Perception of Information Technology managers about the risk management practices in IT acquisitions of the Municipality of Fortaleza in the light of NBR ISO 31000

Abstract

Risk management in the public sector is a key tool for managers to increase safety and performance in the implementation of public policies. Thus, this paper aims to analyze, through the NBR ISO 31000:2009, the adherence to good risk management practices in the acquisitions of Information Technology (IT) by the Municipality of Fortaleza (PMF). The descriptive research used as procedures the survey and as the approach to the problem is characterized as qualitative. To this end, a structured questionnaire in the form of a checklist was applied to representatives of the PMF's ICT Technical Group, in the months of May and June 2022. The results indicate that the risk treatment and risk management process registration processes were the ones that recorded least adherence. It is concluded that, in general, there is low adherence to the processes related to risk management in IT acquisitions by the PMF, considering NBR ISO 31000:2009. Several reflections can be carried out from the results in order to generate an evolution of the risk management process linked to the PMF's IT acquisition process. The standard`s processes are presented as guides for the improvement itself.