Professional Documents
Culture Documents
GRM740 2000 Semester 1 Final Exam
GRM740 2000 Semester 1 Final Exam
GRM740 2000 Semester 1 Final Exam
FINAL EXAMINATION
2. Check that you have the correct examination paper in front of you.
3. There are FOUR (4) questions in this examination paper. Answer ALL questions.
5. Write down the number of questions that you have answered on the cover of
the examination answer booklet.
7. This is an Open Book Examination. You may consult with any learning materials
you wish.
Page 1 of 7
QUESTION ONE
The COVID-19 Pandemic has presented a myriad of social and economic challenges
both at individual and organizational level; however, the disease burden has at the same-
time exposed especially organizations to new realities which had previously been
unimaginable. Today, phrases such as ‘Work from Home’ are buzzwords. In this new
dispensation data governance programs become significant to organizations as they seek
to facilitate employees’ work in discrete virtual environments. Indeed it is true that, “a
sound data governance program includes a governing body or council, a defined set of
procedures, and a plan to execute those procedures.” As the Chief IT Risk Officer at
Mpulungu Harbor Corporation Limited (MHCL), you are;
Required:
A. To advise Management on the five (5) approaches to safeguarding the digital rights
of employees deriving corporate services via the Internet. [10 Marks]
B. To formulate, with the aid of a diagram the two guiding principles in the design of
data governance and their corresponding governance mechanisms. [15 Marks]
Page 2 of 7
Required:
Indicate (by filling in the blanks), the accountable, consulted or informed data owners
with regards to core business processes within the Maintenance and Operations
data governance council at MHCL. [15 Marks]
[TOTAL: 40 MARKS]
QUESTION TWO
On the 18th September, 2019 AtlasMara Bank closed its entire branch network in Lusaka
hours after bailiffs pounced on its Headquarters and seized properties. Inside sources
revealed that the main server having been uprooted by the bailiffs adversely impacted
core banking system which included ATMs, Cards, Trust Accounts, SWIFT/Optics, Mobile
banking, Tenga, E-Tax, E-NAPSA and FISP. The bank later in the day assured its
customers that it was in the process of invoking the disaster recovery site in Chongwe so
that it could restart Core banking and Alternate channels. Source: Lusakatimes.com. A
week later you were shortlisted for an interview as a potential employee.
Required:
A. Explain the four possible Key Risk Indicators you presented to the interviewing
panel that the risk department might have failed to detect within the context of the
discussion. [6 Marks]
B. As an expert at risk management, explain the exact reasons you advanced to the
panel concerning operationalization of real-time disaster recovery policies
directed by the central bank to financial institutions such as the one under
discussion. [4 Marks]
C. Data governance programs and structures have little or no impact over matters
such as the one under review. Explain specific response(s) you presented to the
Page 3 of 7
panel concerning data governance programs and structures within the context
under discussion. [10 Marks]
[TOTAL: 20 MARKS]
QUESTION THREE
The Zambia Interbank Payment and Settlement System (ZIPSS) is the interbank payment
system or the Real Time Gross Settlement system for Zambia controlled, managed and
operated by the Bank of Zambia (BOZ) that facilitates interbank electronic transfer of
funds between the BOZ and the participants which are the Commercial Banks and, at
times the Non-Bank financial institutions.
The BOZ adopts the use of Public Key Infrastructure (PKI) which are essentially
encryption techniques that protect the integrity of data packets in transit from risk
exposure.
Required:
A. Differentiate public from secret key encryption. [2 Marks]
Page 4 of 7
QUESTION FOUR
IT governance should be viewed as how IT creates value that fits into the overall
Corporate Governance Strategy of the organization, and never be seen as a discipline on
its own. In taking this approach, all stakeholders would be required to participate in the
decision making process. This creates a shared acceptance of responsibility for critical
systems and ensures that IT related decisions are made and driven by the business and
not vice versa.
Required:
A. To prepare a summary presentation to advocate for the essence of IT Governance
to the Management Committee at the Road, Transport and Safety Agency (RTSA)
while highlighting any FIVE IT Governance best practices. [12 Marks]
B. To reinforce the value of IT Governance to information system auditors at the
RSTA. [8 Marks]
[TOTAL: 20 MARKS]
Page 5 of 7
APPENDIX 1
Page 6 of 7
APPENDIX – II
P10
Input 1 2 3 4 5 6 7 8 9 10
EP (Expand & Permutate)
Output 3 5 2 7 4 10 1 9 8 6 input: 1 2 3 4
o/put: 4 1 2 3 2 3 4 1
IP (Initial Permutation)
Input: 1 2 3 4 5 6 7 8
P8 o/put 2 6 3 1 4 8 5 7
Input 1 2 3 4 5 6 7 8 9 10 P4 (permutate)
Input : 1 2 3 4
o/put : 2 4 3 1
Output 6 3 7 4 8 5 10 9
-1
IP (inverse of IP)
Input: 1 2 3 4 5 6 7 8
O/put: 4 1 3 5 7 2 8 6
Page 7 of 7