An Applied Risk Identification Approach in the ICT Governance and Management Macroprocesses of a Brazilian Federal Government Agency

The process of identifying and managing Information and Communication Technology (ICT) risks has become a concern and a challenge for public and private organizations. In this context, risk management methodologies within the Brazilian Federal Public Administration organizations have become indispensable to help the managers of these organizations in decision making, especially in the distribution of public funds, elaboration of public policies focused on transparency, social actions contemplating indemnities, and social benefits, among others. In addition, the various ICT projects controlled by the public administration need a methodology to perform their management of ICT resources. In this article, we present the Governance and Risk Management methodology used to model the Administrative Council for Economic Defense (CADE) macro processes. The proposed methodology used the risk management process aligned to the ISO 31000 standards. This alignment was necessary for mapping CADE’s risk events, regardless of their complexity. The modeled ICT risk processes will support the organization’s managers in decision making and may be used or customized by any other organization of the Brazilian Federal Public Administration.

[1]  Edna Dias Canedo,et al.  Diagnostic of Data Processing by Brazilian Organizations - A Low Compliance Issue , 2021, Inf..

[2]  Edna Dias Canedo,et al.  Information and Communication Technology (ICT) Governance Processes: A Case Study , 2020, Inf..

[3]  Rafael Timóteo de Sousa Júnior,et al.  PROPOSTA DE CONSTRUÇÃO DE MODELO DE MATURIDADE EM GOVERNANÇA E GESTÃO DE TIC , 2020 .

[4]  Vitor Hugo Klein Junior Gestão de riscos no setor público brasileiro: uma nova lógica de accountability? , 2020 .

[5]  Maria Crema,et al.  Risk management in SMEs: A systematic literature review and future directions , 2020 .

[6]  Gilberto Miller Devós Ganga,et al.  Risk management in the automotive supply chain: an exploratory study in Brazil , 2020, Int. J. Prod. Res..

[7]  J. Barbosa,et al.  Um Modelo de Gerenciamento de Riscos para Projetos de Software com Equipes Distribuídas , 2020 .

[8]  Mothepane Maria Tshabalala,et al.  Maximizing the Organization's Technology Leverage through Effective Conflict Risk Management within Agile Teams , 2019, SAICSIT '19.

[9]  Dragan Komljenovic,et al.  Emerging Risk Management in Industry 4.0: An Approach to Improve Organizational and Human Performance in the Complex Systems , 2019, Complex..

[10]  Rahul Reddy Nadikattu Risk Management in Private Sector , 2019, International Journal of Computer Trends and Technology.

[11]  Shawon S. M. Rahman,et al.  An Empirical Examination of the Effects of IT Leadership on Information Security Risk Management in USA Organizations , 2019, CATA.

[12]  E. Bracci,et al.  New development: Integrating risk management in management control systems—lessons for public sector managers , 2019, Public Money & Management.

[13]  K. Jacobs,et al.  Public sector reform implications for performance measurement and risk management practice: insights from Australia , 2019 .

[14]  Béatrix Barafort,et al.  ISO 31000‐based integrated risk management process assessment model for IT organizations , 2018, J. Softw. Evol. Process..

[15]  Marcos Paulo Gallis,et al.  Operações Bancárias: Riscos e incertezas Operacionais , 2018 .

[16]  Nathalia Ferreira Borges Proposta de ferramenta de risco aplicável em projetos que utilizam o Scrum , 2018 .

[17]  A. Anttiroiko,et al.  Adoption of comprehensive risk management in local government , 2017 .

[18]  Marta Dulcélia Gurgel Ávila Gestão de Riscos no Setor Público , 2016 .

[19]  A. Fernandes,et al.  Proposta de artefato de identificação de riscos nas contratações de TI da Administração Pública Federal, sob a ótica da ABNT NBR ISO 31000 : gestão de riscos , 2013 .

[20]  Robert R. Moeller,et al.  COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework , 2007 .

[21]  Carlos Alberto Vasconcelos Freitas Gestão de Risco: Possibilidades de Utilização Pelo Setor Público e por Entidades de Fiscalização Superior , 2002 .

[22]  Henry Rothstein,et al.  Business Risk Management in Government: Pitfalls and Possibilities , 2000 .

[23]  Ruxandra Maria Bejinariu Study concerning risk assessment related to organizational business processes , 2020 .

[24]  Lena Otto,et al.  IT-Governance in Integrated Care: A Risk-centred Examination in Germany , 2020, HEALTHINF.

[25]  Javam C. Machado,et al.  LGPD: A Formal Concept Analysis and its Evaluation , 2020, SBBD.

[26]  Mazurina Mohd Alid,et al.  Effect of Employees’ Competency, Risk Culture and Organizational Innovativeness on Enterprise Risk Management Implementation , 2019 .

[27]  B. Ślusarczyk,et al.  The Impact of Internal, External and Enterprise Risk Management on the Performance of Micro, Small and Medium Enterprises , 2019, Sustainability.

[28]  Stephen Hill,et al.  Uma base para o desenvolvimento de estratégias de aprendizagem para a gestão de riscos no serviço público , 2003 .

[29]  Keith R. Pursall RISK ANALYSIS - THEORY AND PRACTICE , 1992 .