Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Atendimento Pré-hospitalar Móvel. Mapeando Riscos e Prevenindo Erros

The attention with safety of the patients is important in the quality of the nursing and health care. In the pre-hospital care, such care is essential on site with the purpose of avoiding possible consequences to the individual, ensuring a fast and appropriate care, with improvement of the morbidity and reduction of the mortality. This medical attention is equally associated with the significant risks of adverse events and serious mistakes, which can be reduced with the awareness of the professionals, organization and quality management. It is a descriptive, transversal research, of quantitative approach, with the objective of identifying the risks for the safety of the patient during the mobile pre-hospital care under the view of the nurses, in a city of the Brazilian Northeast. The sample was formed by 23 nurses. The inclusion criteria: to have at least two years of experience and accept to participate on the research. The data collection was done in two steps, first photo collection, through the adapted method of photographic analysis, and the second with the application of questionnaire, divide in two parts: socio-professional data and digital photo punctuation instrument of the patient s safety. The majority of the nurses had an average working time in the mobile pre-hospital care of six years and six months, in the age group of 38 to 53 years old (69,56%) and with Lato sensu specialization (73,91%), being (29,41%) emergency and (29,41%) in intensive care. The (74%) have the Advance Cardiac Life Support (ACLS) and (100%) have the Pre-Hospital Trauma Life Support (PHTLS); (91, 30%) know the thematic safety of the patient. On the pictures it was observed a bigger variability of the categories (risks) where 44% of variance emerged on the first picture of the research. The pictures 4 and 9 with the average below 5 were classified as very insecure, while pictures 7 and 3 with an average above 7, very secure. On the results of risks observed for the patient s safety in the mobile pre-hospital care five categories emerged: organization and packaging of the equipment and materials, routines and specificities in the mobile pre-hospital care, risks on the management of medications, for traumas and infections. Starting from the analysis of these risks, it was proposed ten steps for the safety in the mobile pre-hospital care: 1- Identify the patient; 2- Safety related to prevention of infection; 3- Safety in the management of medications; 4- Safety and standardization of the packaging of equipment and materials; 5- Attention to the specificities of the mobile pre-hospital care; 6- Incentive and value the participation of the patient and family; 7- Promote the communication with the central of regulation; 8- Prevention of traumas and falls; 9- Protect the skin from additional injuries; 10- Understand the benefit of all the equipment in the ambulance. The multiple risks and their emerged combinations on the research indicate a variety of actions to be developed and stimulated, like the use of steps for the patient s safety in the mobile pre-hospital care which contributes with the aid and management of risks, reduction of mistakes, disabilities and death

Proposta de modelo de gestão de riscos para uma IFES visando a realização de auditoria baseada em riscos

Organizations are susceptible to the occurrence of many events that may affect the achievement of their objectives. As a result, Brazilian Public Administration supervisory bodies have required institutions to adopt risk management policies. Given the large number of recommendations issued by Federal Audit Court (TCU) to various Federal Institutions of Higher Education (IFES) in this area, it is proposed a risk management model for Universidade Federal do Rio Grande do Norte (UFRN). This is an applied, exploratory and qualitative study. Regarding to technical procedures, it is characterized as documentary analysis, bibliographical research, case study and action research. The bibliographical research was used to support the elaboration of the Risk Management Guide for Federal Institutions of Higher Education (GERIFES). The documentary analysis, in turn, was used with the aim of knowing the organizational structure and the university´s macroprocesses. The author works in the university internal auditing department and shares the same problem. This characterizes the work as an action research. The case study supported both the elaboration of the guide and the simulation of the specific functionality for the university information system, demonstrated through the User Manual Module "Risk Management" proposed for the Integrated System of Property, Administration and Contracts (SIPAC). This manual has been prepared in order to facilitate the use of this tool if it will be incorporated into the university information system. As research results, a risk management model for UFRN was elaborated and a simulation of an informational tool, which is able to manage risks related to events that may affect the achievement of institutional objectives, was provided to the university administration.

Sistemas de gerenciamento de bibliotecas: riscos decorrentes do processo de migração de dados

This work aims to analyze risks related to information technology (IT) in procedures related to data migration. This is done considering ALEPH, Integrated Libray System (ILS) that migrated data to the Library Module present in the software called Sistema Integrado de Gestão de Atividades Acadêmicas (SIGAA) at the Zila Mamede Central Library at the Federal University of Rio Grande do Norte (UFRN) in Natal/Brazil. The methodological procedure used was of a qualitative exploratory research with the realization of case study at the referred library in order to better understand this phenomenon. Data collection was able once there was use of a semi-structured interview that was applied with (11) subjects that are employed at the library as well as in the Technology Superintendence at UFRN. In order to examine data Content analysis as well as thematic review process was performed. After data migration the results of the interview were then linked to both analysis units and their system register with category correspondence. The main risks detected were: data destruction; data loss; data bank communication failure; user response delay; data inconsistency and duplicity. These elements point out implication and generate disorders that affect external and internal system users and lead to stress, work duplicity and hassles. Thus, some measures were taken related to risk management such as adequate planning, central management support, and pilot test simulations. For the advantages it has reduced of: risk, occurrence of problems and possible unforeseen costs, and allows achieving organizational objectives, among other. It is inferred therefore that the risks present in data bank conversion in libraries exist and some are predictable, however, it is seen that librarians do not know or ignore and are not very worried in the identification risks in data bank conversion, their acknowledge would minimize or even extinguish them. Another important aspect to consider is the existence of few empirical research that deal specifically with this subject and thus presenting the new of new approaches in order to promote better understanding of the matter in the corporate environment of the information units

Sistemas de gerenciamento de bibliotecas: riscos decorrentes do processo de migração de dados

This work aims to analyze risks related to information technology (IT) in procedures related to data migration. This is done considering ALEPH, Integrated Libray System (ILS) that migrated data to the Library Module present in the software called Sistema Integrado de Gestão de Atividades Acadêmicas (SIGAA) at the Zila Mamede Central Library at the Federal University of Rio Grande do Norte (UFRN) in Natal/Brazil. The methodological procedure used was of a qualitative exploratory research with the realization of case study at the referred library in order to better understand this phenomenon. Data collection was able once there was use of a semi-structured interview that was applied with (11) subjects that are employed at the library as well as in the Technology Superintendence at UFRN. In order to examine data Content analysis as well as thematic review process was performed. After data migration the results of the interview were then linked to both analysis units and their system register with category correspondence. The main risks detected were: data destruction; data loss; data bank communication failure; user response delay; data inconsistency and duplicity. These elements point out implication and generate disorders that affect external and internal system users and lead to stress, work duplicity and hassles. Thus, some measures were taken related to risk management such as adequate planning, central management support, and pilot test simulations. For the advantages it has reduced of: risk, occurrence of problems and possible unforeseen costs, and allows achieving organizational objectives, among other. It is inferred therefore that the risks present in data bank conversion in libraries exist and some are predictable, however, it is seen that librarians do not know or ignore and are not very worried in the identification risks in data bank conversion, their acknowledge would minimize or even extinguish them. Another important aspect to consider is the existence of few empirical research that deal specifically with this subject and thus presenting the new of new approaches in order to promote better understanding of the matter in the corporate environment of the information units

Investigação e gerenciamento de áreas contaminadas por postos revendedores de combustíveis em Natal

Activities that have fuel subterranean storage system are considered potentially polluting fuels by CONAMA Resolution 273, due to the possibility of leak, outpouring and overflow of fuel into the ground. Being even more worrying when contaminate groundwater for public supply, as the case of Natal City. For this reason, the Public Ministry/RN, in partnership with UFRN, developed the project environmental suitability of Gas stations in Natal, of which 36% showed evidence of contamination. This paper describes the four stages of the management of contaminated areas: preliminary assessment of environmental liabilities, detailed confirmatory investigation of the contamination, risk analysis to human health (RBCA), as well as the remediation plan of degraded areas. Therefore it is presented a case study. For the area investigated has been proposed a mathematical method to estimate the volume of LNAPL by a free CAD software (ScketchUp) and compare it with the partition method for grid area. Were also performed 3D graphics designs of feathers contamination. Research results showed that passive benzene contamination in groundwater was 2791.77 μg/L, when the maximum allowed by CONAMA Resolution 420 is 5 μg/L which is the potability standards. The individual and cumulative risks were calculated from 4.4 x10-3, both above the limits of 1.0 x10-5 or by RBCA 1.0 x10-6 by the Public Ministry/RN. Corrective action points that remediation of dissolved phase benzene is expected to reach a concentration of 25 μg/L, based on carcinogenic risk for ingestion of groundwater by residents residential, diverging legislation. According to the proposed model, the volume of LNAPL using the ScketchUp was 17.59 m3, while by the grid partitioning method was 14.02 m3. Because of the low recovery, the expected removal of LNAPL is 11 years, if the multiphase extraction system installed in the enterprise is not optimized

Método de avaliação do gerenciamento de resíduos em canteiro de obras da construção civil : proposta baseada em empresas construtoras da cidade de Natal-RN

According to great concern between the developed industrial activities and resultant impacts over the environment, an association of several factors have occurred, procedures to the efficient management of the rotation between economical development and the environment have been improved. A research in field have been realized inside building sites of companies in order to provide knowledge about the implemented and accomplish actions according to the resolution from CONAMA nº307. Trough the interview among the representations of the companies and photographic survey in loco, such as, what makes the companies implement this management, reutilization and recycling, transport and disposition. The present study had as objective: analyze the insertion of the used tools to residuals management, proposing improvements, in a way that it can be easily identified during the procedures execution in the building sites of the building companies of the city of Natal/RN. To reach the goal, in the first place a revision of the pertinent literature was performed; there for, it can be seen the relation between residues management and environment sustainability, once it happens in a continued way it may prevent the waste and reduces the risk that the activities way bring to the employees, community and environment; once found the great difficult faced with regard to labors, material, equipment, project, planning, costumer s interference, furnisher. And still, it could be verified wich materials generate greater indexes of residues in the works and the main occurrences of waste and loss. However a greater transparency is needed coming from the high administration in the commitment with the continued actions, to make it so, there must be a cultural change inside the company. There for there will be a greater productivity and quality of the under taking such as costumer s satisfaction

Metodologia para gerenciamento de projetos em tecnologia da informação baseada no guia PMBOK: um estudo de caso na Secretaria de Estado da Saúde Pública do Rio Grande do Norte

Nowadays the search for growth makes organizations seeking competitive advantages, project management shares this goal, through techniques that assist in the search for an improved management of the various fields of knowledge through a design methodology. The world is driven by projects and the search for ways to better manage activities such as time, cost and term towards the success of a particular project is something constant. A major contribution that IT can make to the health sector is the support for the management area. IT can integrate processes, optimize the interconnection between the various sectors, make hospitals have access to inside information of good quality, as well as support in the healthcare area, sharing pictures, uniting the various aspects of nursing and nursing service. The major challenge faced by the SESAP Information Technology sector at present is in project management in IT , which does not exist makes investments in the area are increasingly difficult due to this deficiency in management develop their own systems without cost additional to the State. This study seeks to build and strengthen the Project Management within the Department of Health through the implementation of a project office that will manage the final result of this work methodology based on PMBOK, and still show the functionality applied to development the state Hospital Management System that will later be installed on all Regional Health Units and proposing measures for the sustainability and development of the sector amid the difficulties of the current public service. Such action will result in a savings of more than R$ 107,000.00 (one hundred seven thousand) regarding spending private software currently used by the assignment of invested by the State of Rio Grande do Norte user licenses, representing more than 5 % of the total budget of the State Department of Public Health of the State

Alinhamento estratégico da TI: o caso da UFRN

It is considered that the Strategic Alignment IT is the first step within the IT Governance process for any institution. Taking as initial point the recognition that the governance corporate has an overall view of the organizations, the IT Governance takes place as a sub-set responsible for the implementation of the organization strategies in what concerns the provision of the necessary tools for the achievement of the goals set in the Institutional Development Plan. In order to do so, COBIT specifies that such Governance shall be built on the following principles: Strategic Alignment, Value Delivery, Risk Management, Performance Measurement. This paper aims at the Strategic Alignment, considered by the authors as the foundation for the development of the entire IT Governance core. By deepening the technical knowledge of the management system development, UFRN has made a decisive step towards the technical empowerment needed to the “Value Delivery”, yet, by perusing the primarily set processes to the “Strategic Alignment”, gaps that limited the IT strategic view in the implementation of the organizational goals were found. In the qualitative study that used documentary research with content analysis and interviews with the strategic and tactical managers, the view on the role of SINFO – Superintendência de Informática was mapped. The documentary research was done on public documents present on the institutional site and on TCU – Tribunal de Contas da União – documents that map the IT Governance profiles on the federal public service as a whole. As a means to obtain the documentary research results equalization, questionnaires/interviews and iGovTI indexes, quantitative tools to the standardization of the results were used, always bearing in mind the usage of the same scale elements present in the TCU analysis. This being said, similarly to what the TCU study through the IGovTI index provides, this paper advocates a particular index to the study area – SA (Strategic Alignment), calculated from the representative variables of the COBIT 4.1 domains and having the representative variables of the Strategic Alignment primary process as components. As a result, an intermediate index among the values in two adjacent surveys done by TCU in the years of 2010 and 2012 was found, which reflects the attitude and view of managers towards the IT governance: still linked to Data Processing in which a department performs its tasks according to the demand of the various departments or sectors, although there is a commission that discusses the issues related to infrastructure acquisition and systems development. With an Operational view rather than Strategic/Managerial and low attachment to the tools consecrated by the market, several processes are not contemplated in the framework COBIT defined set; this is mainly due to the inexistence of a formal strategic plan for IT; hence, the partial congruency between the organization goals and the IT goals.

Investigação e gerenciamento de áreas contaminadas por postos revendedores de combustíveis em Natal

Activities that have fuel subterranean storage system are considered potentially polluting fuels by CONAMA Resolution 273, due to the possibility of leak, outpouring and overflow of fuel into the ground. Being even more worrying when contaminate groundwater for public supply, as the case of Natal City. For this reason, the Public Ministry/RN, in partnership with UFRN, developed the project environmental suitability of Gas stations in Natal, of which 36% showed evidence of contamination. This paper describes the four stages of the management of contaminated areas: preliminary assessment of environmental liabilities, detailed confirmatory investigation of the contamination, risk analysis to human health (RBCA), as well as the remediation plan of degraded areas. Therefore it is presented a case study. For the area investigated has been proposed a mathematical method to estimate the volume of LNAPL by a free CAD software (ScketchUp) and compare it with the partition method for grid area. Were also performed 3D graphics designs of feathers contamination. Research results showed that passive benzene contamination in groundwater was 2791.77 μg/L, when the maximum allowed by CONAMA Resolution 420 is 5 μg/L which is the potability standards. The individual and cumulative risks were calculated from 4.4 x10-3, both above the limits of 1.0 x10-5 or by RBCA 1.0 x10-6 by the Public Ministry/RN. Corrective action points that remediation of dissolved phase benzene is expected to reach a concentration of 25 μg/L, based on carcinogenic risk for ingestion of groundwater by residents residential, diverging legislation. According to the proposed model, the volume of LNAPL using the ScketchUp was 17.59 m3, while by the grid partitioning method was 14.02 m3. Because of the low recovery, the expected removal of LNAPL is 11 years, if the multiphase extraction system installed in the enterprise is not optimized