Sevastianov, A. "Mizhnarodni standarty system uprav-linnia dlia vyrishennia problem bezpeky i staloho rozvytku" [International Standards for Management Systems for Solving Security and Sustainable Development]. Standartyzatsiia. Ser-tyfikatsiia. Yakist, no. 4 (2012): 41-49.
Zharikov, E. V. "Osnovnyye napravleniya optimizatsii IT-infrastruktury uchebnykh zavedeniy" [The main directions of optimization of IT infrastructure of educational institutions]. Visnyk Skhidnoukrainskoho natsionalnoho universytetu imena Volodymyra Dalia, no. 3 (157) (2011): 66-71.
UDC 65.01
DIAGNOSING THE MATURITY LEVEL OF IT PROCESSES AT THE ENTERPRISE
®2018 SKRYNKOVSKYY R. M.
UDC 65.01
Skrynkovskyy R. M. Diagnosing the Maturity Level of IT Processes at the Enterprise
The article is aimed at substantiating theoretical provisions and developing practical recommendations to improve diagnostics of the maturity level of IT processes at the enterprise. It is determined that today at any enterprise using information systems and technologies (in the spheres of management, administration and IT law), business goals cannot be achieved without achieving IT goals, and IT goals, accordingly, cannot be achieved without the optimal maturity level of IT processes. It is determined that diagnostics of the maturity level of IT processes at the enterprise is the process of identification, analysis and estimation of the level of performance of IT processes in the field of IT management (taking account of the risk assessment inherent in IT) with the purpose of making reasonable managerial decisions directed on achievement of desirable result of activity of enterprise in the systems of «effect - result», «goal - means - result» and «data - information - knowledge».
Keywords: enterprise, information systems and technologies, IT processes, business goals, management and administration, Standard of CobiT®4.1, diagnostics. Fig.: 4. Formulae: 3. Bibl.: 28.
Skrynkovskyy Ruslan M. - PhD (Economics), Associate Professor of the Department of Business Economy and Information Technology, Lviv University of Business and Law (99 Kulparkivska Str., Lviv, 79021, Ukraine) E-mail: uan_lviv@ukr.net
УДК 65.01
Скринькоеський Р. М. Дагностика piеня зр'шостi 1Т-процеав на nidnpueMcmei
Метою cmammi е об(рунтування теоретичних положень та розроб-лення практичних рекомендацй з удосконалення дiагностики рiвня зршост'> 1Т-процеав на тдприемств'!. Встановлено, що сьогодт на будь-якому тдприемствi, яке використовуе iнформацiйнi системи та технологи (у сферах управл'шня та адмнстрування й 1Т-права), цл не можуть бути досягнутi без досягнення фей 1Т, а 1Т-цЫ, Bid-пов'дно, не можуть бути досягнутi без оптимального рюня зр'шостi 1Т-процеав. Визначено, що д'шгностика рiвня зршост'> IT-процеав на тдприемствi- це процес 'дентиф'жаци, анал'ву й оцнювання р'юня ре-зультативностi 1Т-процеав у сферi управл'шня 1Т (з урахуванням о^нки ризиюв, притаманних 1Т) з метою прийняття об(рунтованих управ-лнських ршень, що спрямован на досягнення бажаного результату д'тльност'> тдприемства в системах «ефект - результат», «цль - за-аб- результат» та «дан - iнформацiя - знання». Ключое'1 слова: тдприемство, iнформацiйнi системи та технологи, IT-процеси, бiзнес-цiлi, управлшня та адмнстрування, стандарт CobiT®4.1, д'шгностика. Рис.: 4. Формул: 3. Б'бл.: 28.
Скринькоеський Руслан Миколайоеич - кандидат економiчних наук, доцент кафедри економки тдприемств та нформа^йних техноло-гй, Льв'>вський ушверситет б'внесу та права (вул. Кульпартська, 99, Льв'т, 79021, Украна) E-mail: uan_lviv@ukr.net
УДК 65.01
Скрынькоеский Р. Н. Диагностика уровня зрелости ИТ-процессов на предприятии
Целью статьи является обоснование теоретических положений и разработка практических рекомендаций по совершенствованию диагностики уровня зрелости ИТ-процессов на предприятии. Установлено, что сегодня на любом предприятии, использующем информационные системы и технологии (в сферах управления и администрирования и ИТ-права), бизнес-цели не могут быть достигнуты без достижения целей ИТ, а ИТ-цели, соответственно, не могут быть достигнуты без оптимального уровня зрелости ИТ-процессов. Определено, что диагностика уровня зрелости IT-процессов на предприятии - это процесс идентификации, анализа и оценки уровня результативности ИТ-процессов в области управления ИТ (с учетом оценки рисков, присущих ИТ) с целью принятия обоснованных управленческих решений, направленных на достижение желаемого результата деятельности предприятия в системах «эффект - результат», «цель - средство -результат» и «данные - информация - знания». Ключееые слоеа: предприятие, информационные системы и технологии, IT-процессы, бизнес-цели, управление и администрирование, стандарт CobiT®4.1, диагностика. Рис.: 4. Формул: 3. Библ.: 28.
Скрынькоеский Руслан Николаееич - кандидат экономических наук, доцент кафедры экономики предприятий и информационных технологий, Львовский университет бизнеса и права (ул. Кульпарковская, 99, Львов, 79021, Украина) E-mail: uan_lviv@ukr.net
The modern practice of doing business in Ukraine proves that nowadays information technologies and created on their basis special integrated information systems used in management systems become an irreplaceable tool in achieving strategic goals and sustainable development of enterprises. In such circum-
stances, measuring the level of effectiveness of IT processes in an enterprise is quite relevant and important.
Results of the analysis of the data presented in the literature sources [1-27] indicate that certain problems (aspects) in the sphere of development (formation), use, and development of IT processes in enterprises (in
Б1ЗНЕС1НФОРМ № 4 '2018
www.business-inform.net
the context of management and administration, and IT law) were investigated by such scientists and experts as T. Bachynskyi, P. Herasym, V. Huzhva, O. Zaritskyi, V. Zaiats, S. Lobov, A. Pohorilyi, S. Telenyk, O. Toma-shevskyi, E. Humphreys, C. Shannon, and others. But, alongside with recognizing their significant scientific and practical contribution to the research and development of certain aspects of the problem, it should be noted that insufficient attention is paid to diagnosing the level of maturity of IT processes in an enterprise. All this has determined the relevance of the presented research, defined its theme, aim and objectives.
The aim of the article is substantiating theoretical provisions and developing practical recommendations to improve diagnosing the level of maturity of IT processes in an enterprise.
Achievement of the set goal has necessitated the resolution of such scientific problems as:
1) clarifying the essence of the category of "management information system" and presenting the main components of the standard structure of an information system;
2) proposing a list of general functions for managing the functional subsystem of typical information system structures;
3) identifying the relationship between business goals (enterprise goals), IT objectives and IT processes, and consider the system of IT processes in accordance with CobiT®4.1 (IT Governance Institute, 2007);
4) developing recommendations to improve diagnosing the level of maturity of IT processes in an enterprise (in the context of management and administration and IT law).
Based on the analysis of the data presented in the literature on the problem [1-27], it is established that
1. A management information system (MIS) should be considered as a set of organizational and technical means (or technical means of data processing, software, and relevant personnel) for the collection, transmission, processing and storage of information for a certain level of management (strategic, tactical, operational) for the purpose of providing information needs of users (controlling (subject) and controlled (object) systems) [2, p. 4-5; 4, p. 100; 18].
2. The main components of the typical IS structure
are:
+ functional components (functional subsystems (modules, business applications), functional tasks, models and algorithms that determine and / or ensure the performance of the system of management functions); + components of the data processing system (information support, software (system-wide, special), technical support, legal support, linguistic support, etc.);
+ organizational components (new organizational structure of the enterprise, personnel (staffing schedule, job descriptions, etc.) [2, p. 28].
3. It is recommended to select the composition of the functional tasks of the functional management subsystems taking into account such generic management functions as [2, p. 31; 18; 20, p. 102; 28]:
+ control;
+ planning, based on the main goal; + action (organization and execution); + coordination and corrective actions (regulation); + accounting system (including: business accounting, statistical, operational and technical, and management accounting); + diagnostics (technical, economic, legal) with such sub-functions as identification of the state and capabilities; reasoning-based analysis; assessment of the state, trends, and prospects for development.
4. Today, at any enterprise that uses ISs and technologies (in the spheres of management, marketing, finance, accounting, innovation, and training, at the intersection of branches of law and IT, etc.), business goals (driving factors of corporate governance, business outcomes) cannot be achieved without achieving IT goals, and, accordingly, IT goals cannot be achieved without achieving the optimal level of maturity of IT processes. In IT governance the maturity of IT processes indicates the maturity of specific IT functions (solving functional tasks of IS) [14; 25]. In the focus of IT governance are:
+ coherence with the strategy; + ensuring value; + managing resources; + managing risks; + assessing efficiency, etc. [23-26].
5. According to the balanced system of business indicators (indicators, parameters) by R. Kaplan and D. Norton (Balanced Scorecard - BSC) [6; 9, p. 57], it is possible to single out such business goals of strategic management in an enterprise (within the four projections of the BSC: finance, clients, internal business processes, training and career growth) as
+ goals related to financial prospects (the value of business investment for stakeholders, portfolio of competitive products and services, business risk management, compliance with laws and regulations, financial transparency); + goals related to customer prospects (customer-oriented service culture, continuity and availability of business services, flexible responses to changing (complex, multifaceted, dynamic, and uncertain) business environment, information based on strategic decisions, optimization of service costs); + goals related to internal prospects (optimization of business process functionability, optimization of expenses on business processes, business
BI3HECIHQOPM № 4 '2018
www.business-inform.net
change programs, operational productivity and staff productivity); + goals related to training and growth (compliance with internal policies, qualified and motivated people, culture of business innovation and new products) [14].
6. The basis of any process, including an IT process, is a certain (specific) technology, the components of which are:
+ the purpose of the process implementation; + the object subject to technological changes; + techniques and methods of impact; + means of technological impact; + order and organization opposed to spontaneous processes [20, p. 6].
7. Modern computer information technologies are based on artificial intelligence systems, which can be conditionally divided into the following 3 groups:
+ intelligent information retrieval systems; + computing and logical systems; + expert systems [5, p. 287].
8. CobiT® [1] (IT Governance Institute, 2007) notes that IT processes should be grouped into the following interrelated spheres of activity (or IT responsibilities): + plan and organize (PO); + acquire and implement (AI); + deliver and support (DS) + monitor and evaluate (ME) (Fig. 1) [7, p. 147148; 25].
At the same time, it has been established that effective IT governance contributes to achieving business goals of strategic management of enterprise activities, optimization of IT investments and, accordingly, allows to optimally manage risks and opportunities related to IT. Diagnostics of IT processes is a key component of process management [25].
PLAN AND ORGANIZE (PO) -Provides direction to solution delivery (AI) and service delivery (DS):
1) elaboration of a strategic plan of IT development; 2) formation of information architecture; 3) determination of the direction of technological development; 4) formation of processes, organizational structure and interrelations for IT; 5) management of IT investments; 6) provision of information about strategic goals and directions of IT development; 7) management of IT staff; 8) quality management; 9) evaluation and management of IT risks; 10) project management
A
ACQUIRE AND IMPLEMENT (AI) -
provides the solutions and services:
1) provision of automation solutions;
2) acquisition and support of basic (system-wide) and applied (special) software;
3) acquisition and maintenance of technological infrastructure;
4) provision of its operation and use;
5) purchase of IT resources;
6) change management;
7) introduction and accreditation of IT solutions and changes
< ►
A
DELIVER AND SUPPORT (DS) -
receives the solutions and makes them usable for end users:
1) identification and management of the levels of service delivery;
2) management of services of third-party organizations;
3) management of productivity and capacity;
4) provision of the continuity of service delivery;
5) provision of the security of systems;
6) identification and allocation of costs;
7) training users;
8) management of technical support and incidents;
9) configuration management;
10) problem management;
11) data management;
12) management of the physical environment (equipment);
13) management of operational activities
A
jr
A V
MONITOR AND EVALUATE (ME) -
monitors all process to ensure that the direction provided is followed:
1) monitoring and evaluation of IT effectiveness;
2) monitoring and evaluation of the internal control system;
3) provision of compliance with external requirements (standards);
4) provision of IT governance system
Fig. 1. The system of IT processes (according to CobiT® 4.1) Source: [7, p. 147-148; 25] (Materials of IT Governance Institute).
BI3HECIHQOPM № 4 '2018
www.business-inform.net
Thus, diagnosing the level of maturity of IT processes in an enterprise is the process of identifying, analyzing and evaluating the level of IT process performance in the field of IT governance (taking into account risks inherent in IT) in order to make well-founded management decisions (concerning functioning, development) directed to achieve the desired (necessary) result of the enterprise's performance in the systems "effect-result', "goal-means-result" and "data-information-knowledge" [14; 25], based on:
1) the metric of defining the constant of "result" (in economic studies) (Fig. 2) and the economic and mathematical model (the system of equations) to determine the performance result presented by the formula (1):
f (R + ) = 1t, • E+- p,, with E, > 0 i=i
m
f (R - ) = y tj < E-• pj, with Ej < 0
R =
-j^J f] j=i
k
f (R0) = 1 te • E° • pe, with Ee = 0
J=1
Time
Information
Requirments, Opportunities (Treats), Control
Fig. 2. The metric of defining the constant of "result" in economic studies
2) a four-dimensional model for evaluating the performance of business processes in an enterprise (Fig. 3) by nature of result formation (basic, supporting ones, business management process, and business development processes [3]) and the economic and mathematical model for assessing the level of quality of enterprise development presented by the formula (2):
Qdr =4DR =
y pm Pl(1 - Pn ) ¿1
100%
(2)
(1)
n m k
1 =11, + y tj te, i=1 J=1 J=1
n+m+k
with t1 > 0, tj > 0, te > 0 y p1 = 1,
,=1
where R - the performance result; E+ and Er- positive and negative economic effects; E0 - uncertain economic effects, that is, the implementation of economic risks (perceived and unperceived ones); t, tj and te - target-based coefficients;pi - probability of implementing a certain type of economic effect [11, p. 23];
Resources
where QDR - the level of quality of the enterprise's development; D - the coefficient of zero defect production; R - the coefficient of smooth production flow; P1 - the volume of marketable products; Pn - the share (specific weight) of defective products in the marketable products; i = 1 ... t - the number of periods in a year, by which the comparison of planned and actual volumes of production
is carried out; P1i , % - the minimum share of marketable products as compared to the annual equivalent between the planned production program and the actual one [9, p. 274-275].
Reliability, Safety, Quality
!
Performance
Effectiveness
Flexibility (Adaptability)
Efficiency
Source: improved based on [1; 11, p. 25; 17].
Fig. 3. The four-dimensional model for evaluating the performance of business processes in an enterprise Source: improved based on [12, p. 170; 16; 21; 25].
In this context, special attention should be paid to the scientific work by A. Melnik [9], which states that enterprise development as a category (concept) can be viewed from several perspectives, namely: development as a result, development as a process, development as dynamics, development as regularity, development as a property [9, p. 261];
3) the model of IT process maturity (in three dimensions: capability, coverage and control) and that of a comprehensive system for controlling IT processes in an enterprise (Fig. 4) [25] (in the system of organization of work and production), with consideration for:
+ the "golden rule of enterprise economy" presented by the formula (3);
+ the features, place and roles of IT law (arising from the state of the IT market) at the intersection of the branches: law, management and IT.
T > T2 > T > 100%, (3)
where T1 - the rate of increase (decrease) in profit; T2 -the rate of increase (decrease) in sales volume; T3 - the rate of increase (decrease) in the value of assets (the balance sheet total) [8, p. 139].
CONCLUSIONS
The analysis of the data presented in the literature [1-27] and the results of the studies show:
1. Today, at any enterprise that uses information systems and technologies (in the spheres of management, marketing, finance, accounting, innovation, training, at the intersection of law and IT, etc.), business goals cannot be achieved without achieving IT goals, and IT goals,
ACT
CONTROL INFORMATION
Fig. 4. The model for controlling IT process in an enterprise (according to CobiT® 4.1) Source: [25] (Materials of IT Governance Institute).
Taking into account the above mentioned, it is also worth noting that IT law is a new round of jurisprudence to solve practical problems related to: 1) the sphere of legal regulation of information relations, innovations, technology transfer; 2) e-commerce and trade; 3) electronic document management, structure of contracts and features of taxation in IT; 4) information security and information protection in IT; 5) security and protection of intellectual property rights in IT; 6) cyber-security, cybercrime [16; 21] and legal liability for violation of IT law, etc. [13; 27].
At the same time, it was found that a competently designed and built IT infrastructure creates a number of advantages for business (enterprises), the main of which are: 1) increase of profitability; 2) optimization of expenses (fixed, variable); 3) increase of efficiency and performance of business processes and goal-directed technological processes (automatic processes, programmable technologies, vocational technologies, scientific and technical technologies, scientific research technologies, chaotic processes [20, p.6]) [19].
Pabulum for reflection: at the World Economic Fo-rum-2018 (Davos, Switzerland), within the framework of the forum of young leaders of Global Shapers Community, Ma Yun, the richest man in China, said: "If we do not change the way we teach, 30 years from now we're going to be in trouble. The knowledge-based approach... would "fail our kids", who would never be able to compete with machines. Children should be taught "soft skills" like independent thinking, values and team-work. All we learn must differ from the skills of machines ..." [10].
respectively, cannot be achieved without achieving the optimal level of maturity of IT processes.
2. Diagnosing the level of maturity of IT processes in an enterprise is the process of identifying, analyzing and evaluating the level of IT process performance in the field of IT governance (taking into account the risks inherent in IT) in order to make well-founded management decisions aimed at achieving the desired (necessary) result of the enterprise's activity in the systems "effect - result', "goal - means - result" and "data - information -knowledge" based on:
+ the main analytical dependencies revealing the effectiveness of the performance in the system of result "information-resources-time-requirements, opportunities (threats), control"); + the models for determining the performance of business processes in an enterprise (in four dimensions: effectiveness, profitability, flexibility (adaptability), reliability, safety, quality) and the economic and mathematical model for assessing the level of quality of enterprise development (for such indicators as: zero defects and smooth production flow); + the model of IT process maturity (in three dimensions: capability, coverage and control) and that of a comprehensive system for monitoring IT processes in an enterprise (in the system of organization of work and production), taking into account the "golden rule of enterprise economy"; features, place and role of IT law (arising from the state of the IT market) at the intersection of the branches: law, management and administration, and IT.
3. Using information systems and technologies in enterprise management will "kill" part of jobs, but they will not be as wise as people who can find the right solutions in this direction.
The prospect for further research in this direction is improving the system of subgoals of economic diagnostics of an enterprise (pursues diagnosing its specific elements, spheres and activities), taking into account the presented research results. ■
LITERATURE
1. Гмиря I. Система контролю бiзнес-процесiв. Ве-ресень, 2017. URL: http://ebskiev.com/systema-kontrolyu-biznes-protsesiv.html
2. Гужва В. М. 1нформацмш системи i технологи на пщприемствах : навч. поаб. Ки'в : КНЕУ, 2001. 400 с.
3. Денисенко Л. О., Шацька С. £. Концептуальн засади класиф^ацп бiзнес-процесiв як основи формування 6Í3-нес-системи оргашзацп. Ефективна економка. 2012. № 11. URL: http://www.economy.nayka.com.ua/?op=1&z=1558
4. Зарщький О. 1нформацмш технологи аналiтично''' оцшки профеайно''' дiяльностi. npaKmu4Hi аспект iнтегра-Ц11 з системами управлiння ресурсами nidnpueMcmBa. TexHÍ4-híнауки та технологи. 2017. № 3. С. 98-106.
5. Заяць В. М. Роль шформацмних технолога у фор-муванн стратепчного мислення менеджера. Актуальнi про-блеми економки. 2009. № 6. С. 280-288.
6. Каплан Р. С., Нортон Д. П. Стратегическое единство: создание синергии организации с помощью сбалансированной системы показателей / пер. с англ. М. : ИД «Ви-льямс», 2006. 384 с.
7. Лобов С. П. Дiагностика рiвня зртосл 1Т процеав на пiдприeмствi та оцшка економiчного ефекту вщ його пщ-вищення. Економiчний вicник. 2005. № 1. С. 139-149.
8. Марченко О. I. Фiнансовi аспекти дтово''' активнос-т пщприемств. Фiнанcи Украни. 2007. № 5. С. 136-143.
9. Мельник О. Г. Системи дiагностики дiяльностi ма-шинобудiвних пщприемств: полiкритерiальна концепцiя та iнструментарiй : монографiя. Львiв : Видавництво НУ «Львв-ська полiтехнiка», 2010. 344 с.
10. Миронова I., Аблщова А. Джек Ма: 8 порад най-багатшо''' людини Китаю // K. Fund Media - шформацмний ресурс про новi можливостi. URL: https://kfund-media.com/ dzhek-ma-8-porad-najbagatshoyi-lyudyny-kytayu/
11. Олексюк О. I. Результатившсть дiяльностi пщпри-емств як основа формування 'х швестицмно''' привабливо-стi. ШестицИ: практика та доcвiд. 2009. № 3. С. 21-26.
12. Олексюк О. I. Технолопя оцшки результативност дiяльностi пщприемства. Збiрник науковихпраць Черкасько-го державного технологiчного унiверcитету. Серiя: Еконо-мШ науки. 2009. Том 2. № 22. С. 169-173.
13. Бачинський Т. В., Радейко Р. I., Харитонова О. I. Основи 1Т-права : навч. поаб. Ки'в : Юршком 1нтер. 2017. 208 с.
14. Погорший А. Новi пщходи в управлшш 1Т, або як бiзнес-цiлi пов'язанi з 1Т-процесами // Матерiали European Business Association. URL: https://eba.com.ua/article/novi-pidhody-v-upravlinni-abo-yak-biznes-tsili-povyazani-z-protsesamy/
15. Пушкарь А. И., Гаркин В. В. Использование модели зрелости ^-инфраструктуры в оценке качества инфор-
мационных систем предприятия. Вкник Сумського державного ун1верситету. Серя «Економка». 2013. № 3. С. 130-145.
16. Скриньковський Р., Павловськ Г., Гарасим П., Коропецький О. Юбернетична безпека та 6i3Hec-po3B^Ka в системi дiагностики економiчноï безпеки пiдприeмства. Path of Science. 2017. Vol. 3. No. 10. P. 5001-5009. URL: http:// dx.doi.org/10.22178/pos.27-6
17. Скриньковський Р., Павловськi Г., Ситар Л. Роз-роб ка шструментарт для забезпечення якостi трудового потен^алу промислових пiдприeмств. Path of Science. 2017. Vol. 3. No. 9. P. 3009-3018. URL: http://dx.doi.org/10.22178/ pos.26-8
18. Скриньковський Р., Павловськ Г., Гарасим П., Галелюк М. Удосконалення моделi процесу менеджменту пiдприeмства на засадах загальних функцм менеджменту. Path of Science. 2017. Vol. 3. No. 12. P. 4007-4014. URL: http:// dx.doi.org/10.22178/pos.29-7
19. Теленик С. Ф., Ролю О. I., Букасов М. М. Технолопя управлшня Инфраструктурою на основi ресурсного пщходу. ВкникЖитомирського державного технологичного утверситету. Сер1я: Техн1чн1 науки. 2008. № 4. С. 180-189. URL: http://dx.doi.org/10.26642/tn-2008-4(47)-180-189
20. Томашевський О. М., Цегелик Г. Г., В^ер М. Б., Дудук В. I. lнформацiйнi технологи' та моделювання бiзнес-процесiв : навч. поаб. Кш'в : Центр учбовоТ л^ератури, 2012. 296 с.
21. Xемфрi Е. Дiяльнiсть з кiбер-безпеки. Ршення для бiзнесу. Стандартизация. Сертификация. Яксть. 2013. № 1. С. 16-18.
22. Шеннон К. Работы по теории информации и кибернетике. М. : Изд-во иностр. лит-ры, 1963. 830 с.
23. Bin-Abbas H., Bakry S. H. Assessment of IT governance in organizations: A simple integrated approach. Computers in Human Behavior. March 2014. Vol. 32. P. 261-267. URL: https://doi.org/10.1016/j.chb.2013.12.019
24. Hardy G. Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges. Information Security Technical Report. 2006. Vol. 11. Issue 1. P. 55-61. URL: https://doi.org/10.1016/jj.istr.2005.12.004
25. IT Governance Institute (2007). CobiT® 4.1. URL: https://rn.isaca.org/Knowledge-Center/cobit/Documents/CO-BIT-4-1-Ukrainian.pdf
26. Lainhart IV J. W. COBIT™: A Methodology for Managing and Controlling Information and Information Technology Risks and Vulnerabilities. Journal of Information Systems. 2000. Vol. 14. No. s-1. P. 21-25. URL: https://doi.org/10.2308/ jis.2000.14.s-1.21
27. Lloyd I. J. Information Technology Law. 5th Edition, Oxford : Oxford University Press, 2008. 650 pp.
28. Кузьмш О. £. Сучасний менеджмент. Львiв : Центр £вропи, 1995. 176 с.
REFERENCES
Bachynskyi, T. V., Radeiko, R. I., and Kharytonova, O. I. Os-novy IT-prava [Fundamentals of IT Law]. Kyiv: Yurinkom Inter, 2017.
Bin-Abbas, H., and Bakry, S. H. "Assessment of IT governance in organizations: A simple integrated approach" Computers in Human Behavior. March 2014. https://doi.org/10.1016/j. chb.2013.12.019
Denysenko, L. O., and Shatska, S. Ye. "Kontseptualni zasady klasyfikatsii biznes-protsesiv yak osnovy formuvannia
Б1ЗНЕС1НФОРМ № 4 '2018
www.business-inform.net
biznes-systemy orhanizatsii" [Conceptual basis for the classification of business processes as the basis for the formation of the organization's business system]. Efektyvna ekonomika. 2012. http://www.economy.nayka.com.ua/?op=1&z=1558
Hmyria, I. "Systema kontroliu biznes-protsesiv. Veresen, 2017" [Business Process Control System. September 2017]. http://ebskiev.com/systema-kontrolyu-biznes-protsesiv.html
Hardy, G. "Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges" Information Security Technical Report. 2006. htt-ps://doi.org/10.1016/j.istr.2005.12.004
Huzhva, V. M. Informatsiini systemy i tekhnolohii na pidpry-iemstvakh [Information systems and technologies at the enterprises]. Kyiv: KNEU, 2001.
"IT Governance Institute (2007). CobiT® 4. 1". https://m. isaca.org/Knowledge-Center/cobit/Documents/COBIT-4-1-Ukrainian.pdf
Kaplan, R. S., and Norton, D. P. Strategicheskoye yedinstvo: sozdaniye sinergii organizatsii s pomoshchyu sbalansirovannoy sistemy pokazateley [Strategic unity: the creation of a synergy of the organization through a balanced system of indicators]. Moscow: ID «Vilyams», 2006.
Khemfri, E. "Diialnist z kiber-bezpeky. Rishennia dlia biznesu" [Cybersecurity activities. Solutions for business]. Standartyzatsiia. Sertyfikatsiia. Yakist, no. 1 (2013): 16-18.
Kuzmin, O. Ye. Suchasnyi menedzhment [Modern management]. Lviv: Tsentr Yevropy, 1995.
Lainhart IV, J. W. "COBIT™: A Methodology for Managing and Controlling Information and Information Technology Risks and Vulnerabilities". Journal of Information Systems. 2000. https://doi.org/10.2308/jis.2000.14.s-1.21
Lloyd, I. J. Information Technology Law. Oxford: Oxford University Press, 2008.
Lobov, S. P. "Diahnostyka rivnia zrilosti IT protsesiv na pidpryiemstvi ta otsinka ekonomichnoho efektu vid ioho pid-vyshchennia" [Diagnosing the level of maturity of IT processes in an enterprise and estimating the economic effect from its increase]. Ekonomichnyi visnyk, no. 1 (2005): 139-149.
Marchenko, O. I. "Finansovi aspekty dilovoi aktyvnosti pidpryiemstv" [Financial aspects of business activity of enterprises]. Finansy Ukrainy, no. 5 (2007): 136-143.
Melnyk, O. H. Systemy diahnostyky diialnosti mashynobu-divnykh pidpryiemstv: polikryterialna kontseptsiia ta instrumen-tarii [Systems of diagnostics of activity of machine-building enterprises: polycrystalline concept and tools]. Lviv: Vyd-vo NU «Lvivska politekhnika», 2010.
Myronova, I., and Ablitsova, A. "Dzhek Ma: 8 porad nai-bahatshoi liudyny Kytaiu" [Jack Ma: 8 tips for the richest person in China]. K. Fund Media - informatsiinyi resurs pro novi mozh-lyvosti. https://kfund-media.com/dzhek-ma-8-porad-najbagat-shoyi-lyudyny-kytayu/
Oleksiuk, O. I. "Rezultatyvnist diialnosti pidpryiemstv yak osnova formuvannia yikh investytsiinoi pryvablyvosti" [Effectiveness of enterprises as a basis for their investment attractiveness]. Investytsii: praktyka ta dosvid, no. 3 (2009): 21-26.
Oleksiuk, O. I. "Tekhnolohiia otsinky rezultatyvnosti diialnosti pidpryiemstva" [Technology for assessing the effectiveness of the enterprise]. Zbirnyk naukovykh prats Cherkas-koho derzhavnoho tekhnolohichnoho universytetu. Seriia: Ekono-michni nauky, no. 22 (2009): 169-173.
Pohorilyi, A. "Novi pidkhody v upravlinni IT, abo yak biznes-tsili poviazani z IT-protsesamy" [New approaches to IT management, or as business goals, are related to IT processes]. Materialy European Business Association. https://eba.com.ua/ article/novi-pidhody-v-upravlinni-abo-yak-biznes-tsili-povy-azani-z-protsesamy/
Pushkar, A. I., and Garkin, V. V. "Ispolzovaniye modeli zre-losti IT-infrastruktury v otsenke kachestva informatsionnykh sistem predpriyatiya" [Use of the maturity model of the IT infrastructure in the assessment of the quality of enterprise information systems]. VisnykSumskoho derzhavnoho universytetu. Seriia : Ekonomika, no. 3 (2013): 130-145.
Shennon, K. Raboty po teorii informatsii i kibernetike [Works on the theory of information and cybernetics]. Moscow: Izd-vo inostr. lit-ry, 1963.
Skrynkovskyi, R. et al. "Kibernetychna bezpeka ta biznes-rozvidka v systemi diahnostyky ekonomichnoi bezpeky pidpryiemstva" [Cybernetic security and business intelligence in the system of diagnostics of economic security of the enterprise]. Path of Science. 2017. http://dx.doi.org/10.22178/pos.27-6
Skrynkovskyi, R. et al. "Udoskonalennia modeli protsesu menedzhmentu pidpryiemstva na zasadakh zahalnykh funkt-sii menedzhmentu" [Improvement of the model of enterprise management process on the basis of general management functions]. Path of Science. 2017. http://dx.doi.org/10.22178/ pos.29-7
Skrynkovskyi, R., Pavlovski, H., and Sytar, L. "Rozrobka in-strumentariiu dlia zabezpechennia yakosti trudovoho potent-sialu promyslovykh pidpryiemstv" [Development of tools for ensuring the quality of labor potential of industrial enterprises]. Path of Science. 2017. http://dx.doi.org/10.22178/pos.26-8
Telenyk, S. F., Rolik, O. I., and Bukasov, M. M. "Tekhnolohiia upravlinnia IT-infrastrukturoiu na osnovi resursnoho pid-khodu" [Technology of IT infrastructure management based on resource approach]. Visnyk Zhytomyrskoho derzhavnoho tekhnolohichnoho universytetu. Seriia: Tekhnichni nauky. 2008. http://dx.doi.org/10.26642/tn-2008-4 (47)-180-189
Tomashevskyi, O. M. et al. Informatsiini tekhnolohii ta modeliuvannia biznes-protsesiv [Information technology and business process modeling]. Kyiv: Tsentr uchbovoi literatury, 2012.
Zaiats, V. M. "Rol informatsiinykh tekhnolohii u formu-vanni stratehichnoho myslennia menedzhera" [The role of information technology in shaping the strategic thinking of the manager]. Aktualniproblemy ekonomiky, no. 6 (2009): 280-288.
Zaritskyi, O. "Informatsiini tekhnolohii analitychnoi otsinky profesiinoi diialnosti. Praktychni aspekt intehratsii z sys-temamy upravlinnia resursamy pidpryiemstva" [Information technology analytical evaluation of professional activity. Practical aspect of integration with enterprise resource management systems]. Tekhnichni nauky ta tekhnolohii, no. 3 (2017): 98-106.