Risk management the COSO methodology applied to manager an information unit

Silva, Dulce Elizabeth Lima de Sousa e; Araújo, Sérgio Luiz Elias de; Campello, Lorena de Oliveira Souza

doi:10.20396/rdbci.v18i0.8660794/23032

ABSTRACT

The transparency, the search for results and the commitment to government spending is promoting a series of changes at Federal Public Administration. In this context, the Information, and Knowledge Management reinforces those changes by proportioning better results. Therefore, this article has the purpose of presenting results obtained at the General Coordinator of Protocol and Archive - Coordenadoria Geral de Protocolo e Arquivo (CGPA), the sector responsible for Document Management, regarding the application of the methodology elaborated by the Committee of Sponsoring Organizations (COSO) - guided in the Federal Government sphere by the Manual of Integrity, Risk and Internal Control - that has been used at - Federal Institute of Education, Science, and Technology of Sergipe Instituto Federal de Educação Ciência e Tecnologia de Sergipe (IFS) by the Department of Risk Management. The result culminates in the construction of the Risk Map and Control Plan, being perceptible the difficulties found in your execution, despite the demands for the implementation of Risk Management in the institutions.

KEYWORDS:
Risk Management; Document Management; Archive

RESUMO

A transparência, a busca por resultados e o compromisso com os gastos públicos estão impulsionando uma série de mudanças na Administração Pública Federal. Nesse contexto, a gestão da informação e do conhecimento fortalece essas mudanças ao proporcionar melhores resultados. Dessa forma, este artigo tem como objetivo apresentar os resultados obtidos na Coordenadoria Geral de Protocolo e Arquivo (CGPA), setor responsável pela Gestão Documental, referentes a aplicação do método elaborado pelo Committee of Sponsoring Organizations (COSO) - orientado no âmbito do Governo Federal por meio do manual de gestão de integridade, riscos e controles internos da gestão - que vem sendo utilizado no Instituto Federal de Educação, Ciência e Tecnologia de Sergipe (IFS) pelo Departamento de Gestão de Riscos. Os resultados culminam na construção do mapa de riscos e do plano de controle, sendo perceptível as dificuldades existentes na sua execução, apesar das exigências para implantação da gestão de riscos nas instituições.

PALAVRAS-CHAVE:
Gestão de riscos; Gestão documental; Arquivo

1 INTRODUCTION

One of the information society characteristics is its composition, embracing information, knowledge, and technology. Regarding Brazilian public entities, beyond these social characteristics, there is also added transparency, allowed using information technology.

This scenery provides competitiveness through the constant search for information and knowledge. With these two components, it is possible to envision a solid construction of strategic planning and, consequently, of decision making, bringing more advantages to the global environment.

That way, the document works as a means for the management of registered information, to subsidize the development of knowledge management and enhances the efficiency of organizational resources.

The Ministry of Planning, in 2017, elaborated the Manual of Integrity, Risk and Internal Control of management based on the methodology elaborated by the Committee of Sponsoring Organizations (COSO). As a good practice, this manual has been adopted by the Federal Institute of Education, Science, and Technology of Sergipe - Instituto Federal de Educação Ciência e Tecnologia de Sergipe (IFS) by the Department of Risk Management.

That same method can be applied at all institutional levels. This way, been the General Coordinator of Protocol and Archive - Coordenadoria Geral de Protocolo e Arquivo (CGPA), sector responsible for the implementing of Documental Management in the Institute, it was observed the possibility of aligning the implementing of Internal Control, Risk and Governance Management with the activities developed by the CGPA.

Therefore, this article has the purpose to present some results obtained with the application of the COSO method in the research realized during the Professional Master and, Information and Knowledge Management at Federal University of Sergipe - Universidade Federal de Sergipe.

2 CONVERGENCIES BETWEEN DOCUMENTAL, INFORMATIONAL AND KNOWLEDGE MANAGEMENT

Reflecting on the distinctive meaning of information and knowledge, Nonaka and Takeuchi (1997NONAKA, Ikujiro; TAKEUCHI, Hirotaka. Criação de conhecimento na empresa: como as empresas japonesas geram a dinâmica da inovação. Rio de Janeiro: Elsevier, 1997.) establish that knowledge, in contrast to information, it is about beliefs and commitments. Knowledge is related to action and, as the information relates to meaning, it is specific in the relational context. “[…] the information is a message stream, while the knowledge is created by its own information flow, anchored in the owner's beliefs and commitments” (NONAKA; TAKEUCHI, 1997NONAKA, Ikujiro; TAKEUCHI, Hirotaka. Criação de conhecimento na empresa: como as empresas japonesas geram a dinâmica da inovação. Rio de Janeiro: Elsevier, 1997., p. 64).

For Davenport AND Prusak (1998DAVENPORT, Thomas H; PRUSAK, Laurence. Ecologia da informação: por que só a tecnologia não basta para o sucesso na era da informação. Tradução: Bernadette Siqueira Abrão. 6. ed. São Paulo: Futura, 1998. 316p.), the term information relates to data and knowledge concepts, moreover, it serves as a connection between raw data and knowledge that can be attained. In summary, the data is information about the world. At the time people give meaning to the data, it becomes information, and when put with a context, linked with meaning, interpretation, wisdom, it becomes knowledge.

Another concept of information is done by Capurro and Hjorland (2007CAPURRO, Rafael; HJORLAND, Birger. O conceito de informação. Perspectivas em Ciência da Informação, v.12, n. 1, p. 148-207, jan./abr. 2007. Disponível em: http://bogliolo.eci.ufmg.br/downloads/CAPURRO.pdf. Acesso em: 17 jul. 2018.
http://bogliolo.eci.ufmg.br/downloads/CA... ), which punctuates that the information, in the meaning of communicated knowledge, develops a central role in contemporary society. For them, the birth of Information Science and the use of computers are evidence of that, and, although knowledge and communication are social phenomena, it is the information technology that characterize our society as an information society.

One of the information society characteristics is its composition, embracing information, knowledge, and technology. Regarding Brazilian public entities, beyond these social characteristics, there is also added transparency, allowed using information technology.

However, Souza et al. (2011SOUZA, Edvanio Duarte de; DIAS, Eduardo José Wense; NASSIF, Monica Erichsen. A gestão da informação e do conhecimento na ciência da informação: perspectivas teóricas e práticas. Informação & Sociedade: Estudos, João Pessoa, v. 21, n.1, p. 55-70, jan./abr. 2011. Disponível em: http://www.periodicos.ufpb.br/ojs/index.php/ies/article/view/4039/5598. Acesso em: 17 jul. 2018.
http://www.periodicos.ufpb.br/ojs/index.... ) highlights that it is difficult to title the present society as an information society or knowledge society, they recognize that mostly authors, based in the new politico-economic world order, denominate the information era or the knowledge era.

In this society, the way of life, production, and transmission of knowledge in the business scenery is changing. Think of information society, it is to think about the articulation of different areas since it aims to disseminate the capacity building throughout many management levels, allowing the articulation of available resources, generating products, and service quality.

As Pacheco and Valentim (2010PACHECO, Cíntia Gomes; VALENTIM, Marta Lígia Pomim. Informação e conhecimento como alicerces para a gestão estratégica empresarial: um enfoque nos fluxos e fontes de informação. In: VALENTIM, M. (org.). Gestão, mediação e uso da informação. São Paulo: Editora UNESP; São Paulo: Cultura Acadêmica, 2010, cap. 15, p. 319-341.) mark the business environment act in the globalized, competitive, and highly influenced by technology scenery. However, the authors emphasize that the search for action, based on information and knowledge, permits the possibilities existent in the way, beyond allowing the accomplishment of strategic planning and decision making with caution.

Supporting this thought, Davenport and Prusak (1998DAVENPORT, Thomas H; PRUSAK, Laurence. Ecologia da informação: por que só a tecnologia não basta para o sucesso na era da informação. Tradução: Bernadette Siqueira Abrão. 6. ed. São Paulo: Futura, 1998. 316p.), punctuates that only technology is not enough to solve business problems. The authors acknowledge that it is unquestionable the increase of technologies in organizations, however, it is necessary for the development of a holistic perspective, that also considers the cultural values, behavior, work procedures, institutional policy, and technology itself. The association of this factor sets them as “Information Ecology” which emphasizes the whole information environment.

Therefore, the information and knowledge need to be managed to reflect the organization, allowing the internal and external environment comprehension as complex and changeable, for a better problem solving, safer decision making and new business perspectives.

To work with information, a few fields of knowledge began to specialize in informational problems. For Souza et al. (2011SOUZA, Edvanio Duarte de; DIAS, Eduardo José Wense; NASSIF, Monica Erichsen. A gestão da informação e do conhecimento na ciência da informação: perspectivas teóricas e práticas. Informação & Sociedade: Estudos, João Pessoa, v. 21, n.1, p. 55-70, jan./abr. 2011. Disponível em: http://www.periodicos.ufpb.br/ojs/index.php/ies/article/view/4039/5598. Acesso em: 17 jul. 2018.
http://www.periodicos.ufpb.br/ojs/index.... ), while some areas such as Library Science, Documentation, and Information Retrieval developed their solution for organization, treatment, and information use problems, another areas, as Administration, Computer Science, and Production Engineering engaged on implementing information and knowledge management systems in organizations.

For this reason, information, and knowledge management are areas that have many contributions and elements of Administration, Computer Science, Production Engineering, and Information Science. This convergence complicates the theoretical and practical constructions in this field. However, as an applied social science and for dedicating to the properties and rules, and provision procedures and uses of information, the Information Science, according to Souza et al. (2011SOUZA, Edvanio Duarte de; DIAS, Eduardo José Wense; NASSIF, Monica Erichsen. A gestão da informação e do conhecimento na ciência da informação: perspectivas teóricas e práticas. Informação & Sociedade: Estudos, João Pessoa, v. 21, n.1, p. 55-70, jan./abr. 2011. Disponível em: http://www.periodicos.ufpb.br/ojs/index.php/ies/article/view/4039/5598. Acesso em: 17 jul. 2018.
http://www.periodicos.ufpb.br/ojs/index.... ), it is presented as a structural basis for the information and knowledge management.

“The information and knowledge management correspond to a group of strategy that allows the identification of informational needs, the search, the use, and its sharing” (LEITE; SOUZA, 2014LEITE, Jailma Simone Gonçalves; SOUZA, Edivanio Duarte. A gestão da informação e do conhecimento nas organizações: condicionantes das propriedades gerais da informação. Ciência da Informação em Revista. Maceió, v. 1, n. 1, p.12-16, jan./abr. 2014. Disponível em: http://www.seer.ufal.br/index.php/cir/article/view/1299/900. Acesso em: 18 jul. 2018.
http://www.seer.ufal.br/index.php/cir/ar... , p. 12). That way, these authors believe that knowledge management has information management as a basis, although a lack of profound studies. Vianna and Valls (2016VIANNA, Márcio Aparecido Nogueira; VALLS, Valéria Martin. O papel da gestão documental nos processos de gestão do conhecimento. Future, São Paulo, v. 8, n. 2, p.3-26, abr./ago. 2016. Disponível em: https://www.revistafuture.org/FSRJ/article/viewFile/209/356. Acesso em: 18 jul. 2018.
https://www.revistafuture.org/FSRJ/artic... ) and Santos (2009SANTOS, Vanderlei Batista dos. A prática arquivística em tempos de gestão do conhecimento. In: SANTOS, Vanderlei Batista dos; INNARELLI, Humberto Celeste; SOUSA, Renato Tarciso Barbosa. (Org.). Arquivística: temas contemporâneos: classificação, preservação digital, gestão do conhecimento. Distrito Federal, SENAC, 2009, p. 175-220.) support this thought that knowledge management has information management as a basis.

Vianna and Valls (2016VIANNA, Márcio Aparecido Nogueira; VALLS, Valéria Martin. O papel da gestão documental nos processos de gestão do conhecimento. Future, São Paulo, v. 8, n. 2, p.3-26, abr./ago. 2016. Disponível em: https://www.revistafuture.org/FSRJ/article/viewFile/209/356. Acesso em: 18 jul. 2018.
https://www.revistafuture.org/FSRJ/artic... ) defend, yet, that documental management is an auxiliary tool in knowledge management, when considering the link between information and document organization with the procedures and practices that form the knowledge management.

For Santos (2009SANTOS, Vanderlei Batista dos. A prática arquivística em tempos de gestão do conhecimento. In: SANTOS, Vanderlei Batista dos; INNARELLI, Humberto Celeste; SOUSA, Renato Tarciso Barbosa. (Org.). Arquivística: temas contemporâneos: classificação, preservação digital, gestão do conhecimento. Distrito Federal, SENAC, 2009, p. 175-220.), the information management sees the information as a registered object in support, the document. This, in turn, is explicit and factual, while in documental management, it is tacit, it focuses on people’s knowledge. Therefore, “if the information is the basis for knowledge production, then the knowledge management cannot do without information management” (SANTOS, 2009SANTOS, Vanderlei Batista dos. A prática arquivística em tempos de gestão do conhecimento. In: SANTOS, Vanderlei Batista dos; INNARELLI, Humberto Celeste; SOUSA, Renato Tarciso Barbosa. (Org.). Arquivística: temas contemporâneos: classificação, preservação digital, gestão do conhecimento. Distrito Federal, SENAC, 2009, p. 175-220., p. 196).

The understanding of that author about the relationship between documental, information, and knowledge management is translated in Image 1:

Image 1
Relationship between managements.

Documental management as a tool for the registered information management, to subsidize the development of knowledge management, enhances the efficiency of organizational resources. What Nonaka and Takeuchi (1997NONAKA, Ikujiro; TAKEUCHI, Hirotaka. Criação de conhecimento na empresa: como as empresas japonesas geram a dinâmica da inovação. Rio de Janeiro: Elsevier, 1997.) denominates as a new paradigm of business strategy, the so-called “approach based on resources”, is the approach that includes strategy competences, capabilities, skills, and assets as a source of competitive and sustainable advantages for the company.

Therefore, by implanting the documental management in the organization, beyond the intrinsic consequences by this adoption, for example, saving space and the conscious production of documents, another consequence must be considered, that documental management can contribute to the informational and knowledge management, amplifying the perspectives of the business environment.

3 RISK MANAGEMENT

For Freitas Júnior and Barbirato (2009), the social transformations occasioned by the information technologies have made the industrial society progress to the knowledge and information society. In that context, education has been suffering changes, mainly, in the way of managing higher education. Due to that transformation in society, the universities must form professionals that attend the globalized market needs.

For that matter, Sarmento et al. (2009SARMENTO, Vera Lúcia Porangaba; BARBIRATO, João Carlos Cordeiro; Freitas Júnior, Olival de Gusmão; AZEVEDO, Cristina Camelo de; CAVALCANTI, Sonia Maria Souza. Uma proposta de planejamento estratégico para as universidades públicas brasileiras. In: FREITAS JÚNIOR, Olival de Gusmão; BARBIRATO, João Carlos Cordeiro. (Org.). Gestão do conhecimento e governança universitária: uma abordagem sistêmica. Maceió: UFAL, 2009. cap. 4. p. 88-105.), indicates the strategic planning as an answer to the knowledge society urges. For them, strategic planning brings advantages such as the adoption of a bigger long-term future vision prepares the institution to resolve difficulties and the exploitation of opportunities and, especially, involves and integrates people and areas for the achievement of institutional purposes.

According to Pérez Cervantes (2004PÉREZ CERVANTES, Julio César. Planeación y control de obra del Instituto de Religión Tampico: propuesta de análisis y evaluación de planeación estratégica y riesgo. Tesis Maestría. Gerencia de Proyectos de Construcción. Departamento de Ingeniería Civil, Escuela de Ingeniería, Universidad de las Américas Puebla. Marzo 2004. Disponível em: http://catarina.udlap.mx/u_dl_a/tales/documentos/mgc/perez_c_jc/portada.html. Acesso em: 3 dez. 2018.
http://catarina.udlap.mx/u_dl_a/tales/do... ), strategic planning performs a very important role in any company that wants to succeed and acquire a good position in the market and, for him, good strategic planning must consider the philosophy, the policies, and the procedures of the company. This way, the objectives will be accomplished, and the obtained results will be positives.

Faletti (2015FALETTI, Leonardo. Planejamento estratégico: formulando e executando estratégias vencedoras. Estratégias Vencedoras, 2015. [e-book].) supports the thinking of Pérez Cervantes (2004PÉREZ CERVANTES, Julio César. Planeación y control de obra del Instituto de Religión Tampico: propuesta de análisis y evaluación de planeación estratégica y riesgo. Tesis Maestría. Gerencia de Proyectos de Construcción. Departamento de Ingeniería Civil, Escuela de Ingeniería, Universidad de las Américas Puebla. Marzo 2004. Disponível em: http://catarina.udlap.mx/u_dl_a/tales/documentos/mgc/perez_c_jc/portada.html. Acesso em: 3 dez. 2018.
http://catarina.udlap.mx/u_dl_a/tales/do... ), by defending that the strategic planning, when done properly, can provide a big reflection about the organization and the environment within, with the production of institutional knowledge as consequence. This knowledge, when allied with the future vision and the action plan, will lead the organization to achieve its objectives.

Pérez Cervantes (2004PÉREZ CERVANTES, Julio César. Planeación y control de obra del Instituto de Religión Tampico: propuesta de análisis y evaluación de planeación estratégica y riesgo. Tesis Maestría. Gerencia de Proyectos de Construcción. Departamento de Ingeniería Civil, Escuela de Ingeniería, Universidad de las Américas Puebla. Marzo 2004. Disponível em: http://catarina.udlap.mx/u_dl_a/tales/documentos/mgc/perez_c_jc/portada.html. Acesso em: 3 dez. 2018.
http://catarina.udlap.mx/u_dl_a/tales/do... ), in addressing the relationship between strategic planning and the risk research, argue that risk research is essential for attain the established goals and objectives in the strategic planning. For him, this study arises from the organization strategy and must identify the strength, weakness, opportunities, and threats related to the organizational context to variables such as cultural, legal, political, social aspects, among others.

In the relation to strategic planning and risk management, Galarza Lópes and Almuiñas Rivero (2015GALARZA, Judith Lopes; ALMUINAS, José Luis Rivero. La gestión de los riesgos de planificación estratégica en las instituciones de educación superior. Rev. Cubana Edu. Superior. v.34, n.2, p.45-53, 2015. Disponível em: http://scielo.sld.cu/pdf/rces/v34n2/rces05215.pdf. Acesso em: 4 dez. 2018.
http://scielo.sld.cu/pdf/rces/v34n2/rces... ) point out the need for implementing the risk management in the process of strategic planning in higher school institutions. For the authors, there is a trend in strategic management that relates risk management with strategic planning. And that has been applied successfully, however they recognize there are a few difficulties that happen in that process. At times, the failures made in the application of strategic planning occur due to bad risk management.

Ramos (2018RAMOS, César. Gestão de riscos corporativos: como integrar a gestão dos riscos com a estratégia, a governança e o controle interno?. São Paulo: César Ramos & Cia Ltda, 2018. 217p. [e-book].) defines corporate risk management as an activity that aims to identify, measure, classify, treat, and monitor the risks in a planned, structured, and integrated form, to fulfill the entity’s purposes.

The risk management has its application template, one of them was developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2007). This framework was used in research development.

4 METHOD

In Marconi and Lakatos (2011MARCONI, Maria de Andrade.; LAKATOS, Eva Maria. Metodologia científica. 6. ed. São Paulo: Atlas, 2011.) comprehension, the qualitative research provides a detailed analysis of investigations, habits, attitudes, behavior trends and its samples are reduced and the psychosocial analyzed data, with a non-structuralized gathering instrument. Considering the understanding of Marconi and Lakatos (2011), also Severino (2016SEVERINO, Antônio Joaquim. Metodologia do trabalho científico. 24. ed. São Paulo: Cortez, 2016. 317p.) it is possible to say that the approach to be used in this research has a qualitative nature.

Severino (2016SEVERINO, Antônio Joaquim. Metodologia do trabalho científico. 24. ed. São Paulo: Cortez, 2016. 317p., p. 125) punctuates that when a type of the approach is drawn, this type holds with it a “group of methodologies, involving, eventually, different epistemological references”. This way, there are a lot of research methods that can be adopted in this type of approach, for example, ethnographic, bibliographic, participative, and research-action research, those last two methods were used in the development of this work.

This way, thinking about the difficult task that is the implementation of documental management, above all, in the IFS that has over a hundred years of history, as well as the requirement of implementing in all institutional levels of internal control, risk, and governance management, this paper seeks to ally those two demands in a way that the result could bring outcomes for both, beyond avoiding time and resource loss.

The internal control, risk, and governance management adopted by the Ministry of Planning has the purpose of identifying, evaluating, and adopting answers to the risks among units. Therefore, the Ministry of Planning published the Ordinance nº 150, in May of 2016, that established the Ministry of Planning Integrity Program. In 2017, this Ministry elaborated the Manual of Risk Management based on COSO ERM, following the guidelines on the ordinance of 2016.

The obligation of implementing the internal control, risk, and governance management in the government entities, made the IFS through the Risk Management Department begin to work on the Institute using the manual published by the Ministry of Planning. Therefore, with the purpose of aligning and anticipating what should be developed by the CGPA was adopted the method presented in the manual to develop this research.

Then, considering that the IFS is in the process of implementing the documental management, and internal control policy, risk, and governance management, one of the techniques used was the description. It “is useful for describing, methodologically, each step made through the research and the application of research techniques” (CERVO et. al., 2007CERVO, Amado Luiz; BERVIAN, Pedro Alcino; SILVA, Roberto da. Metodologia científica. 6. ed. São Paulo: Pearson Prentice, 2007. 159p., p. 32).

Another two characteristics guided the relationship with the researcher with the researched environment. This way, the research was as participative as research-action. Participative, because, in accordance with Severino (2016SEVERINO, Antônio Joaquim. Metodologia do trabalho científico. 24. ed. São Paulo: Cortez, 2016. 317p.), there is an experience sharing between researched subjects and the researcher, that participated in a systematic and continuous way, throughout the research, in the researched activities. The research environment also was the work environment of the researcher that has been working there since 2014, in the process of implementing the documental management.

At last, another characteristic was a research-action, because it had the purpose of intervening in the presented situation that, with the gathered information, enabled the creation of a risk map and control plan for the CGPA.

This was possible through the framework application used on risk management and presented in the Manual of Integrity, Risk and Internal Control of the Ministry of Planning, Development and Management (MP), current Ministry of Economy. For this research, we will keep on denominating the Ministry of Planning.

4.1 Risk Management aligned to Documental Management

The integrity, risk, and internal control manual from the Ministry of Planning, Development, and Management “incorporates the recognized good practices, presenting COSO ERM structure characteristics” (BRAZIL, 2017). It should be pointed out that the manual beyond been developed and applied by the ministry, also has been used by the IFS. This manual was formulated based on the Committee of Sponsoring Organizations (COSO) ERM’s methodology. Its structure, for the risk management, considers four risk categories: strategic, regarding goals aligned with the mission; operational risks, those who embrace an effective and efficient use of resources; communication, regarding report quality, and compliance, aimed for the fulfillment of applicable laws and regulations.

It is worth highlighting that COSO’s methodology also defines eight components that must be analyzed: the controlled environment, purpose attachment, events (risks) identification, risk evaluation, answer to the risk, control activities, information and communications, and, at last, monitoring.

The methodology proposed in the manual seeks to guide, identify, and evaluate the adoption of answers for risk events of unit process, as of the method of process prioritizing, beyond instruct the monitoring and support (BRAZIL, 2017).

Furthermore, the manual indicates that, until integrity, risk, and control management specific systems are developed, it should be used a document spreadsheet on Excel. This document spreadsheet was fulfilled along with the data gathering. The spreadsheet is available on the MP website. Then, for each step described in the manual, the data was inserted in this spreadsheet.

The spreadsheet referred in the manual is organized by tabs, each tab was identified with one step for the risk management, so, the spreadsheet had the following tabs: risk map, inherent risk calculation, residual risk calculation, action plan, answer to the risk, and analysis of impact and probability factors.

The method was applied in the CGPA that is a tactical-operational sector subordinated to Administration Rectory (PROAD). It is responsible for the systemic planning, organization, and coordination of protocol activities, documental management, and special protection to archive documents with historic value, probative and informative.

The CGPA in its organizational structure has as advisor body the Commission of Permanent Document Evaluation and as subordinator sectors the central archive, the rectory protocol, the administrative assessor, the technical support coordinator, the digital document archive coordinator, the memorial and historical archive coordinator and the own memorial of IFS.

Beyond those, the CGPA manages the Protocol and Archive Coordinators - CPRA, regarding techniques and methods to be adopted, Therefore, all technical normative published by CGPA must be adopted in all campuses.

For identification of risks presented in the CGPA, a simpler document spreadsheet was used, developed by the IFS, considering that the MP’s spreadsheet was developed to be applied in the ministry structure. In this way, the IFS, due to the complexity of MP’s spreadsheet, simplified its reality, understanding that for the CGPA application, the use of IFS’ spreadsheet is more suitable.

Established the used tool, it began the research application. According to the manual, the first step is the environment analysis and purpose attachment. This first step has the purpose to collect information to support the identification of risk events and determine which actions would be necessary to ensure the process and macro processes purposes.

In the environment analysis was verified people’s integrity, ethical values, competences, as the manager delegates authorities and responsibilities also were verified the organizational governance structure, and the policies and practices of CGPA human resources. While attaching purposes were verified if the aims were attached and communicated, and if they were aligned with the sector’s mission and vision.

As for the environment analysis as for the purpose attached, the information was extracted from internal statute, strategic planning, projects, budgets and reposts, laws and everything linked to CGPA’s management.

In this step, the SWOT analysis tool was used. This abbreviation comes from Strengths, Weakness, Opportunities, and Threats. Those aspects were crucial for the CGPA’s strategy development.

Fernandes and Berton (2012FERNANDES, Bruno Henrique Rocha; BERTON, Luiz Hamilton. Administração estratégica. São Paulo: Saraiva, 2012. p. 272.) highlight that environment analysis is an important step of strategic process because it is in this step that is possible to establish the historic and special context that the organization is inserted, in this case, the CGPA. On one side, we have the variables that the organization is conditioned, such as environmental, economic, social, political, cultural, legal, and technological restrictions. On the other side, the action of an organization sets the environment at a local, national, and global level.

According to Certo et al. (2010CERTO, Samuel C; PETER, J P; MARCONDES, Reynaldo Cavalheiro; CESAR, Ana Maria Roux. et al. Administração estratégica: planejamento e implantação estratégica. São Paulo: Person Education do Brasil, 2010.), there is not an ideal form or pattern for executing the environment analysis that is capable of determining the actual and future risks for the organization. However, Fernandes and Berton (2012FERNANDES, Bruno Henrique Rocha; BERTON, Luiz Hamilton. Administração estratégica. São Paulo: Saraiva, 2012. p. 272.), mark that all internal and external environment analysis in the strategic administration literature ends up going to the SWOT analysis.

For Hofrichter (2017HOFRICHTER, Markus. Análise swot: quando usar e como fazer. Porto Alegre: Revolução eBook, 2017.), the SWOT tool is excellent for the organization development and/or understanding some situation or deciding process of all types of business, in a personal or corporate level, because it offers an opportunity to the organization to review its strategy, positioning, and the course that it will take.

According to Hofrichter (2017HOFRICHTER, Markus. Análise swot: quando usar e como fazer. Porto Alegre: Revolução eBook, 2017.), the creation of this tool is assigned to Albert Humphrey. He conducted, between the 60s and 70s, a research project at Stanford University, using different companies’ data. The project’s purpose was to identify why corporate planning had failed after identifying several important areas, using a tool to explore each area. This tool received the name of SOFT. However, in 1964, during a conference, the researchers Urick and Orr changed the F for W and the once SOFT analysis became to be known as SWOT analysis.

This way, the tool can be used in sections of idea workshops, brainstorming reunions, problem-solving, planning, evaluation of competitor’s products, among others. Hofrichter (2017HOFRICHTER, Markus. Análise swot: quando usar e como fazer. Porto Alegre: Revolução eBook, 2017.) still establishes that, after the SWOT application, the reached result can be used to formulate an acting or action plan.

Beyond that, to a well succeed analysis, it is required that the researcher or manager be realistic about the strong and weak points of the organization, as the vision of where the company is and where it might be. This way, the evaluation must be specific, avoiding unnecessary complexity and excessive analysis, because the secret is to be simple, straightforward, and direct.

Additionally, the SWOT application, the gathering information form was applied about environment and purpose attachment, that is available in the manual.

The form seeks to identify the unit, information about codes and standards, organizational structure, policies, vision, mission, values, and information about the process/ macro process. In it, also, is divided the internal and external environment analysis. Like is shown in the following Image 2:

Image 2
Gathering Information Form

After finishing gathering the data, the next step was identifying the risk events.

This second step considers all information that was collected in the first step, with the purpose of identifying and registering the risk events that can compromise the process aim and the causes, and the effects/consequences of them.

In accordance with Brazil (2017), the events are potential situations that did not happen, but might occur. Those events might be positive or negative, when positive they are called opportunities, and when negatives they are called risks. It is important to point out that this is a replication of COSO’s understanding.

In the method presented in the manual, only the negatives events are worked out. When these events are identified it is possible to choose a suitable treatment for each one of them.

There are three components that concern the events, the causes: the source of conditions; the risk: the possibility of happening any event that can harm the fulfillment of purposes, and the consequences, that are results of these events upon the purposes.

The process of identifying risks allows the use of different techniques, which stays at the discretion of the researcher or the group that is going to develop this survey inside the organizations. Among some techniques that can be used are quiz development, checklist, workshop, brainstorm, flowchart, and cause-effect diagram.

In this step of the research was used the data collected in the SWOT analysis, and the environment analysis was developed using the brainstorming technique. These data were launched in the document spreadsheet. Although, it is important to mention that, for a methodology meaning, was considered in the research, the study of a macro process or area for analysis, in this case, the documental management.

It did not identify sub-process risks, for example, the risk presented in the sub-process of documents transferring to central archives. Considering that the documents transferring is part of the process of documental management.

This is because, until the moment of this research, the CGPA’s process was not mapped, which could amplify the scope of this work resulting in a chronogram delay.

Beyond that, the method itself that is being applied allows the risk analysis by the area or process/macro process. It is important to emphasize that for the development of this research, doing the risk mapping it is not a sine qua non condition.

The data gathered by SWOT, essential in this step, were validated along with the sector, the threats and weaknesses were isolated as risk events that could impact the purpose of implementing and developing the documental management. Those factors were listed in the document spreadsheet.

For the second step conclusion, across identifying the risk events, it was needed to discover its causes, effects/consequences, the risk categories, and the risk nature. To categorize the risk and its nature, the manual orientation was used.

Since this research adapted the manual application to a sector, Board 1, down below, presents the risk categories provided in the manual. However, for better understanding, the abbreviation MP was replaced with CGPA. It is important to mention that the CGPA manager is responsible for managing the risks and sharing, when needed, the identified risks.

Thumbnail

Frame 1
Risk Category

The identification of the risk stage also established risk nature. It relates to the chosen category: if the risk is tax or budget, the nature is budget-tax; if it was identified as strategic, operational, credibility or compliance, then the nature will be non-budge-tax.

In this step, also occurs the risk description, obeying the following syntax: due to <cause/font>, can happen <event description> what might lead to <description of impact/effect/consequences> impacting the <process purpose>.

After accomplishing this identification of risk events step, it continued the research beginning the evaluation of risk and control events step. This stage has the purpose of evaluating the risk considering its causes and consequences. It examined the probability, and the impact of each risk, supposing it was realized.

The risks founded were evaluated in a quantitative or qualitative or both ways. Beyond that, it analyzed the inherent condition of those risks. The inherent risk refers to those that do not have management actions. The residual risk is the one that continues to expose the institution, even after management actions.

The inherent risk was evaluated according to the impact and the probability of occurrence, then, were identified and evaluated the control that responded to the identified risk events, with the actual control description and the control operation.

After this analysis, it began the identification of management intern controls. These controls are rules, procedures, guidelines, conferences that, in an articulated way, will be used to deal with the risk and provide security in the fulfillment of the sector’s purpose.

From this point was needed, with the assistance of the risk matrix, present in the manual, to identify the relative load and the probability of residual risk. To realize this analysis, the document spreadsheet was also used.

Finalized this stage of risk and control events evaluation, started the fourth stage regarding the answer to the risk. This step worked with residual risks. After being identified the residual risks, it was necessary to formulate strategies to answer each one of them.

The strategy choice depends on how much the sector is willing to be exposed to the risk. It was considered the compatible risks with the CGPA stablished tolerance, in this case, this tolerance was stipulated by the authors. It is worth mentioning that this step was linked to the risk matrix.

The integrity, risks, and internal control management’s manual (BRAZIL, 2017) bring a board of answers to the risk, listing the risk levels: critical, high, moderated, and small risk. Beyond that, the description of each one of them, the parameters for analysis and adoption of answers, the type of answers: avoid, reduce, share or transfer, and accept the risk, as well as the control actions that might be executed. The board of answers to the risks also available in the manual.

Responses can be changed as actions are taken to control risk; however, changes can only occur upon justification and validation of the unit.

It is in this stage that the Controls Implementation Plan (PIC) is inserted, which is the “set of actions necessary to adjust risk levels, through the adoption of new controls or the optimization of current process controls” ( BRAZIL, 2017, p. 35). When developing the plan, it must be considered that the cost of controlling the risk should not be more expensive than the benefit.

And finally, the fifth stage: information, communication, and monitoring. Management of integrity, risks and internal controls has access to reliable information and its flow within the institution as an essential element for the success of the work. In addition, this stage values communication with society, avoiding inadequate responses to its needs.

The monitoring sought to make sure that the structure of this management was adequate to the strategic objectives. Therefore, information must circulate between the strategic, tactical, and operational levels.

For monitoring, the main means is the risk map, another means that can be used is a report on the implementation of the control plan. Also, according to the manual (BRAZIL, 2017), the units must establish indicators to monitor the implementation of integrity management, risks, and internal controls.

And, once implemented, controls must be continually evaluated over time. It is important that each unit develop its management report. In the development of this research, after the development of the risk map and internal controls, it is necessary for the CGPA to follow the evolution of each instrument developed.

5 RESULTS

With the data analysis on the document spreadsheet, was needed to resize a few pointed risks in the identification of occasional risks. Because, by analyzing the causes and consequences, it was observed that the risk syntax was not structured correctly.

For example, two reputation risks were identified, but, proceeding with the filling of the document spreadsheet, realized that two risks were the same, distinguished only by the naming. Therefore, one of the causes was suppressed and the analysis of other causes were continued. Then, in the reputation risk, only one cause was identified.

Since it was the first doing a risk mapping, the evaluation of existing internal control is possible not finding medium, satisfying, or strong controls. That was confirmed in the research. None of the evaluated items showed a high level of control. Therefore, almost all of them had a residual risk, the same risk scale that was identified in the inherent risk level.

Regarding the answer to the treatment, in total, four answers could be given. Those answers were conditioned to the risk level if it was critical, the answer should be avoided; high, the answer should be reduced; if moderate, the answer should be share or transfer, and, facing a small risk, the answer should be accepted.

In the filling of the document spreadsheet, these orientations were followed, however, it was noticed that the relationship between risk level and the answer could vary because the answer could not depend only on the sector that the risk was presented.

About the action, it is also important to acknowledge that the same action can reduce different risks and that some actions seek to add proposed actions, for example, when critical projects were prioritized, in possible projects available resources decrease will be simpler to define which projects must continue.

Still about the actions, some of them do not depend exclusively on CGPA. So, they must be shared with other sectors that have the needed competences to assist the action development. Another important indicative are the actions that can be systematically accomplished, action that can be adopted by the protocol and archive coordinator of campuses.

Regarding the periodicity suggestion, the end of 2020 was the chosen date for the execution of the activity. Considering that these actions must be in the planning, made at the end of every year. In case the sector notices that the actions can be executed earlier, they can enter in the planning revision of 2019.

Regarding monitoring, it is important to highlight that this control needs to be made by a superior sector. In the CGPA case, this sector is the PROAD, therefore, the action of monitoring was orientated for the Dean’s office. In some of them, these actions were shared with the rectory, because its execution did not only depend on PROAD.

The document spreadsheet resulted in the creation of the risk map and the control plan. Those instruments were presented to the Governance, Integrity, Risks and Control Committee of IFS, that through the deliberation nº 10/2019/CGIRC/IFS approved the instruments as CGPA official instruments.

Because of the extensive result of the data collected in the document spreadsheet, that resulted in the risk map and control plan, it was necessary to adjust for presenting examples of the results in this article.

But the whole spreadsheet can be accessed in the resolutions of Governance, Integrity, Risks and Control Committee of IFS and in the dissertation that is available in the IFS’s repository.

Thumbnail

Frame 2
Risk Map and Control Plan- Risk 03

Thumbnail

Frame 3
Risk Map and Control Plan- Risk 06

During the research, it was observed that even though the integrity, risk, and control management manual has as purpose guide the technique adoption by the institutions has its limitations. For example, a few tools and elements available in the document spreadsheet do not have a description in the manual.

Also, reinforce that the document spreadsheet is a sheet that, by being filled, it calculates automatically, but this sheet is thought to be structured by a Ministry subordinated to the Republic Presidency. And considering that risk management can be adopted by the sectors, the instrument becomes of difficult understanding for a person that does not fully understand the content.

It is a fact that this difficulty was noticed during the instrument’s application. Therefore, the guidance provided by COPLAN (Coordinator of Planning) had fundamental importance, during the filling of the document spreadsheet, the orientation was made by the DGR (Risk Management Department), subordinated sector of PRODIN (Institutional Development Rectory).

It was also observed that the risk management theme is still in development in Public Administration. For instance, only in May of 2018, a whole year after the MP manual publication, the TCU, body that determined that the IFS should adopt the risk management in 2014, in the agreement nº 3.455/2014 - P, published its own manual of risk management (BRAZIL, 2014).

Another example is CGU, one of the responsible for the joint normative instruction nº1, May 10 of 2016, that orders about internal control, risk management, and governance in the Federal Executive Power sphere (BRAZIL, 2016). This body only came to publish its risk management methodology in April of 2018 (BRAZIL, 2018).

The MP manual was an innovator in its proposal, however, if the ministry’s purpose is that more institutions began to use its methodology, the manual will need improvements.

Beyond found difficulties during the product’s development, it was noticeable that archive administration, although suffering many questions still lacks scientific productions that argue the application of methods and administration techniques in archive management.

It is necessary the publishing of more works that brings the debate and the result of action developed by managers, once was felt the lack of more publications that had the information management, and knowledge in corporate environments themes.

It is expected that this gap will be fulfilled with an updated professional formation that not only considers the study of administration models but also its application in future work environments. And that this review can also be realized in disciplines that engage technology.

REFERÊNCIAS

ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS. NBR ISO 31000:2009 - Gestão de Riscos: Princípios e Diretrizes. Rio de Janeiro, ABNT, 2009. Disponível em: https://gestravp.files.wordpress.com/2013/06/iso31000-gestc3a3o-de-riscos.pdf Acesso em: 02 ago. 2018.
» https://gestravp.files.wordpress.com/2013/06/iso31000-gestc3a3o-de-riscos.pdf
BRASIL. Controladoria geral da união. Instrução normativa nº 1 que dispõe sobre controles internos, gestão de riscos e governança no âmbito do Poder Executivo federal. 2016. Disponível em: https://bit.ly/3hMVGkA Acesso em: 4 maio 2017.
» https://bit.ly/3hMVGkA
BRASIL. Controladoria geral da união. Metodologia de gestão de riscos da CGU. Brasília, abr. 2018. Disponível em: https://repositorio.cgu.gov.br/handle/1/41820 Acesso em: 27 ago. 2020.
» https://repositorio.cgu.gov.br/handle/1/41820
BRASIL. Tribunal de Contas da União. Acordão nº 3.455/2014. 2014. Disponível em: https://bit.ly/2Dca7zx Acesso em: 27 maio 2019.
» https://bit.ly/2Dca7zx
BRASIL. Ministério do Planejamento Desenvolvimento e Gestão (MP). Assessoria Especial de Controles Internos (AECI). Manual de gestão de integridade, riscos e controles internos da gestão. Brasília, DF, 2017, p. 51.
CAPURRO, Rafael; HJORLAND, Birger. O conceito de informação. Perspectivas em Ciência da Informação, v.12, n. 1, p. 148-207, jan./abr. 2007. Disponível em: http://bogliolo.eci.ufmg.br/downloads/CAPURRO.pdf Acesso em: 17 jul. 2018.
» http://bogliolo.eci.ufmg.br/downloads/CAPURRO.pdf
CERTO, Samuel C; PETER, J P; MARCONDES, Reynaldo Cavalheiro; CESAR, Ana Maria Roux. et al. Administração estratégica: planejamento e implantação estratégica. São Paulo: Person Education do Brasil, 2010.
CERVO, Amado Luiz; BERVIAN, Pedro Alcino; SILVA, Roberto da. Metodologia científica. 6. ed. São Paulo: Pearson Prentice, 2007. 159p.
COSO. Gerenciamento de Riscos Corporativos - Estrutura Integrada. Tradução: Instituto dos Auditores Internos do Brasil (Audibra) e Pricewaterhouse Coopers Governance, Risk and Compliance, Estados Unidos da América, 2007. Disponível em: https://www.coso.org/Documents/COSO-ERM-Executive-Summary-Portuguese.pdf Acesso em: 13 ago. 2018.
» https://www.coso.org/Documents/COSO-ERM-Executive-Summary-Portuguese.pdf
DAVENPORT, Thomas H; PRUSAK, Laurence. Ecologia da informação: por que só a tecnologia não basta para o sucesso na era da informação. Tradução: Bernadette Siqueira Abrão. 6. ed. São Paulo: Futura, 1998. 316p.
FALETTI, Leonardo. Planejamento estratégico: formulando e executando estratégias vencedoras. Estratégias Vencedoras, 2015. [e-book].
FERNANDES, Bruno Henrique Rocha; BERTON, Luiz Hamilton. Administração estratégica. São Paulo: Saraiva, 2012. p. 272.
FREITAS JUNIOR, Olival de Gusmão; BARBIRATO, João Carlos Cordeiro. As instituições de ensino superior no brasil - desafios e oportunidades. In: FREITAS JÚNIOR, Olival de Gusmão; BARBIRATO, João Carlos Cordeiro. (org.). Gestão do conhecimento e governança universitária: uma abordagem sistêmica. Maceió: UFAL, 2009, cap. 4. p. 88105.
GALARZA, Judith Lopes; ALMUINAS, José Luis Rivero. La gestión de los riesgos de planificación estratégica en las instituciones de educación superior. Rev. Cubana Edu. Superior. v.34, n.2, p.45-53, 2015. Disponível em: http://scielo.sld.cu/pdf/rces/v34n2/rces05215.pdf Acesso em: 4 dez. 2018.
» http://scielo.sld.cu/pdf/rces/v34n2/rces05215.pdf
HOFRICHTER, Markus. Análise swot: quando usar e como fazer. Porto Alegre: Revolução eBook, 2017.
LEITE, Jailma Simone Gonçalves; SOUZA, Edivanio Duarte. A gestão da informação e do conhecimento nas organizações: condicionantes das propriedades gerais da informação. Ciência da Informação em Revista. Maceió, v. 1, n. 1, p.12-16, jan./abr. 2014. Disponível em: http://www.seer.ufal.br/index.php/cir/article/view/1299/900 Acesso em: 18 jul. 2018.
» http://www.seer.ufal.br/index.php/cir/article/view/1299/900
MARCONI, Maria de Andrade.; LAKATOS, Eva Maria. Metodologia científica. 6. ed. São Paulo: Atlas, 2011.
NONAKA, Ikujiro; TAKEUCHI, Hirotaka. Criação de conhecimento na empresa: como as empresas japonesas geram a dinâmica da inovação. Rio de Janeiro: Elsevier, 1997.
PACHECO, Cíntia Gomes; VALENTIM, Marta Lígia Pomim. Informação e conhecimento como alicerces para a gestão estratégica empresarial: um enfoque nos fluxos e fontes de informação. In: VALENTIM, M. (org.). Gestão, mediação e uso da informação. São Paulo: Editora UNESP; São Paulo: Cultura Acadêmica, 2010, cap. 15, p. 319-341.
PÉREZ CERVANTES, Julio César. Planeación y control de obra del Instituto de Religión Tampico: propuesta de análisis y evaluación de planeación estratégica y riesgo. Tesis Maestría. Gerencia de Proyectos de Construcción. Departamento de Ingeniería Civil, Escuela de Ingeniería, Universidad de las Américas Puebla. Marzo 2004. Disponível em: http://catarina.udlap.mx/u_dl_a/tales/documentos/mgc/perez_c_jc/portada.html Acesso em: 3 dez. 2018.
» http://catarina.udlap.mx/u_dl_a/tales/documentos/mgc/perez_c_jc/portada.html
RAMOS, César. Gestão de riscos corporativos: como integrar a gestão dos riscos com a estratégia, a governança e o controle interno?. São Paulo: César Ramos & Cia Ltda, 2018. 217p. [e-book].
SANTOS, Vanderlei Batista dos. A prática arquivística em tempos de gestão do conhecimento. In: SANTOS, Vanderlei Batista dos; INNARELLI, Humberto Celeste; SOUSA, Renato Tarciso Barbosa. (Org.). Arquivística: temas contemporâneos: classificação, preservação digital, gestão do conhecimento. Distrito Federal, SENAC, 2009, p. 175-220.
SARMENTO, Vera Lúcia Porangaba; BARBIRATO, João Carlos Cordeiro; Freitas Júnior, Olival de Gusmão; AZEVEDO, Cristina Camelo de; CAVALCANTI, Sonia Maria Souza. Uma proposta de planejamento estratégico para as universidades públicas brasileiras. In: FREITAS JÚNIOR, Olival de Gusmão; BARBIRATO, João Carlos Cordeiro. (Org.). Gestão do conhecimento e governança universitária: uma abordagem sistêmica. Maceió: UFAL, 2009. cap. 4. p. 88-105.
SEVERINO, Antônio Joaquim. Metodologia do trabalho científico. 24. ed. São Paulo: Cortez, 2016. 317p.
SOUZA, Edvanio Duarte de; DIAS, Eduardo José Wense; NASSIF, Monica Erichsen. A gestão da informação e do conhecimento na ciência da informação: perspectivas teóricas e práticas. Informação & Sociedade: Estudos, João Pessoa, v. 21, n.1, p. 55-70, jan./abr. 2011. Disponível em: http://www.periodicos.ufpb.br/ojs/index.php/ies/article/view/4039/5598 Acesso em: 17 jul. 2018.
» http://www.periodicos.ufpb.br/ojs/index.php/ies/article/view/4039/5598
VIANNA, Márcio Aparecido Nogueira; VALLS, Valéria Martin. O papel da gestão documental nos processos de gestão do conhecimento. Future, São Paulo, v. 8, n. 2, p.3-26, abr./ago. 2016. Disponível em: https://www.revistafuture.org/FSRJ/article/viewFile/209/356 Acesso em: 18 jul. 2018.
» https://www.revistafuture.org/FSRJ/article/viewFile/209/356

JITA:

DL. Archives.

Publication Dates

Publication in this collection
24 July 2023
Date of issue
2020

History

Received
05 Aug 2020
Accepted
22 Aug 2020
Published
29 Aug 2020

Este é um artigo publicado em acesso aberto sob uma licença Creative Commons

[1] ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS. NBR ISO 31000:2009 - Gestão de Riscos: Princípios e Diretrizes. Rio de Janeiro, ABNT, 2009. Disponível em: https://gestravp.files.wordpress.com/2013/06/iso31000-gestc3a3o-de-riscos.pdf Acesso em: 02 ago. 2018.
» https://gestravp.files.wordpress.com/2013/06/iso31000-gestc3a3o-de-riscos.pdf

[2] BRASIL. Controladoria geral da união. Instrução normativa nº 1 que dispõe sobre controles internos, gestão de riscos e governança no âmbito do Poder Executivo federal. 2016. Disponível em: https://bit.ly/3hMVGkA Acesso em: 4 maio 2017.
» https://bit.ly/3hMVGkA

[3] BRASIL. Controladoria geral da união. Metodologia de gestão de riscos da CGU. Brasília, abr. 2018. Disponível em: https://repositorio.cgu.gov.br/handle/1/41820 Acesso em: 27 ago. 2020.
» https://repositorio.cgu.gov.br/handle/1/41820

[4] BRASIL. Tribunal de Contas da União. Acordão nº 3.455/2014. 2014. Disponível em: https://bit.ly/2Dca7zx Acesso em: 27 maio 2019.
» https://bit.ly/2Dca7zx

[5] BRASIL. Ministério do Planejamento Desenvolvimento e Gestão (MP). Assessoria Especial de Controles Internos (AECI). Manual de gestão de integridade, riscos e controles internos da gestão. Brasília, DF, 2017, p. 51.

[6] CAPURRO, Rafael; HJORLAND, Birger. O conceito de informação. Perspectivas em Ciência da Informação, v.12, n. 1, p. 148-207, jan./abr. 2007. Disponível em: http://bogliolo.eci.ufmg.br/downloads/CAPURRO.pdf Acesso em: 17 jul. 2018.
» http://bogliolo.eci.ufmg.br/downloads/CAPURRO.pdf

[7] CERTO, Samuel C; PETER, J P; MARCONDES, Reynaldo Cavalheiro; CESAR, Ana Maria Roux. et al. Administração estratégica: planejamento e implantação estratégica. São Paulo: Person Education do Brasil, 2010.

[8] CERVO, Amado Luiz; BERVIAN, Pedro Alcino; SILVA, Roberto da. Metodologia científica. 6. ed. São Paulo: Pearson Prentice, 2007. 159p.

[9] COSO. Gerenciamento de Riscos Corporativos - Estrutura Integrada. Tradução: Instituto dos Auditores Internos do Brasil (Audibra) e Pricewaterhouse Coopers Governance, Risk and Compliance, Estados Unidos da América, 2007. Disponível em: https://www.coso.org/Documents/COSO-ERM-Executive-Summary-Portuguese.pdf Acesso em: 13 ago. 2018.
» https://www.coso.org/Documents/COSO-ERM-Executive-Summary-Portuguese.pdf

[10] DAVENPORT, Thomas H; PRUSAK, Laurence. Ecologia da informação: por que só a tecnologia não basta para o sucesso na era da informação. Tradução: Bernadette Siqueira Abrão. 6. ed. São Paulo: Futura, 1998. 316p.

[11] FALETTI, Leonardo. Planejamento estratégico: formulando e executando estratégias vencedoras. Estratégias Vencedoras, 2015. [e-book].

[12] FERNANDES, Bruno Henrique Rocha; BERTON, Luiz Hamilton. Administração estratégica. São Paulo: Saraiva, 2012. p. 272.

[13] FREITAS JUNIOR, Olival de Gusmão; BARBIRATO, João Carlos Cordeiro. As instituições de ensino superior no brasil - desafios e oportunidades. In: FREITAS JÚNIOR, Olival de Gusmão; BARBIRATO, João Carlos Cordeiro. (org.). Gestão do conhecimento e governança universitária: uma abordagem sistêmica. Maceió: UFAL, 2009, cap. 4. p. 88105.

[14] GALARZA, Judith Lopes; ALMUINAS, José Luis Rivero. La gestión de los riesgos de planificación estratégica en las instituciones de educación superior. Rev. Cubana Edu. Superior. v.34, n.2, p.45-53, 2015. Disponível em: http://scielo.sld.cu/pdf/rces/v34n2/rces05215.pdf Acesso em: 4 dez. 2018.
» http://scielo.sld.cu/pdf/rces/v34n2/rces05215.pdf

[15] HOFRICHTER, Markus. Análise swot: quando usar e como fazer. Porto Alegre: Revolução eBook, 2017.

[16] LEITE, Jailma Simone Gonçalves; SOUZA, Edivanio Duarte. A gestão da informação e do conhecimento nas organizações: condicionantes das propriedades gerais da informação. Ciência da Informação em Revista. Maceió, v. 1, n. 1, p.12-16, jan./abr. 2014. Disponível em: http://www.seer.ufal.br/index.php/cir/article/view/1299/900 Acesso em: 18 jul. 2018.
» http://www.seer.ufal.br/index.php/cir/article/view/1299/900

[17] MARCONI, Maria de Andrade.; LAKATOS, Eva Maria. Metodologia científica. 6. ed. São Paulo: Atlas, 2011.

[18] NONAKA, Ikujiro; TAKEUCHI, Hirotaka. Criação de conhecimento na empresa: como as empresas japonesas geram a dinâmica da inovação. Rio de Janeiro: Elsevier, 1997.

[19] PACHECO, Cíntia Gomes; VALENTIM, Marta Lígia Pomim. Informação e conhecimento como alicerces para a gestão estratégica empresarial: um enfoque nos fluxos e fontes de informação. In: VALENTIM, M. (org.). Gestão, mediação e uso da informação. São Paulo: Editora UNESP; São Paulo: Cultura Acadêmica, 2010, cap. 15, p. 319-341.

[20] PÉREZ CERVANTES, Julio César. Planeación y control de obra del Instituto de Religión Tampico: propuesta de análisis y evaluación de planeación estratégica y riesgo. Tesis Maestría. Gerencia de Proyectos de Construcción. Departamento de Ingeniería Civil, Escuela de Ingeniería, Universidad de las Américas Puebla. Marzo 2004. Disponível em: http://catarina.udlap.mx/u_dl_a/tales/documentos/mgc/perez_c_jc/portada.html Acesso em: 3 dez. 2018.
» http://catarina.udlap.mx/u_dl_a/tales/documentos/mgc/perez_c_jc/portada.html

[21] RAMOS, César. Gestão de riscos corporativos: como integrar a gestão dos riscos com a estratégia, a governança e o controle interno?. São Paulo: César Ramos & Cia Ltda, 2018. 217p. [e-book].

[22] SANTOS, Vanderlei Batista dos. A prática arquivística em tempos de gestão do conhecimento. In: SANTOS, Vanderlei Batista dos; INNARELLI, Humberto Celeste; SOUSA, Renato Tarciso Barbosa. (Org.). Arquivística: temas contemporâneos: classificação, preservação digital, gestão do conhecimento. Distrito Federal, SENAC, 2009, p. 175-220.

[23] SARMENTO, Vera Lúcia Porangaba; BARBIRATO, João Carlos Cordeiro; Freitas Júnior, Olival de Gusmão; AZEVEDO, Cristina Camelo de; CAVALCANTI, Sonia Maria Souza. Uma proposta de planejamento estratégico para as universidades públicas brasileiras. In: FREITAS JÚNIOR, Olival de Gusmão; BARBIRATO, João Carlos Cordeiro. (Org.). Gestão do conhecimento e governança universitária: uma abordagem sistêmica. Maceió: UFAL, 2009. cap. 4. p. 88-105.

[24] SEVERINO, Antônio Joaquim. Metodologia do trabalho científico. 24. ed. São Paulo: Cortez, 2016. 317p.

[25] SOUZA, Edvanio Duarte de; DIAS, Eduardo José Wense; NASSIF, Monica Erichsen. A gestão da informação e do conhecimento na ciência da informação: perspectivas teóricas e práticas. Informação & Sociedade: Estudos, João Pessoa, v. 21, n.1, p. 55-70, jan./abr. 2011. Disponível em: http://www.periodicos.ufpb.br/ojs/index.php/ies/article/view/4039/5598 Acesso em: 17 jul. 2018.
» http://www.periodicos.ufpb.br/ojs/index.php/ies/article/view/4039/5598

[26] VIANNA, Márcio Aparecido Nogueira; VALLS, Valéria Martin. O papel da gestão documental nos processos de gestão do conhecimento. Future, São Paulo, v. 8, n. 2, p.3-26, abr./ago. 2016. Disponível em: https://www.revistafuture.org/FSRJ/article/viewFile/209/356 Acesso em: 18 jul. 2018.
» https://www.revistafuture.org/FSRJ/article/viewFile/209/356

Risk Category	Definitions
Strategic	Events that can impact in CGPA mission, goals, and purposes.
Operational	Events that might compromise CGPA activities, usually associated with flaws, deficiencies, and inadequacy of internal process, facilities, and system, affecting the management effort regarding efficiency and efficacy of organizational process.
Budget	Events that might compromise CGPA capability of rely on budget resources needed to do its activities.
Credibility	Events that might compromise the society credibility on CGPA capability of fulfill its mission, that interferes in the sector image,
Integrity	Events that can affect the probity of public resources management of CGPA activities, caused by lack of honest and etic deviation.
Tax	Events that can impair the balance of public accounts.
Compliance	Events that can affect the fulfillment of applicable laws and regulations.

Order Nº	Strategic Risk 03
Internal Environment And Purpose Attachment	Unit CGPA		Process Documental Management
Risk Identification	Cause Lack of knowledge in the area	Events/ Risks Lack of acknowledgeme nt of documental management	Consequences/I mpacts Excessive interest in documental elimination and documental digitalization without obeying to criteria needed for the procedures	Risk Description Due to the lack of knowledge in the area, it may occur lack o acknowledgem ent in the documental management, it might bring to excessive
				interest in documental elimination and documental digitalization without obeying to criteria needed for the procedures, impacting the planning, and documental management coordinator purpose.
Risk Analysis and Evaluation	Level of Risk HIGH impact (3) x Probability (4) = Relevance (12)	Existent Control Inexistent	Evaluation of Existent Controls Inexistent Controls	Level of Residual Risk Relevance (12) x (1) = 12 - HIGH
Answer to the Risk/ Control Activities	Treatment Type Reduce	Treatment Measures Elaborate an institutional campaign to promote the document management in IFS.		Action Editing a promotional video.
Information and Communication	Responsible CGPA/PROAD/ REITORIA		Deadline/Frequency 31/12/2020	Situation: Not started
Monitoring	Submit to approval of PROAD

Order Nº	Strategic Risk 06
Internal Environment And Purpose Attachment	Unit CGPA		Process Documental Management
Risk Identification	Cause Understand ing that the archive administrat or is unnecessar y in the institution.	Events/ Risks Devaluation of documental management.	Consequences/I mpacts Historical process of lack on preserving institutional memory	Risk Description Due to understanding that the archive administrator is unnecessary in the institution, can occur devaluation of documental management, can reinforce historical process of lack on preserving institutional memory, impacting the planning, and documental management
				coordinator purpose.
Risk Analysis and Evaluation	Level of Risk HIGH Impact (3) x Probability (4) = Relevance (12)	Existent Control Inexistent	Evaluation of Existent Controls Not functional	Level of Residual Risk Relevance (12) x (1) = 12 HIGH
Answer to the Risk/ Control Activities	Treatment Type Reduce		Treatment Measures Marketing Plan to promote documental management	Action Elaborate an Marketing Plan
Information and Communication	Responsible CGPA/DCOM		Deadline/Frequency 31/12/2020	Situation: Not started
Monitoring	Submit to appreciation and approval of PROAD

Brasil

Brasil

Risk management the COSO methodology applied to manager an information unit

ABSTRACT

RESUMO

1 INTRODUCTION

2 CONVERGENCIES BETWEEN DOCUMENTAL, INFORMATIONAL AND KNOWLEDGE MANAGEMENT

3 RISK MANAGEMENT

4 METHOD

4.1 Risk Management aligned to Documental Management

5 RESULTS

REFERÊNCIAS

JITA:

Publication Dates

History