Avaliação dos riscos dos processos estratégicos da governança de TI

Detalhes bibliográficos
Ano de defesa: 2018
Autor(a) principal: Pontes, Roberta Pinto Coelho Maciel lattes
Orientador(a): Souza Neto, João lattes
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Católica de Brasília
Programa de Pós-Graduação: Programa Stricto Sensu em Gestão do Conhecimento e da Tecnologia da Informação
Departamento: Escola de Educação, Tecnologia e Comunicação
País: Brasil
Palavras-chave em Português:
Palavras-chave em Inglês:
Área do conhecimento CNPq:
Resumo em Inglês: The objective of this scientific research was to evaluate the strategic risks associated to IT Governance processes, using a specific method through which it was possible to measure the capability of these processes and to identify the associated risks, in an integrated way. The COBIT 5 PAM method was chosen to evaluate the processes and the scenario analysis tool was used to identify the risks. The method application was done in an institution and the processes selected for evaluation were the strategic level provided in COBIT 5, which composes the EMD domain. The risk identification was based on scenario analysis, using the results fixed in the PAM for capacity level 1 (in which the process is expected to fulfill its purpose) as an ideal scenario and as the actual scenario presented in the process evaluation. Aftering identified risks, they were submitted to a manager’s forum to be validated and prioritized. The result shows that the risk assessment method was efficient, as the risks were recognized by the managers. Also identified were the processes that need to be increased to mitigate the risks considered relevant were also identified. The direct association between processes, already evaluated in their capacities, and the resulting risks, already prioritized, allowed this simultaneous analysis.
Link de acesso: https://bdtd.ucb.br:8443/jspui/handle/tede/2510
Resumo: The objective of this scientific research was to evaluate the strategic risks associated to IT Governance processes, using a specific method through which it was possible to measure the capability of these processes and to identify the associated risks, in an integrated way. The COBIT 5 PAM method was chosen to evaluate the processes and the scenario analysis tool was used to identify the risks. The method application was done in an institution and the processes selected for evaluation were the strategic level provided in COBIT 5, which composes the EMD domain. The risk identification was based on scenario analysis, using the results fixed in the PAM for capacity level 1 (in which the process is expected to fulfill its purpose) as an ideal scenario and as the actual scenario presented in the process evaluation. Aftering identified risks, they were submitted to a manager’s forum to be validated and prioritized. The result shows that the risk assessment method was efficient, as the risks were recognized by the managers. Also identified were the processes that need to be increased to mitigate the risks considered relevant were also identified. The direct association between processes, already evaluated in their capacities, and the resulting risks, already prioritized, allowed this simultaneous analysis.