Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 11

Proceedings of the 2017 Federated Conference on Computer Science and Information Systems

IT Governance Program and Improvements in Brazilian Small Business: Viability and Case Study

, , ,

DOI: http://dx.doi.org/10.15439/2017F410

Citation: Proceedings of the 2017 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 11, pages 961964 ()

Full text

Abstract. Small companies have the potential to be agile, flexible and informal - it is believed that this is possible due to the fact that these companies are usually formed by few members (up to 9 people -- statistic average in Brazil). This usually means that there is more synergy among these professionals because they tend to have more than a single role inside the company. With such role versatility, it is understandable that those professionals have to multitask and/or split their working hours among different kinds of demands: that may cause difficulties in planning, development, verification and improvement of internal processes. This article brings a case study where the COBIT 5.0 toolkit (Process Assessment Model) was used to identify internal processes that needed improvement within the studied company. In order to improve the selected processes, ABNT NBR ISO/IEC 12207 was tailored concerning the company's needs. Additionally, it was applied the PDCA cycle of continuous improvement and it was also proposed the adoption of an agile methodology, SCRUM, to integrate internal activities and processes.


  1. SEBRAE, “Micro e Pequenas Empresas em Número.” Available at: http://www.sebraesp.com.br/index.php/234-uncategorised/institucional/pesquisas-sobre-micro-e-pequenas-empresas-paulistas/micro-e-pequenas-empresas-em-numeros
  2. J. K. Guevara, L. Hall and E. Stegman, “IT Key Metrics Data 2014: Key Applications Multiyear.” Gartner. December 16th, 2013.
  3. G. Concas, M. Marchesi, G. Destefanis, R. Tonelli. "An empirical study of software metrics for assessing the phases of an agile project." International Journal of Software Engineering and Knowledge Engineering 22, no. 04 (2012): 525-548. http://dx.doi.org/10.1142/S0218194012500131
  4. J. S. Persson, L. Mathiassen, I. Aaen. "Agile distributed software development: enacting control through media and context." Information Systems Journal 22, no. 6 (2012): 411-433.Persson, Mathiassen and Aaen (2012). http://dx.doi.org/10.1111/j.1365-2575.2011.00390.x <link:dx.doi.org/10.1142/S0218194012500131>
  5. Standish Group International Inc., “Extreme Chaos Report”, 2001. Available at: https://courses.cs.ut.ee/MTAT.03.243/2013_spring/uploads/Main/standish.pdf
  6. F. McGovern, “Managing Software Projects with Business-Based Requirements.” IEEE Software. IEEE Computer Society. IT Professional, Volume:4, Issue:5. 2002. Available at: http://ieeexplore.ieee.org/xpl/abstractAuthors.jsp?arnumber=1041174 - http://dx.doi.org/10.1109/MITP.2002.1041174
  7. S. Gupta. "SOX Compliant Agile Processes." In Agile, 2008. AGILE'08. Conference, pp. 140-143. IEEE, 2008.Gupta (2008). DOI 10.1109/Agile.2008.48
  8. ABNT – ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS. “NBR ISO/IEC 12207 – Tecnologia de informação - Processos de ciclo de vida de software.” Rio de Janeiro: ABNT, 1998, 35 p. Available at: http://aulasprof.6te.net/Arquivos_Aulas/06-qualidade_Soft/ABNT_NBR_ISO_12207.pdf
  9. M. Fowler, et al, “Manifesto for agile software development” Available at: http://agilemanifesto.org
  10. SCRUMSTUDY. “A Guide to the SCRUM Body of Knowledge - SBOK GUIDE”. Phoenix, Arizona, USA: VMEdu, Inc., 2013.
  11. Quality Assurance Mentor. “PDCA Cycle.” Available at: http://www.quality-assurance-mentor.com/software-quality-assurance.html
  12. Reserva em revista. “Ciclo PDCA.” Available at: http://necs.preservaambiental.com/ciclo-pdca-abordagem-de-processo-e-escopo-do-sistema-de-gestao-ambiental/
  13. C. Larman “Agile & Iterative Development: A Manager's Guide.” Addison-Wesley Professional. ISBN 0-13-111155-8. 2004.
  14. M. S. Silva. "GAIA Modelo de maturidade para aquisição de software". Universidade Estadual de Londrina, Paraná, Brazil. 2016.
  15. Irrazabal, et al, “Applying ISO/IEC 12207:2008 with Scrum and Agile Methods”, Universidad Rey Juan Carlos, Madrid, España. 2011.
  16. M. Tomanek, T. Klima. "Penetration Testing in Agile Software Development Projects." arXiv preprint https://arxiv.org/abs/1504.00942 (2015). http://dx.doi.org/10.5121/ijcis.2015.5101
  17. N. Ozkan. "Risks, Challenges and Issues in a Possible Scrum and COBIT Marriage." In Software Engineering Conference (APSEC), 2015 Asia-Pacific, pp. 111-118. IEEE, 2015.  - http://dx.doi.org/10.1109/APSEC.2015.29
  18. P. Bunyakiati and P. Surachaikulwattana. "Fit between Agile practices and organizational cultures." In Computer Science and Software Engineering (JCSSE), 2016 13th International Joint Conference on, pp. 1-6. IEEE, 2016. - http://dx.doi.org/10.1109/JCSSE.2016.7748915
  19. C. Christof, and K. Shankar. "Industry Trends 2017." IEEE Software 34, no. 2 (2017): 112-116. - http://dx.doi.org/10.1109/MS.2017.55
  20. Standish Group International Inc., “THE CHAOS MANIFESTO”, 2012. Available at: https://cs.calvin.edu/courses/cs/262/kvlinden/resources/CHAOSManifesto2012.pdf
  21. S. Hastie, S. Wojewoda, “Standish Group 2015 Chaos Report - Q&A with Jennifer Lynch”. Oct 04, 2015. Available at: https://www.infoq.com/articles/standish-chaos-2015
  22. N. Ozkan, A. Tarhan, C. Kucuk. "Scrum at Scale in a COBIT Compliant Environment: The Case of Turkiye Finans IT." (2017).Ozkhan, Tarhan e Kucuk (2017)
  23. A. G. Vallerão, L. K. Roses. "Monitoramento e controle de projetos de desenvolvimento de Software com o Scrum: avaliação da Produção Científica." Revista de Gestão e Projetos 4, no. 2 (2013): 100. http://dx.doi.org/10.5585/gep.v4i2.154
  24. V. Mahnic, N. Zabkar. "Using COBIT indicators for measuring scrum-based software development." Wseas transactions on computers 7, no. 10 (2008): 1605-1617.Mahnic, Zabkar (2008)