SCHOOL OF POSTGRADUATE STUDIES

GRM 740 – GOVERNANCE AND MANAGEMENT OF IINFORMATION

TECHNOLOGY RISK

FINAL EXAMINATION

MONDAY 15TH JUNE, 2020

14:00 - 17:00 HOURS

TIME ALLOWED: 3 HOURS PLUS 5 MINUTES READING TIME

INSTRUCTIONS TO CANDIDATES:
1. Read the instructions very carefully.

2. Check that you have the correct examination paper in front of you.

3. There are FOUR (4) questions in this examination paper. Answer ALL questions.

4. All questions must be answered in the answer booklet provided only.

5. Write down the number of questions that you have answered on the cover of
the examination answer booklet.

6. Begin answering each question on a new page.

7. This is an Open Book Examination. You may consult with any learning materials
you wish.

8. There shall be NO COMMUNICATION AMONG STUDENTS during the

examination. Any students caught doing this will be disqualified.
DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO.

Page 1 of 7
QUESTION ONE

The COVID-19 Pandemic has presented a myriad of social and economic challenges
both at individual and organizational level; however, the disease burden has at the same-
time exposed especially organizations to new realities which had previously been
unimaginable. Today, phrases such as ‘Work from Home’ are buzzwords. In this new
dispensation data governance programs become significant to organizations as they seek
to facilitate employees’ work in discrete virtual environments. Indeed it is true that, “a
sound data governance program includes a governing body or council, a defined set of
procedures, and a plan to execute those procedures.” As the Chief IT Risk Officer at
Mpulungu Harbor Corporation Limited (MHCL), you are;

Required:

A. To advise Management on the five (5) approaches to safeguarding the digital rights
of employees deriving corporate services via the Internet. [10 Marks]

B. To formulate, with the aid of a diagram the two guiding principles in the design of
data governance and their corresponding governance mechanisms. [15 Marks]

C. Using the diagram below;

Page 2 of 7
 Required:

Indicate (by filling in the blanks), the accountable, consulted or informed data owners
with regards to core business processes within the Maintenance and Operations
data governance council at MHCL. [15 Marks]

[TOTAL: 40 MARKS]

QUESTION TWO

On the 18th September, 2019 AtlasMara Bank closed its entire branch network in Lusaka
hours after bailiffs pounced on its Headquarters and seized properties. Inside sources
revealed that the main server having been uprooted by the bailiffs adversely impacted
core banking system which included ATMs, Cards, Trust Accounts, SWIFT/Optics, Mobile
banking, Tenga, E-Tax, E-NAPSA and FISP. The bank later in the day assured its
customers that it was in the process of invoking the disaster recovery site in Chongwe so
that it could restart Core banking and Alternate channels. Source: Lusakatimes.com. A
week later you were shortlisted for an interview as a potential employee.

Required:
A. Explain the four possible Key Risk Indicators you presented to the interviewing
panel that the risk department might have failed to detect within the context of the
discussion. [6 Marks]

B. As an expert at risk management, explain the exact reasons you advanced to the
panel concerning operationalization of real-time disaster recovery policies
directed by the central bank to financial institutions such as the one under
discussion. [4 Marks]

C. Data governance programs and structures have little or no impact over matters
such as the one under review. Explain specific response(s) you presented to the

Page 3 of 7
 panel concerning data governance programs and structures within the context
under discussion. [10 Marks]
[TOTAL: 20 MARKS]

QUESTION THREE

The Zambia Interbank Payment and Settlement System (ZIPSS) is the interbank payment
system or the Real Time Gross Settlement system for Zambia controlled, managed and
operated by the Bank of Zambia (BOZ) that facilitates interbank electronic transfer of
funds between the BOZ and the participants which are the Commercial Banks and, at
times the Non-Bank financial institutions.

The BOZ adopts the use of Public Key Infrastructure (PKI) which are essentially
encryption techniques that protect the integrity of data packets in transit from risk
exposure.

Required:
A. Differentiate public from secret key encryption. [2 Marks]

B. A computer at INDO-ZAMBIA bank intends transmitting Zambian Kwacha 5610

over the ZIPSS to BOZ and onward to ABSA on a normal intraday trading.
Determine the ciphertext using the key, C2D7, assuming the ZIPSS uses the
simplified Advanced Encryption Standard. Show all your work clearly!
[18 Marks]
[TOTAL: 20 MARKS]

Note: Use the information provided in Appendix - I to assist in determining solutions to

question three.

Page 4 of 7
QUESTION FOUR

IT governance should be viewed as how IT creates value that fits into the overall
Corporate Governance Strategy of the organization, and never be seen as a discipline on
its own. In taking this approach, all stakeholders would be required to participate in the
decision making process. This creates a shared acceptance of responsibility for critical
systems and ensures that IT related decisions are made and driven by the business and
not vice versa.

Required:
A. To prepare a summary presentation to advocate for the essence of IT Governance
to the Management Committee at the Road, Transport and Safety Agency (RTSA)
while highlighting any FIVE IT Governance best practices. [12 Marks]
B. To reinforce the value of IT Governance to information system auditors at the
RSTA. [8 Marks]
[TOTAL: 20 MARKS]

END OF EXAMINATION PAPER

Page 5 of 7
 APPENDIX 1

Round constant 1 = 10000000

Round constant 2 = 00110000

Page 6 of 7
 APPENDIX – II

P10

Input 1 2 3 4 5 6 7 8 9 10
EP (Expand & Permutate)
Output 3 5 2 7 4 10 1 9 8 6 input: 1 2 3 4
o/put: 4 1 2 3 2 3 4 1

IP (Initial Permutation)
Input: 1 2 3 4 5 6 7 8
P8 o/put 2 6 3 1 4 8 5 7

Input 1 2 3 4 5 6 7 8 9 10 P4 (permutate)
Input : 1 2 3 4
o/put : 2 4 3 1
Output 6 3 7 4 8 5 10 9
-1
IP (inverse of IP)

Input: 1 2 3 4 5 6 7 8
O/put: 4 1 3 5 7 2 8 6

Page 7 of 7