Computer-Based Testing has moved from "nice to have" to regulatory expectation across West and East Africa. JAMB, WAEC, and growing numbers of accreditation bodies now recognise — or mandate — CBT as the standard delivery mechanism for high-stakes assessments. But simply moving your paper exam onto a screen solves none of the integrity problems. It only changes where the cheating happens.
A genuinely cheat-resistant CBT exam requires deliberate system design across three layers: how questions are stored and assembled, how they are delivered differently to each candidate, and how candidate behaviour is monitored throughout the session. This article walks through each layer in practical terms.
Many institutions assume that moving to CBT automatically prevents cheating because students aren't writing on paper. In reality, a poorly configured CBT system can be easier to exploit than paper — candidates can photograph screens, share answers via messaging apps, or exploit predictable question sequences if no randomisation is in place.
Layer 1 — Building a Robust Question Bank
The quality and depth of your question bank is the foundation of exam integrity. A bank with only 40 questions for a 30-question exam gives candidates near-identical papers. A well-structured bank of 200+ questions across difficulty tiers makes each sitting genuinely unique.
Organise by objective and difficulty
Every question should be tagged with at minimum: the learning objective it tests, its difficulty tier (low / medium / high), and the topic or module it belongs to. This metadata is what allows intelligent, blueprint-driven randomisation — ensuring each candidate sits a paper of equivalent difficulty even when the specific questions differ.
Build in layers — not just quantity
A common mistake is adding hundreds of superficially different questions that all test the same recall of a single fact. A strong bank includes questions that test application, analysis, and synthesis alongside basic recall. This also raises the cognitive bar for candidates who attempt to memorise leaked question lists.
Question Versioning
Maintain multiple variants of the same question with different numbers, names, or scenarios. Identical learning objectives, but distinct enough to prevent direct sharing.
Retired Question Pools
Rotate questions out of active use after a set number of sittings and keep a history. Prevents long-running "bank leakage" where students accumulate seen questions over years.
Item Analysis Reports
Review which questions too many students answer correctly or incorrectly. Flag outliers — they're either too easy, poorly worded, or have been circulating externally.
Role-Based Access
Restrict which staff can view, edit, or export questions. Question setters should not be able to access the active exam configuration or candidate list.
Layer 2 — Randomisation That Actually Works
Randomisation is the single most effective technical control against collusion during live sittings. But randomisation done poorly creates a different problem: some candidates sit an unfairly hard paper while others get an easy one. The goal is equivalent difficulty, not identical questions.
Blueprint-Driven Selection
Define the exam blueprint first: "10 questions from Module 3, 8 from Module 4, 5 high-difficulty, 10 medium, 5 low." The system then draws randomly within each constraint. Every candidate's paper meets the same blueprint — different questions, equivalent coverage and difficulty distribution.
Option Shuffling Within Questions
For MCQs, randomise the order of answer options (A, B, C, D) per candidate. This alone eliminates the "call out the letter" cheating method that's rife in supervised halls where candidates whisper answers down rows.
Question Order Randomisation
Shuffle the sequence of questions so candidates sitting side by side are never on the same question at the same time. Even if two students share a question, the timing mismatch makes visual copying impractical.
Prevent Return to Answered Questions (Optional)
For high-stakes exams, configure the system to restrict backward navigation. This removes the ability for a student to leave questions blank, share answers externally, and then return with answers in the final minutes.
"The most effective randomisation isn't about making papers unrecognisable — it's about ensuring no two candidates can usefully share answers in the time available."
Click Editorial — Assessment Design SeriesLayer 3 — Proctoring Without Expensive Hardware
The word "proctoring" often conjures images of AI webcam systems that cost thousands of dollars per sitting. For most African institutions, that's not a realistic starting point. The good news is that the majority of exam integrity incidents can be addressed with software-level controls and trained human oversight — no specialist hardware required.
Browser lockdown mode
A secure browser or kiosk-mode configuration prevents candidates from opening other tabs, using screenshot tools, or accessing messaging applications during the exam. This is the most impactful single software control available. TestClick's lockdown mode disables copy-paste, blocks browser shortcuts, and renders external application switching impossible for the duration of the session.
Behaviour flags and audit logs
Every candidate action — login time, question view duration, answer changes, focus loss events — should be logged with a timestamp. Focus loss events (where the exam window loses focus, suggesting the candidate switched applications) are particularly revealing. A pattern of 40 focus loss events in a 90-minute exam tells a clear story, even without video evidence.
| Control | Addresses | Cost | Required? |
|---|---|---|---|
| Question randomisation | Answer sharing between adjacent candidates | None (software) | ✓ Essential |
| Browser lockdown | Tab switching, external apps, screenshots | None (software) | ✓ Essential |
| Focus loss logging | Application switching during exam | None (software) | ✓ Essential |
| Human invigilators | Physical device use, impersonation | Staff time | ✓ Recommended |
| Photo ID verification | Candidate impersonation | None (process) | ✓ Recommended |
| AI webcam proctoring | Mobile phone use, reference materials | High (third-party) | ◯ Optional |
| Network-level monitoring | Shared VPN or coordinated answer-sharing | Medium (IT) | ◯ Optional |
Staggered start times for large cohorts
If your institution cannot provide a fully separate computer for every candidate simultaneously, staggered sittings — different groups starting 60–90 minutes apart — are a practical alternative. Pair this with unique question sets per sitting and communication blackout protocols between groups, and you eliminate the advantage of early sitters briefing late ones.
TestClick's session management module supports concurrent sitting groups with automated per-group question set assignment. Administrators can configure blackout windows per group and view real-time session status for all active candidates from a single dashboard — no manual coordination required.
After the Exam: Integrity Analytics
The work doesn't end when the timer hits zero. Post-exam analytics can surface collusion patterns that weren't visible during the sitting. Two of the most useful analyses are:
Answer similarity scoring — comparing the specific incorrect answers chosen by pairs of candidates. Random guessing produces unique wrong answers; collusion produces candidates who choose the same wrong option at an improbable rate. A statistical similarity above a set threshold flags the pair for investigation.
Response time analysis — candidates who answer every question in under 10 seconds didn't read them. Abnormally fast completion, particularly for high-difficulty questions, is a strong indicator of pre-knowledge or external assistance. This data is available in TestClick's candidate audit export.
Integrity analytics should trigger investigation, not automatic penalties. A candidate who completes the exam quickly may simply be well-prepared. Findings should be reviewed by an academic integrity committee before any action is taken against a student.
Getting Started With TestClick
The controls described in this article — question banks, blueprint-driven randomisation, browser lockdown, and audit logging — are all native to TestClick's platform. There is no additional module to purchase and no external service to integrate.
Implementation typically takes two to three weeks for institutions migrating from paper: one week to structure and upload your question bank, one week for configuration and staff training, and a pilot sitting before full deployment. Our onboarding team works with your assessment office throughout the process.
See TestClick's Exam Integrity Tools in Action
Book a guided walkthrough of question bank setup, randomisation configuration, and live proctoring dashboards with our assessment team.
Request a Demo