ContAudIT: Uma Proposta Fim-a-Fim para Auditoria Contínua de Gerência de Mudanças em TI usando Blockchain
Resumo
Mudanças em TI são essenciais para a operação contínua de organizações modernas, mas o gerenciamento inadequado dessas mudanças pode representar riscos significativos para a continuidade dos negócios. Nesse contexto, auditorias desempenham um papel fundamental em garantir a gerência de mudanças segundo procedimentos homologados. Tradicionalmente, firmas de auditoria realizam inspeções periódicas dos sistemas de TI e registros de mudanças. No entanto, o aumento do volume, complexidade e automação das mudanças torna desafiador assegurar a conformidade entre as inspeções de auditoria. Este artigo propõe o ContAudIT, uma abordagem baseada em blockchain para auditoria contínua de mudanças em TI. A solução integra um framework de orquestração de mudanças com um registro em blockchain que certifica e registra cada mudança implementada. A cadeia de mudanças entre eventos de inspeções permite que auditores verifiquem que apenas mudanças certificadas foram realizadas na infraestrutura.
Palavras-chave:
Auditoria de TI, Compliance, Auditoria Contínua, Gerenciamento de Mudanças de TI, Blockchain
Referências
Aditya, B. R., Ferdiana, R., and Santosa, P. I. (2018). Toward modern IT audit current issues and literature review. Proceedings of the 4th ICST 2018, 1:1–6.
Axelos (2019). ITIL Foundation. The Stationery Office, 4th edition.
Chan, D. Y. and Vasarhelyi, M. A. (2018). Innovation and practice of continuous auditing. In Continuous Auditing: Theory and Application, pages 271–283.
Chatziamanetoglou, D. and Rantos, K. (2023). Blockchain-based security configuration management for ICT systems. Electronics, 12(8):1879.
de Castro, M., Pereira, M., and de Castro, M. (2022). Uma arquitetura baseada em blockchain para auditoria de conformidade com regulamentos de proteção de dados. In Anais do SBSeg 2022, pages 390–395, Porto Alegre, RS, Brasil. SBC.
de Vries, T. (2022). Anomaly detection in IT audit: The possibilities and potential in the domain of IT audit. Master's thesis, University of Turku, Amsterdam, Netherlands.
Elommal, N. and Manita, R. (2022). How blockchain innovation could affect the audit profession: A qualitative study. Journal of Innovation Economics & Management, 37(1):37–63.
Fraga, C., Abelem, A., Borges, V., Pinheiro, B., and Cordeiro, W. (2024a). A blockchain-based approach for continuous auditing in IT change management. In IEEE/IFIP NOMS 2024 Poster Session, pages 1–4.
Fraga, C., Abelem, A., Borges, V., Pinheiro, B., and Cordeiro, W. (2024b). Uma abordagem de auditoria contínua com blockchain para gerenciamento de mudanças em TI. In VII Workshop em Blockchain, pages 83–96, Porto Alegre, RS, Brasil. SBC.
Gantz, S. D. (2013). The Basics of IT Audit. Syngress.
George, D. A. S. (2024). When trust fails: Examining systemic risk in the digital economy from the 2024 CrowdStrike outage. PUMRJ, 1(2):134–152.
Han, H., Fei, S., Yan, Z., and Zhou, X. (2022). A survey on blockchain-based integrity auditing for cloud data. Digital Communications and Networks.
Hashem, R. E. E. D. R., Mubarak, A.-R. I., and Abu-Musa, A. A. E.-S. (2023). The impact of blockchain technology on audit process quality: An empirical study on the banking sector. International Journal of Auditing and Accounting Studies, 5(1):87–118.
ISACA (2018). COBIT 2019 Framework: Introduction and Methodology. ISACA.
Mahimkar, A., De Andrade, C., Sinha, R., and Rana, G. (2021). A composition framework for change management. In ACM SIGCOMM 2021 Conference, pages 788–806.
Marcel, M., Kristiani, E., and Mudita, D. S. (2024). Enhancing IT change management through communities of practice and social learning: A case study at a university. Journal of Information Systems and Informatics, 6(2):1300–1316.
Marques, M., Jr., M. S., and Miers, C. (2022). Event2ledger: Container traceability using Docker Swarm and consortium Hyperledger blockchain. In Anais do SBSeg 2022, pages 103–110, Porto Alegre, RS, Brasil. SBC.
Mavrovouniotis, S. and Ganley, M. (2014). Hardware Security Modules. Springer.
Moeller, R. R. (2010). IT Audit, Control, and Security. Wiley.
Mohan, V. and Othmane, L. B. (2016). SecDevOps: Is it a marketing buzzword? Mapping research on security in DevOps. In ARES 2016, pages 542–547. IEEE.
Pandey, A. and Mishra, S. (2014). Understanding IT change management challenges at a financial firm. In 2014 Information Systems Educators Conference (ISECON), pages 1–10.
Rysbekov, A. (2022). Continuous compliance: DevOps approach to compliance and change management. Master's thesis, University of Oslo, Oslo, Norway.
Zheng, Z., Xie, S., Dai, H. N., Chen, X., and Wang, H. (2018). Blockchain challenges and opportunities: A survey. International Journal of Web and Grid Services, 14(4):352–375.
Axelos (2019). ITIL Foundation. The Stationery Office, 4th edition.
Chan, D. Y. and Vasarhelyi, M. A. (2018). Innovation and practice of continuous auditing. In Continuous Auditing: Theory and Application, pages 271–283.
Chatziamanetoglou, D. and Rantos, K. (2023). Blockchain-based security configuration management for ICT systems. Electronics, 12(8):1879.
de Castro, M., Pereira, M., and de Castro, M. (2022). Uma arquitetura baseada em blockchain para auditoria de conformidade com regulamentos de proteção de dados. In Anais do SBSeg 2022, pages 390–395, Porto Alegre, RS, Brasil. SBC.
de Vries, T. (2022). Anomaly detection in IT audit: The possibilities and potential in the domain of IT audit. Master's thesis, University of Turku, Amsterdam, Netherlands.
Elommal, N. and Manita, R. (2022). How blockchain innovation could affect the audit profession: A qualitative study. Journal of Innovation Economics & Management, 37(1):37–63.
Fraga, C., Abelem, A., Borges, V., Pinheiro, B., and Cordeiro, W. (2024a). A blockchain-based approach for continuous auditing in IT change management. In IEEE/IFIP NOMS 2024 Poster Session, pages 1–4.
Fraga, C., Abelem, A., Borges, V., Pinheiro, B., and Cordeiro, W. (2024b). Uma abordagem de auditoria contínua com blockchain para gerenciamento de mudanças em TI. In VII Workshop em Blockchain, pages 83–96, Porto Alegre, RS, Brasil. SBC.
Gantz, S. D. (2013). The Basics of IT Audit. Syngress.
George, D. A. S. (2024). When trust fails: Examining systemic risk in the digital economy from the 2024 CrowdStrike outage. PUMRJ, 1(2):134–152.
Han, H., Fei, S., Yan, Z., and Zhou, X. (2022). A survey on blockchain-based integrity auditing for cloud data. Digital Communications and Networks.
Hashem, R. E. E. D. R., Mubarak, A.-R. I., and Abu-Musa, A. A. E.-S. (2023). The impact of blockchain technology on audit process quality: An empirical study on the banking sector. International Journal of Auditing and Accounting Studies, 5(1):87–118.
ISACA (2018). COBIT 2019 Framework: Introduction and Methodology. ISACA.
Mahimkar, A., De Andrade, C., Sinha, R., and Rana, G. (2021). A composition framework for change management. In ACM SIGCOMM 2021 Conference, pages 788–806.
Marcel, M., Kristiani, E., and Mudita, D. S. (2024). Enhancing IT change management through communities of practice and social learning: A case study at a university. Journal of Information Systems and Informatics, 6(2):1300–1316.
Marques, M., Jr., M. S., and Miers, C. (2022). Event2ledger: Container traceability using Docker Swarm and consortium Hyperledger blockchain. In Anais do SBSeg 2022, pages 103–110, Porto Alegre, RS, Brasil. SBC.
Mavrovouniotis, S. and Ganley, M. (2014). Hardware Security Modules. Springer.
Moeller, R. R. (2010). IT Audit, Control, and Security. Wiley.
Mohan, V. and Othmane, L. B. (2016). SecDevOps: Is it a marketing buzzword? Mapping research on security in DevOps. In ARES 2016, pages 542–547. IEEE.
Pandey, A. and Mishra, S. (2014). Understanding IT change management challenges at a financial firm. In 2014 Information Systems Educators Conference (ISECON), pages 1–10.
Rysbekov, A. (2022). Continuous compliance: DevOps approach to compliance and change management. Master's thesis, University of Oslo, Oslo, Norway.
Zheng, Z., Xie, S., Dai, H. N., Chen, X., and Wang, H. (2018). Blockchain challenges and opportunities: A survey. International Journal of Web and Grid Services, 14(4):352–375.
Publicado
19/05/2025
Como Citar
FRAGA, Carlos; ABELÉM, Antônio; BORGES, Vinícius; NOBRE, Jéferson; WICKBOLDT, Juliano; GONCALVES, Glauber; PINHEIRO, Billy; CORDEIRO, Weverton.
ContAudIT: Uma Proposta Fim-a-Fim para Auditoria Contínua de Gerência de Mudanças em TI usando Blockchain. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 43. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 602-615.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2025.6327.
