Risk Management Maturity Evaluation Artifact to Enhance Enterprise IT Quality

Misael Sousa de Araujo, Edgard Costa Oliveira, Simone Borges Simão Monteiro, Tharcísio Marcos Ferreira de Queiroz Mendonça

2017

Abstract

Information plays a fundamental role throughout an enterprise architecture, figuring as a strategic component to fulfill its business processes. The application of IT Risk Management models is a key success factor to reach organizations goals. However, just by adopting risk management practices is not enough to guarantee the expected benefits. Organizations face a growing need to know how efficient their business processes are, including its risk management processes, so that an efficiency degree can be stated in a determined scale, by knowing existing deficiencies, and to make an improvement plan to raise process quality and to compare its performance with other similar enterprises. Due to the diversity of maturity models and their characteristics, this paper developed a comparative study between the main maturity models of the market, in which it was possible to define, with the help of the decision technique AHP – Analytic Hierarchy Process, the process evaluation model of COBIT 4.1 to measure risk management of IT maturity in modern enterprises.

References

  1. Barafort, B., Mesquida, A.-L., Mas, A., 2016. Integrating risk management in IT settings from ISO standards and management systems perspectives. Computer Standards & Interfaces. Elsevier.
  2. COSO, 2007, Committee of Sponsoring Organizations of the Treadway Commission.Gerenciamento de Riscos Corporativos - Estrutura Integrada: Sumário Executivo e Estrutura.
  3. DSIC, 2013, Departamento de Segurança da Informação e Comunicações.Diretrizes para o processo de Gestão de Riscos de Segurança da Informação e Comunicações. Norma Complementar nº 04/IN01/DSIC/GSIPR. Available at: <http://dsic.planalto.gov.br/ documentos/nc_04_grsic.pdf>.
  4. Elmaallam, M. K. A., 2011.Towards a model of maturity for is risk management, International Journal of Computer Science & Information Technology, vol. 3, nº 4.
  5. Hillson, D., 1997. Towards a Risk Maturity Model, The International Journal of Project & Business Risk Management. Vol. I, nº I, pp. 35-45, Spring.
  6. HM Treasury, 2004. Her majesty's Treasury. The Orange Book, Norwich: Crown. p. 52.
  7. Holanda, A., 2004. Novo Dicionário Eletrônico Aurélio. POSITIVO.
  8. Hopkinson, M., 2011.Improving Risk Management Capability Using the Project Risk Maturity Model - a Case Study Based on UK Defense Procurement Projects, PM World Today., vol. XIII.
  9. IBGC, 2009, Instituto Brasileiro de Governança Corporativa.Código das melhores práticas da governança corporativa. São Paulo.
  10. ISACA, 2011, Information Systems Audit and Control Association. COBIT Process Assessment Model (PAM): using COBIT 4.1. Illinois - USA.
  11. ISACA, 2011, Information Systems Audit and Control Association. COBIT Self-assessment Guide: Using COBIT 4.1, Illinois - USA.
  12. ISO, 2004, International Organization for Standardization.ISO/IEC 15504-1:2004. Information technology - Process assessment - Part 1: Concepts and vocabulary.
  13. ISO, 2008, International Organization for Standardization.ISO/IEC 38500:2008. Corporate governance of information technology.
  14. ISO, 2009, International Organization for Standardization. Guide 73:2009. Risk Management- Vocabulary.
  15. ISO, 2009, International Organization for Standardization. ISO/IEC31000:2009. Risk management - Principles and guidelines.
  16. ITGI - IT, 2007, Governance Institute. COBIT 4.1, Illinois - USA.
  17. Koehler, J., Woodtly, R., Hofstetter, J., 2015. An impact oriented maturity model for IT-based case management. Information Systems. vol. 47, pp. 278- 291, Elsevier.
  18. Moore, R., Lopes, J., 1999. Paper templates. In TEMPLATE'06, 1st International Conference on Template Production. SciTePress.
  19. OECD, 2004, Organization for Economic Co-operation and Development. Principles of Corporate Governance. Available: <http://www.oecd.org/corporate/corporateaffairs/corp orategovernanceprinciples/31557724.pdf>. Accessed (13.5.2013).
  20. Oliva, Fabio L., 2016. A maturity model for enterprise risk management. International Journal of Production Economics 173, 66-79. Elsevier.
  21. Ramos, A., 2008.Security Officer, Guia Oficial para Formação de Gestores de Segurança da Informação, Zouk. Porto Alegre.2 ed., vol. I.
  22. Saaty, T. L., 2009.Extending the Measurement of Tangibles to Intangibles, International Journal of Information Technology & Decision Making, vol. 8, pp. 7-27.
  23. SEI, 2010, Software Engineering Institute, CMMI for Services, Carnegie Mellon, Pittsburgh.
  24. SEI, 2011, Software Engineering Institute. Standard CMMI Appraisal Method for Process Improvement (SCAMPI) A Version 1.3: Method Definition Document, Carnegie Mellon, Pittsburgh, PA, March,.
  25. Shahzad, B., Safvi, S., 2010.Risk mitigation and management scheme based on risk priority,Global Journal of Computer Science and Technology.Vol. 10, nº Issue 4, pp. 108-113, 2010.
  26. Silva, J. M. d., 2012.Apostila de Formação de valor em sistemas de atividades humanas, Faculdade de Tecnologia, Núcleo de Engenharia de Produção, UnB.
  27. Silveira, A., 2010. Governança Corporativa no Brasil e no Mundo, Teoria e Prática, Elsevier.Rio de Janeiro.
  28. Vargas, R. V., 2009.The History of Risk Management - Based on the book Against the God. Available: http://www.ricardo-vargas.com/slides/20. Accessed (28.6.2016).
  29. Weill, P., Ross, J., 2006.Governança de TI: Tecnologia da Informação, M. Books. São Paulo.
Download


Paper Citation


in Harvard Style

Araujo M., Oliveira E., Monteiro S. and Mendonça T. (2017). Risk Management Maturity Evaluation Artifact to Enhance Enterprise IT Quality . In Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-758-249-3, pages 425-432. DOI: 10.5220/0006324404250432


in Bibtex Style

@conference{iceis17,
author={Misael Sousa de Araujo and Edgard Costa Oliveira and Simone Borges Simão Monteiro and Tharcísio Marcos Ferreira de Queiroz Mendonça},
title={Risk Management Maturity Evaluation Artifact to Enhance Enterprise IT Quality},
booktitle={Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2017},
pages={425-432},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006324404250432},
isbn={978-989-758-249-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - Risk Management Maturity Evaluation Artifact to Enhance Enterprise IT Quality
SN - 978-989-758-249-3
AU - Araujo M.
AU - Oliveira E.
AU - Monteiro S.
AU - Mendonça T.
PY - 2017
SP - 425
EP - 432
DO - 10.5220/0006324404250432