9 resultados para IT Governance Competencies
em Universidade Federal do Rio Grande do Norte(UFRN)
Resumo:
The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process
Resumo:
This study aims to understand the general model of governance of information technology adopted by telecommunication companies operating in Rio Grande do Norte. The research methodology used involved a theoretical and empirical approach prepared, involving two case studies on companies in the telecommunications industry working in the state of Rio Grande do Norte. The study covered the area of IT organizations, through interviews with managers responsible for the area of Telecommunications / IT. To study in accordance with the approach and address the problem of research, this study was based on qualitative criteria, which enabled the understanding of how companies adopt the governance of information technology. In conclusion, it was found that the governance practices of information technology employees are incipient, but that meet the needs of business and that they intend to implement in specific areas and use other practices of IT governance
Resumo:
Companies have always been organized by processes, often imperceptible to its employees. With the advancement of technology, organizational processes currently run an organization through computers, and thus generate immediate information that is available to each sector. With the objective of seeking business information in real time, the government created the SPED - Public System of Digital, which involves three subsystems, which are the Electronic Invoice, Digital Accounting Bookkeeping and Digital Tax Bookkeeping. This system is revolutionizing the business structures when gathering, in an innovative way, all information and interlinked business processes. For the implementation of SPED, a revision in the organizational processes is required, since the information is generated and is sent online to the government, without mistakes. Thus the study aimed to analyze the change brought about by the implementation of the Public System of Digital SPED in the main business processes. In order to do so, we have performed a multiple case study involving three companies in the state of Para, two operate in wholesale and one explores agribusiness. The Data collection was performed by accounting professionals, IT and managers. According to the results obtained, it was found that in two companies, the IT infrastructure was capable of deploying the new system without major problems, while one company had more difficulties to cope with the new system. However, all companies had to examine its processes to make the customizations needed to fit. It was also observed that there is no IT Governance in two companies. Therefore, we recommend the use of an appropriate model, not only for the implementation of SPED, but as a way to manage and extract better results from investment in information technology
Resumo:
It is considered that the Strategic Alignment IT is the first step within the IT Governance process for any institution. Taking as initial point the recognition that the governance corporate has an overall view of the organizations, the IT Governance takes place as a sub-set responsible for the implementation of the organization strategies in what concerns the provision of the necessary tools for the achievement of the goals set in the Institutional Development Plan. In order to do so, COBIT specifies that such Governance shall be built on the following principles: Strategic Alignment, Value Delivery, Risk Management, Performance Measurement. This paper aims at the Strategic Alignment, considered by the authors as the foundation for the development of the entire IT Governance core. By deepening the technical knowledge of the management system development, UFRN has made a decisive step towards the technical empowerment needed to the “Value Delivery”, yet, by perusing the primarily set processes to the “Strategic Alignment”, gaps that limited the IT strategic view in the implementation of the organizational goals were found. In the qualitative study that used documentary research with content analysis and interviews with the strategic and tactical managers, the view on the role of SINFO – Superintendência de Informática was mapped. The documentary research was done on public documents present on the institutional site and on TCU – Tribunal de Contas da União – documents that map the IT Governance profiles on the federal public service as a whole. As a means to obtain the documentary research results equalization, questionnaires/interviews and iGovTI indexes, quantitative tools to the standardization of the results were used, always bearing in mind the usage of the same scale elements present in the TCU analysis. This being said, similarly to what the TCU study through the IGovTI index provides, this paper advocates a particular index to the study area – SA (Strategic Alignment), calculated from the representative variables of the COBIT 4.1 domains and having the representative variables of the Strategic Alignment primary process as components. As a result, an intermediate index among the values in two adjacent surveys done by TCU in the years of 2010 and 2012 was found, which reflects the attitude and view of managers towards the IT governance: still linked to Data Processing in which a department performs its tasks according to the demand of the various departments or sectors, although there is a commission that discusses the issues related to infrastructure acquisition and systems development. With an Operational view rather than Strategic/Managerial and low attachment to the tools consecrated by the market, several processes are not contemplated in the framework COBIT defined set; this is mainly due to the inexistence of a formal strategic plan for IT; hence, the partial congruency between the organization goals and the IT goals.
Resumo:
The information constitutes one of the most valuable strategic assets for the organization. However, the organizational environment in which it is inserted is very complex and heterogeneous, making emerging issues relevant to the Governance of information technology (IT) and Information Security. Academic Studies and market surveys indicate that the origin of most accidents with the information assets is the behavior of people organization itself rather than external attacks. Taking as a basis the promotion of a culture of safety among users and ensuring the protection of information in their properties of confidentiality, integrity and availability, organizations must establish its Information Security Policy (PSI). This policy is to formalise the guidelines in relation to the security of corporate information resources, in order to avoid that the asset vulnerabilities are exploited by threats and can bring negative consequences to the business. But, for the PSI being effective, it is required that the user have readiness to accept and follow the procedures and safety standards. In the light of this context, the present study aims to investigate what are the motivators extrinsic and intrinsic that affect the willingness of the user to be in accordance with the organization's security policies. The theoretical framework addresses issues related to IT Governance, Information Security, Theory of deterrence, Motivation and Behavior Pro-social. It was created a theoretical model based on the studies of Herath and Rao (2009) and D'Arcy, Hovav and Galletta (2009) that are based on General Deterrence Theory and propose the following influencing factors in compliance with the Policy: Severity of Punishment, Certainty of Detection, Peer Behaviour, Normative Beliefs, Perceived Effectiveness and Moral Commitment. The research used a quantitative approach, descriptive. The data were collected through a questionnaire with 18 variables with a Likert scale of five points representing the influencing factors proposed by the theory. The sample was composed of 391 students entering the courses from the Center for Applied Social Sciences of the Universidade Federal do Rio Grande do Norte. For the data analysis, were adopted the techniques of Exploratory Factor Analysis, Analysis of Cluster hierarchical and nonhierarchical, Logistic Regression and Multiple Linear Regression. As main results, it is noteworthy that the factor severity of punishment is what contributes the most to the theoretical model and also influences the division of the sample between users more predisposed and less prone. As practical implication, the research model applied allows organizations to provide users less prone and, with them, to carry out actions of awareness and training directed and write Security Policies more effective.
Resumo:
Increasingly, the Information Technology (IT) has been used to sustain the business strategies, causing increased its relevance. Therefore IT governance is seen as one of the priorities of organizations at the time. The search for strategic alignment between business and IT is debated as a factor for business success, but even with that importance, usually the main business managers are reluctant to take responsibility for decisions involving IT, mainly due to the complexity of your infrastructure. Since cloud computing is being seen as an element capable of assisting in the implementation of organizational strategies, because their characteristics enable greater efficiency and agility in IT, and is considered as a new computing paradigm. The main objective of the analyze the relationship between IT governance arrangements and strategic alignment with the infrastructure as a service (IaaS) of public cloud computing. Therefore, an exploratory, descriptive and inferential was developed, with approach to the problem of quantitatively research, with descriptive survey method and cross section. An electronic questionnaire that was applied to the ISACA chapters Associates of São Paulo and the Distrito Federal, totaling 164 respondents was used. The instrument used based on the theories of Weill and Ross (2006) for array of IT governance arrangement; Henderson and Venkatraman (1993) and Luftman (2000), for maturity of the strategic alignment model; and NIST (2011 b), ITGI (2007) and CSA (2010) for infrastructure maturity as a service (IaaS) public in its essential characteristics. As regards the main results, this research proved that with public IaaS decision-making structures have changed, with a greater participation of senior executives in all five key IT decisions (IT governance arrangement array) including more technical decisions as architecture and IT infrastructure. With increased participation of senior executives the decrease was also observed in the share of IT specialists, characterizing the decision process with the duopoly archetype (shared decision). With regard to strategic alignment, it was observed that it changes with cloud computing, and organizations with public IaaS, a maturity of strategic alignment with statistically significant and greater difference when compared to organizations without IaaS. The maturity of public IaaS is at the intermediate level (level 3 - "defined process"), with the elasticity and measurement achieved level 4 - "managed and measurable" It was also possible to infer in organizations with public IaaS, there are positive correlations between the key decisions and the maturity of IaaS, especially at the beginning, architecture and infrastructure, and the archetypes involving senior executives and IT specialists. In the correlation between the maturity and mature strategic alignment of public IaaS therefore the higher the strategic alignment, the greater the maturity of the public IaaS and vice versa.
Resumo:
The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process
Resumo:
This study aims to understand the general model of governance of information technology adopted by telecommunication companies operating in Rio Grande do Norte. The research methodology used involved a theoretical and empirical approach prepared, involving two case studies on companies in the telecommunications industry working in the state of Rio Grande do Norte. The study covered the area of IT organizations, through interviews with managers responsible for the area of Telecommunications / IT. To study in accordance with the approach and address the problem of research, this study was based on qualitative criteria, which enabled the understanding of how companies adopt the governance of information technology. In conclusion, it was found that the governance practices of information technology employees are incipient, but that meet the needs of business and that they intend to implement in specific areas and use other practices of IT governance
Resumo:
Companies have always been organized by processes, often imperceptible to its employees. With the advancement of technology, organizational processes currently run an organization through computers, and thus generate immediate information that is available to each sector. With the objective of seeking business information in real time, the government created the SPED - Public System of Digital, which involves three subsystems, which are the Electronic Invoice, Digital Accounting Bookkeeping and Digital Tax Bookkeeping. This system is revolutionizing the business structures when gathering, in an innovative way, all information and interlinked business processes. For the implementation of SPED, a revision in the organizational processes is required, since the information is generated and is sent online to the government, without mistakes. Thus the study aimed to analyze the change brought about by the implementation of the Public System of Digital SPED in the main business processes. In order to do so, we have performed a multiple case study involving three companies in the state of Para, two operate in wholesale and one explores agribusiness. The Data collection was performed by accounting professionals, IT and managers. According to the results obtained, it was found that in two companies, the IT infrastructure was capable of deploying the new system without major problems, while one company had more difficulties to cope with the new system. However, all companies had to examine its processes to make the customizations needed to fit. It was also observed that there is no IT Governance in two companies. Therefore, we recommend the use of an appropriate model, not only for the implementation of SPED, but as a way to manage and extract better results from investment in information technology
