Controls

b. COBIT

c. Sarbanes-Oxley

d. ISO

4. COSO internal control systems monitoring guidance established a four-phase

monitoring process which includes but NOT.........

[1]

a. understand the risks to its organizational objectives

b. identify the controls that address those prioritized risks

3 Page 3

▲back to top

c. identification of information that will persuasively indicate that the internal

control system is operating effectively

d. Operating management normal functions

5. Which of the following is NOT a benefit of Information Technology Infrastructure

Library (ITIL}?

[1]

a. Reduce IT cost

b. Training requirements

c. Improved customer satisfaction

d. Improved productivity

4 Page 4

▲back to top

QUESTION 2: TRUE or FALSE

[5]

Write TRUE OR FALSEanswer in the answer book provided

2.1 ISO 9000 is an important IT-related security standard designed to help any enterprise

that needs to establish a comprehensive information security management program

or improve its current information security practices.

[1]

2.2 Technology is becoming pervasive in all aspects of business and personal life.

[1]

2.3 Internal control does not extend beyond accounting and financial matters and exclude

all enterprise processes

[1]

2.4 Delivering enterprise stakeholder value requires good governance and Risk

management of information and technology (IT) assets.

[1]

2.5 Cloud computing is more than just the Internet.

[1]

QUESTION 3: SHORT ANSWER QUESTIONS

[45]

3.1 Discuss the following terminologies about Enterprise of IT Governance.

a. Enterprise Governance

[2]

b. Governance

[2]

c. Business Value

[2]

d. Health Insurance Portability and Accountability Act (HIPAA) rules

[2]

e. Risk appetite

[2]

3.2 What does "alignment between the business and IT" exactly mean?

[5]

3.3 There is no single accepted definition of IT governance, and an Internet search shows

that IT governance means different things to different people: What is IT Governance to

you?

[5]

3.4 COSOinternal controls are important IT governance tools. Illustrate the COSOinternal

control Framework and Discuss only the five front facing components

[5]

5 Page 5

▲back to top

3.5 GRCis an increasingly recognized term that reflects a new way in which enterprises today

are adopting an integrated approach to these aspects of their business. Each of the disciplines

consists of the four basic GRCcomponents. List and discuss the component?[8]

3.6 What is ISACA' focus when it developed IT governance best practices framework COBIT,

VALIT and RISKIT

[3]

3.7 THE PAYMENT CARD INDUSTRYDATA SECURITYSTANDARD (PCI DSS}is an information

security best practice as well as an industry required standard for the many enterprises that

handle cardholder information for the major debit, credit, automatic payment (ATM}, and

retail point-of-sale (POS}cards. With the combined efforts of its IT, internal audit, legal, credit,

and finance staffs, an enterprise should take the necessary steps to establish PCI DSS

compliance. What are the general requirements of PCI DSS?

[6]

3.8 What is purpose of GRAMM-LEACH-BULEYACT IT GOVERNANCERULES?

[3]

3.9 Information is a key resource for all enterprises. What benefits do information and

technology bring to enterprises?

[2]

QUESTION 4: CASESTUDY

[45)

Enterprises are increasingly making tangible and intangible investments in improving

enterprise governance of IT. In support of this, enterprises are drawing upon the practical

relevance of generally accepted good-practice frameworks such as COBIT. COBIT is an

internationally recognized industry framework that describes a set of good practices for the

board, executive management, and operational business and IT managers. It sets out a set of

controls over information technology and organizes them around a logical framework of IT-

related processes and enablers.

4.1 In an interview for a post of an IT Governance expert, you were invited, one of the

interview panel members asked you to identify the five principles of COBIT 5 and then

wants you to have a clear discussion with them on Principle number 5 (Separating

Governance from Management}.

[10]

4.2 Another question is asked, if you are selected as the best candidate for the job, what

projects in line with Enterprises Governance of IT will be of your interest. On this question

6 Page 6

▲back to top

you have just remembered that COBIT 19 was just launched and just completed this

certification, the organization you are appointed in has COBIT 5 already implemented,

discuss why COBIT 19 makes part of the projects to start with, however sensitive the

audience with challenges when implementing such projects.

[10]

4.3 The panelist looks impressed and are nodding their heads to agree with your discussion.

Then a follow-up question is asked for clarity of what you presented. A whiteboard maker

is presented to you with a writing pen. Explain the difference between governance and

management of enterprise IT and illustrate with examples?

[5]

4.4 In conclusion, you are asked to describe Tools and Technologies to Manage the IT

Governance Infrastructure?

[5]

4.5 Expand the discussion by mentioning the benefits of these technologies mentioned in 4.4

[5]

4.6 Describe the two IT Governance rules enterprises must be aware of?

[4]

4.7 In closing, give recommendation that organisations must consider with interest to

improving governance of IT?

[6]

..:~'

-END OFEXAMS-

. '. .. .-.. ~·