IGTA Journal - Autumn 2017

tackle the complex subject of risk management and not "good practices" to address them. It is intended for all types of companies and organisation, public and private, regardless of size. Its aim is not uniformity of practice, but to harmonize the approach in terms of principles and procedures. It redefines the term risk in a way that is better at explicitly reflecting many types of recently-encountered problem. It brings in a process called "organizational framework", structuring the actions of organisations when putting into place and continuously improving the risk management process. ISO 31000 is structured into four main sections: the first lays down the vocabulary used in the standard, the second lays down the principles, the third describes the organizational framework and the fourth sets out the risk management process. If risk management is implemented properly, it can yield many benefits: What is a risk? For many years, the concept of "risk" was seen as being similar to that of danger. Controlling it was within the province of technicians. The incidence of damage was prevented by action at its source with the purpose of reducing this danger. This approach implicitly led to total or partial lack of interest in the positive effects of the activity that was the source of the risk. The definition was then replaced by that of a probable event having consequences. The presence of a source of risk was made acceptable given the very improbable damage that it might incur and the positive contributions that it would certainly make. Management of Risks, when implemented according to ISO 31000, enables the company to, for example: * Increase the likehood of achieving objectives * Encourage proactive management * Be aware of the need to identify and treat risk through the organization * Improve the identification of threats and opportunities * Comply with relevant legal and regulatory requirements and international norms * Enhance mandatory and voluntary reporting * Improve governance * Increase stakeholder confidence and trust * Establish a reliable basis for decision making and planning * Enhance internal controls * Allocate and use more effectivily resources for risk treatment * Increase operational effectiveness and efficiency * Enhance health and safety performances, as well as environment protection and respect * Develop loss prevention and incident management * Minimize losses * Foster organizational learning and resilience "The better the brakes, the faster the car…" IGTA eJournal | Autumn 2017 | 37