Avaliação dos riscos dos processos estratégicos da governança de TI

Pontes, Roberta Pinto Coelho Maciel

02 August 2018

Submitted by Sara Ribeiro (sara.ribeiro@ucb.br) on 2018-12-04T11:52:46Z No. of bitstreams: 1 RobertaPintoCoelhoMacielPontesDissertacao2018.pdf: 2813246 bytes, checksum: 08608fe7fab4d1e6d8702fc959fccecb (MD5) / Approved for entry into archive by Sara Ribeiro (sara.ribeiro@ucb.br) on 2018-12-04T11:52:57Z (GMT) No. of bitstreams: 1 RobertaPintoCoelhoMacielPontesDissertacao2018.pdf: 2813246 bytes, checksum: 08608fe7fab4d1e6d8702fc959fccecb (MD5) / Made available in DSpace on 2018-12-04T11:52:57Z (GMT). No. of bitstreams: 1 RobertaPintoCoelhoMacielPontesDissertacao2018.pdf: 2813246 bytes, checksum: 08608fe7fab4d1e6d8702fc959fccecb (MD5) Previous issue date: 2018-08-02 / The objective of this scientific research was to evaluate the strategic risks associated to IT Governance processes, using a specific method through which it was possible to measure the capability of these processes and to identify the associated risks, in an integrated way. The COBIT 5 PAM method was chosen to evaluate the processes and the scenario analysis tool was used to identify the risks. The method application was done in an institution and the processes selected for evaluation were the strategic level provided in COBIT 5, which composes the EMD domain. The risk identification was based on scenario analysis, using the results fixed in the PAM for capacity level 1 (in which the process is expected to fulfill its purpose) as an ideal scenario and as the actual scenario presented in the process evaluation. Aftering identified risks, they were submitted to a manager’s forum to be validated and prioritized. The result shows that the risk assessment method was efficient, as the risks were recognized by the managers. Also identified were the processes that need to be increased to mitigate the risks considered relevant were also identified. The direct association between processes, already evaluated in their capacities, and the resulting risks, already prioritized, allowed this simultaneous analysis. / O objetivo deste estudo foi avaliar os riscos estratégicos associados a processos de Governança de TI, utilizando um método próprio por intermédio do qual foi possível, de maneira integrada, mensurar a capacidade desses processos e levantar os riscos a eles associados. Foi escolhido o método PAM do COBIT 5 para avaliar os processos e utilizada a ferramenta análise de cenários para levantar os riscos. A aplicação do método foi feita numa instituição e os processos selecionados para avaliação foram os de nível estratégico previsto no COBIT 5, que compõe o domínio EMD. Já o levantamento dos riscos foi feito a partir de análise de cenário, utilizando como cenário ideal os resultados previstos no PAM para o nível de capacidade 1 (no qual está previsto que o processo cumpre a sua finalidade) e como cenário real aquele apresentado na avaliação do processo. Após os riscos levantados, eles foram submetidos a um fórum de gestores para serem validados e priorizados. O resultado demonstra que o método para levantamento de risco foi eficiente, na medida que os riscos foram reconhecidos pelos gestores. Foram também identificados os processos que precisam ser incrementados para mitigar os riscos considerados relevantes. A associação direta entre processos, já avaliados em suas capacidades, e os riscos decorrentes, já priorizados, permitiu esta análise simultânea.

Riscos de TI

Governança de TI

Avaliação de processos

Riscos estratégicos de TI

Process assessment

IT strategic risks

IT governance

IT risks

Riskstyrning i små- och medelstora företag under coronapandemin : En kvantitativ studie / Risk management in small and medium-sized enterprises during the corona pandemic : A quantitative study

Halvardsson, Emil, Hederberg, Måns

January 2021

Syfte: Syftet med uppsatsen är att undersöka hur små- och medelstora svenska företag anpassar sin riskstyrning till följd av coronapandemin och vilka risker som företagen upplever varit mest betydande för sin verksamhet under pågående pandemi. Vidare är avsikten att undersöka vad som påverkar vilka åtgärder som vidtagits. Metod: En kvantitativ undersökning med deduktiv ansats där en webbaserad enkät använts för att undersöka hur små- och medelstora svenska företag anpassar sin riskstyrning till följd av kriser och vilka risker som företagen upplever varit mest betydande för sin verksamhet under pågående pandemi. T-tester och korrelationsanalyser har använts för att analysera resultaten och testa hypoteser som formulerats utifrån befintlig teori på forskningsområdet. Resultat: De undersökta företagen har primärt påverkats av volatila råvarupriser, utmaningar när det kommer till att säkerställa kontinuerlig materialtillgång samt att kunna få tillgång till rätt kompetens till verksamheten. De undersökta företagen har därutöver upplevt att deras ekonomiska resultat har försämrats under coronapandemin. Samtliga nollhypoteser antas i studien. Däremot har studien likväl kunnat påvisa förändringar i de undersökta företagens riskstyrning, däribland att företagen ökat antalet möten de håller om risker och att de ökat antalet leverantörer som de använder sig av för samma typer av varor i de fall då de upplevt störningar i försörjningskedjorna. Företagen som hade upplevt ökade störningar i försörjningskedjorna hade också ökat sina lager och avsåg så också i hög utsträckning göra efter coronapandemins slut. / Purpose: The aim of the thesis is to investigate how small and medium-sized Swedish companies adapt their risk management as a result of the corona pandemic and which risks the companies feel have been most significant for their operations during the ongoing pandemic. Furthermore, the intention is to investigate what affects what measures have been taken. Method: A quantitative survey with a deductive approach where a web-based survey was used to examine how small and medium-sized Swedish companies adapt their risk management as a result of crises and which risks the companies experience have been most significant for their operations during the ongoing pandemic. T-tests and correlation analyzes have been used to analyze the results and test hypotheses formulated based on existing theory in the research area. Results: The companies surveyed were primarily affected by volatile raw material prices, challenges when it comes to ensuring continuous material supply and being able to gain access to the right skills for the business. In addition, the companies surveyed have experienced that their financial results have deteriorated during the corona pandemic. All null hypotheses are adopted in the study. However, the study has nevertheless been able to show changes in the survey companies' risk management, including that the companies increased the number of meetings they hold about risks and that they increased the number of suppliers they use for the same types of goods in cases where they experienced supply chain disruptions. The companies that had experienced increased disruptions in the supply chains had also increased their stocks and intended to do so to a large extent after the end of the corona pandemic.

Corona pandemic

crisis

crisis management

risks

risk management

SME

financial risks

strategic risks

operational risks

remote work.

Coronapandemin

kris

krisstyrning

risker

riskstyrning

SME

finansiella risker

strategiska risker

operativa risker

hemarbete.

Business Administration

Företagsekonomi