SCHOOL OF POSTGRADUATE

STUDIES
GRM740 – GOVERNANCE AND
MANAGEMENT OF IT RISK

FINAL EXAMINATION

MONDAY 24TH MAY, 2021

14: 00 -17:00 HOURS

TIME ALLOWED: 3 HOURS PLUS 5 MINUTES READING TIME

INSTRUCTIONS TO CANDIDATES:

1. Read the instructions very carefully.

2. Check that you have the correct examination paper in front of you.

3. There are FOUR (4) questions in this examination paper. Answer ALL
questions.

4. All questions must be answered in the answer booklet provided only.

5. Write down the number of questions that you have answered on the cover of
the examination answer booklet.

6. Begin answering each question on a new page in the answer booklet provided
only.

7. No books, files or mechanical / electronic aids are permitted.

8. There shall be NO communication among students during the examination.

Any students caught doing this will be disqualified.

DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO.

Page 1 of 4
QUESTION ONE (1)

Workflow management systems aid the systematic control of work-processes for users
within and across departments. Further, the systems provide Management with an
eagle’s eye on process-status scrutiny and document approvals. In all these information
exchanges, safeguarding the digital rights of corporate users is at the core of IT risk.

REQUIRED:

a) Demonstrate, where possible through use of diagrams (if, any) the relationship or
variable dependences between IT Governance and Information Security.
[25
Marks]
b) Explain any FIVE techniques that may be adopted in safeguarding the digital rights
of corporate information system users. [15
Marks]

[TOTAL: 40 MARKS]

QUESTION TWO (2)

Arguments, at times, ensue from certain quarters within the information security
community concerning the negligibility or intangible effects of cyberattacks.
Contra-thoughts, however, hold that the effects of cyberattacks are real, and that contra
arguments may only be valid depending on the exact nature of the digital system under
attack. They further argue that there is an increasing number of critical control systems
that are more or less vulnerable to cyberattacks, and the effect of successful hacking
can run the gamut from being a nuisance only, to being deadly.

REQUIRED

a) Demonstrate, through use of risk indicators, the effects of cyberattacks on an

economy. [12
Marks]

Page 2 of 4
b) Exemplify the extreme effects of cyberattacks of people’s lives. [8 Marks]
[TOTAL: 20 MARKS]

QUESTION THREE (3)

You are the risk officer at Wet Port, a firm whose core business is to export and import
the various forms of cargo and shipments. The institution operates devoid of meaningful
integrated IT systems to aid evidence-based decision making. Previously, a proposal to
implement corporate-wide enterprise resource planning system had been submitted but
did not yield any results, and has thus, been shelved and ignored.

REQUIRED:

a) Restructure the said proposal for resubmission to Management.

[10 Marks]

b) Highlight any FOUR (4) key issues and risks across departments that the
implementation of your resubmitted proposal should easily identify and address.
[10 Marks]

[TOTAL: 20 MARKS]

QUESTION FOUR (4)

Given today’s business rivalry, automating business processes across organizational

units through information systems, is an imperative. Proactively managing supportive IT
services by the IT department in order to fully meet the competing IT enabled business
processes across the business-units are the core issues to IT services Management.

REQUIRED:

Page 3 of 4
a) Demonstrate using FOUR example cases across departments, how IT services
Management may be a source of IT risk. [10
Marks]

b) Demonstrate how an organization may harness IT Services Management as a

disruptive strategy in existing markets. [10
Marks]
[TOTAL: 20 MARKS]

END OF EXAMINATION PAPER

Page 4 of 4