Information (Apr 2022)

ICT Governance and Management Macroprocesses of a Brazilian Federal Government Agency

  • Edna Dias Canedo,
  • Ana Paula Morais do Vale,
  • Rogério Machado Gravina,
  • Alessandra de Vasconcelos Sales,
  • Bruno J. G. Praciano,
  • Vinicius Eloy dos Reis,
  • Fábio Lúcio Lopes Mendonça,
  • Rafael Timóteo de Sousa Júnior

DOI
https://doi.org/10.3390/info13050231
Journal volume & issue
Vol. 13, no. 5
p. 231

Abstract

Read online

The process of identifying and managing Information and Communication Technology (ICT) risks has become a concern and a challenge for public and private organizations. In this context, risk management methodologies within the Brazilian Federal Public Administration organizations have become indispensable to help the managers of these organizations in decision making, especially in the distribution of public funds, elaboration of public policies focused on transparency, social actions contemplating indemnities, and social benefits, among others. In addition, the various ICT projects controlled by the public administration need a methodology to perform their management of ICT resources. In this article, we present the Governance and Risk Management methodology used to model the Administrative Council for Economic Defense (CADE) macro processes. The proposed methodology used the risk management process aligned to the ISO 31000 standards. This alignment was necessary for mapping CADE’s risk events, regardless of their complexity. The modeled ICT risk processes will support the organization’s managers in decision making and may be used or customized by any other organization of the Brazilian Federal Public Administration.

Keywords