Next Article in Journal
Efficient Detection of Ventricular Late Potentials on ECG Signals Based on Wavelet Denoising and SVM Classification
Previous Article in Journal
AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Information 2019, 10(11), 327;

Proposal of an Implementation Methodology of ICT Processes
Department of Computer Science, University of Brasília (UnB), P.O. Box 4466, Brasília, DF, CEP 70910-900, Brazil
National Science and Technology Institute on Cyber Security, Electrical Engineering Department, University of Brasília (UnB), P.O. Box 4466, Brasília, DF, CEP 70910-900, Brazil
Correspondence: [email protected]; Tel.: +55-061-98114-0478
These authors contributed equally to this work.
Received: 5 September 2019 / Accepted: 15 October 2019 / Published: 23 October 2019


The challenge to enhance the use of Information Communication Technology (ICT) in the Brazilian Federal Public Administration involves not only technological issues but also staff training, adaptation to new culture, and understanding of processes. Furthermore, knowledge must be well aligned and articulated so that ICT resources are applied efficiently and effectively, meeting the needs of society, ensuring the provision of quality public service and, above all, providing better conditions for the exercise of functions performed by employees. This article presents an account of the implementation of the ICT processes in a State Company based on the ICT Governance Kit proposed for the Secretariat of Coordination and Governance of State Companies. During the execution of the case study, we surveyed the initial diagnosis of the processes performed by the State, as well as brainstormings and semi-structured interviews to help the implementation process. The diagnosis made it possible to identify the level of maturity of the existing ICT processes in the State and to verify if they were being carried out in the best possible way. The driving dynamics worked as a pilot, allowing the exchange of knowledge between teams, improvements suggestion in some processes of the Kit and the definition of a proposed methodology for the implementation of the Kit that could serve as a model to be used by other States which will implement the Kit. Lastly, the processes contemplated in the Kit were considered adherent by the execution team (State employees specialists in ICT Governance who participated in the implementation process), and the suggested artifacts were validated.
ICT Governance Kit; implantation methodology; ICT processes; State Companies; lessons learned

1. Introduction

Information and Communication Technologies (ICTs) have undergone constant processes of modification, updating, and innovation, inherent to their nature. The use and processing of information in the Brazilian Federal Public Administration (FPA) also evolve according to the technologies, and cannot represent a high cost for the public budget, so that FPA application must follow the continuous improvement of its processes [1]. The visions and goals for the use of ICT in the public sector are broad, related to efficiency, effectiveness, and the strengthening of the functions performed. The achievement of such a diverse set of goals requires an efficient mechanism to provide the means and measurement of the use of ICT resources as well as top management to understand the various roles that ICTs have and how they should be managed and monitored [2].
ICT has been consolidating itself as a strategic asset, integrating resources, processes, methods, techniques to obtain, process, store, disseminate, and make use of the information [3]. From this point of view, ICT Governance guarantees the excellent and regular management of ICT services, which are deployed to meet the corporate strategy of an organization. However, this alignment is only feasible with a structured planning that reflects how the ICT will contribute, through the achievement of its goals and actions, to the achievement of the organizational purposes. Thus, it is pertinent and relevant to develop the maturity of the technologies used by the information systems, as well as the management and governance processes associated [4].
In order for ICT assets to perform well in an organization, the existence of transparency is essential in the information managed and should be made available to society. State Companies of the Brazilian Federal Executive Administration, in the context of coordination and governance of these companies by the State Companies Coordination and Governance Secretariat (SEST), aim to achieve this transparency. Currently, there are more than 130 state-owned companies with several formations and histories, where transparency in the managed information and making it available involve technology and process solutions. These processes might respond to the heterogeneity of State situations and their different degrees of maturity, related to their ICT Governance and Management.
The size of the state-owned companies and their turnover and investments justify the research for innovative solutions that improve transparency and contribute to the economic efficiency of these companies. This research has particular motivation, in terms of the economic potential in the public administration, and the return of benefits to the population, since economies in this context can have a significant impact on the daily life of citizens [5].
ICT’s advances in information processing are of interest to SEST and are of high relevance to the activities of this Secretariat. Specialists generally consider ICT as a critical success factor in securing, recording and providing timely and secure information needed to meet the strategic objectives of organizations and in the execution of management, tactical and operational processes of organizations. Moreover, government people can no longer treat ICT advances from state-owned companies as exclusive to their ICT area, but rather as factors with potential impact on their business activities. ICT is a significant and transforming agent in the knowledge and management production process, with a consequent impact on the primary functions of Public Companies.
Considering the relevance of these state-owned companies, SEST defined a project that aims to identify the information needs for the best execution of processes related to the coordination and governance of state-owned companies. SEST has proposed an innovative technological environment that enables the safe exchange of information, aiming at implementing a model for improvement of ICT Governance practices for SEST and State Companies. Thus, Canedo et al. proposed an ICT Governance kit to implement in SEST and state companies [6].
This kit defines a set of processes and artifacts to guide in improving and pursuing the maturity of ICT processes and improving the management of ICT resources. The final result of the Kit contains 24 sets of artifacts, templates, and auxiliary material for the implementation of ICT governance and management. The authors grouped the guidelines into three kits [6,7]. The first one considers the basic processes destined to the organizations with little or no maturity in ICT (Levels 0–2). The second one is for organizations that aim to progress to the intermediate maturity level (Level 3). Moreover, in the third Kit are the guidelines regarding the implementation of processes associated with the improved ICT maturity level (Levels 4–5), according to the maturity model proposed by Capability Maturity Model Integration (CMMI) [8,9].
This paper presents an account of the execution of a pilot project carried out at Brazilian Guarantees and Fund Management Agency (ABGF) State Company. The aim was to implement some processes of the ICT Governance Kit [6] developed for the Secretariat of Coordination and Governance of State Companies in partnership with the University of Brasília (UnB) (Decision Making Technologies Laboratory, LATITUDE).
The main contribution of this work is the development/proposal of a methodology for the selection and implementation of ICT processes in Brazilian State Companies based on the documentation provided by the ICT Governance Kits. We present the lessons learned during the execution of a pilot and propose a methodology for the implementation of ICT management and governance processes. Both public and private companies, interested in the implementation of any of the processes, can use the methodology contemplated in the Kit.
This paper is organized as follows. In Section 2, we present the contextualization of the ICT Governance concepts on the scenario of the pilot application. Section 3 offers the method used for the implementation of the processes in the case study. Section 4 presents a discussion of the results obtained, as well as the lessons learned during the pilot implementation. Section 5 presents the methodology proposed for the implementation of one or more ICT management or governance processes, which includes the documentation (artifacts, templates, and auxiliary material) in the Governance Kit published by SEST in its portal. Lastly, Section 6 presents the final considerations of this work, as well as future works.

2. Contextualization

2.1. Brazilian Public Administration

The Brazilian Public Administration manages public resources of the interests of the community, promoting quality and meeting the needs of the population through public services. The public domain is an arena of public debate in which there are discussions of general interest, and people try to converge the different opinions to reach agreement, necessary for active participation and the democratic process. In the public sphere, administration involves, in addition to the management, delivery, and execution of public services, the direction and exercise of the intention to achieve a useful purpose. It comprises both the administrative function, exercised through the administrative organs, and the political function, which is exercised by the governmental agencies [10]. Public Administration is the whole state apparatus, foreordained to the accomplishment of its services, aiming at the satisfaction of the collective needs [11].
Brazilian Public Administration refers to the concrete and immediate activity that the State develops under a totally or partially public legal regime. The aim is to achieve collective interests (objective sense), as to the set of organs and legal entities to which the law attributes the exercise of the administrative function of the State (subjective sense) [12].
According to the System of Organization and Institutional Innovation of the Brazilian Federal Government, the government people decided to reformulate the arrangement of the current Brazilian government. Thus, the guidelines were defined to guide the strengthening processes of institutional capacity in organizational structures: those focusing on the organization of government action by programs; elimination of overlaps and fragmentation of actions; increased efficiency, efficacy and effectiveness of public spending and administrative action; rationalization of hierarchical levels and increased range of command; guidance for government priorities; and alignment of the proposed measures with the competencies of the organization and the results intended by the Brazilian Public Administration [13].
Figure 1 presents the current structure of the Brazilian Federal Government. The Federal State Enterprises discussed in this paper are part of the Secretariat of Coordination and Governance of State Enterprises (SEST), the Special Secretariat for Privatization and Divestment, of the Ministry of Economy [14].

2.2. ICT Governance

Information and Communication Technologies (ICT) have given as many challenges as opportunities to organizations. Many companies are becoming dependent on ICT to develop their activities daily. This dependency creates requisitions such as availability, assurance of continuity, security, efficiency, quality of delivery and support, controls, compliance, and consistency. Thus, ICT must have an essential role in implementing the organization’s strategies, since reliable and accurate information must be available for all business processes [15].
According to IT Governance Institute (ITGI), ICT Governance is a structure of relationships and processes that monitors and controls an organization in order to promote business value by balancing risk and return on ICT investments. The software industry is increasingly using ICT Governance as a framework model for this management task through its frameworks based on best practices in software development and adhering to external regulations. ICT Governance and the alignment of ICT management go hand in hand with strategic planning as a way of adding value to the use of ICT products and services through the optimal investment to obtain competitive advantage and financial return; concepts more related in most cases to private companies than public sector agencies [16].
Previous works define ICT Governance as a governance vision that ensures information and related technologies support and enable the organization’s strategy and the achievement of corporate objectives. It also includes functional ICT governance, such as ensuring that ICT capabilities are delivered efficiently and effectively [17,18]. ICT has been developing in a fast way to require organizations to transform their internal and external business processes, enabling users to meet their expectations and stay in the market. As a result, ICT expenditure can account for a significant portion of an organization’s expenditure [19]. This reality suggests that the focus on control and monitoring, driven by ICT Governance, is continuously needed and executed by organizations. It also indicates that the implementation of an adequate system of governance by organizations is a movement of strategic importance and fundamental for its survival [20].
The implementation of an ICT Governance system modifies the organization’s structure of power, and this change can generate internal conflicts and implies sharing and control, leading to the need to create clear rules of responsibilities definitions. Even after implementation, ICT Governance is permeated by situations where there is competition among stakeholders, which can also generate conflicts of interest [21]. Thus, the basic principle of ICT Governance is the alignment between ICT and business, which organizations use as a tool to mitigate the frustrations resulting from the misuse of ICT investments and obtain competitive advantages [22]. The search for alignment occurs through cohesion between ICTs, functional areas and other stakeholders, fostering a relationship that intensifies with the implementation of an ICT Governance system, thus this relationship can be understood as a set of interactions between the interested parties [23].

2.3. ICT Governance in Brazil

ICT Governance plays an increasingly important role in organizations and the Federal Public Administration (FPA), and its role is as vital as any other activity [4]. The ICT Governance in the Brazilian FPA is the responsibility of the top management (directors and executives), and there must be an alignment between the ICT and the strategies and objectives of the organization. Thus, efficient and effective management promotes the achievement of organizational goals. In Brazil, the primary inductor of ICT Governance practices in the Federal Public Administration is the Federal Court of Accounts (TCU), which carries out a biannual evaluation of entities related to the Federal Government Administration. However, the implementation of ICT Governance practices in the Federal Public Administration lacks objective guidance, and it is necessary to identify critical success factors in the implementation of good governance practices.
Organizations belonging to the public sector should seek the best possible use of available resources, be they financial, structural or human resources. Furthermore, they must provide transparency, allowing due control by stakeholders, i.e., there is a need for these resources to be used correctly and focused at the achievement of organizational objectives [12]. ICT Governance provides this [24]. The surveys carried out by TCU point to a trend of evolution in the implementation initiatives of ICT Governance in the FPA. However, the TCU itself argues that this situation is far from desired, suggesting that this tendency of evolution presents a rhythm less than expected.
In the public sector, to measure ICT results, the TCU had the initiative of establishing the IT Governance index (iGovIT), calculated according to the answers of the evaluation questionnaires sent to organizations every two years. The purpose of the evaluation is to analyze the dimensions and structure, as shown in Table 1. In the Dimension column the dimensions proposed by the TCU are displayed, in the Context column there is a description of each dimension and, in the column Specific Themes, the specific theme of each dimension is informed. From the iGovIT calculation, organizations are grouped into three levels: iGovIT-TCU < 0.40: low IT maturity; iGovIT-TCU between 0.40 and 0.59: intermediate maturity; and iGovIT-TCU > 0.59: improved stage [7,25]. In this context, TCU Judgment number 3051/2014 deals with IT audits carried out in different agencies and entities of the Federal Public Administration and makes several recommendations for the improvement of IT processes. Subsequently, the TCU in other judgments, e.g., Judgment number 1771/2017, returns to the subject and indicates that the TCU Secretariat, responsible for audits (Sefti), will continue with the monitoring. Thus, both on its own initiative and by determination of the TCU, federal public organizations increasingly must provide for the improvement of their ICT management and governance processes. Thus, by supporting and contributing to initiatives in this direction, SEST and Latitude have developed the ICT Governance Kit containing guidelines and supporting material for the implementation of ICT processes by the State Companies.

2.4. State Company of the Implementation Pilot

The pilot of the ICT Governance Kit was conducted at the Brazilian Guarantees and Fund Management Agency (ABGF), which is a public company, in the form of a corporation, created by Decree number 7.976/2013, as authorized by Law number 12.712/2012, with an indefinite term and for the purpose, among others, to manage guarantee funds and provide guarantees for diluted risk operations in areas of great economic and social interest [26].
ABGF aims to contribute to the dynamism of Brazilian exports, to the financing of infrastructure projects, to the provision of guarantees and to the management of official guarantee funds in Brazil, complementing the market’s performance [26].
Its mission is to act in the provision of guarantees and the management of guarantee funds, complementing the insurance and guarantees market, as well as contributing to the dynamism of exports and to the development of the country’s infrastructure [26].
The State’s vision is to be recognized for excellence in risk management and guarantee funds, acting as the official Brazilian agency for export credit insurance and guarantees for infrastructure projects and others, focused on the country’s development. The values of ABGF are: ethics, professionalism, accountability, transparency, sustainability, and innovation [26].

3. Research Methodology

We used the method suggested by Yin [27] to perform an explanatory case study on SEST [27] According to Yin, a case study is an empirical method that investigates a contemporary phenomenon (the “case”) in depth and within its real-world context, especially when the boundaries between phenomenon and context may not be evident. We chose the case study method because we sought to analyze a real-world case to understand if the State Companies of the Brazilian Federal Government implemented the ICT Governance Kits proposed by SEST, and otherwise identify which of these ICT processes the State Companies had not implemented. If the case study companies were not following the suggested ICT processes, we intended to suggest a methodology that facilitates the implementation of the processes by the State-owned companies.
During the execution of the case study, we followed the phases of Plan, Design, Prepare, Collect, Analyze, and Share [27]. During 2018 and 2019, we analyzed the complexity of SEST activities and documents. In conducting the case study, we used semi-structured interviews [28] with SEST and State Company employees to identify which ICT processes the State company had already implemented, as well as the difficulties they faced in implementing the processes. We also conducted a focus group [29] with some team leaders from SEST and the State Company to understand how they performed ICT processes within the State Company and to identify the improvements while following the ICT implementation processes, suggested by the Governance Kit [6,7]. Besides, we surveyed [30] with SEST’s employees to identify the maturity level of ICT processes of these Companies. All authors of this work participated in the project execution at SEST.

3.1. Case Study

The execution of the pilot in the State Company was carried out with the participation of the Administrative Financial Superintendence (SUAFI), Executive Management of Governance (GEGOV), Information Technology Management (GETEC) of ABGF, SEST leaders and Latitude (researchers involved in the elaboration and implementation of the ICT Governance Kit) teams. Table 2 presents the profile of the team participating in the Pilot deployment.
We chose the pilot participants according to their experience in the activities carried out within the organization. It was important for professionals to have experience in performing ICT governance and management activities. They also had experience in modeling ICT processes. The professor and master’s students who participated in the pilot were chosen because they had experience in ICT and knew the organizational processes of SEST and ABGF. They acted as process implementation consultants. Thus, the choice of participants was directed so that everyone could collaborate and suggest improvements in the proposed processes, as well as in their implementation. It was also necessary to have participants from different areas within the organization.
The ICT governance processes that make up the proposed Governance Kits for SEST—Kits 1, 2 and 3—were defined according to their maturity level as defined by the Capability Maturity Model Integration (CMMI) [8]. Thus, the proposed processes were classified for the Kits according to their level. Maturity Level 2 processes make up Kit 1, maturity Level 3 processes make up Kit 2, and maturity Level 4 and 5 processes make up Kit 3. Decisions for this classification were presented by Canedo et al. [6]. Kit 1 is made up of six processes, Kit 2 is composed of ten processes and Kit 3 comprises eight processes. The Kits have common processes since an early part of the process runs at a lower maturity level and the other artifacts run at another maturity level. Figure 2 presents the processes that make up each Kit (1, 2 and 3) according to its level of maturity and the mapping of the processes that are common to them.
The first activity carried out in the pilot deployment was the meeting with all the participants (Stage 1 in Figure 3) presented in Table 2. The purpose of the ICT Governance Kit developed by SEST and the objective to be achieved with pilot implementation was clarified. Furthermore, all processes and their artifacts were presented to ABGF members (Stage 2 in Figure 3). A Survey was conducted to enable ABGF contextualize SEST and researchers about the current situation of the State Company with respect to its maturity of ICT processes (Stage 3 in Figure 3). Thus, all the processes and artifacts covered by the Kit were addressed in the survey questions. After understanding the existing processes and already implemented in the ABGF, SUAFI, GEGOV and GETEC participants agreed on which processes of the Kit would be implemented during the pilot with the support of the researchers (Stage 4 in Figure 3). With the list of processes that the ABGF intended to implement, the elaboration and implementation activities were started. Several meetings were held between the teams and the artifacts elaborated (Stage 5 in Figure 3). At the end of the artifacts elaboration and norms of each process, the artifacts generated were validated with the team of researchers, SEST and ABGF (Stage 6 in Figure 3). At the end of the activities, the lessons learned were recorded, as well as the improvements suggested by the participants (Stage 7 in Figure 3).
Figure 3 presents the stages and activities that were followed for the pilot deployment in the ABGF. The activities were developed using techniques such as survey, brainstorming, focus group and semi-structured interviews.

3.2. Survey

The survey questions were elaborated according to the guidelines proposed by Kitchenham et al. [31]. The survey was answered by the ABGF team responsible for implementing the pilot. The survey contained 36 closed questions. Some questions addressed the processes and their artifacts, where the respondent could choose which processes the State Company had implemented, as well as which of the artifacts that comprised the process were contemplated in the State Company. Process questions were sorted according to the maturity level proposed by the Kit (28 questions in total), Levels 1, 2 and 3. Five questions were related to the team’s perception of the relevance of Kit implementation and were made using the Likert scale [32], in which the participant could choose one of the alternatives: I totally agree, Agree, Neutral, Disagree and Strongly Disagree [33]. The last three questions of the survey were related to the time needed for the implementation of the Kit by the State Company. The purpose of these three last questions was to validate the time required by SEST to enable a State Company to implement all the processes and artifacts of the Kit.
After an analysis of the diagnosis obtained with the survey, the team of managers of the ABGF chose the processes to be implemented during the pilot. The chosen processes were approved by SEST and the team of researchers. Table 3 shows the selected processes, their identifier in the ICT Governance Kit and their maturity level according to the Kit (Kit 1, Basic; Kit 2, Intermediate; and Kit 3, Advanced).
In addition to a diagnosis of the State Company’s current situation from the survey conducted, it was possible to conclude that the ICT Governance Kit proposed by SEST was well accepted by the State and considered relevant for improving the maturity of the processes and that the stipulated deadlines (1–18 months) were considered acceptable and amenable to implementation. Thus, the deadlines defined by SEST and the team of researchers were validated with the survey.

3.3. Brainstorming

During the pilot’s execution, the team of researchers and SEST, together with the staff of the state-owned ABGF, carried out some brainstormings with the purpose of conducting the discussions about the processes and artifacts to be built by the teams. Brainstorming is a group dynamics that is used in many organizations as a technique for solving specific problems, for developing new ideas or projects, for gathering information and for stimulating creative thinking. The brainstorming technique [34] proposes that a group of people come together and use their thoughts and ideas to reach a common denominator in order to generate innovative ideas that lead to a particular project or process. No idea should be discarded or judged as wrong or absurd; all must be in the compilation or annotation of all ideas occurred in the process; and then they evolve to the final solution [35,36].
At the end of each brainstorming, the Latitude team of researchers presented a synthesis of the ideas discussed for the elaboration of the artifacts, listing the needs presented by the members of the session. For example, in the brainstorming to define the processes and artifacts to be executed during the pilot, there was a consensus on the part of the teams of which process artifacts should be elaborated and the order of elaboration to be adopted by the ABGF. The discussion during the meeting did not diverge from the proposed order on the mental maps of the Kit proposed by SEST. Thus, the processes with their respective artifacts implemented at the ABGF followed the order defined in the stages provided by the Kit. While conducting the work of implementing the processes, in some moments, a certain artifact had its elaboration interrupted with the objective of complementing some information that was in a certain artifact of another process; for example, in the elaboration of the PDICT, the elaboration of the plan of goals and actions for the management of people had to be interrupted, since the management plan of people of the state company was in charge of the sector of human resources and we had no way to define the goals without the delivery of the responsibility artifact of another area. Thus, we can conclude that the step-by-step approach proposed in the SEST Governance Kit met what was expected in the execution of the pilot, since all the processes that were the responsibility of the ICT governance area and the ICT coordination of the ABGF were carried out in the proposed order. The processes with ID 04 and 08 (Table 3) were developed using the brainstorming technique.

3.4. Focus Group

The focus group represents a source that intensifies access to information about a phenomenon, either by the possibility of generating new conceptions or by the analysis and problematization of an idea in depth. It develops from a dialectical perspective, in which the group has common goals and its participants seek to approach them by working as a team. In this conception, there is an intentionality to sensitize participants to operate in the transformation of reality in a critical and creative way [29].
The studies that used the focus group demonstrate that this is a space for discussion and exchange of experiences around a certain theme. Furthermore, the group encourages discussion among the participants, allowing the topics covered to be more problematic than in an individual interview situation. Participants, in general, listen to the opinions of others before forming their own, and constantly change their position or base their initial opinion better when involved in group discussion. This technique has been used to explore participants’ conceptions and experiences and can be used to examine not only what people think, but how they think and why they think so. The focus group may also facilitate discussion of topics that are often poorly explored or even avoided, as they tend to generate more critical comments, and more extroverted participants are usually able to engage and stimulate others [37].
In this perspective, the assumption that the focus group has one of its greatest riches is based on the human tendency to form opinions and attitudes in the interaction with other subjects. This contrasts, in this sense, with data collected in questionnaires or interviews, in which participants are summoned to express opinions on subjects that they may have never previously reflected. As regards its limits, it is observed that in some cases group discussion may repress certain positions that are dissenting from the other participants, but disagreements within the groups can be used to encourage the defense of their points of view. Other limits associated with the use of the technique may be listed, such as the difficulty of ensuring total anonymity, the possibility of interference with the value judgments of the researcher, and the risk that the discussions will be diverted or dominated by a few participants, resulting in a distortion of results [38].
Similar to other techniques, the focus group is not able to condition or influence the design of research objects and objectives. This evidence does not imply the assertion that technique is a secondary element of research, but rather that it lacks the methodological autonomy to govern or define its own use. These considerations show that the attributions of the focus group coordination team need to be well defined in order to plan, evaluate and redirect the meetings according to the group development. The role of the coordinator or moderator is significant in the dynamization of groups and is related to preparation and instrumentalization in all phases of the process, such as the definition of a topic guide, which consists of a summary of the objectives and the issues to be addressed, besides a guiding scheme of the meeting [29].
It is important that the focus group meeting environment is welcoming and ensures privacy to facilitate discussion and deepen discussions. Likewise, it is suggested that the chairs or seats be organized around a conference table, a circle or other arrangement that promotes the participation and interaction of those involved. With regard to the number of meetings, some important aspects need to be considered, such as the organization of at least two groups for each topic considered pertinent to the topic; the realization of groups until the information obtained is no longer new; and the development of groups in each geographical region in which it is considered that there is an important difference. It is suggested that the duration of each of the meetings be 1–2.5 h [29].
For the composition of the focus group, it is necessary to consider that the members have at least one important common characteristic, and the criteria for the selection of the subjects are determined by the objective of the study, being characterized as an intentional sample. In this context, it is suggested that the number of participants is between six and fifteen, and, when it is desired to generate as many ideas as possible, it is more enriching to opt for a larger group, whereas, if the goal is to achieve the depth of expression of each participant, a small group would be more indicated. Most researchers recommend homogeneity in focus groups in order to enhance thinking about common experiences. However, it may also be advantageous to bring together a diverse group to maximize different perspectives within a group, although the professional hierarchy, class, and schooling, among others, may interfere with the expression of the data [29,38].
The pilot implementation was carried out in the focus group with the specialists of each ICT process to be implemented, respecting all the suggestions and guidelines mentioned in the literature, with the objective of collecting quantitative and qualitative data for the conduction of the process. The processes added, with IDs, 01, 06 and 07 (Table 4), were developed using the focus group technique. The participants in the focus group are presented in Table 2. All participants were selected because they have knowledge of all company ICT processes and have good experience in the ICT Governance area.

3.5. Semi-Structured Interviews

For the Processes of Management of Continuity of ICT Services and Project Management, we chose to use semi-structured interviews based on semi-open questions. Semi-structured interviews have as main objective to understand the meanings that the interviewees attribute to the issues and situations related to the topics of interest [28]. The semi-structured interview has as characteristic the basic questions that are supported in theories and hypotheses that are related to the researched subject. The questions provide assumptions based on participants’ responses. The main focus of the process was placed by the investigator-interviewer. The semi-structured interview favors not only the description of the social phenomena, but also its explanation and the comprehension of its totality, besides maintaining the conscious and active presence of the researcher in the information gathering process [39].
The questions of the semi-structured interviews sought to understand the concept of the processes to be elaborated from the perspective of the ICT managers of the ABGF and how ICT Governance is exercised in the State Company through its critical decisions and structural, procedural and relationship skills. Fifteen questions were elaborated, besides the characterization of the respondents. The adopted questions were distributed in categories, according to the artifacts of the process to be elaborated. The processes with IDs 04 and 06 (Table 3 Kit 3) were developed using the semi-structured interviews technique.

4. Results

During the implementation of the ICT Service Continuity Management process, it was identified that Business Continuity Management had not been included in the proposed Governance Kit. In turn, the state-owned ABGF decided together with the team of researchers to add the elaboration of this process and its respective artifacts before beginning the elaboration of the management process of the ICT Continuity of the Services. In turn, business continuity planning is of fundamental importance to the state and there was no possibility of elaborating the continuity of ICT services, without first defining how the business should behave in the case of the need for continuity in adverse situations. All norms and procedures were defined so that in critical situations, all essential services of the State Company could be resumed without financial and/or administrative damages.
During the elaboration of the ICT Risk Management process, the State Company identified that the ICT Committee process did not contemplate the necessary artifacts for the process and needed to update the ordinance of the Creation Internal Standard of the ICT Committee; the Internal Rules of the ICT Committee; the participating members of the ICT Committee; and their respective responsibilities, since the documents in this case were out of date and there were no records of the minutes of meetings held.
The Information Communication Technology Master Plan process (ICT) (PDICT) also needed to be updated during pilot deployment, as the coverage period was out of date and the PDICT support documents were not in accordance with those suggested by the SEST ICT Governance Kit. Thus, the State Company’s team identified the need to carry out the updating of this process during the pilot’s implementation in order to update the State Company ICT principles, guidelines and objectives.
During the execution of the pilot, eight processes were implemented in the state company. Table 4 shows all the processes implemented during pilot execution. For each process implemented, all artifacts and standards were prepared and approved by the team.

4.1. Discussions and Lessons Learned

The accomplishment of the pilot in the State Company allowed us to list some lessons learned, such as:
  • The application of the Diagnostic Questionnaire to identify the State Company’s ICT Governance processes may not represent the real scenario in relation to its maturity. In response to the questionnaire, the State Company identified processes as fully implemented, i.e., with all the artifacts proposed by the Kit. In the execution of the pilot, it was concluded that important artifacts were not implemented. In some cases, even the basics of the process, such as the processes of the ICT Committee and the Information Communication Technology Master Plan (PDICT) were not complete.
  • The pilot’s deployment needs to be planned with the State Company and its collaborators. At the time of deployment, the employees were running in parallel all their daily activities and this undermined the progress of the deployment.
  • It was identified that a process had not been contemplated in the Kit, the Business Continuity Process, which is important for defining the services provided by the State Company.
  • In the process of Software Development, some artifacts are dependent on how the State Company works, i.e., in relation to software development. In the case of being through software factory or cooperation term, some proposed artifacts may be the contractor’s responsibility.
  • The stipulated deadline for the implementation of the kits may be adequate, provided that in the State Company there is a team available for its elaboration and deployment.
  • The definition of the rules and artifacts of each process are sensitive to the context of the State Company information, e.g., the Risk Management Plan of the State Company pilot is quite complex because it deals with a State Company that works with a large movement of financial resources.
  • The Change Management process was applied in practice during the pilot’s execution, since the State changed its address and several IT services had to have a contingency plan for possible incidents that could occur, such as changes and location the state company, as well as its storage servers.
The implementation of the pilot, with the accompaniment of the elaboration team, allowed us to validate the artifacts that were proposed. It leads us to believe that the need for full implementation of the Governance Kit can contribute to the management of the State Company ICT services, providing them with an efficient mechanism for monitoring and performing their ICT resources and management.
The adoption of the focus group and semi-structured interviews with SEST staff and team leaders allowed us to identify all ICT processes that the State Company had already implemented. Moreover, it was possible to see what needed to be developed and implemented for the company to achieve better results with its ICT resources. Finally, the survey execution allowed us to identify the maturity level of the State Enterprises and to suggest to them which ICT processes should be implemented to improve their maturity level.

5. Proposal of a Methodology for the Implementation of ICT Processes from the ICT Governance Kits

To define a methodology for the development and implementation of an ICT Governance mechanism, it is necessary to make a survey based on the organization needs, which can be conducted through information gathering techniques [40]. In the implementation of the pilot, we conducted the activities through these four techniques: survey, brainstormings, focus group and semi-structured interviews. From the lessons learned, presented in Section 4.1, we defined a methodology for the implementation of the Kit in a State Company using the techniques available in the literature. Figure 4 presents the suggested methodological protocol for the implementation of the ICT Governance Kit in a State Company.
Figure 5 displays the detail of the Define Deployment Method sub-process. This process should be performed according to the state profile. Some processes and artifacts have specific characteristics and according to the sensitivity of the information handled by the State Company, the choice of technique to develop this process can be altered. In cases where the information is common knowledge of all involved, the techniques of survey, brainstorming and semi-structured interviews are appropriate. In situations where the State Company has confidential information and/or needs to be evaluated and discussed with the specific managers of the subject, the use of the focus group is indicated. The technique chosen by the State Company should be performed with the participation of a specialist in the subject and those responsible for the areas of the processes to be implemented. The participation of specialists all of the techniques is important because they will know how to conduct the activities and will have a vision of the norms and guidelines that the process must contain.
Although it has been applied to a single state-owned company, the proposed methodology for implementing ICT processes can be used by any organization that needs to implement an efficient ICT governance process, since the processes are defined by best practices and are adherent to all organizations, whether private or public. Depending on the type of organization, minor adjustments may be required, not compromising the efficiency of the proposed methodology.

6. Conclusions

The role, increasingly important in organizations, played by ICT implies that its management is carried out efficiently and effectively in order to promote the achievement of organizational objectives. As a significant inducer of the adoption of ICT Governance practices in the Federal Public Administration (FPA), the TCU conducts a biannual evaluation of entities related to the FPA. However, the implementation of ICT Governance practices in FPA requires objective guidance and a clear protocol for improvements to be implemented. Based on that, this work had the objective of executing a pilot for the implementation of ICT processes documented in the Governance Kit published in the SEST portal, as well as the elaboration of a methodology that guides other State Companies interested in the implementation of ICT processes from the Governance Kit.
Through the survey, brainstorming, semi-structured interviews, and a focus group, it was possible to obtain the perception of the managers of the State Company and the ICT Governance team concerning the processes proposed by the SEST ICT Governance Kit and classify the level of maturity of existing ICT processes from the State Company. Then, we identified their needs in the context of the implementation of the ICT Governance Kit, and it was possible to validate the proposal of the time necessary for the implementation of Kits 1, 2, and 3 by the State Company.
The pilot execution allowed the identification of a necessary process that was not contemplated in the Kit. We added the process to the proposed Kit and its elaborated artifacts. The execution of the pilot allowed us to evaluate the scenario of a sophisticated State Company. At first, it was believed to have several processes implemented, but, while conducting the works, the team responsible for the ICT Governance of the State Company realized that the initial analysis carried out was in disagreement with the reality of the State Company. That is, some of the ICT processes that the State Company believes to be mature and fully implemented were incomplete and outdated.
As shown in Section 5, we proposed a methodology to be adopted by the State Company in the implementation of the ICT Governance Kit proposed by SEST. Although we applied the pilot to a single State Company, we believe that the methodology would be appropriate for other State Companies, since the State Company of application of the pilot was a large state and working with a large volume of information and standards.
As future work, we suggest implementing the Kit (Kits 1, 2 and 3) and all its artifacts in one State Company so that the goals achieved in the implementation of this pilot are consolidated. Moreover, the lessons learned will be carried out in other experiments, allowing us to consolidate the results obtained and to lead the State Company to a satisfactory result of their level of maturity when evaluated by TCU. Furthermore, the execution of other pilots will allow us to validate the methodology proposed in this work.
As a second future work, we intend to implement all proposed ICT processes in a private organization and compare it with the results obtained in the implementation of ICT processes in state-owned companies. By doing so, we will create a knowledge base that can be consulted by organizations that wish to implement Governance Kits.

Author Contributions

All authors contributed to writing, reviewing and editing the manuscript.


This research received funding from the Brazilian Ministry of Economy (formerly Ministry of Planning, Development, and Management), under Grant 11/2016 SEST (State-owned Federal Companies Secretariat), and from the Professional Post-graduate Program on Electrical Engineering – PPEE, of the University of Brasília, under Process 23106.131297/2019-90.


This research work was supported by the Brazilian Research Councils CNPq (Grant 465741/2014-2 INCT on Cybersecurity), CAPES (Grants 23038.007604/2014-69 FORTE and 88887.144009/2017-00 PROBRAL), FAP-DF (Grants 0193.001366/2016 UIoT and 0193.001365/2016 SSDDC), as well as the LATITUDE/UnB Laboratory (Grant 23106.099441/2016-43 SDN) and the Brazilian Ministry of Economy, formerly Ministry of Planning, Development, and Management (Grant 11/2016 SEST).

Conflicts of Interest

The authors declare no conflict of interest.


  1. Clara, A.M.C.; Canedo, E.D.; de Sousa Júnior, R.T. A synthesis of common guidelines for regulatory compliance verification in the context of ICT governance audits. Inf. Polity 2018, 23, 221–237. [Google Scholar] [CrossRef]
  2. Jansen, A. The Understanding of ICTs in Public Sector and Its Impact on Governance. EGOV. In Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2012; Volume 7443, pp. 174–186. [Google Scholar]
  3. Liu, S.M.; Pan, L.; Chen, X. Citation Analysis of Innovative ICT and Advances of Governance (2008–2017). arXiv 2018, arXiv:1801.05916. [Google Scholar]
  4. Silva, M.B.D.D.; Silva, E.C.; Filho, F.A.D.C.; Garcia, T.M.; Nunes, I.D.; do Nascimento, R.P.C. Public ICT Governance: A Quasi-Systematic Review; ICEIS (2); SciTePress: Setúbal, Portugal, 2017; pp. 351–359. ISBN 978-989-758-249-3. [Google Scholar] [CrossRef]
  5. Miralles-Quirós, M.; Miralles-Quirós, J.; Valente Gonçalves, L. The value relevance of environmental, social, and governance performance: The Brazilian case. Sustainability 2018, 10, 574. [Google Scholar] [CrossRef]
  6. Canedo, E.D.; da Costa, R.P.; de Sousa Júnior, R.T.; Nze, G.D.A. Best Practices Kits for the ICT Governance Process within the Secretariat of State-Owned Companies of Brazil and Regarding these Public Companies. Information 2018, 9, 141. [Google Scholar] [CrossRef]
  7. Ministerio do Planejamento, G.e.D. Kits de Governanca de TIC. MP; 2018. Available online: (accessed on 3 April 2019).
  8. Team, S.U. Standard CMMI Appraisal Method for Process Improvement (SCAMPI) A, Version 1.3: Method Definition Document; CMU/SEI-2011-HB-001; Carnegie Mellon University, Software Engineering Institute: Pittsburgh, PA, USA, 2011. [Google Scholar]
  9. Joshi, P.; Islam, S. E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries. Sustainability 2018, 10, 1882. [Google Scholar] [CrossRef]
  10. Vitoriano, M.A.V.; Souza Neto, J. Information technology service management processes maturity in the Brazilian Federal direct administration. JISTEM-J. Inf. Syst. Technol. Manag. 2015, 12, 663–686. [Google Scholar] [CrossRef]
  11. Pereira, L.C.B. Managerial public administration: Strategy and structure for a new state. J. Post Keynes. Econ. 1997, 20, 7–23. [Google Scholar] [CrossRef]
  12. Luciano, E.M.; Wiedenhöft, G.C.; dos Santos, F.P. Promoting social participation through digital governance: Identifying barriers in the brazilian public administration. In Proceedings of the 19th Annual International Conference on Digital Government Research: Governance in the Data Age, Delft, The Netherlands, 30 May–1 June 2018; ACM: New York, NY, USA, 2018; pp. 49:1–49:9. [Google Scholar]
  13. Fernandes, C.C.C.; de Moura Palotti, P.L. Professionalizing bureaucracy and building state capacities: Unequal advances in Brazilian public administration? Rev. Adm. Pública 2019. [Google Scholar] [CrossRef]
  14. Ministerio do Planejamento, G.e.D. Informações Organizacionais. MP; 2019. Available online: (accessed on 2 October 2019).
  15. Rusu, L.; Viscusi, G. Information Technology Governance in Public Organizations: Theory and Practice; Springer: Berlin/Heidelberg, Germany, 2017; Volume 38. [Google Scholar]
  16. França, A.; da C. Figueiredo, R.M.; Venson, E.; Silva, W. Storytelling on the implementation of a Decentralized Model for Software Development in a Brazilian Government Body. In Proceedings of the 17th International Digital Government Research Conference on Digital Government Researc, Shanghai, China, 8–10 June 2016; ACM: New York, NY, USA, 2016; pp. 388–396. [Google Scholar]
  17. ISACA. COBIT 5: A Business Framework for the Governance and Management of Enterprise IT, 2013; ISACA, 2014. Available online: (accessed on 2 March 2019).
  18. Bernard, P. COBIT® 5-A Management Guide; Van Haren, 2012. Available online: (accessed on 2 March 2019).
  19. Samchynska, Y.; Vinnyk, M. Decision Making in Information Technologies Governance of Companies. ICTERI. In CEUR Workshop Proceedings; Aachen, Germany, 2017; Volume 844, pp. 96–110. Available online: (accessed on 2 March 2019).
  20. Balocco, R.; Ciappini, A.; Rangone, A. ICT Governance: A Reference Framework. Inf. Syst. Manag. 2013, 30, 150–167. [Google Scholar] [CrossRef]
  21. Lunardi, G.L.; Maçada, A.C.G.; Becker, J.L. IT Governance Effectiveness and Its Antecedents: An Empirical Examination in Brazilian Firms. In Proceedings of the 2014 47th Hawaii International Conference on System Sciences, Waikoloa, HI, USA, 6–9 January 2014; pp. 4376–4385. [Google Scholar] [CrossRef]
  22. Ramos, K.H.C.; Vieira, T.P.B.; da Costa, J.P.C.L.; de Sousa Júnior, R.T. Multidimensional analysis of critical success factors for IT Governance within the Brazilian Federal Public Administration. The Light of External Auditing Data. 12th International Conference on Information Systems and Technology management—Contecsi. 2015. Available online: (accessed on 12 March 2019).
  23. Ramos, K.H.C.; de Sousa Junior, R.T.; Vieira, T.P.; da Costa, J.P.C.L. Discovering Critical Success Factors for Information Technologies Governance through Bibliometric Analysis of Research Publications in This Domain. Int. Inf. Inst. (Tokyo). Inf. 2016, 19, 2193. [Google Scholar]
  24. da Silva, C.J.N.; Fortes, D.X.; do Nascimento, R.P.C. ICT Governance, Risks and Compliance—A Systematic Quasi-Review; ICEIS (3); SciTePress: Setúbal, Portugal, 2017; pp. 417–424. [Google Scholar]
  25. Federal Court of Accounts GET. IT Governance Evaluation Techniques for Information Technology. In Internacional Organization of Supreme Audit Institutions (Intosai). Working Group of Information Technology (WGITA); 2016; Volume 1. Available online: (accessed on 2 March 2019). [Google Scholar]
  26. Guarantees, B.; Agency, F.M.; Brazilian Guarantees and Fund Managements Agency (ABGF). ABGF. 2019. Available online: (accessed on 16 April 2019).
  27. Yin, R.K. Case study Research and Applications: Design and Methods, 6th ed.; Sage Publications: London, UK, 2017; ISBN 9781506336169. [Google Scholar]
  28. Marshall, C.; Brereton, P.; Kitchenham, B.A. Tools to support systematic reviews in software engineering: A cross-domain survey using semi-structured interviews. In Proceedings of the 19th International Conference on Evaluation and Assessment in Software Engineering, Nanjing, China, 27–29 April 2015; ACM: New York, NY, USA, 2015; pp. 26:1–26:6. [Google Scholar]
  29. Kontio, J.; Lehtola, L.; Bragge, J. Using the focus group method in software engineering: Obtaining practitioner and user experiences. In Proceedings of the 2004 International Symposium on Empirical Software Engineering, ISESE’04, Redondo Beach, CA, USA, 19–20 August 2004; IEEE: Piscataway, NJ, USA, 2004; pp. 271–280. [Google Scholar]
  30. Fink, A. How to Conduct Surveys: A Step-by-Step Guide; Sage Publications: London, UK, 2015; 164p, ISBN 9781483378480. [Google Scholar]
  31. Kitchenham, B.; Pfleeger, S.L. Principles of survey research: part 5: Populations and samples. ACM SIGSOFT Softw. Eng. Notes 2002, 27, 17–20. [Google Scholar] [CrossRef]
  32. Lubiano, M.A.; Salas, A.; de la Rosa de Sáa, S.; Montenegro, M.; Gil, M.Á. An Empirical Analysis of the Coherence Between Fuzzy Rating Scale-and Likert Scale-Based Responses to Questionnaires. SMPS. In Advances in Intelligent Systems and Computing; Springer: Berlin/Heidelberg, Germany, 2016; Volume 456, pp. 329–337. [Google Scholar]
  33. Nemoto, T.; Beglar, D. Likert-Scale Questionnaires. In JALT 2013 Conference Proceedings; 2014; pp. 1–8. Available online: (accessed on 16 April 2019).
  34. Salem, F. Brainstorming the Nation through Social Media: Emerging Open Governance in Closed Contexts? In Proceedings of the 9th International Conference on Theory and Practice of Electronic Governance, Montevideo, Uruguay, 1–3 March 2016; ACM: New York, NY, USA, 2016; pp. 390–391. [Google Scholar]
  35. Santanen, E.L.; Briggs, R.O.; de Vreede, G. A cognitive network model of creativity: A renewed focus on brainstorming methodology. In ICIS 1999 Proceedings; Association for Information Systems, 1999; pp. 489–494. Available online: (accessed on 17 March 2019).
  36. Levänen, J.O.; Hukkinen, J.I. A methodology for facilitating the feedback between mental models and institutional change in industrial ecosystem governance: A waste management case-study from northern Finland. Ecol. Econ. 2013, 87, 15–23. [Google Scholar] [CrossRef]
  37. Mazza, R.; Berre, A. Focus Group Methodology for Evaluating Information Visualization Techniques and Tools. In Proceedings of the 2007 11th International Conference Information Visualization (IV’07), Zurich, Switzerland, 4–6 July 2007; pp. 74–80. [Google Scholar] [CrossRef]
  38. Wattenberg, T.L. Online focus groups used as an accessible participatory research method. In Proceedings of the 7th International ACM SIGACCESS Conference on Computers and Accessibility, Baltimore, MD, USA, 9–12 October 2005; ACM: New York, NY, USA, 2005; pp. 180–181. [Google Scholar]
  39. Hove, S.E.; Anda, B. Experiences from Conducting Semi-structured Interviews in Empirical Software Engineering Research. In Proceedings of the 11th IEEE International Software Metrics Symposium (METRICS’05), Balimore, MD, USA, 19–22 September 2005; p. 23. [Google Scholar] [CrossRef]
  40. Clementi, S.; Carvalho, T.C.M.B. Methodology for IT Governance Assessment and Design. In Project E-Society: Building Bricks; I3E; IFIP; Springer: Berlin/Heidelberg, Germany, 2006; Volume 226, pp. 189–202. [Google Scholar]
Figure 1. Organizational structure of the brazilian public administration.
Figure 1. Organizational structure of the brazilian public administration.
Information 10 00327 g001
Figure 2. Processes of the ICT Governance Kit.
Figure 2. Processes of the ICT Governance Kit.
Information 10 00327 g002
Figure 3. Methodology adopted in the Implementation of the Pilot in the ABGF.
Figure 3. Methodology adopted in the Implementation of the Pilot in the ABGF.
Information 10 00327 g003
Figure 4. Proposed methodology for the implementation of the ICT Governance Kit.
Figure 4. Proposed methodology for the implementation of the ICT Governance Kit.
Information 10 00327 g004
Figure 5. Sub-process details.
Figure 5. Sub-process details.
Information 10 00327 g005
Table 1. Specific Dimensions and Themes Proposed by TCU to Calculate iGovIT [25].
Table 1. Specific Dimensions and Themes Proposed by TCU to Calculate iGovIT [25].
IDDimensionContextSpecific Themes
1Leadership of Senior ManagementEvaluates key elements of corporate governance and ICT.Corporate Governance System, ICT Governance System, ICT Results, ICT Risks, ICT Personnel, Transparency of Management and Use of ICT, Monitoring of ICT Governance and Management, and Internal Audit Capability.
2Strategies and PlansEvaluates the management controls of strategies and corporate and ICT plans.Strategic Planning and ICT Planning.
3InformationsEvaluates information management controls, including transparency practices.Computerization of organizational processes and Transparency of information on the management and use of ICT.
4PeopleEvaluates people management controls.Development of ICT skills, ICT staff performance and how ICT management is in the hands of the people within the effective framework of the organization.
5ProcessesRefers to process management controls in ICT.ICT Service Management, ICT Service Level Management, ICT Risk Management, Information Security Management, Software Process, ICT Project Management, ICT Contracting, ICT Contracting Process, Process of Management of ICT Contracts and ICT Hiring Profile.
6ICT ResultsRefers to the organization’s performance in the management and use of ICT.Assesses the organization’s ability to define and achieve ICT objectives, manage ICT projects, provide services that support organizational processes, and provide citizen/client services via the Internet.
Table 2. Profile of the case study participants.
Table 2. Profile of the case study participants.
IDProfileICT Governance Experience
1SUAFI15 years
2SUAFI3 years
3GEGOV20 years
4GEGOV5 years
5GETEC10 years
6GETEC2 years
7SEST19 years
8SEST19 years
9Professor15 years
10Master Student2 years
11Master Student2 years
Table 3. Processes to be implemented in the pilot.
Table 3. Processes to be implemented in the pilot.
Process ID in the KitProcess NameKit
04Continuity Management of the ICT Services3
01ICT Risk Management Process2
06 and 07Software Development Process1 and 2
06Project management3
08Change management3
Table 4. Processes implemented in the pilot.
Table 4. Processes implemented in the pilot.
Process ID in the KitProcess NameKit
AddedBusiness Continuity Management1
04ICT Service Continuity Management3
01ICT Risk Management Process2
01ICT Committee1
04Information Communication Technology Master Plan (ICT) (PDICT)1
06 and 07Software Development Process1 and 2
06Project management3
08Change management3
Back to TopTop