Maturity assessment of IT risk management processes: support tool for quality and efficiency of process

Information technology has a key role in the organizations, acting as an strategic component in their business processes. The use of risk management in the context of IT Governane is a critical success factor towards reaching the organization ' s strategic goals. However, the adoption of risk management alone is not enough to garantee that its application will bring expected results. More and more organizations have searched for knowledge of how efficient their processes have been developed, including risk management processes. This is how they get to know their efficiency level in a determined scale, by knowing their deficiencies and thus making new plans to embetter their processes and to compare their performance in relation to other similar organizations. Due to the diversity of existing maturity models and their characteristics, this article presents the results of a comparative study with the main maturity models in the market, by selecting a specific one that can be applied to IT risk management processes, chosen via the application of AHP technique - Analytic Hierarchy Process - and as then proposes an instrument that can be used for the evaluation of IT risk management maturity. We believe that this instrument can be of general used by any organization.