Avaliação do impacto do gerenciamento de riscos de TI no desempenho financeiro das empresas : uma análise empírica entre empresas abertas brasileiras

Eichler, Flavio Alberto V.

January 2017

Considerando a importância da TI no ambiente de negócios e os riscos inerentes ao emprego dessa tecnologia, este estudo visa buscar evidências de melhoria de desempenho de empresas com a realização de gerenciamento de riscos de TI (GRTI). A pesquisa em curso seguiu a metodologia da Hipótese de Eficiência de Mercado, na sua forma semiforte, isto é, utilizando o método de janela de eventos. Com essa metodologia estimaram-se os retornos anormais na valorização das ações de empresas, oriundos da publicação de eventos de GRTI pelas empresas de capital aberto brasileiras, obtidos a partir do site da BMF&BOVESPA. Foram analisadas todas as empresas listadas em todo o período disponível no site, isto é, de 2003 até 2016, perfazendo um total aproximado de 400 empresas em cada ano. Essa análise utilizou ferramentas de busca do próprio site para encontrar anualmente todos os documentos que contivessem menção à palavra risco. Todos os documentos públicos obtidos com essa filtragem foram examinados detalhadamente para identificar evidências de que a empresa realizou, pela primeira vez, ações de GRTI, isto é, de que a empresa anunciou ao mercado que o GRTI passou a fazer parte de suas rotinas operacionais e administrativas. Depois dessa análise pormenorizada de todos os documentos publicados por essas empresas no site da BMF&BOVESPA, chegou-se a 22 empresas que evidenciaram ao mercado que fazem GRTI. Essas 22 empresas foram examinadas à luz da metodologia de janela de eventos. Os resultados obtidos indicam que, no cenário brasileiro, não é possível afirmar que o GRTI traz uma melhora no desempenho financeiro das empresas, uma vez que a hipótese nula de alteração do valor do retorno das ações não foi invalidada. Infere-se que o mercado não percebe uma diferença de valor nas ações dessas empresas, em função dos eventos de GRTI. Com intuito de suportar teoricamente esta pesquisa, foram reunidas as principais pesquisas em governança de TI e GRTI e relacionando-as a um desempenho financeiro empresarial. / Considering the importance of IT in the business environment and the risks inherent in the use of this technology, this study aims to seek evidence of improved performance of companies with IT Risk Management (ITRM). The research followed the methodology of the Market Efficiency Hypothesis, in its semi-strong-form, that is, using the event window method. This methodology was used to estimate the abnormal returns on the valuation of companies' shares, resulting from the publication of ITRM events by Brazilian publicly traded companies, obtained from the BMF&BOVESPA website. All listed companies were analyzed throughout the period available on the site, that is, from 2003 to 2016, approximately 400 companies in each year. This analysis used search tools from the site itself to find annually all documents that contained mention to the word risk. All public documents obtained by this filtering were examined in detail to identify evidence that the company held, for the first time, ITRM actions. That is, the company announced that ITRM became part of their administrative and operational routines. After this detailed analysis of all documents published by these companies from Brazilian stock exchange, 22 companies evidenced to the market that do ITRM. These 22 companies were examined under the event window methodology. The results indicate that, in the Brazilian scenario, it is not possible to affirm that the ITRM brings an improvement in companies’ financial performance, since the null hypothesis of change shares’ return values was not negated. It is inferred that the market does not notice a difference in these companies’ share values due to ITRM events. In order to theoretically support this research, the main studies in IT governance and ITRM were gathered and related to a business financial performance.

Tecnologia da informação

Gestão de riscos

Risks

Risk management

IT risk management

IT governance

IT market value

Success

Performance and IT projects

Gastos e indicadores de uso de tecnologia da informação no governo do estado de São Paulo: evolução e tendências / Expense and indicators of use of information technology in government of State of Sao Paulo

Violeta Sun

06 January 2006

O objetivo deste trabalho é pesquisar os gastos em Tecnologias da Informação e Comunicação (TIC) do Governo do Estado de São Paulo e das Secretarias do Estado de Educação e da Saúde, e compará-las internamente e externamente com outras entidades. O capítulo 1 contextualiza a problemática da pesquisa enquanto o capítulo 2 traça os objetivos gerais e específicos. O capítulo 3 apresenta uma revisão bibliográfica sobre Administração Pública, TIC, o uso de TIC na Administração Pública, Administração Pública no Brasil, estrutura do Estado de São Paulo e das secretarias estudadas, descrição dos sistemas contábilfinanceiros SIAFEM e SIGEO, conceitos de orçamento público do Estado de São Paulo e as variáveis e indicadores utilizados na pesquisa. No capítulo 4 encontram-se os métodos e procedimentos utilizados na pesquisa, identificando as contas contábeis utilizadas no estudo, a relação dos gestores entrevistados, a forma de análise e apresentação dos resultados. No capítulo 5 se demonstrou os resultados obtidos, no capítulo 6 a análise comparativa e conclusões, e no capítulo 7 encontram-se as considerações finais. / The objective of this work is to study the expenses on Information and Communication Technologies (ICT) of the State of São Paulo, the Department of Education and the Department of Health, compare each other and with other departments. Chapter 1 gives an overview of the research context while chapter 2 presents the main objectives. Chapter 3 presents a review on Public Administration, ICT, the use o ICT in the Public Administration, Public Administration in Brazil, the structure of the State of São Paulo and the departments studied, a description of SIAFEM and SIGEO financialaccountancy systems, state´s public budget concepts, and variables and indicators used in the study. On Chapter 4, the methods and procceedings of the study, presenting the accounts used, managers interviewed and the analysis structure. Chapter 5 demonstrates the results of the study, chapter 6 the comparative analysis and chapter 7 presents the final remarks.

Gastos em informática

Governança de TI

Governo do Estado de São Paulo

Informática pública

IT expenditures

IT governance

Public informatics

State of São Paulo

Hur prioriterar en matrisorganisation? : En beskrivning & analys av prioriteringsprocessen i ett PMO hos en matrisorganisation.

Widjeskog, Regina

January 2012

Företag kan ha olika struktur och med denna organisationsstruktur kommer en del utmaningar. Matrisorganisationer är en utformning av det mer komplexare slaget och dess tydligaste kännetecken är multipla rapporteringsvägar. På senare tid har det visat sig att matrisorganisationer som arbetar med Project Management Office (PMO) har problem med hur de ska prioritera sina projekt. Detta för att beslutsvägarna är komplexa och det många gånger är svårt att veta vem det är som bestämmer.   Syftet med studien var att beskriva och analysera prioriteringsprocessen i ett PMO som existerar i en matrisorganisation. Studien har även velat påvisa vilka faktorer som påverkar denna prioriteringsprocess. För att besvara syftet har en deskriptiv undersökningsmetod använts med en deduktiv ansats. Studien har haft Företag X i Västerås som fallföretag, där utförliga intervjuer har genomförts med relevanta informanter för att samla in empiri.   I studien beskrivs begrepp som är kopplade till prioriteringsprocessen i ett PMO i en matrisorganisation, uppdelade i fyra olika teman; projekt, styrning, beslutsfattande och organisation. Studiens resultat och analys börjar med en verksamhetsbeskrivning men är sedan indelat i fem rubriker. Direkt under samtliga av dessa rubriker sker en analys utifrån den teoretiska referensramen. Därefter sker en djupare diskussion gällande prioriteringsprocessen och dess påverkande faktorer.   Denna studie påvisar att fallföretaget saknar en tydlig prioriteringsprocess. Väldefinierade IS strategier och Business drivers i kombination med rätt visualiseringsverktyg underlättar prioriteringsprocessen för en matrisorganisation. Andra faktorer som även påverkar är styrning och struktur i PMO, beslutsfattande och resurser.

Project Management Office (PMO)

matrisorganisation

beslutsprocess

prioriteringsprocess

IT projekt

projektprioritering

IT Governance

projektportfölj.

Information Systems

It governance in a public company of research and development: Deploying the ITIL in Service desk / Governança de TI em uma empresa pública de pesquisa e desenvolvimento: Implantando ITIL na Central de Atendimento de Solicitações de Serviços

Valdecir da Silva

09 May 2015

Nowadays, the companies providing the services about the Information Technology (IT) seek to remain competitive, establishing relations closer between the customers, their production processes and the business as a whole. The integration Technology and innovation processes of the information technology, including applications, systems, computing infrastructure and data communication, came to represent a high degree element to ensure business continuity becoming a variable to be inserted into the general management system corporations. Aiming to meet this need was created an Information Technology Infrastructure Library (ITIL). This framework sets out the methods from the best practices for the development and management of IT services, bringing together the necessary tools to manager in order to support their activities by virtue of the most efficient techniques designed scientifically. This work proposes an analysis, the case study in a public institution of research and development, demonstrating how the implementations of IT governance, along with models of best practices for service management, interact with managers the organizations processes. The research was supported by a bibliographic and documentary, qualitative and descriptive basis for identification of the administrative determination of this institution and its necessities and subsequent analysis of the applicability of ITIL with the institutions Service Operations, explaining the relevant aspects to be observed in its implementation. The survey of information was collected from various types of documents available in the institution and based on the experience of the researcher in the area. This research can be a guide in the special organizations and public sector managers with intention to accept any methodology for best practices of process organization in favor of provided benefits of implementing this study. / Atualmente as empresas provedoras de serviços de Tecnologia da Informação (TI) buscam se manter competitivas estabelecendo relações cada vez mais estreitas entre os clientes, seus processos produtivos e o negócio como um todo. As integrações tecnológicas de processos pela tecnologia da informação, incluindo aplicações, sistemas e infraestrutura computacional e de comunicação de dados, passaram a representar em alto grau elementos para garantir a continuidade do negócio passando a ser uma variável a ser inserida dentro do sistema de gestão geral das corporações. Visando suprir essa necessidade, foi criada a Information Technology Infrastructure Library (ITIL). Esse framework estabelece os métodos a partir das melhores práticas para o desenvolvimento e gerenciamento de serviços de TI, reunindo às ferramentas necessárias a gerência de forma a sustentarem suas atividades em virtude das mais eficientes técnicas concebidas cientificamente. O presente trabalho propõe uma análise, pelo estudo de caso realizado em uma instituição pública de pesquisa e desenvolvimento, demonstrando como a implementação da governança de TI, juntamente aos modelos de melhores práticas para gestão de serviços, interagem com a gerencia de processos da organização. A pesquisa foi sustentada por um embasamento bibliográfico e documental, qualitativo e de caráter descritivo, para identificação das características administrativas desse tipo de instituição e suas necessidades e posterior análise da possibilidade de aplicação do ITIL junto as Operações de Serviço da instituição, explanando os aspectos relevantes que devem ser observados nessa implementação. O levantamento de informações foi coletado de diversos tipos de documentos disponíveis na instituição bem como com base na vivência do pesquisador na área. Essa pesquisa pode servir de orientação a organizações e gestores em especial do setor público com intenção de adoção de alguma metodologia para boas práticas de organização de processos em prol dos benefícios providos da implementação desse estudo.

desenvolvimento

ITIL

governança de TI

tecnologia da informação

gestão

ITIL

IT governance

information technology

management

development

The value of context awareness within information technology audit and governance

Le Roux, Theo

January 2020

Thesis (MTech (Business Information Systems))--Cape Peninsula University of Technology, 2020 / A shared common understanding or context awareness (CA) of IT Audit and Governance among all the internal stakeholders of a business remains an important factor. This context awareness is needed between the business itself, the IT department, and the Audit and Risk functions of the business. The research problem states that there is a lack of shared context awareness among all stakeholders when conducting IT audits and implementing IT Governance. To answer the research questions, a case study research strategy was followed using an International Services Group of companies operating from South Africa. The case study offered a diverse group of companies and vast experience in the South African Services, Trading, and Distribution sector. The diversity of this group of companies made it a perfect candidate for understanding context and the value of context in IT when conducting IT audits. The following research questions were asked: i) What are the factors affecting a shared context understanding among the stakeholders when conducting IT audits and implementing IT Governance? ii) How can a shared context understanding among stakeholders be achieved when conducting IT audits and implementing IT Governance? The aim of the study was to explore the value of context awareness within IT Audit and Governance in order to identify the value of shared context understanding. Data collection was done by means of interviews using semi-structured questionnaires and an interview guide. Qualitative data analysis techniques were adopted for this research. The conclusion of the study highlights the importance of a collective understanding of the business’s context in order to obtain alignment in business, IT, and Audit. It refers to the same or a similar understanding of the business processes; this takes time and is unique on all levels.

Context awareness

IT audit

IT Governance

shared context understanding

ubiquitous computing

Artificial Intelligence

machine learning

business process

Utmaningar med IT-styrning inom en svensk sjukvårdsorganisation : En kvalitativ studie om styrning av digitalisering / Challenges in IT governance within a Swedish healthcare organization : A qualitative study on the challenges in management of digitization

Svantesson, Albin, Dellgran, Edvin, Johansson, Melker

January 2022

Svensk sjukvård har som ambition att ligga långt fram i den digitala utvecklingen samtidigt som man idag har problem med en stor mängd mindre system och integrationen mellan dessa. Det beror mycket på den styrning som man använt sig av. Detta arbete avser att besvara frågan kring hur svenska sjukvårdsorganisationer arbetar med styrning av digitalisering och vilka utmaningar som finns där. För att besvara detta har 6 st personer inom olika regioner med betydande roller inom förändringsarbete intervjuats. Resultatet från materialet visar på att digitaliseringsarbetet utgår från behov för att minimera risker samt att den digitala mognaden är svårdefinierad inom organisationen vilket leder till bristande kommunikation. Diskussionen utgår från individens perspektiv och organisationens perspektiv. I mötet mellan  individen och organisationen identifieras fyra stycken utmaningar inom IT-styrningen. Sammanfattningsvis så behöver svenska sjukvårdsorganisationer ta steget ifrån den klassiska organisering och IT-styrning som råder idag och öka sin omställningsförmåga för att överkomma de identifierade utmaningarna. / Swedish healthcare has the ambition to be at the forefront of digital development, while today it has problems with a large number of smaller systems and the integration between them. This depends a lot on the governance that is used within the organization. This work is intended to answer the question of how Swedish healthcare organizations work with the management of digitalisation and what challenges there are. To answer this, 6 people in different Swedish regions with significant roles in change work have been interviewed. The results from the material show that the digitization work is based on the need to minimize risks and that digital maturity is difficult to define within the organization, which leads to a lack of communication. The discussion is based on the individual's perspective and the organization's perspective. In the meeting between the individual and the organization, four challenges in IT governance are identified. In summary, Swedish healthcare organizations need to take the step away from the classic organization and IT governance that prevails today and increase their adaptability in order to overcome the identified challenges.

Health care

digitization

business development

IT-governance

Sjukvård

digitalisering

verksamhetsutveckling

IT-styrning

Human Aspects of ICT

Mänsklig interaktion med IKT

Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South Africa

Basani, Mandla

02 1900

Information security in the form of IT governance is part of corporate governance. Corporate governance requires that structures and processes are in place with appropriate checks and balances to enable directors to discharge their responsibilities. Accordingly, information security must be treated in the same way as all the other components of corporate governance. This includes making information security a core part of executive and board responsibilities. Critically, corporate governance requires proper checks and balances to be established in an organisation; consequently, these must be in place for all information security implementations. In order to achieve this, it is important to have the involvement of three key role players, namely information security professionals, ICT security auditors and regulatory officials (from now on these will be referred to collectively as the ‘role players’). These three role players must ensure that any information security controls implemented are properly checked and evaluated against the organisation’s strategic objectives and regulatory requirements. While maintaining their individual independence, the three role players must work together to achieve their individual goals with a view to, as a collective, contributing positively to the overall information security of an organisation. Working together requires that each role player must clearly understand its individual role, as well the role of the other players at different points in an information security programme. In a nutshell, the role players must be aligned such that their involvement will deliver maximum value to the organisation. This alignment must be based on a common framework which is understood and accepted by all three role players. This study proposes a South African Information Security Alignment (SAISA) framework to ensure the alignment of the role players in the implementation and evaluation of information security controls. The structure of the SAISA framework is based on that of the COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS), Acquire and Implement Information Security (AI-IS), Deliver and Support Information Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS). The SAISA framework brings together the three role players with a view to assisting them to understand their respective roles, as well as those of the other role players, as they implement and evaluate information security controls. The framework is intended to improve cooperation among the role players by ensuring that they view each other as partners in this process. Through the life cycle structure it adopts, the SAISA framework provides an effective and efficient tool for rolling out an information security programme in an organisation / Computer Science / M. Sc. (Computer Science)

Information security professionals,

ICT security auditors,

Regulatory officials

Framework

Role players

Information security programme

Corporate governance

IT governance

COBIT

005.80968

IT治理應用於電子化政府資訊組織設計之個案研究－以政府某機關辦理資訊改造為例 / The case study of IT governing to apply in e-government’s information technology organization design – taking a certain government organization that conducts information technology reformation as an example

黃金福

Unknown Date

在面對快速轉變時代中，電子化政府重要目標是有效掌握IT之趨勢，落實政府資訊作業之進行，達到為人民服務更有效率、政策更具可靠性（accountable）及透明性之目標，因此IT已成為電子化政府不可或缺的管理工具，相對依賴IT程度亦不斷提昇，意味著IT是最重要資產，導至IT本身已經成為一個巨大的威脅，隨IT而來的風險、利益和機會，必然需要有效的IT管理和風險管理，與企業相同，IT治理成為電子化政府最關鍵成功因素。 IT治理用於描述組織是否採用有效的機制（就是為了鼓勵達到資訊應用的期望，而明確訂定決策權歸屬和責任承擔的一種架構），使得資訊科技的應用能夠完成組織賦予它的使命，同時平衡資訊科技與組織發展過程的風險，確保能夠實現組織的策略目標。 本研究以IT治理概念應用於個案機關進行資訊改造整體規劃之資訊組織設計，經由探索性之個案分析，整理深入訪談所獲得的資料，依COBIT之內部控制系統之IT程序為架構，進行個案研究，完成符合IT治理之政府機關資訊組織設計，讓IT為機關組織帶來應有的利益：提昇行政效率、提供民眾更好的行政服務品質，使資訊部門成為政府組織中重要價值之部門。最後提出研究結果與建議，作為個案機關辦理資訊改造整體規劃之政策參考。 關鍵詞：IT治理、電子化政府、資訊改造整體規劃、資訊組織設計 / In faces in the fast changing time, the main objectives to implement e-government inititiative include: tracking and catching up with the IT trends, realizing the benefits of modern information systems for governing, serving citizens more effectively, making governments more accountable for their policies, and achieving transparencies. IT is at the center of e-government in improving its management. IT has become an important asset for a government agency while the dependency on IT has increased; hence the associated risks. The IT governance has become an important approach and framework in managing IT organization and planning, acquisition and development, operation and services, etc. Better IT governance is a critical factor in e-government success. IT governance orchestrates how an organization shares IT related decisions and responsibility among various stakeholders such as top level management, functional area managers, and IT organizations. The objective is to ensure IT goals can be aligned with business goals while mitigates the risks involved. This research applies the IT governance concept to study how a government institute reengineers its IT organization via a case research method. This is an exploratory case study in which in-depth interviews in this government institute were conducted. Data collected are organized according to COBIT IT governance framework. COBIT emphasizes internal controls, and organized IT related processes into four domains. The potential benefits of this approach include: Manage government more effectively, provide high quality services to citizens, increase the contribution of IT department to its agency. The research findings and results reported in this study can be used by other government agencies in their IT reengineering efforts.

IT治理

電子化政府

資訊改造整體規劃

資訊組織設計

e-government

IT governance

IT reengineering

Att styra i en digital värld : En flerfallsstudie om digitaliseringens påverkan på verksamhetsstyrning / To control in a digital world : A multiple case study on the impact of digitalization on operating control

Ahlmark, Stina, Karlsson, Julia

January 2019

Bakgrund: Samhället genomgår just nu en övergång till mer datadrivna verksamheter och dåblir kopplingen mellan IT och verksamhetsstyrning högst relevant att undersöka. Den ökade digitaliseringen verkar påverka företags sätt att bedriva verksamhet och den skapar både möjligheter och utmaningar. Digitaliseringen är inte längre en fråga för endast IT- avdelningen utan för hela organisationen. Det handlar inte om att digitaliseringen påverkar företag, utan hur den gör det. Syfte: Syftet med denna studie är att förklara på vilka sätt digitaliseringen kan förändra och påverka verksamhetsstyrningen. Genomförande: Denna studie har en kvalitativ karaktär med utgångspunkt i ett realistiskt perspektiv. De empiriska data är insamlade genom sex semistrukturerade intervjuer med respondenter från sex olika företag som befinner sig i olika branscher. Slutsats: Det går att konstatera att digitaliseringen har påverkat fallföretagens verksamhetsstyrning i en mängd olika avseenden. För att lyckas i det nya och mer föränderliga företagsklimatet som digitaliseringen bidrar till krävs det omstrukturering av organisationen och nya roller i företagen samt nya typer av kompetenser. Den digitala transformationen underlättar bland annat informationsflöde, transparens och skapandet av mer effektiva kedjor samt bidrar till ökad kundorientering tack vare möjligheterna att analysera kundmönster genom data. Det leder i sin tur till att företag kan bredda och förändra sina erbjudanden och det finns en strävan efter att utgå från kärnprodukten. En viktig aspekt kopplat till detta är att understryka att digitalisering av aktiviteter inte nödvändigtvis leder till positiva resultat för företagen och det gäller därför att företagen vet vad de vill få ut av den digitala transformationen innan investeringar görs. Slutligen verkar det som att företagens digitala mognadsgrad får påverkan för i vilken grad verksamhetsstyrningen förändras. / Background: The society is currently going through a change to more data-driven companies which makes the connection between IT and control most relevant. The increased digitalization affects companies’ ways of managing and creates both possibilities and challenges. Digitalization is no longer a question for the IT-department alone, but for the entire organization. It is not a question if digitalization affects companies, but how. Purpose: The aim of this study is to examine in which ways digitalization can change and affect operating control. Completion: This study is characterized by a qualitative methodology and has a realistic perspective. The empirical data has been collected through six semi-structured interviews with respondents from six different companies within different industries. Conclusion: The digitalization has affected the studied cases’ operating control in many ways. To be able to succeed in the new and constantly changing environment, companies need to restructure their business and create new roles within the organization. Companies are also searching for new competencies. The digital transformation facilitates the flow of information, transparency and the creation of more effective value chains and contributes to increased customer orientation thanks to the possibilities of analyzing customer behavior through data. This in turn leads to companies being able to broaden and change their offerings, and here there seems to be an endeavor to start from the core product. An important aspect connected to this, is that the digitalization of activities does not necessarily lead to positive results for companies and therefore they need to know what they want to achieve with a digital transformation before making investments. Finally, it seems like companies’ degree of digital maturity has an impact on the extent to which operating control change.

Digitalization

digital transformation

operating control

IT-governance

work of change

digital maturity

Digitalisering

digital transformation

verksamhetsstyrning

IT-styrning

förändringsarbete

digital mognad

Business Administration

Företagsekonomi

Segurança em processamento de dados / Data processing security

Riccio, Edson Luiz

16 October 1981

A comunidade empresarial e os profissionais de Sistemas e Processamento de Dados enfrentam atualmente um novo tipo de desafio: A ameaça dos computadores. O crescente volume de computadores e a larga utilização das tecnologias de teleprocessamento e de redes estão levando as organizações à crescente dependencia de sua Estrutura de Informatica e de seu principal produto: os sistemas de informação e os demais elementos a eles associados. Não é dificil constatar que o impacto destas tecnologias tem sido absorvido apenas parcialmente não só por usuários mas tambem pelos profissionais. De fato o desenvolvimento dos computadores não é acompanhado pelo correspondente desenvolvimento dos princípios de Administração de Processamento de Dados. Isso significa que os princípios e normas administrativos e de controle para este tipo de atividade não se encontram no estágio desejado, isto é, não foram estabelecidos princípios e normas definitivos para obter-se uma area de Processamento de Dados completamente segura e confiável. Esta \"janela aberta\" é, como consequência, o caminho mais curto para práticas criminosas e erros generalizados, os quais resultarão em danos ás operações e aos ativos das organizações. O conceito de segurança amplamente utilizado atualmente refere-se mais à segurança física e não inclui todos os componentes de uma área de Processamento de Dados, como deveria ser compreendida, a saber: a) As instalações físicas - Incluindo equipamentos, softwares, instalações, equipamentos auxiliares, linhas telefonicas, etc. b) Os sistemas de informação por computador (sistemas \"batch\" tradicionais) c) Os Sistemas de Informação por computador que utilizam tecnologias avançadas tais como Banco de Dados e Comunicação de Dados Neste estudo propõe-se que o conceito de segurança seja extendiido a todos os elementos do ambiente de processamento de dados, como um fator que contribui para sua integridade e eficácia. Este trabalho contribui para o estudo da administração em Processamento de Dados pois apresenta, para cada elemento de uma área de Processamento de Dados as causas de ameaças e os controles mais importantes na redução do impacto dessas causas. / The business community and the Data Processing and Information Systems professionals are facing today a new kind of challenge: the Computer threat. The increasing number of installed computers and the large utilization of teleprocessing and networking techniques are pushing the organizations to be greatly dependent on the Information Processing Facility and its final product: the computerized information systems and the associated environment. It is not very difficult to verify that the impact of this fast growing technology has been only partially absorbed not only by users but also by the computer professionals. In fact, the computer development is not being followed by the corresponding development of the Data Processing Administration Principles. This means that the control and administration guidelines for this type of activity are not in the desirable stage, i.e., no final conclusions have been set up on how to obtain a completely secure and reliable Data Processing Installation. This open Window is, as a consequence, the shortest way for criminal practices and generalized errors which will result in the damage of the organizations assets and operations. The concept of security largely used today refers mostly to the physical security and does not cover all the components of the Data Processing Installation as it should be understood: a) The Physical Installation - including the hardware, software, lay-out, auxiliary equipment, telephone lines , etc.. b) The computerized information system (formal batch system) c) The computerized information systems using advanced techniques such as Data Base and Data Communication. d) The Process of Information Systems Development (Methodology) In this study, we propose that the concept of security be extended to all the elements of the Data Processing environment, as a basic factor which contributes to its integrity and effectiveness. As a contribution to the study of the Data Processing Administration, we present, for each element, the most critical causes of exposures and the most important controls which may reduce the impact of these causes.

Administração de TI

Auditoria de sistemas

Data processing

Governança em TI

Information systems

Information technology

IT governance

IT management

Processamento de dados

Security

Segurança

Sistema de informação

Systems auditing

Tecnologia de informação