Information and Communications Technologies (ICT) comprise a large integrated set of structures and functions employed to access, transfer, store and treat all forms of information. These technologies continue to be an important factor for improving organizational management and achieving competitive advantage, since they can be used to add value, continuously, to almost all business processes. Based on a survey of the literature, international and national regulations, and best practices bodies, this paper presents and discusses common elements that are considered important to guide regulatory compliance verifications of ICT management practices. Designated hereinafter as Elements that Orient Regulatory Compliance Verification Audits (ECVAs), these elements are characterized and their selection is validated in a case study for improving ICT Governance in a Brazilian Public Agency.
ISO/IEC 27002:2005 – Information technology – Security techniques – Code of practice for information security management. Technical report.
2.
Adams,S. (2009). ITIL V3 foundation handbook, volume 1. The Stationery Office.
3.
Bernroider,E.W. and Ivanov,M. (2011). {IT} project management control and the control objectives for {IT} and related technology (cobit) framework. International Journal of Project Management, 29(3): 325–336.
4.
Calder,A. (2008). ISO/IEC 38500: the IT governance standard. IT Governance Ltd.
5.
Clara,A.M.C.Canedo,E.D. and de Sousa Júnior,R.T. (2017). Elements that orient the regulatory compliance verification audits on ict governance. In Proceedings of the 18th Annual International Conference on Digital Government Research, dg.o ’17, pages 177–184, New York, NY, USA. ACM.
6.
de Contas da União,T. (2014). Governance benchmark applicable to public administration agencies.
7.
De Haes,S. and Van Grembergen,W. (2004). It governance and its mechanisms. Information Systems Control Journal, 1: 27–33.
8.
De Haes,S. and Van Grembergen,W. (2015). Enterprise governance of information technology. Achieving Alignment and Value, Featuring COBIT, 5.
9.
for Standardization,I.I.O. (2013). Iso/iec 27007:2013 information technology – security techniques – guidelines for information security management systems auditing.
10.
Gil,A.C. (2002). Como elaborar projetos de pesquisa. São Paulo, 5: 61.
11.
Henderson,J.C. and Venkatraman,H. (1993). Strategic alignment: Leveraging information technology for transforming organizations. IBM Systems Journal, 32(1): 472–484.
12.
Henderson,J.C. and Venkatraman,N. (1992). Strategic alignment: a model for organizational transformation through information technology. Transforming Organizations, pages 97–117.
13.
IEC,I. (2013). 27002: 2013. Information technology Security techniques-Code of practice for information security controls. Retrieved from http://www. iso. org/iso/catalogue_detail.
14.
Isaca,C. (2012). 5-enabling processes. Rolling Meadows, IL, 60008.
15.
Jensen,M.C. and Meckling,W.H. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4): 305–360.
16.
Kouzmin,A.Löffler,E.Klages,H. and Korac-Kakabadse,N. (1999). Benchmarking and performance measurement in public sectors: towards learning for agency effectiveness. International Journal of Public Sector Management, 12(2): 121–144.
17.
Lee,S. and Sai On Ko,A. (2000). Building balanced scorecard with swot analysis, and implementing “sun tzu’s the art of business management strategies” on qfd methodology. Managerial Auditing Journal, 15(1/2): 68–76.
18.
MORAIS,E.J.D. (2005). Controles internos e estrutura de decisão organizacional: o caso da Contadoria do Banco do Brasil. PhD thesis, Dissertação (Mestrado em Administração) – Universidade Federal do Paraná, Curitiba.
19.
Nastase,P.Nastase,F. and Ionescu,C. (2009). Challenges generated by the implementation of the it standards cobit 4.1, itil v3 and iso/iec 27002 in enterprises. Economic Computation & Economic Cybernetics Studies & Research, 43(3): 1–16.
20.
Nath,H.K. and Liu,L. (2017). Information and communications technology (ict) and services trade. Information Economics and Policy.
21.
Norfolk,D. (2011). IT Governance: Managing Information Technology for Business; 2nd ed. Thorogood Publishing Ltd, London.
22.
Preda,C. (2013). Implementing a risk management standard. Journal of Defense Resources Management, 4(1): 111.
23.
Secretaria de Logística e Tecnologia da Informação do Ministério do Planejamento, O. e. G. S. (2016). Estratégia de governança digital da administração pública federal.
24.
Simonsson,M. (2008). Predicting IT Governance performance: A Method for model-Based Decision Making. PhD thesis, KTH, Royal Institute of Technology Stockholm, Sweden.
25.
Simonsson,M. and Johnson,P. (2008). Earp working paper ms103: Defining it governance – a consolidation of literature.
26.
Van Grembergen,W. (2004). Strategies for information technology governance. Igi Global.
27.
Van Grembergen,W.De Haes,S. and Guldentops,E. (2004). Structures, processes and relational mechanisms for it governance. Strategies for information Technology Governance, 2(4): 1–36.
28.
Weill,P. and Ross,J.W. (2004). IT governance: How top performers manage IT decision rights for superior results. Harvard Business Press.
