IT Governance – 100 Marks

Module aim

To ensure that students can understand and apply knowledge relating to controls used in computer –
based systems, and to encourage a systematic understanding and a systematic approach to the use of
computers in organizations.

On completion of this module the students will be able to:

Information Technology Policies and Laws

LO1: Explain the implementation of the various legal, ethical and social issues and policies regarding
the Information System.
Decision Support Systems
LO2: Demonstrate how management information systems, decision support systems, executive information
systems, expert systems, and artificial intelligence technologies can be applied to decision-making
situations faced by business managers and professionals in today’s dynamic business environment.
IT Governance, Organisation and Strategy
LO3: Understand the IT governance, management and control frameworks and related standards,
guidelines and practices along with features of information system, impact of information system, different
strategic models and challenges of information system.
Information Systems Security
LO4: Identify the threats against and defences needed for the performance and security of business
information systems as well as societal impact and ethical implications of information technology. Learn
about enterprise’s security policies, standards, procedures and controls ensure the confidentiality, integrity
and availability of information assets.
Developing Business/IT Solutions
LO5: Understand the traditional, prototyping, and end-user approaches to the development of information
systems and discusses the processes and managerial issues in the implementation of new business
applications of information technology.
Information Systems Auditing
LO6: Demonstrate the knowledge necessary to audit information system in accordance with IS audit
standards to assist the organization with protecting and controlling information systems.

Method of assessment

The Information Technology Governance module will be examined using a paper-based assessment of 3 hours.

Page 57 of 99
Specification Grid

This grid shows the relative weightings of chapters within this module and should guide the relative study time
spent on each. Over time, the marks available in the assessment will equate to the weightings below, while
slight variations may occur in individual assessments to enable suitable questions to be set.

Weighting
Syllabus area
(indicative %)
1 Information Technology Policies and Laws 10
2 Decision Support Systems 20
3 IT Governance, Organisation and Strategy 15
4 Information Systems Security 20
5 Developing Business/IT Solutions 15
6 Information Systems Auditing 20
100
* Questions will be set covering all the above areas.

Information Technology Policies and Laws

National IT Policy, 2009 (Reference: 4)

Information and Communication Technology Act, 2006 (Reference: 5)
Ethical and social issues in information systems (Reference: 2, Chapter – 4)

Decision Support Systems

Decision support in business (Reference: 1, Chapter – 10, Section I)

Artificial intelligence technologies in business (Reference: 1, Chapter – 10, Section II)
Understanding blockchain technology (Reference: 7)
Understanding fintech technologies (Reference: 8)

IT Governance, Organisation and Strategy

IT Governance (Reference: 6)
IT Organisations and strategy (Reference: 2, Chapter – 3)

Information Systems Security

System vulnerability and abuse (Reference: 2, Chapter – 8, Section 8.1)

Business value of security control (Reference: 2, Chapter – 8, Section 8.2)
Ethical responsibilities of business professional (Reference: 1, Chapter – 13, Section I)
Computer crime (Reference: 1, Chapter – 13, Section I)
Privacy issues (Reference: 1, Chapter – 13, Section I)
Current state of cyber law (Reference: 1, Chapter – 13, Section I)
Other challenges (Reference: 1, Chapter – 13, Section I)
Establishing a framework for security and control (Reference: 2, Chapter – 8, Section 8.3)
Page 58 of 99
 Technologies and tools for security (Reference: 2, Chapter – 8, Section 8.4)
Information security management (Reference: 3, Chapter – 5, Section 5.2)
Auditing information security management framework (Reference: 3, Chapter – 5, Section 5.5)
Cybersecurity (Reference 13 – Page 7 to 11)
Developing Business/IT Solutions

Developing business systems (Reference: 1, Chapter – 12, Section I)

Implementing business systems (Reference: 1, Chapter – 12, Section II)

Information Systems Auditing

Management of the IS audit function (Reference: 3, Chapter – 1, Section 1.2)

ISACA IS audit and assurance standards and guidelines (Reference: 3, Chapter – 1, Section 1.3)
IS controls (Reference: 3, Chapter – 1, Section 1.4)
Performing an IS audit (Reference: 3, Chapter – 1, Section 1.5)
Communicating audit results (Reference: 3, Chapter – 1, Section 1.6)

Page 59 of
99
References:

Management Information Systems: James A O'Brien, George M Marakas, and Ramesh Behl, Tata McGraw-
Hill Education Private Limited
Management Information Systems - Managing the Digital Firm: Kenneth C. Laudon and Jane P. Laudon, PHI
Learning Private Limited, New Delhi
CISA Review Manual: Information Systems Audit and Control Association
National IT Policy, 2009
Information and Communication Technology Act, 2006
What is IT governance? A formal way to align IT & business strategy
(https://www.cio.com/article/2438931/governance/governanceit-governance-definition-
and-solutions.html)
Understanding Blockchain Technology And What It Means for Your Business, DBS Innovation Group
(https://www.dbs.com.sg/treasures/aics/pdfController.page?pdfpath=/content/article/
pdf/AIO/AIO_2016/SECTOR-19-001-blockchain-lowres.pdf)
FinTech in Germany, Gregor Dorfleitner, Lars Hornuf, Matthias Schmitt, Martina Weber, Springer
International Publishing
(https://www.springer.com/cda/content/document/cda_downloaddocument/9783319546650-
c2.pdf?SGWID=0-0-45-1602368-p180682637)

Additional References:

Accounting Information Systems: James A. Hall, Thomson South-Western

Accounting Information Systems: Marshall B. Romney and Paul John Steinbart, Pearson Education, Inc.
Value of Fintech, KPMG (https://assets.kpmg.com/content/dam/kpmg/uk/pdf/2017/10/value-of-
fintech.pdf)
Using CAATs to Support IS Audit by S. Anantha Sayana, CISA, CIA (http://www.isaca.org/Journal/Past-
Issues/2003/Volume-1/Pages/Using-CAATS-to-Support-IS-Audit.aspx )
Cybersecurity and the Internet of Things by EY (http://www.ey.com/Publication/vwLUAssets/EY-
cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-and-the-internet-of-things.pdf)

The following learning outcomes should be read in conjunction with the relevant sections of the technical
knowledge grids.

Information Technology Policies and Laws LO1

Information Technology Policies and Laws

Candidates will be able to explain the implementation of the various legal, ethical and social issues and
policies regarding the Information System.

In the assessment, candidates may be required to:

Identify the purpose of IT policies, standards and procedures for an organization and the essential
elements of each.
Identify the relevant laws, regulations and industry standards affecting the organization
Demonstrate the impact of Ethical and social issues in information systems

Page 60 of
99
 Discuss the different provisions of National IT Policy 2009, Information and communication Technology
Act 2006.

Decision Support Systems LO2

Decision Support Systems

Candidates will be able to demonstrate how management information systems, decision support
systems, executive information systems, expert systems, and artificial intelligence technologies can be
applied to decision-making situations faced by business managers and professionals in today’s
dynamic business environment.

In the assessment, candidates may be required to:

Identify the changes taking place in the form and use of decision support in business.
Identify the role and reporting alternatives of management information systems.
Describe how online analytical processing can meet key information needs of managers.
Explain the decision support system concept and how it differs from traditional management information
systems.
Explain how the following information systems can support the information needs of executives,
managers, and business professionals:
Executive information systems
Enterprise information portals
Knowledge management systems
Identify how neural networks, fuzzy logic, genetic algorithms, virtual reality, and intelligent agents can
be used in business.
Illustrate the ways expert systems can be used in business decision-making situations.

IT Governance, Organisation and Strategy LO3

IT Governance, Organisation and Strategy

Candidates will be able to understand the IT governance, management and control frameworks and related
standards, guidelines and practices along with features of information system, impact of information system,
different strategic models and challenges of information system.

In the assessment, candidates may be required to:

Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and
performance support the organization’s strategies and objectives.
Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development,
approval, implementation and maintenance for alignment with the organization’s strategies and objectives.
Explain the organization’s technology direction and IT architecture and their implications for setting long-
term strategic directions
Identify features of organizations managers need to know about to build and use information
systems successfully.
Identify the impact of information systems on organizations.

Page 61 of 99
 Demonstrate Porter’s competitive forces model, the value chain model, synergies, core competencies, and
network economics that help companies develop competitive strategies using information systems.
Identify the challenges posed by strategic information systems and how should they be addressed.

Information Systems Security LO4

Information Systems Security

Candidates will be able to identify the threats against and defences needed for the performance and
security of business information systems as well as societal impact and ethical implications of
information technology. Candidates will also learn about enterprise’s security policies, standards,
procedures and controls ensure the confidentiality, integrity and availability of information assets.

In the assessment, candidates may be required to:

Identify information systems vulnerability to destruction, error, and abuse.

Identify the business value of security and control.
Identify the components of an organizational framework for security and control.
Demonstrate the most important tools and technologies for safeguarding information resources.
Identify several ethical issues regarding how the use of information technologies in business affects
employment, individuality, working conditions, privacy, crime, health, and solutions to societal problems.
Identify several types of security management strategies and defences and explain how they can be used to
ensure the security of business applications of information technology.
Evaluate the information security and privacy policies, standards and procedures for completeness,
alignment with generally accepted practices and compliance with applicable external requirements.
Evaluate the design, implementation, maintenance, monitoring and reporting of physical and
environmental controls to determine whether information assets are adequately safeguarded.

Developing Business/IT Solutions LO5

Developing Business/IT Solutions

Candidates will be able to understand the traditional, prototyping, and end-user approaches to the
development of information systems and discusses the processes and managerial issues in the
implementation of new business applications of information technology.

In the assessment, candidates may be required to:

Use the systems development process outlined as problem-solving frameworks to propose information
systems solutions to simple business problems.
Describe and illustrate how to use each of the steps of the information systems development life cycle to
develop and implement a business information system.
Explain how prototyping can be used as an effective technique to improve the process of systems
development for end users and IS specialists.
Demonstrate the basics of project management and their importance to a successful system
development effort.
Identify the activities involved in the implementation of new information systems.
Compare and contrast the four basic system conversion strategies.

Page 62 of 99
 Describe several evaluation factors that should be considered in evaluating the acquisition of hardware,
software, and IS services.

Information Systems Auditing LO6

Information Systems Auditing

Demonstrate the knowledge necessary to audit information system in accordance with IS audit
standards to assist the organization with protecting and controlling information systems.
In the assessment, candidates may be required to:

Execute a risk-based IS audit strategy in compliance with IS audit standards to ensure that key risk areas
are audited.
Plan specific audits to determine whether information systems are protected, controlled and provide value
to the organization.
Conduct audits in accordance with IS audit standards to achieve planned audit objectives.
Communicate audit results and make recommendations to key stakeholders through meetings and
audit reports to promote change when necessary.
Conduct audit follow-ups to determine whether appropriate actions have been taken by management in a
timely manner.