Today it is clearly more important than ever to adequately warn of the risks within an organization, collective entity, company , or whatever we want to call it, to respond to the need to face a future that might cause damage or loss.
In this sense, we can say that it is necessary to become a kind of predictor of the results, which are nothing more than the consequences of our actions.
Risk does not have a universal concept or definition, so we will use the one we can gather from the ISO 37000:2018 standard, which defines it as: “effect of uncertainty on objectives”.
Let us proceed to try to warn about the importance of managing risks within an organization, taking as a basis that management involves identifying, analyzing , and assessing such risks, in order to establish their probabilities and consequences, especially if it is a question of identifying pure risks (those with only negative consequences). If we manage to develop correct risk management, we will proceed to avoid them, mitigate them or transfer them, or retain them if it is the case. nd it is there where lies the importance of the management that businessmen must perform today, due to their exposure by the position they occupy within the organization, and that has been the subject of different analyses with different legal points of view. I refer to the position of duty of guarantor as the owner of the organization, “which is based on the fact that when initiating a business activity (configuring its sphere of dominion to the exclusion of third parties) it unleashes causal courses with respect to which it must prevent damage to legal assets and, at the same time, assumes the commitment to intervene (control, contain) before causal courses are generated before injuries to criminally relevant interests are generated” [Iván Meini Méndez, Responsabilidad penal de los órganos de dirección de la Empresa, p. 913].
Thus, businessmen must assume that the management of the organization generates in them not only functional obligations aimed at meeting business objectives, but also that these objectives are conditioned by the uncertainty that will arise on the way to achieving them, the uncertainty that they must face by managing the risks that may influence them with biases that may lead them away from achieving these objectives.
Well, among the risks that can occur, what we are discussing today are the risks with criminal consequences, which will not only keep you away from the intended objectives, but will also confront you with a criminal process in which it must be determined whether the owner of the organization developed or managed activities aimed at preventing the materialization of an identifiable risk, or omitted such action either intentionally or recklessly.
In addition to the above, we have, for example, Cassation No. 1563-2019/La Libertad, in which the position of guarantor assumed by the owner of an organization is extensively developed, as well as the liability for the crimes of omission by commission or improper omission, It establishes that “…it is subject to a general clause or material basis constituted by the omission to prevent the commission of a punishable act… In any case, as a crime of omission, what is punished is a “failure to do” or “doing something different from what is prescribed”… It also establishes other issues of criminal legal relevance, which we will not address on this occasion, in order to stick to the liability of omission by the commission.
In that order of things, the owner of the organization has the obligation NOT to omit to deploy actions aimed at preventing the materialization of a harmful act with criminal legal relevance.
WThenell, the obvious question is, how will the owner of the organization comply with this obligation? And my answer is to manage risks, facing uncertainty, so as not to allow or omit to act in the face of evidence of a possible risk with criminal consequences, making use of professionals, consultants , and suitable programs.
In Cassation No. 1563-2019/La Libertad, a criminal proceeding for the commission of the crimes of Homicide and Injuries, where the driver of a passenger bus lost control of the vehicle, slipping and falling into a river, resulting in the death of the driver and 38 passengers, as well as injuries to 5 passengers. The General Manager of the transportation company was charged with criminal responsibility for the crimes of homicide and injuries by omission, since he had not taken the necessary actions to foresee that passenger transportation services were provided with a single driver without the assistance of a co-driver, despite the fact that the routes exceeded four hours in duration.
Consequently, we appreciate that if the General Manager of the transportation company in the aforementioned cassation had managed the risks inherent to its operation, he could have noticed that services were performed with only one driver, when two were necessary, therefore he would have been able to notice the risk involved, and therefore deployed the necessary actions to avoid the occurrence of the highly damaging probability, fulfilling his duty of guarantor within the organization.
Finally, it is important to point out that risk management is based on the Deming PDCA (Plan-Do-Check-Act) cycle, also called the spiral of continuous improvement (Plan-Do-Check-Act), where the measurement of activities is fundamental, therefore, I leave you with the phrase of William Thomson Kelvin (Lord Kelvin), British physicist and mathematician (1824 – 1907): “What cannot be defined cannot be measured. What is not measured cannot be improved. What is not improved, degrades.