The risk mentality in organizations: an analysis of inserting risk management in ISO 9001 and ISO 14001: 2015 standards
Adelson Pereira do Nascimento 1 http://orcid.org/0000-0003-3093-5088 Washington Romão dos Santos 2 http://orcid.org/0000-0002-6476-6318 Marcos Paulo Valadares de Oliveira 3 http://orcid.org/0000-0003-2646-5247
Risk management is related to both the external and the internal environments of organizations. Thus, the risk mentality enables the identification and minimization of negative effects, maximizing the opportunities and potential of the business. The aim of this paper is identify how the insertion of risk management requirements in ISO 9001 and 14001standards may contribute to spreading the risk mentality in organizations. We interviewed 11 auditors and consultants, with experience and training in the area, who were working in certified companies in the brazilian state of Espírito Santo. To analyze the data, the technique of content analysis was used to identify thematic categories and to relate the data to the literature. The results indicate that the certified companies have undergone a process of incorporation of risk management requirements that can be catalyzed by environmental aspects: size and nature of the company, barriers to risk management, professionalization and standardization of processes and client influence. We conclude that for companies with more complex structure, dynamic and more subject to ruptures, the integration of risk management in the business strategy represented a value, and for smaller companies in stable markets represents a cost to meet the requirements of the standard.