THE FUNDAMENTAL IMPORTANCE OF RISK MANAGEMENT IN PUBLIC AND PRIVATE
INSTITUTIONS AND ITS INEXTRICABLE LINK WITH SOCIETY'S TRUST IN GOVERNMENT AND
THE BUSINESS ENVIRONMENT
Gerson Antônio de Souza Borges
Professor and Study Area Coordinator of EBAPE/FGV- Escola Brasileira de Administração
Pública e de Empresas of Fundação Getulio Vargas.
Corporate governance, boards of directors, compliance rules, courts of auditors, regulatory
agencies, all these segments within private companies and public institutions, are aimed at
preventing all kinds of risks and losses and, in Brazil, recent events in public areas and large
companies, show us unequivocally the urgency for control and prevention of root-cause of all
problems: risk identification and management, in order to restore society's trust in
government and elected representatives , otherwise inexorably we see the weakening of that
institutions. This paper shows us the fundamental importance of Risk Management in Public
and Private Institutions and its inextricable link with society's trust in government and the
The risks are omnipresent in the lives of people and organizations and they are a purely
social construction because, there is only a risk if it affects in some way a person or society as a
whole, both positively (called dynamic risk / business risk ) or negatively (called static risk /
security risk). In this paper we will focus on the static risk - which results in the loss.
Risk management is still new theme within the theoretical constructs of society, began
his formal study and systematized only in 1995 with the creation of the first Risk Management
Standard call AS / NZS 4360 (Australian and New Zealand Standard) - Risk Management, which
already at that time, showed us that "risk management should be part of the organizational
culture (...)".(AS/NZS 4360, 1995)
After twenty years and the recent scandals in the world and in Brazil in public and
private institutions, we see extremely clearly the importance of risk management as a
systematic work to minimize risks and prevent crises and, ultimately, maintaining society's
trust in these institutions.
With this background of uncertainty, corruption and scandals in public institutions and
companies in Brazil, has been the question: Why we do not have in the area of governance, a
risk assessment professional and a process of risk assessment to prevent these risks?
So the purpose of this study is to reflect on the fundamental contribution of risk
management in order to minimize the loss of resources and image in public and private
institutions, to prevent loss of society's trust in these organizations.
The notion of risk is complex, because there is no clear definition, but different
definitions and, moreover, the word risk shows at the same time, not only the potential
danger, but also the perception of danger, which varies from person to person, since the risk
for certain person or a certain group can be determined weight or evaluation (the perception)
and other individual or group, this risk can even have a different weight.
In fact the great difficulty understanding the risk, comes from its multidimensionality,
where it varies with the physical and psychological context of each person of another and also
varies depending on the local situation and time.
As a result of these different perspectives, many conflicts over ‘‘risk’’ may result from
experts and laypeople having different definitions of the concept.
Factors such as political worldviews, race, affiliation, emotional affect, gender and trust
are strongly correlated with risk judgments.
Within the purely conceptual scope, Manunta (1997) shows that risk "is a potential
damage, or the possibility of an undesirable event, or the possibility of failures. This term is
used as a concept that includes all three meanings. The interpretation depends on the context
of the discussion: it can refer to the damage - possibility of damage - vulnerability - fault
possibility - and the decision - the possibility of a wrong decision."
For Marshall (2002), from the North American School, risk can be defined broadly as
"the potential for ongoing events or trends or fluctuations caused losses in future revenue."
According to Veyret (2003), risk perception means danger, because, according to the
author, "there is no risk without a group that notice and may suffer its effects," which clearly
shows the social construction of risk.
We have seen this so that there are various ways to establish parameters and definitions
for risk and, it is for the risk manager, the responsibility to bring the study of risk identification,
analysis and management, to the specific characteristics of public or private organization.
Risk management is usually systematized by standards, that show clearly and objectively
the steps required for the implementation of an efficient risk management process in private
and public institutions of any size and / or nature.
The Risk Management Standards refer not only to the pure risks, but also to dynamic
risks and, is important to understand that, when a professional performs his risk assessment,
should be used methods compatible with the risks that are being studied.
These standards involve both risks, considered threats or opportunities, and require
undoubtedly, a change in thinking and break paradigms, both personally and in public /
corporate level and comes from a general guide to the selection and application of
methodologies and techniques for working with risks.
Note that although all public and / or private organizations manage their risks to some
degree, the Risk Management Standards establish some principles that should be followed to
that risk management become more efficient.
The standards usually recommend that public and / or private institutions develop,
schedule and continuously improve their organizational structures, to integrate the risk
management process in strategic governance, in planning and management, in the process of
report obtained data and results, policies, values and culture of all organizations.
Unfortunately only now with the recent corruption scandals in Brazil, public institutions
and some of the largest companies in Brazil are starting their risk management processes in a
serious and professional manner.
There are the various risk management standards in the world, such as: FERMA
Federation of European Risk Management Associations: 2002, STANDARD ISO / IEC GUIDE 73:
2005- Risk Management - Vocabulary - Recommendations for use in the main Standards and
the standard and who currently serves as the basis of the risk management area, the ISO
The ISO 31000: 2009 STANDARD - Risk Management - Principles and Guidelines
The scope of this standard is respectively: provide principles and generic guidelines for
the implementation of risk management it is the standard - based, for companies and public
institutions do their risk management processes.
It is essential to emphasize that "the design and implementation of plans and structures
for risk management will need to take into account the varied needs of a particular
organization, its objectives, context, structure, operations, processes, functions, projects,
products, services or assets and specific practices employed." (ISO 31000, 2009).
In other words, each company or public institution should be individually assessed in
light of their characteristics and their cultural context.
According to this standard, when it is implemented in the organization and maintained
in accordance with its principles, risk management enables public and / or private institutions:
• increase the likelihood achieve their goals;
• encourage proactive management;
• be aware of the need to identify and address the risks throughout the
• improve the identification of opportunities and threats;
• meet international standards and relevant legal and regulatory requirements;
• improve the reporting of financial organizations, governance, confidence of
• establish a reliable basis for decision making and planning;
• improve controls;
• allocate and use resources efficiently for treatment of risks;
• improve the effectiveness and operational efficiency;
• improve performance in health and safety and the protection of the
• improve loss prevention and incident management;
• minimize losses;
• improve organizational learning; and
• increase resilience.
Also according to the standard, for risk management to be effective, public or private
organization must meet the following principles:
"A) Risk management creates and protects value.
b) Risk management is an integral part of all organizational processes.
c) Risk management is part of decision making.
d) Management risks explicitly addresses uncertainty.
e) Risk management is systematic, structured and timely.
f) Risk management is based on the best information available.
g) Risk management is tailored.
h) Risk management considers human and cultural factors.
i) Risk management is transparent and inclusive.
j) Risk management is dynamic, iterative and able to react to change.
k) Risk management facilitates continual improvement of the organization.
For a public or private organization sets manage risks professionally and without
amateurisms, is important that we make a review for that one knows perfectly well his own
organization and the internal and external context in which it is inserted, the policy risk
management is formal and approved by senior management of the organization, clearly
establishing the goals and the organization's commitment in relation to risk management.
It is essential under the aspect of communication, in both the internal and external
environment, that the public and / or private institutions establish internal communication
mechanisms, as well as develop and implement a communication plan with the various
external stakeholders. It is important that these mechanisms include information consolidation
processes of risks from various sources, according to their sensitivity.
According to Slovic (1987) “One of the most fundamental qualities of trust has been
known for ages. Trust is fragile. It is typically created rather slowly, but it can be destroyed in
an instant—by a single mishap or mistake. Thus, once trust is lost, it may take a long time to
rebuild it to its former state. In some instances, lost trust may never be regained”.
In fact negative events that lead to loss of confidence, are stronger than positive
events because those are more reported, specific, direct and clearly affect individual people or
society in general. Positive events are usually diffuse and poorly reported, and rightfully so, has
the importance measured by society in order to be seen as often distrusted.
The concept of governance is very recent and is associated with the relationship
between shareholders and directors of the organization and defines the rights and obligations
of those parties to the Organization. It is through the management of corporate governance
that we have as a result, the efficiency and effectiveness in various sectors of public
institutions or companies.
The institutions that adopt this type of management become stronger on the market
and society in general, generating more confidence.
Governance means the relationship between investors used to determine and control
the strategic direction and the organizational performance and usually governance is used as a
means to establish an order between the parties - the organization owners and their top
executives - whose main interests might conflict and contributes to strengthening the
institution, preventing through systematic management of risks combined with the
Governance, bad decisions and losses of all kinds.
In the final analysis governance is to ensure that the interests of corporate executives
are aligned with the interests of shareholders of a company ensuring against inappropriate
behavior and making decisions wrong in the environment of public institutions or in
companies, providing generation of added value, to generate trust in society and shareholders.
GOVERNANCE IN BRAZIL
In Brazil, the 1990s was the beginning of public governance trying to apply the idea
that, the effectiveness and legitimacy of public performance was closely linked to the quality
of the inter-relationship between levels of government, internally and externally to the public
area and the civil society.
The governance in Brazil, finds resistance in the face of still low contribution of this
new model, breaking with old traditions; the establishment of a council with the most varied
representatives of stakeholders; strategic planning covering the shares of each sector or area
that should be monitored by the board and, in the public sector is even worse compared to the
size and quantity of public institutions in Brazil and the lack of interest, for reasons often
excuses for this model to work satisfactorily.
In fact, public governance in Brazil should be oriented towards the good of the whole
community, adopting a new standard for the government, where the state would become
entrepreneur, going to deal with great seriousness services and there would be greater
popular participation but, this in Brazil is not yet a reality, where what is most important are
the personal demands of each politician and the exchange of favors between the various
powers of the Republic.
Public governance would aim to satisfy the interest of society, contrary to what occurs
with corporate governance in companies aimed at the interests of shareholders.
However unfortunately it is not what is perceived mostly public institutions in Brazil,
where this goal of public governance often in Brazil, is transformed not only in populism, but
also as pure demagogy by government and public institutions.
Risks, crisis and incidents reduce society's trust in their public officials and businesses.
There is debate in Brazil today the role of risk management and corporate governance,
both in the public sector as a business, at the recent events of corruption involving the largest
Brazilian companies, political parties and government agencies.
Risk management is recognized as part of good management and should become part
of the organizational culture, applying logic and systematic institutions, but it does not
generate profit or even increases the assets of a company or public institution, on the other
hand, prevents losses of all kinds, which significantly increases the confidence society
We concluded in this study that there is an urgent need to improve governance
practices in public institutions and that, the risk management as a part of this governance in
order to preventing risks and their undesirable consequences and reach a maturity of service
to society in rid of once and for all such regrettable episodes of corruption and misuse of
public money in Brazil, which generates increasingly the lack of public trust in public
institutions and companies in Brazil.
ADAMS, John. (2009) “Risco”. São Paulo: Senac
AS/NZS 4360. (1995) “Australian and New Zealand Standard – Risk Management”. Australia,
BECK, Ulrich.(2010) “Sociedade de risco: Rumo a uma outra modernidade”. São Paulo. Editora
BERNSTEIN, Peter L.(1997) “Desafio aos deuses – A fascinante história do risco”. 5ª. Ed. Rio de
BRODER, James F. (2000) “Risk analyses and the security survey”. 2ª. ed. Burlington:
Butterworth and Heinemann.
DAMODARAN, Aswath. “Gestão Estratégica do Risco”. Porto Alegre: Bookman, 2009
FERMA. (2002) – Federation of European Risk Management Association – “Norma de Gestão de
FISCHER,Robert e GREEN, Gion.(1998) “Introduction to Security”. Boston: Butterworth-
Heinemann, 6ª edição.
HERMANN, Charles F. (1963) “Some consequences of crisis which limit the viability of
organizations”. Published by Johnson Graduate School of Management, Cornell University. ASQ
– Administrative Science Quartely, Vol. 8, No. 1.
ISO/IEC 31000. “Risk management – Principles and guidelines”. ISO, 2009
_______ GUIDE 51. “Safety aspects – Guidelines for their inclusion in Standards”. ISO, 1999
_______ GUIDE 73. “Risk management – Vocabulary”. ISO, 2005
MANUNTA, Giovanni. (1997) “Toward a security science through a specific theory and
methodology”. Leicester University. London.
MARSHALL, Christopher. (2002) “Medindo e gerenciando riscos operacionais em instituições
financeiras”. Rio de Janeiro: Qualitymark.
MICHAELIS (2000) “Moderno Dicionário da Língua Portuguesa”, vol 2. São Paulo:
P. Slovic. (1997) “Perception of Risk: Reflections of Psychometric Paradigm”, Science 236, 280-
SANCHEZ, Sanroma Carlos; GOMEZ-MERELLO, Manuel.(2008) “Manual para el Director de
Seguridad”. Madrid: Universidad Comillas.
SANTOS, Lourival Nery. (2002) “Princípios de governança corporativa: aplicabilidade na gestão
pública”. Rio de Janeiro: ESG.
SLOMSKI, Valmor; MELLO, Gilmar; FILHO Francisco; MACEDO, Fabrício. (2008) “Governança
Corporativa e Governança na Gestão Pública”. São Paulo: Atlas.
SORGE, Marco; VIROLAINEN, Kimmo. (2004) “Stress-testing financial systems: an overview of
currents methodologies”. BIS Working Papers.
TUFANO, Peter. (2009) “Gestão do Risco no Novo Mundo”, Harvard Business Review, Edição
VEYRET, Yvette. (2003) “Os Riscos. O homem como agressor e vítima do meio ambiente”. São