Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Práticas de governança de tecnologia da informação: um estudo de caso em empresas de telecomunicações do Rio Grande do Norte

This study aims to understand the general model of governance of information technology adopted by telecommunication companies operating in Rio Grande do Norte. The research methodology used involved a theoretical and empirical approach prepared, involving two case studies on companies in the telecommunications industry working in the state of Rio Grande do Norte. The study covered the area of IT organizations, through interviews with managers responsible for the area of Telecommunications / IT. To study in accordance with the approach and address the problem of research, this study was based on qualitative criteria, which enabled the understanding of how companies adopt the governance of information technology. In conclusion, it was found that the governance practices of information technology employees are incipient, but that meet the needs of business and that they intend to implement in specific areas and use other practices of IT governance

Mudança dos processos de negócios e adequação da TI nas empresas em decorrência da implantação do sistema público de escrituração digital SPED: um estudo de casos múltiplos

Companies have always been organized by processes, often imperceptible to its employees. With the advancement of technology, organizational processes currently run an organization through computers, and thus generate immediate information that is available to each sector. With the objective of seeking business information in real time, the government created the SPED - Public System of Digital, which involves three subsystems, which are the Electronic Invoice, Digital Accounting Bookkeeping and Digital Tax Bookkeeping. This system is revolutionizing the business structures when gathering, in an innovative way, all information and interlinked business processes. For the implementation of SPED, a revision in the organizational processes is required, since the information is generated and is sent online to the government, without mistakes. Thus the study aimed to analyze the change brought about by the implementation of the Public System of Digital SPED in the main business processes. In order to do so, we have performed a multiple case study involving three companies in the state of Para, two operate in wholesale and one explores agribusiness. The Data collection was performed by accounting professionals, IT and managers. According to the results obtained, it was found that in two companies, the IT infrastructure was capable of deploying the new system without major problems, while one company had more difficulties to cope with the new system. However, all companies had to examine its processes to make the customizations needed to fit. It was also observed that there is no IT Governance in two companies. Therefore, we recommend the use of an appropriate model, not only for the implementation of SPED, but as a way to manage and extract better results from investment in information technology