ISO 31000 is, without a doubt, the current favorite. Perhaps because it does not require certification like the famous ISO 9000 and ISO 14000, but this “non-requirement” does not mean the standard is less important. On the contrary, it is precisely because it is not certifiable that the growing number of companies adopting ISO 31000 has shown its value: manage risks effectively and systematically.

For you, is it better to predict crises or know how to deal with them when they come? Acting on both fronts is the proposal of this set of standards. To begin, ISO 31000 is dedicated to offering Principles and Guidelines so that the organization acquires Risk management concepts. With these notions assimilated, the guidelines also suggest points on Removal of risk sources, alteration of consequences and probabilities, and constant updating of risk information.

Certainly, implementing these guidelines will develop the organization's ability to create its own particular risk management and make it produce results.

Although it presents itself as a more general standard, ISO 31000 covers all types of risks, leading companies to analyze, reflect on, and organize themselves regarding the most common risks, such as economic and financial ones, up to more comprehensive risks that refer to local and/or global crises. At the same time, the Standard offers guidelines for both anticipating and behaving in the face of risks.

Risks: anticipating threats and opportunities and increasing competitive advantage

One interesting fact is that opportunities can be identified in risk analysis. After all, if there's a business opportunity but no capacity to meet demand, it also becomes a risk. In today's highly competitive market, this type of oversight can be fatal. Therefore, analyzing, predicting, and acting on risks naturally enhances a company's market potential by providing competitive advantages that surpass the “mass” market's view – which doesn't engage in strategic risk management – regarding threats and opportunities.

But is it enough to work with isolated data that points to these risks?

Laboratório Leme, for example – a benchmark company in diagnostic medicine in Bahia since 1973 – despite achieving several quality certifications, faced problems managing the data collected regarding its quality control. Ana Paula Tude, planning and quality manager at Laboratório Leme, explains that for many years the company used various Excel spreadsheets for its risk controls, leaving the data decentralized and the information inconsistent. Despite constant efforts to collect and analyze the data, the feeling was that the company's departments remained disconnected. Therefore, they opted for a solution that would end these recurring problems: Add all data and information processing into a single tool.

“Now, with the use of GE software, management is much easier and is visible to managers and the board. Our follow-up meetings are now entirely done with the software. The use of the tool has greatly improved our strategic management,” praises Ana Paula.

And what about risk management? Does the software help?

One of the great new features of version 6.12 of Strategic Management Software is the ability to perform periodic risk reviews. You can define a collaborator responsible for the review, and periodically (monthly, weekly, or daily – according to the company's preference) they need to review the issue for compliance purposes. The system then sends automatic emails to the person responsible for the risk, prompting them to review it. This provides greater control over risk management, in addition to the functionalities the system already offered.

In the case of Leme Laboratory, after three years of using GE, the company felt the need to suggest some Customizations to improve your risk management. According to Ana Paula, risk analysis is done within strategic planning, which takes place at the company annually, always in October. “We asked for some software adjustments to be able to do this within it. Today, my SWOT matrix is inside the system. I build the entire strategic plan within it, which has helped me a lot,” she says.

She says that currently, each manager enters the risks of their area, the probabilities, and the monitoring indicators into the software. If the risk is at red or yellow, they have to create an action plan to mitigate it. And this plan has to be approved by the board semi-annually. “We review the risks semi-annually, but before, we couldn't revalidate the same matrix for the next semester. We had to configure everything again. Now, with the new version of the GE software, I can carry it over to next year. In our case, it's important to do this because the risks remain, at a higher or lower level, but they continue. This update greatly facilitates our monitoring because, in addition to saving operational work, the system already tells me if the risk was reviewed in the previous semester and who did it,” she celebrates.

To learn more about the Strategic Management software and its risk management functionalities, request a presentation.