Abstract
The process of identifying and managing Information and Communication Technology (ICT) risks has become a concern and a challenge for public and private organizations. In this context, risk management methodologies within the Brazilian Federal Public Administration organizations have become indispensable to help the managers of these organizations in decision making, especially in the distribution of public funds, elaboration of public policies focused on transparency, social actions contemplating indemnities, and social benefits, among others. In addition, the various ICT projects controlled by the public administration need a methodology to perform their management of ICT resources. In this article, we present the Governance and Risk Management methodology used to model the Administrative Council for Economic Defense (CADE) macro processes. The proposed methodology used the risk management process aligned to the ISO 31000 standards. This alignment was necessary for mapping CADE’s risk events, regardless of their complexity. The modeled ICT risk processes will support the organization’s managers in decision making and may be used or customized by any other organization of the Brazilian Federal Public Administration.
Reference45 articles.
1. PROPOSTA DE CONSTRUÇÃO DE MODELO DE MATURIDADE EM GOVERNANÇA E GESTÃO DE TIC
2. Proposta de artefato de identificaç ao de riscos nas contrataç oes de TI da Administraç ao Pública Federal, sob a ótica da ABNT NBR ISO 31000: Gest ao de riscos;Netto;Univ. Brasília,2013
3. Government Risk Management Lags behind Vendor Practices
4. Risk Analysis in Theory and Practice;Chavas,2004