By: Luiz Cláudio Borges – Supervisor, Management Systems & Risks and IT Governance
The word “risk” has its origins in Old Italian – it derives from the word “risicare,” which means “to dare.”
Since the dawn of time, humanity has been forced to learn that being daring is the best way to overcome obstacles. Little by little, taking risks in the face of challenges started to become the best option.
Thus, taking risks and throwing oneself into risky situations became a competitive advantage when seeking to achieve one’s objectives.
Decisions were made very emotionally and with no real comprehension of the risks and possible consequences.
In this turbulent time, a scientific approach based on mathematical calculations emerged as a decision-making platform. Mathematicians transformed the theory of probability into a powerful instrument for the organization, interpretation, and use of information, and they started using this as a way of minimizing risks, based on the results of their analysis.
The evolution of these analyses began to be applied to marine insurance, which had become an emerging industry in London in the 18th century. Shipping was the primary means of trade among peoples, and it represented major risks to business results. Although new and not yet structured, people began the practice of concerning themselves with the possible risks to be faced.
Over time, risk analysis techniques and practices took shape in accordance with the experiences and needs that would arise in each country, and they started to be adapted to different realities.
Thus emerged Risk Management, which originated in the same business administration school that was the driver behind quality and productivity processes put into practice in the US and in Japan.
In Brazil, Risk Management started in the mid-1970s, and it was geared toward the insurance industry due to the need to prevent losses of assets; it mainly focused on fire and financial & credit risk.
With more and more interaction among countries and a better understanding of the use of risk prevention techniques, the scope of application of Risk Management broadened out to other types of events, gaining a preventive character.
Once companies gained a new vision of what risks could mean to their operations in terms of losses, they began to understand that risks needed to be managed. It’s obvious that there is inherent risk in all of our actions, but it’s also true that risk can’t be dealt with the same way for all events. Situations can’t be treated in a purely rational manner, ignoring the various possibilities for losses that are related to different environments.
We are living in a VUCA world, wherein our reality is becoming more and more Volatile, Uncertain, Complex, and Ambiguous. A situation that arises today may be totally irrelevant tomorrow. How can we deal with unpredictability and make the right decisions based on information that is incomplete and constantly changing?
The events that happened in the 2000s that were connected to terrorist acts such as 9/11, cases of fraud by US companies such as Enron, and several cases of corruption in Brazil related to Operation Car Wash, all led to an upswing in the Risk Management process. It became essential to monitor both the internal and external environments and their many variables that could in some way affect companies’ value chains.
More and more, the business environment started demanding that choices be made, which would need to be aligned with the company’s strategic objectives, mission, and values.
The objective of risk management is to provide mechanisms for analysis and monitoring to enable possible risks to be handled quickly and in a specific manner, as well as to transform these risks into a competitive advantage.
We are in the age of information. The Fourth Industrial Revolution is incorporating traditional processes and turning them into information-based processes.
We need to concern ourselves with the different disciplines of risk; it’s not enough to focus only on financial and operational risks. To do this, the different disciplines of risk need to be integrated into a single framework, under the same policy, to be able to manage them with a focus on the company’s objectives.
The current business setting demands the identification of risks, as well as the interconnection among them and the ripple effects that can result from their combination. In other words, managers must have a broad vision of the business setting, wherein the different disciplines of risk that can cause any type of impact are identified individually or jointly.
As a practice, we need to adopt a risk intelligence and analysis model, focused on the risks considered as critical, providing decision makers with a holistic view of the situation. This analysis should provide enough elements so that the solutions can be put into practice and monitored properly. A preventive aspect will serve as anticipation of the possible risks that could represent a threat to the corporation.
Experimentation with, and the evolution of risk analysis processes have caused different management models to be developed, some of which have become benchmarks on the market. A few examples of best practices in Risk Management are COSO I, COSO II, ISO 31000, and the Brazilian Method.
A few management system standards have also started to be adopted as requirements for risk analysis and management; some of these include NBR ISO 9001:2015, NBR ISO/IEC 27001:2013, and ISO 14298. [NBR stands for “Norma Brasileira” (“Brazilian Standard”).] A few other standards are already showing signs that their revisions will include the adoption of Risk Management.
It’s evident that Risk Management is becoming increasingly important in the day-to-day operations of companies such as Valid in order to identify key risk factors and establish preventative measures that protects our business, clients, employees, and stakeholders.