Risk Management and Good Practices
Click para version en español

Is it enough to comply with current regulations?



If the organization complies with current standards (health and safety regulations, building construction codes and other related with specific activity) will be adequately protected from claims and lawsuits?

The answer is no.

Organizations and their managers are not only responsible for compliance with the laws and regulations, but also those damages caused by foreseeable misuse of the equipment, the misinterpretation of the regulations or any other imaginable source of human error.

What is a norm or standard?


According to ISO (International Organization for Standardization) standardization is the activity that aims to establish, front to actual or potential problems, provisions for common and repeated use, in order to obtain an optimal level of order in a given context, which can be technological, political or economic.

It should be mentioned that the standards are obtained as a result of the standardization process, but they don’t need become rule. Standards are for voluntary use, but may be mandatory if they are included in laws or regulations.

Standardization objectives are to simplify, unify and specify. And as facilitate trade purposes to define things, to ensure compatibility between products from different manufacturers, to clarify the minimum set of best practices and certification criteria.

How a standard or norm is drafted?

It is possible to say:

a standard or norm is drafted by a group of people that describe in a document, according group’s consensus, of how something is or should be or how something must be done or should be done.

That group of people, in general, represents a variety of interests (manufacturers, users, state agencies, certification, etc.) to which the standard or norm applies.

A distinguishing feature in the drafting of a standard or norm is that it must be subjected to public discussion before approval and final disclosure. This means that the drafting group should publish the document drafted and may receive comments, objections and suggestions from people outside the group. After this stage the document must be reviewed and approved by the convener Institution (e.g. ISO) before its final release.

The goal is that, at the end of the process, the norm or standard represents the consensus of informed opinion of some sector of society which is relevant to your application.

Risk Management



Importantly, with respect to the risk assessment, mandatory norms/standards (that are included in laws and regulations) should be considered as a minimum requirement to achieve.

So, is it possible to predict all risk scenarios if the minimum required is reached?

Probably not. But, you can reduce the risks by incorporating, to the practices of the organization, protocols that exceed the regulations established in the regulations.

These actions require the involvement of specialists, through inspections, query and analysis, to assess risks and recommend the incorporation of voluntary practices based on the highest industry standards.

Although the law does not require risk management, implementing procedures to prevent events will help refute false allegations of neglect in the face of an incident.

Cycle of continuous improvement – Deming Circle

The risk management requires the application of systematic methodologies that include cyclical stocks to achieve continuous improvement. Its objectives will reduce failures, prevent and eliminate potential risks, increase process efficiency and improve organizational efficiency.

Cycle of continuous improvement


In this sense, it is possible to implement methodologies such as continuous improvement cycle or circle of Deming or PDCA cycle (Plan, Do, Check and Act).

They are 4 stages that, implemented in cycles and based on norms or standards, allow periodically evaluate results and to continue actions to incorporate continuous improvement.

These methodologies generate documentation that validates the high standards applied by the organization in its performance.

What are best practices?

The norms or standards describe as something should be (in the case of a specification) or the minimum requirements for something to be acceptable (e.g. safety standards).

mejores practicas

That is to say, they fix minimum mandatory requirements to be certified that something complies with the norm or standard. Under no circumstances recommend that is better or superior, just describe what is better between two options, meets or does not meet.

The implementation of best practices should be considered as an ongoing process of continuous improvement overcomes the lower limit to which something is considered acceptable.

Consider that a norm or standard describes good practice is wrong.

Many things can comply with a norm or standard but only the application of good practices allow achieving comparative levels to see if something is better than another.

For example, if the actions of an organization are limited only to comply with regulations or safety standards that describe the minimum to be achieved to ensure reasonable assurance, is logical to assume that don’t exist incentive to do things that could improve safety.

Then, if you assume that the minimum is best, nothing can surpass it.

The implementation of best practices, on the contrary, is an overcoming attitude with a constant pursuit of excellence. 

The minimum is the departure point, is not the goal.

En este momento estás viendo Risk Management and Good Practices