Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2023 |
| Outros Autores: | , , , |
| Tipo de documento: | Artigo |
| Idioma: | por |
| Título da fonte: | Revista Controle (Online) |
| Texto Completo: | https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/874 |
Resumo: | Risk management in the public sector is a key tool for managers to increase safety and performance in the implementation of public policies. Thus, this paper aims to analyze, through the NBR ISO 31000:2009, the adherence to good risk management practices in the acquisitions of Information Technology (IT) by the Municipality of Fortaleza (PMF). The descriptive research used as procedures the survey and as the approach to the problem is characterized as qualitative. To this end, a structured questionnaire in the form of a checklist was applied to representatives of the PMF's ICT Technical Group, in the months of May and June 2022. The results indicate that the risk treatment and risk management process registration processes were the ones that recorded least adherence. It is concluded that, in general, there is low adherence to the processes related to risk management in IT acquisitions by the PMF, considering NBR ISO 31000:2009. Several reflections can be carried out from the results in order to generate an evolution of the risk management process linked to the PMF's IT acquisition process. The standard`s processes are presented as guides for the improvement itself. |
| id |
TC_CE_0917bb3cf41cc1c4a89fd41024423784 |
|---|---|
| oai_identifier_str |
oai:ojs.revistacontrole.tce.ce.gov.br:article/874 |
| network_acronym_str |
TC_CE |
| network_name_str |
Revista Controle (Online) |
| repository_id_str |
|
| spelling |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000Percepção dos gestores de Tecnologia da Informação sobre as práticas de gestão de riscos nas aquisições de TI do município de Fortaleza à luz da NBR ISO 31000risk managementNBR ISO 31000:2009public sectorgestão de riscosNBR ISO 31000:2009setor públicoRisk management in the public sector is a key tool for managers to increase safety and performance in the implementation of public policies. Thus, this paper aims to analyze, through the NBR ISO 31000:2009, the adherence to good risk management practices in the acquisitions of Information Technology (IT) by the Municipality of Fortaleza (PMF). The descriptive research used as procedures the survey and as the approach to the problem is characterized as qualitative. To this end, a structured questionnaire in the form of a checklist was applied to representatives of the PMF's ICT Technical Group, in the months of May and June 2022. The results indicate that the risk treatment and risk management process registration processes were the ones that recorded least adherence. It is concluded that, in general, there is low adherence to the processes related to risk management in IT acquisitions by the PMF, considering NBR ISO 31000:2009. Several reflections can be carried out from the results in order to generate an evolution of the risk management process linked to the PMF's IT acquisition process. The standard`s processes are presented as guides for the improvement itself.A gestão de riscos no setor público constitui instrumento gerencial primário para os gestores, em especial para aumentar a segurança e o desempenho na implementação das políticas públicas. Nesse sentido, este artigo tem por objetivo analisar, à luz da NBR ISO 31000:2009, a aderência de boas práticas de gestão de riscos nas aquisições de Tecnologia da Informação (TI) da Prefeitura Municipal de Fortaleza (PMF). A pesquisa descritiva utilizou como procedimentos o survey, e quanto à abordagem do problema caracteriza-se como qualitativa. Para tanto, um questionário estruturado no formato de checklist foi aplicado junto aos representantes do Grupo Técnico de Tecnologia da Informação e Comunicação (TIC) da PMF, nos meses de maio e junho de 2022. Os resultados apontam que os processos de tratamento de riscos e o registro do processo de gestão de riscos foram os que registraram menos aderência. Conclui-se que, de forma geral, há baixa aderência dos processos relacionados à gestão de riscos nas aquisições de TI pela PMF considerando-se a NBR ISO 31000:2009. Várias reflexões podem ser realizadas a partir dos resultados no sentido de gerar uma evolução do processo de gestão de riscos ligados ao processo de aquisição de TI na PMF. Os processos da norma apresentam-se como norteadores para a própria melhoria.Tribunal de Contas do Estado do Ceará2023-12-11info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionAvaliado pelos paresapplication/pdfhttps://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/87410.32586/rcda.v22i1.874Revista Controle - Doutrina e Artigos; v. 22 n. 1 (2024); 199-2382525-33871980-086X10.32586/msgh8n54reponame:Revista Controle (Online)instname:Tribunal de Contas do Estado do Ceará (TCCE)instacron:TC_CEporhttps://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/874/626Copyright (c) 2023 Revista: apenas para a 1ª Publicação.https://creativecommons.org/licenses/by-nc/4.0info:eu-repo/semantics/openAccessAraújo da Silva, Alexsandro Araújo Pinto Bezerra , MariângelaAlberto Cavalcanti Alcoforado, Jorge Douglas de Andrade Lucas , Airton Carvalho de Vasconcelos, Alessandra2023-12-11T10:46:15Zoai:ojs.revistacontrole.tce.ce.gov.br:article/874Revistahttps://revistacontrole.tce.ce.gov.br/index.php/RCDAPUBhttps://revistacontrole.tce.ce.gov.br/index.php/RCDA/oairevistacontrole@tce.ce.gov.br || josimar.batista@tce.ce.gov.br2525-33871980-086Xopendoar:2023-12-11T10:46:15Revista Controle (Online) - Tribunal de Contas do Estado do Ceará (TCCE)false |
| dc.title.none.fl_str_mv |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 Percepção dos gestores de Tecnologia da Informação sobre as práticas de gestão de riscos nas aquisições de TI do município de Fortaleza à luz da NBR ISO 31000 |
| title |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 |
| spellingShingle |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 Araújo da Silva, Alexsandro risk management NBR ISO 31000:2009 public sector gestão de riscos NBR ISO 31000:2009 setor público |
| title_short |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 |
| title_full |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 |
| title_fullStr |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 |
| title_full_unstemmed |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 |
| title_sort |
Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000 |
| author |
Araújo da Silva, Alexsandro |
| author_facet |
Araújo da Silva, Alexsandro Araújo Pinto Bezerra , Mariângela Alberto Cavalcanti Alcoforado, Jorge Douglas de Andrade Lucas , Airton Carvalho de Vasconcelos, Alessandra |
| author_role |
author |
| author2 |
Araújo Pinto Bezerra , Mariângela Alberto Cavalcanti Alcoforado, Jorge Douglas de Andrade Lucas , Airton Carvalho de Vasconcelos, Alessandra |
| author2_role |
author author author author |
| dc.contributor.author.fl_str_mv |
Araújo da Silva, Alexsandro Araújo Pinto Bezerra , Mariângela Alberto Cavalcanti Alcoforado, Jorge Douglas de Andrade Lucas , Airton Carvalho de Vasconcelos, Alessandra |
| dc.subject.por.fl_str_mv |
risk management NBR ISO 31000:2009 public sector gestão de riscos NBR ISO 31000:2009 setor público |
| topic |
risk management NBR ISO 31000:2009 public sector gestão de riscos NBR ISO 31000:2009 setor público |
| description |
Risk management in the public sector is a key tool for managers to increase safety and performance in the implementation of public policies. Thus, this paper aims to analyze, through the NBR ISO 31000:2009, the adherence to good risk management practices in the acquisitions of Information Technology (IT) by the Municipality of Fortaleza (PMF). The descriptive research used as procedures the survey and as the approach to the problem is characterized as qualitative. To this end, a structured questionnaire in the form of a checklist was applied to representatives of the PMF's ICT Technical Group, in the months of May and June 2022. The results indicate that the risk treatment and risk management process registration processes were the ones that recorded least adherence. It is concluded that, in general, there is low adherence to the processes related to risk management in IT acquisitions by the PMF, considering NBR ISO 31000:2009. Several reflections can be carried out from the results in order to generate an evolution of the risk management process linked to the PMF's IT acquisition process. The standard`s processes are presented as guides for the improvement itself. |
| publishDate |
2023 |
| dc.date.none.fl_str_mv |
2023-12-11 |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion Avaliado pelos pares |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/874 10.32586/rcda.v22i1.874 |
| url |
https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/874 |
| identifier_str_mv |
10.32586/rcda.v22i1.874 |
| dc.language.iso.fl_str_mv |
por |
| language |
por |
| dc.relation.none.fl_str_mv |
https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/view/874/626 |
| dc.rights.driver.fl_str_mv |
Copyright (c) 2023 Revista: apenas para a 1ª Publicação. https://creativecommons.org/licenses/by-nc/4.0 info:eu-repo/semantics/openAccess |
| rights_invalid_str_mv |
Copyright (c) 2023 Revista: apenas para a 1ª Publicação. https://creativecommons.org/licenses/by-nc/4.0 |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Tribunal de Contas do Estado do Ceará |
| publisher.none.fl_str_mv |
Tribunal de Contas do Estado do Ceará |
| dc.source.none.fl_str_mv |
Revista Controle - Doutrina e Artigos; v. 22 n. 1 (2024); 199-238 2525-3387 1980-086X 10.32586/msgh8n54 reponame:Revista Controle (Online) instname:Tribunal de Contas do Estado do Ceará (TCCE) instacron:TC_CE |
| instname_str |
Tribunal de Contas do Estado do Ceará (TCCE) |
| instacron_str |
TC_CE |
| institution |
TC_CE |
| reponame_str |
Revista Controle (Online) |
| collection |
Revista Controle (Online) |
| repository.name.fl_str_mv |
Revista Controle (Online) - Tribunal de Contas do Estado do Ceará (TCCE) |
| repository.mail.fl_str_mv |
revistacontrole@tce.ce.gov.br || josimar.batista@tce.ce.gov.br |
| _version_ |
1798315245277544448 |