IT GOVERNANCE

Time allowed- 3:30 hours

Total marks- 100

[N.B. - The figures in the margin indicate full marks. Questions must be answered in English. Examiner will take account
of the quality of language and the manner in which the answers are presented. Different parts, if any, of the same
question must be answered in one place in order of sequence.]

Marks
1. (a) Define “digital signature” as per the National ICT Policy - 2009? 3
(b) What is the procedure of establishment of Cyber Appellate Tribunal as per the National ICT
Policy - 2009? What are the procedure and powers of Cyber Appellate Tribunal? What will
be the appeal procedure in case the Cyber Appellate Tribunal is not established? 7

2. Financial ecosystem in Bangladesh is changing very fast. With the advancement of technology,
it has now become an integral part of financial ecosystem. Fintech is the new trend. Please
define Fintech and describe the segments of Fintech Industry. 6

3. Since its emergence, Blockchain technology is fast becoming critical to the 21st century
business, and is arguably the next big thing after the emergence of electricity and internet.
Write down some of the advantages of Blockchain. 5

4. (a) “Reasoning in fuzzy logic resembles human reasoning, in that it allows for approximate
values and inferences (fuzzy logic) and incomplete or ambiguous data (fuzzy data) instead
of relying only on crisp data” — explain. 5
Convert the following crisp rules for credit risk information on businesses to fuzzy rules.
Devise your own fuzzy logic terms.
i. Risk should be acceptable up to a value of 0.5.
ii. If debt-equity is > 0.8 then add 0.2 to risk.
iii. If income increases by 0.2 then risk is decreased by 0.1.
iv. If cash reserves are between 0.2 and 0.0 then risk is set to 0.9.
v. If PE ratio is greater than 0.7 then risk is decreased by 0.3.
(b) Northern Flour Limited (NFL), engaged in the process of flour production, have their
headquarters at Natore. They collect their wheat from different parts of northern districts of
Bangladesh and store these packed in sacks in different warehouses. Then certain types of
wheat are blended at prescribed portions to produce a certain brand of flour. But recently,
they have observed that some sacks are moved unnecessarily making the whole process
inefficient. NFL has decided to make the process more efficient with the use of AI. With
precise information about recipes, site constraints, and the blending program plus some
other information like current working capacity of each warehouse and the maintenance and
restocking work that may be in progress, indicate which AI algorithm will be suitable to
reduce the number of wasteful sack movement. Also, discuss how this AI algorithm works. 5

5. (a) How do you choose an IT governance framework? Do you need to choose only one
framework? Explain. 4
(b) Explain the two-way relationship between organizations and information technology with
reference to the mediating factors that play roles in this process. 6
(c) Agro Growers Limited, established more than fifty years ago, has a rather multi-hierarchical
organizational structure. Now, the management feels that the organization needs to be
restructured, reducing the number of levels in the hierarchy for better management.
Elucidate, how IT can be used to flatten this organization. 5

Page 1 of 2
6. Kawranbazar Sabji Limited (KSL) has been in business for more than fifty years. Though they
deal with vegetables only, they have a full grown IT system to take care of overall management
and operations. Their overall hardware infrastructure and corresponding manpower is quite
impressive.

Due to recent security related incidents in both home and abroad, the top management of KSL
is trying to reassess their position of IT environment in terms of security. You, as an IT security
expert, have been consulted for this important task.

Now, answer the following questions.

(a) Describe clearly how an IT system becomes vulnerable. 5
(b) Explain identity theft. Describe phishing, evil twins and pharming in this context. 5
(c) The management of KSL wants to establish a proper organizational framework for
security and control. Describe in detail the general controls that need to be addressed for
the purpose of establishing this framework. 4

7. Describe how computer forensics need to be carried out as per CISA guidelines. What are four
major considerations in the chain of events regarding evidence in computer forensics? Explain. 7

8. Any discussion of information system design and development would be incomplete without
including a discussion of basic project management concepts, techniques and tools. A project is
a special set of activities with a clear beginning and end. Every project has a set of goals,
objectives and tasks. Every project must also deal with a set of limitations or constrains. The
modern project management approach has identified five phases in the process. Describe five
phases of project management. 10

9. Prototyping can be used for both large and small applications. Typically, large business systems
still require using a traditional systems development approach, but parts of such systems can
frequently be prototyped. A prototype of a business application needed by an end user is
developed quickly using a variety of application development software tools. The prototype
system is then repeatedly refined until it is acceptable. Describe the prototyping process with
steps. 6

10. An information system (IS) audit or information technology (IT) audit is an examination of the
controls within an entity’s information technology infrastructure. These reviews may be
performed in conjunction with a financial statement audit, internal audit or other form of
attestation engagement. It is the process of collecting and evaluating evidence of an
organization’s information systems, practices and operations. Obtained evidence evaluation can
ensure whether the organization’s information systems safeguard assets, maintain data integrity
and are operating effectively and efficiently to achieve the organization’s goals or objectives.
(a) What are the data processing controls? Explain in brief. 5
(b) Discuss the controls and Auditor’s role with respect to Application Software
Acquisition/Selection Process. 7
(c) What are the general questions that the auditor will need to consider for quality control? 5

---The End---

Page 2 of 2