Risk matrices as an information and communication technology audit planning mechanism: selection of government systems
| Main Author: | |
|---|---|
| Publication Date: | 2019 |
| Format: | Article |
| Language: | por |
| Source: | Revista Controle (Online) |
| Download full: | https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/543 |
Summary: | The large financial resources invested in technology in organizations should be evaluated by specific and well-planned audits using appropriate tools. This paper seeks to develop the Information Systems Risk Matrices within the State Executive Branch of Ceará, in order to meet the need for planning the specialized audits of Information and Communication Technology (ICT) of General Comptroller and Ombudsman’s Office (CGE/CE). The methodology used was a quantitative research based on a questionnaire sent by CGE/CE to forty entities of the Ceará State Government, which allowed the evaluation of 611 computerized systems. The result are tools that enables the objective classification of the most critical government systems, as well as which entities have the highest inclination to be audited by the CGE/CE. From this case study, we intend to encourage discussions related to ICT audit planning activities. |
| id |
TC_CE_4b3158ba4e9f43b48273cbb957f3e03d |
|---|---|
| oai_identifier_str |
oai:ojs.revistacontrole.tce.ce.gov.br:article/543 |
| network_acronym_str |
TC_CE |
| network_name_str |
Revista Controle (Online) |
| repository_id_str |
|
| spelling |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systemsMatrizes de risco como mecanismo de planejamento de auditorias de tecnologia da informação e comunicação: seleção de sistemas governamentaisRisk Matrix. Planning. ICT Audit. Government Information Systems.Matriz de Risco. Planejamento. Auditoria de TIC. Sistemas de Informações Governamentais.The large financial resources invested in technology in organizations should be evaluated by specific and well-planned audits using appropriate tools. This paper seeks to develop the Information Systems Risk Matrices within the State Executive Branch of Ceará, in order to meet the need for planning the specialized audits of Information and Communication Technology (ICT) of General Comptroller and Ombudsman’s Office (CGE/CE). The methodology used was a quantitative research based on a questionnaire sent by CGE/CE to forty entities of the Ceará State Government, which allowed the evaluation of 611 computerized systems. The result are tools that enables the objective classification of the most critical government systems, as well as which entities have the highest inclination to be audited by the CGE/CE. From this case study, we intend to encourage discussions related to ICT audit planning activities.Os grandes recursos financeiros investidos em tecnologia nas organizações devem ser avaliados por auditorias específicas e bem planejadas por meio de ferramentas apropriadas. Este artigo busca o desenvolvimento de matrizes de risco de Sistemas de Informação no âmbito do Poder Executivo Estadual do Ceará, com o objetivo de atender à necessidade de planejamento das auditorias especializadas de Tecnologia da Informação e Comunicação (TIC) da Controladoria e Ouvidoria Geral do Estado do Ceará (CGE/CE). A metodologia utilizada foi pesquisa quantitativa a partir de questionário enviado pela CGE/CE para quarenta entidades do Governo do Estado do Ceará, possibilitando a avaliação de 611 sistemas informatizados. O resultado são ferramentas que possibilitam classificar de forma objetiva os sistemas governamentais mais críticos, bem como apontar quais entidades possuem maior tendência a serem auditados pela CGE/CE. A partir deste estudo de caso, pretende-se fomentar as discussões relacionadas às atividades de planejamento de auditoria de TIC.Tribunal de Contas do Estado do Ceará2019-11-26info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionAvaliado pelos paresapplication/pdfhttps://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/54310.32586/rcda.v17i2.543Revista Controle - Doutrina e Artigos; v. 17 n. 2 (2019); 422-4442525-33871980-086X10.32586/rcda.v17i2reponame:Revista Controle (Online)instname:Tribunal de Contas do Estado do Ceará (TCCE)instacron:TC_CEporhttps://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/543/460Copyright (c) 2019 Revista Controle - Doutrina e Artigosinfo:eu-repo/semantics/openAccessSilva, Tiago Monteiro da2020-05-12T22:39:17Zoai:ojs.revistacontrole.tce.ce.gov.br:article/543Revistahttps://revistacontrole.tce.ce.gov.br/index.php/RCDAPUBhttps://revistacontrole.tce.ce.gov.br/index.php/RCDA/oairevistacontrole@tce.ce.gov.br || josimar.batista@tce.ce.gov.br2525-33871980-086Xopendoar:2020-05-12T22:39:17Revista Controle (Online) - Tribunal de Contas do Estado do Ceará (TCCE)false |
| dc.title.none.fl_str_mv |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems Matrizes de risco como mecanismo de planejamento de auditorias de tecnologia da informação e comunicação: seleção de sistemas governamentais |
| title |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems |
| spellingShingle |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems Silva, Tiago Monteiro da Risk Matrix. Planning. ICT Audit. Government Information Systems. Matriz de Risco. Planejamento. Auditoria de TIC. Sistemas de Informações Governamentais. |
| title_short |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems |
| title_full |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems |
| title_fullStr |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems |
| title_full_unstemmed |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems |
| title_sort |
Risk matrices as an information and communication technology audit planning mechanism: selection of government systems |
| author |
Silva, Tiago Monteiro da |
| author_facet |
Silva, Tiago Monteiro da |
| author_role |
author |
| dc.contributor.author.fl_str_mv |
Silva, Tiago Monteiro da |
| dc.subject.por.fl_str_mv |
Risk Matrix. Planning. ICT Audit. Government Information Systems. Matriz de Risco. Planejamento. Auditoria de TIC. Sistemas de Informações Governamentais. |
| topic |
Risk Matrix. Planning. ICT Audit. Government Information Systems. Matriz de Risco. Planejamento. Auditoria de TIC. Sistemas de Informações Governamentais. |
| description |
The large financial resources invested in technology in organizations should be evaluated by specific and well-planned audits using appropriate tools. This paper seeks to develop the Information Systems Risk Matrices within the State Executive Branch of Ceará, in order to meet the need for planning the specialized audits of Information and Communication Technology (ICT) of General Comptroller and Ombudsman’s Office (CGE/CE). The methodology used was a quantitative research based on a questionnaire sent by CGE/CE to forty entities of the Ceará State Government, which allowed the evaluation of 611 computerized systems. The result are tools that enables the objective classification of the most critical government systems, as well as which entities have the highest inclination to be audited by the CGE/CE. From this case study, we intend to encourage discussions related to ICT audit planning activities. |
| publishDate |
2019 |
| dc.date.none.fl_str_mv |
2019-11-26 |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion Avaliado pelos pares |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/543 10.32586/rcda.v17i2.543 |
| url |
https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/543 |
| identifier_str_mv |
10.32586/rcda.v17i2.543 |
| dc.language.iso.fl_str_mv |
por |
| language |
por |
| dc.relation.none.fl_str_mv |
https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/543/460 |
| dc.rights.driver.fl_str_mv |
Copyright (c) 2019 Revista Controle - Doutrina e Artigos info:eu-repo/semantics/openAccess |
| rights_invalid_str_mv |
Copyright (c) 2019 Revista Controle - Doutrina e Artigos |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Tribunal de Contas do Estado do Ceará |
| publisher.none.fl_str_mv |
Tribunal de Contas do Estado do Ceará |
| dc.source.none.fl_str_mv |
Revista Controle - Doutrina e Artigos; v. 17 n. 2 (2019); 422-444 2525-3387 1980-086X 10.32586/rcda.v17i2 reponame:Revista Controle (Online) instname:Tribunal de Contas do Estado do Ceará (TCCE) instacron:TC_CE |
| instname_str |
Tribunal de Contas do Estado do Ceará (TCCE) |
| instacron_str |
TC_CE |
| institution |
TC_CE |
| reponame_str |
Revista Controle (Online) |
| collection |
Revista Controle (Online) |
| repository.name.fl_str_mv |
Revista Controle (Online) - Tribunal de Contas do Estado do Ceará (TCCE) |
| repository.mail.fl_str_mv |
revistacontrole@tce.ce.gov.br || josimar.batista@tce.ce.gov.br |
| _version_ |
1831286118919700480 |