Análise da relação entre a gestão de riscos da tecnologia da informação (TI) e a gestão de riscos corporativos

Abstract

The increasing use of technology and information systems became the technology an ally in the management of organizations. In this environment, the risks of information technology (IT) and business processes (enterprise risk) may impact in a negative way the results of the corporations. It is through the management of these risks that organizations can exploit opportunities and reduce their weaknesses, thus avoiding unnecessary losses. The focus of this work is concerned on analyzing the relationship between the risk management of information technology (IT) and management of corporative risk, it is a study based upon a theory that was detailed in a single case study. It became evident the kind of research methodology as an exploratory case study of an applied nature, with a qualitative approach. Data collection was performed from multiple sources such as interviews, questionnaires and documents, interviews were treated by use of software for the lexical analyzer. The results arising from this research indicated that in the case investigated there is no formal process for managing IT risks, although there are specific initiatives. Already in the case of corporate risk committee of the performance of risk has been identified, but the structure does not include established risk management of the type operating, in this perspective the data indicated opportunities for improvement of the relationship between IT risk management and corporate risk.