Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Práticas de governança de tecnologia da informação: um estudo de caso em empresas de telecomunicações do Rio Grande do Norte

This study aims to understand the general model of governance of information technology adopted by telecommunication companies operating in Rio Grande do Norte. The research methodology used involved a theoretical and empirical approach prepared, involving two case studies on companies in the telecommunications industry working in the state of Rio Grande do Norte. The study covered the area of IT organizations, through interviews with managers responsible for the area of Telecommunications / IT. To study in accordance with the approach and address the problem of research, this study was based on qualitative criteria, which enabled the understanding of how companies adopt the governance of information technology. In conclusion, it was found that the governance practices of information technology employees are incipient, but that meet the needs of business and that they intend to implement in specific areas and use other practices of IT governance

Mudança dos processos de negócios e adequação da TI nas empresas em decorrência da implantação do sistema público de escrituração digital SPED: um estudo de casos múltiplos

Companies have always been organized by processes, often imperceptible to its employees. With the advancement of technology, organizational processes currently run an organization through computers, and thus generate immediate information that is available to each sector. With the objective of seeking business information in real time, the government created the SPED - Public System of Digital, which involves three subsystems, which are the Electronic Invoice, Digital Accounting Bookkeeping and Digital Tax Bookkeeping. This system is revolutionizing the business structures when gathering, in an innovative way, all information and interlinked business processes. For the implementation of SPED, a revision in the organizational processes is required, since the information is generated and is sent online to the government, without mistakes. Thus the study aimed to analyze the change brought about by the implementation of the Public System of Digital SPED in the main business processes. In order to do so, we have performed a multiple case study involving three companies in the state of Para, two operate in wholesale and one explores agribusiness. The Data collection was performed by accounting professionals, IT and managers. According to the results obtained, it was found that in two companies, the IT infrastructure was capable of deploying the new system without major problems, while one company had more difficulties to cope with the new system. However, all companies had to examine its processes to make the customizations needed to fit. It was also observed that there is no IT Governance in two companies. Therefore, we recommend the use of an appropriate model, not only for the implementation of SPED, but as a way to manage and extract better results from investment in information technology

Alinhamento estratégico da TI: o caso da UFRN

It is considered that the Strategic Alignment IT is the first step within the IT Governance process for any institution. Taking as initial point the recognition that the governance corporate has an overall view of the organizations, the IT Governance takes place as a sub-set responsible for the implementation of the organization strategies in what concerns the provision of the necessary tools for the achievement of the goals set in the Institutional Development Plan. In order to do so, COBIT specifies that such Governance shall be built on the following principles: Strategic Alignment, Value Delivery, Risk Management, Performance Measurement. This paper aims at the Strategic Alignment, considered by the authors as the foundation for the development of the entire IT Governance core. By deepening the technical knowledge of the management system development, UFRN has made a decisive step towards the technical empowerment needed to the “Value Delivery”, yet, by perusing the primarily set processes to the “Strategic Alignment”, gaps that limited the IT strategic view in the implementation of the organizational goals were found. In the qualitative study that used documentary research with content analysis and interviews with the strategic and tactical managers, the view on the role of SINFO – Superintendência de Informática was mapped. The documentary research was done on public documents present on the institutional site and on TCU – Tribunal de Contas da União – documents that map the IT Governance profiles on the federal public service as a whole. As a means to obtain the documentary research results equalization, questionnaires/interviews and iGovTI indexes, quantitative tools to the standardization of the results were used, always bearing in mind the usage of the same scale elements present in the TCU analysis. This being said, similarly to what the TCU study through the IGovTI index provides, this paper advocates a particular index to the study area – SA (Strategic Alignment), calculated from the representative variables of the COBIT 4.1 domains and having the representative variables of the Strategic Alignment primary process as components. As a result, an intermediate index among the values in two adjacent surveys done by TCU in the years of 2010 and 2012 was found, which reflects the attitude and view of managers towards the IT governance: still linked to Data Processing in which a department performs its tasks according to the demand of the various departments or sectors, although there is a commission that discusses the issues related to infrastructure acquisition and systems development. With an Operational view rather than Strategic/Managerial and low attachment to the tools consecrated by the market, several processes are not contemplated in the framework COBIT defined set; this is mainly due to the inexistence of a formal strategic plan for IT; hence, the partial congruency between the organization goals and the IT goals.

Fatores que influenciam a predisposição dos usuários em aderir a uma política de segurança da informação

The information constitutes one of the most valuable strategic assets for the organization. However, the organizational environment in which it is inserted is very complex and heterogeneous, making emerging issues relevant to the Governance of information technology (IT) and Information Security. Academic Studies and market surveys indicate that the origin of most accidents with the information assets is the behavior of people organization itself rather than external attacks. Taking as a basis the promotion of a culture of safety among users and ensuring the protection of information in their properties of confidentiality, integrity and availability, organizations must establish its Information Security Policy (PSI). This policy is to formalise the guidelines in relation to the security of corporate information resources, in order to avoid that the asset vulnerabilities are exploited by threats and can bring negative consequences to the business. But, for the PSI being effective, it is required that the user have readiness to accept and follow the procedures and safety standards. In the light of this context, the present study aims to investigate what are the motivators extrinsic and intrinsic that affect the willingness of the user to be in accordance with the organization's security policies. The theoretical framework addresses issues related to IT Governance, Information Security, Theory of deterrence, Motivation and Behavior Pro-social. It was created a theoretical model based on the studies of Herath and Rao (2009) and D'Arcy, Hovav and Galletta (2009) that are based on General Deterrence Theory and propose the following influencing factors in compliance with the Policy: Severity of Punishment, Certainty of Detection, Peer Behaviour, Normative Beliefs, Perceived Effectiveness and Moral Commitment. The research used a quantitative approach, descriptive. The data were collected through a questionnaire with 18 variables with a Likert scale of five points representing the influencing factors proposed by the theory. The sample was composed of 391 students entering the courses from the Center for Applied Social Sciences of the Universidade Federal do Rio Grande do Norte. For the data analysis, were adopted the techniques of Exploratory Factor Analysis, Analysis of Cluster hierarchical and nonhierarchical, Logistic Regression and Multiple Linear Regression. As main results, it is noteworthy that the factor severity of punishment is what contributes the most to the theoretical model and also influences the division of the sample between users more predisposed and less prone. As practical implication, the research model applied allows organizations to provide users less prone and, with them, to carry out actions of awareness and training directed and write Security Policies more effective.

Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Práticas de governança de tecnologia da informação: um estudo de caso em empresas de telecomunicações do Rio Grande do Norte

This study aims to understand the general model of governance of information technology adopted by telecommunication companies operating in Rio Grande do Norte. The research methodology used involved a theoretical and empirical approach prepared, involving two case studies on companies in the telecommunications industry working in the state of Rio Grande do Norte. The study covered the area of IT organizations, through interviews with managers responsible for the area of Telecommunications / IT. To study in accordance with the approach and address the problem of research, this study was based on qualitative criteria, which enabled the understanding of how companies adopt the governance of information technology. In conclusion, it was found that the governance practices of information technology employees are incipient, but that meet the needs of business and that they intend to implement in specific areas and use other practices of IT governance

Mudança dos processos de negócios e adequação da TI nas empresas em decorrência da implantação do sistema público de escrituração digital SPED: um estudo de casos múltiplos

Companies have always been organized by processes, often imperceptible to its employees. With the advancement of technology, organizational processes currently run an organization through computers, and thus generate immediate information that is available to each sector. With the objective of seeking business information in real time, the government created the SPED - Public System of Digital, which involves three subsystems, which are the Electronic Invoice, Digital Accounting Bookkeeping and Digital Tax Bookkeeping. This system is revolutionizing the business structures when gathering, in an innovative way, all information and interlinked business processes. For the implementation of SPED, a revision in the organizational processes is required, since the information is generated and is sent online to the government, without mistakes. Thus the study aimed to analyze the change brought about by the implementation of the Public System of Digital SPED in the main business processes. In order to do so, we have performed a multiple case study involving three companies in the state of Para, two operate in wholesale and one explores agribusiness. The Data collection was performed by accounting professionals, IT and managers. According to the results obtained, it was found that in two companies, the IT infrastructure was capable of deploying the new system without major problems, while one company had more difficulties to cope with the new system. However, all companies had to examine its processes to make the customizations needed to fit. It was also observed that there is no IT Governance in two companies. Therefore, we recommend the use of an appropriate model, not only for the implementation of SPED, but as a way to manage and extract better results from investment in information technology

Governança de TI nas universidades federais brasileiras: uma abordagem integrada

This research has as an objective to study the IT Governance in the Brazilian Federal Universities, discusses the relationships between the IT Governance (ITG) mechanisms and the noticed IT management development in those public institutions. The subject Information Technology Governance, is not only vast, but constitutes implications in most different operational and knowledge areas, being relevant to the Public Administration, as a part of Corporative Governance and the public related, evolves high investments, such as financial, structure and material and human resources. The universities are entities from Indirect Administration and essential actors in the knowledge developing and creating and on its managers. Theirs public administrative agents, responds for the managing public resources competence and to provide internal policy that determines how IT will allow a bigger alignment and reaching of institutions business. We highlight the role of universities that manage significant quantity of public resources to achieve its institutional purposes. Looking this way, this theoretical and empirical study has as its goal to design an ITG panorama in the Brazilian universities (67 universities), for the strategic alignment on governance actions and institutional development focusing on the efficiency of the public service offered by those institutions. Facing this research focus delimitation, the methodology process will evolve three investigative activities: (1) documental and bibliographical research, (2) questioning, and exploratory tool, to investigate the IT Governance and Management perception in the IFES, directed to IT executive responsible, as a data collection device and (3) research the availability of ITG information in institutes websites. This project contributes to the studies this subject; it investigates the relations that make the ITG as a business strategy and shows the implementation IT Governance, such as a tool to allow the viability of Corporate Governance. This way, expected to contributes to the Public Administration development, following the principle that to improve it’s needed diagnose, and then, offer better results to the society on this field of working.

Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Práticas de governança de tecnologia da informação: um estudo de caso em empresas de telecomunicações do Rio Grande do Norte

This study aims to understand the general model of governance of information technology adopted by telecommunication companies operating in Rio Grande do Norte. The research methodology used involved a theoretical and empirical approach prepared, involving two case studies on companies in the telecommunications industry working in the state of Rio Grande do Norte. The study covered the area of IT organizations, through interviews with managers responsible for the area of Telecommunications / IT. To study in accordance with the approach and address the problem of research, this study was based on qualitative criteria, which enabled the understanding of how companies adopt the governance of information technology. In conclusion, it was found that the governance practices of information technology employees are incipient, but that meet the needs of business and that they intend to implement in specific areas and use other practices of IT governance

Mudança dos processos de negócios e adequação da TI nas empresas em decorrência da implantação do sistema público de escrituração digital SPED: um estudo de casos múltiplos

Companies have always been organized by processes, often imperceptible to its employees. With the advancement of technology, organizational processes currently run an organization through computers, and thus generate immediate information that is available to each sector. With the objective of seeking business information in real time, the government created the SPED - Public System of Digital, which involves three subsystems, which are the Electronic Invoice, Digital Accounting Bookkeeping and Digital Tax Bookkeeping. This system is revolutionizing the business structures when gathering, in an innovative way, all information and interlinked business processes. For the implementation of SPED, a revision in the organizational processes is required, since the information is generated and is sent online to the government, without mistakes. Thus the study aimed to analyze the change brought about by the implementation of the Public System of Digital SPED in the main business processes. In order to do so, we have performed a multiple case study involving three companies in the state of Para, two operate in wholesale and one explores agribusiness. The Data collection was performed by accounting professionals, IT and managers. According to the results obtained, it was found that in two companies, the IT infrastructure was capable of deploying the new system without major problems, while one company had more difficulties to cope with the new system. However, all companies had to examine its processes to make the customizations needed to fit. It was also observed that there is no IT Governance in two companies. Therefore, we recommend the use of an appropriate model, not only for the implementation of SPED, but as a way to manage and extract better results from investment in information technology

Catálogo de Serviços de TI

As Tecnologias de Informação são responsáveis pelas transformações que vivemos, pois permitiram a construção de um mundo global, quebraram fronteiras, gerando conhecimento de uma forma cada vez mais rápida o que levanta enormes desafios às organizações. Estas transformações originam a necessidade de as organizações procurarem soluções e inovarem o seu modelo de estratégia organizacional, para conseguirem sobreviver e agregarem valor ao negócio. As Tecnologias de Informação são parte integrante nos processos das empresas, levando à necessidade de estarem alinhados com a estratégia de Governance, procurando aumentar a confiabilidade das suas operações e o presente trabalho aborda a adoção das melhores práticas das frameworks orientadas para esta área nomeadamente o COBIT 5, a ITIL V3, introduzindo os conceitos de Governance de TI e Gestão de TI. A Design Science Research foi a metodologia de investigação adotada, pois permite a construção e operacionalização de artefactos para os SI e encontrar uma solução para a construção de um Catálogo de Serviços como fator diferenciador para o negócio. Para a construção de um Catálogo de Serviços, é proposto um método baseado nas melhores práticas para a área dos Sistemas de informação, em que este passa a ser o principal ponto de contacto, permitindo o registo dos pedidos, mas também a definição de tempos de resposta, custos, faturação de serviços e ainda a construção de um repositório de conhecimento. São definidos os processos que se consideram mais relevantes, são propostos artefactos para a construção do catálogo, é efetuada a modelação em BPMN dos processos inerentes ao registo de pedidos, pois desta forma facilita o entendimento, bem como a sua implementação.