ISG711S - INFORMATION SYSTEM STRATEGY and GOVER - IST OPP - JUNE 2022


ISG711S - INFORMATION SYSTEM STRATEGY and GOVER - IST OPP - JUNE 2022



1 Page 1

▲back to top


nAml BIA unlVERSITY
OF SCIEnCE Ano TECHrilOLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENT OF INFORMATICS, JOURNALISM AND MEDIA TECHNOLOGY
QUALIFICATION: BACHELOR OF INFORMATICS
QUALIFICATION CODE: 07BAIT
LEVEL: 7
COURSE CODE: ISG711S
COURSE NAME: INFORMATION SYSTEM STRATEGY AND
GOVERNANCE
SESSION: JUNE 2022
PAPER: THEORY
DURATION: 3 HOURS
MARKS: 100
FIRST OPPORTUNITY EXAMINATION QUESTION PAPER
EXAMINER(S) Ms SINTE MUTELO
MODERATOR: MS HELENA NAHUM
INSTRUCTIONS
1. Answer ALL the questions.
2. Write clearly and neatly.
3. Number the answers.
PERMISSIBLE MATERIALS
1. Pen
2. Pencil
THIS QUESTION PAPER CONSISTS OF 6 PAGES (including this front page)
1

2 Page 2

▲back to top


QUESTION 1: MULTIPLE CHOICE
[5]
Write only the correct letter of your choice in the answer book.
1. .............is an integral part of corporate governance, exercised by the Board, overseeing
the definition, and implementation of processes, structures, and relational
mechanism in the organisation.
[1]
a. Corporate Governance of IT
b. Enterprise Governance of IT
c. IT Alignment
d. IT Investment
2. ........... is a subset of enterprise governance, which at the highest-level drives and sets
what needs to be accomplished by improving overall management processes? [1]
a. IT architecture
b. IT governance
c. IT alignment
d. IT infrastructure
3. ............has caused major changes that have impacted corporate governance,
accounting, and financial reporting audit processes.
[1]
a. COSOinternal Controls
b. COBIT
c. Sarbanes-Oxley
d. ISO
4. COSO internal control systems monitoring guidance established a four-phase
monitoring process which includes but NOT.........
[1]
a. understand the risks to its organizational objectives
b. identify the controls that address those prioritized risks
2

3 Page 3

▲back to top


c. identification of information that will persuasively indicate that the internal
control system is operating effectively
d. Operating management normal functions
5. Which of the following is NOT a benefit of Information Technology Infrastructure
Library (ITIL}?
[1]
a. Reduce IT cost
b. Training requirements
c. Improved customer satisfaction
d. Improved productivity
3

4 Page 4

▲back to top


QUESTION 2: TRUE or FALSE
[5]
Write TRUE OR FALSEanswer in the answer book provided
2.1 ISO 9000 is an important IT-related security standard designed to help any enterprise
that needs to establish a comprehensive information security management program
or improve its current information security practices.
[1]
2.2 Technology is becoming pervasive in all aspects of business and personal life.
[1]
2.3 Internal control does not extend beyond accounting and financial matters and exclude
all enterprise processes
[1]
2.4 Delivering enterprise stakeholder value requires good governance and Risk
management of information and technology (IT) assets.
[1]
2.5 Cloud computing is more than just the Internet.
[1]
QUESTION 3: SHORT ANSWER QUESTIONS
[45]
3.1 Discuss the following terminologies about Enterprise of IT Governance.
a. Enterprise Governance
[2]
b. Governance
[2]
c. Business Value
[2]
d. Health Insurance Portability and Accountability Act (HIPAA) rules
[2]
e. Risk appetite
[2]
3.2 What does "alignment between the business and IT" exactly mean?
[5]
3.3 There is no single accepted definition of IT governance, and an Internet search shows
that IT governance means different things to different people: What is IT Governance to
you?
[5]
3.4 COSOinternal controls are important IT governance tools. Illustrate the COSOinternal
control Framework and Discuss only the five front facing components
[5]
4

5 Page 5

▲back to top


3.5 GRCis an increasingly recognized term that reflects a new way in which enterprises today
are adopting an integrated approach to these aspects of their business. Each of the disciplines
consists of the four basic GRCcomponents. List and discuss the component?[8]
3.6 What is ISACA' focus when it developed IT governance best practices framework COBIT,
VALIT and RISKIT
[3]
3.7 THE PAYMENT CARD INDUSTRYDATA SECURITYSTANDARD (PCI DSS}is an information
security best practice as well as an industry required standard for the many enterprises that
handle cardholder information for the major debit, credit, automatic payment (ATM}, and
retail point-of-sale (POS}cards. With the combined efforts of its IT, internal audit, legal, credit,
and finance staffs, an enterprise should take the necessary steps to establish PCI DSS
compliance. What are the general requirements of PCI DSS?
[6]
3.8 What is purpose of GRAMM-LEACH-BULEYACT IT GOVERNANCERULES?
[3]
3.9 Information is a key resource for all enterprises. What benefits do information and
technology bring to enterprises?
[2]
QUESTION 4: CASESTUDY
[45)
Enterprises are increasingly making tangible and intangible investments in improving
enterprise governance of IT. In support of this, enterprises are drawing upon the practical
relevance of generally accepted good-practice frameworks such as COBIT. COBIT is an
internationally recognized industry framework that describes a set of good practices for the
board, executive management, and operational business and IT managers. It sets out a set of
controls over information technology and organizes them around a logical framework of IT-
related processes and enablers.
4.1 In an interview for a post of an IT Governance expert, you were invited, one of the
interview panel members asked you to identify the five principles of COBIT 5 and then
wants you to have a clear discussion with them on Principle number 5 (Separating
Governance from Management}.
[10]
4.2 Another question is asked, if you are selected as the best candidate for the job, what
projects in line with Enterprises Governance of IT will be of your interest. On this question
5

6 Page 6

▲back to top


you have just remembered that COBIT 19 was just launched and just completed this
certification, the organization you are appointed in has COBIT 5 already implemented,
discuss why COBIT 19 makes part of the projects to start with, however sensitive the
audience with challenges when implementing such projects.
[10]
4.3 The panelist looks impressed and are nodding their heads to agree with your discussion.
Then a follow-up question is asked for clarity of what you presented. A whiteboard maker
is presented to you with a writing pen. Explain the difference between governance and
management of enterprise IT and illustrate with examples?
[5]
4.4 In conclusion, you are asked to describe Tools and Technologies to Manage the IT
Governance Infrastructure?
[5]
4.5 Expand the discussion by mentioning the benefits of these technologies mentioned in 4.4
[5]
4.6 Describe the two IT Governance rules enterprises must be aware of?
[4]
4.7 In closing, give recommendation that organisations must consider with interest to
improving governance of IT?
[6]
..:~'
-END OFEXAMS-
. '. .. .-..
6