Preventeo Periculum
50 shades of risk

And to think that the first risk analysis system was born out of space and the problems of managing astronauts' meals... From 1960 to the present day, risk management approaches have evolved and their areas of application have become more diverse. Industrial risk, health and safety at work, IT security, safety issues... Operational risk management covers an infinite number of fields, with a wide range of consequences, from the death of a human being to an administrative umbrella or the forced and costly shutdown of a production line. The issue, of course, revolves around controlling operational and legal costs in the event of an incident, and in this field, insurance always sets the rules of the game. Sometimes even above the law.

Preventeo has been working on these risk management and compliance issues for several years. No fewer than 15 legal experts to digest the constantly changing French regulations, and above all to translate them into operational terms for a wide range of customers. Making it easy to understand so that we can operate as effectively as possible. In a peer-to-peer approach, Jean-Marc Rallo, the company's founder, regularly brings his customers together in user clubs where the latest regulations are discussed in detail on the basis of use cases encountered by companies. At a time when regulations are piling up and contradicting each other, this back-to-basics approach is refreshing. It's an opportunity to put thorny issues and unanswered questions on the table, and to work together to find responsible, realistic solutions that make sense for professionals in the sector.

Are we becoming paranoid?

It is not an insignificant question. Andrea Marcolongo, Patrice Franceschi and Loïc Finaz praise a taste for risk in their latest book of the same name. Rejecting the abuse of standards, killing the precautionary principle, not seeking to escape death... Since risk is inherent in life, is it completely out of place to be an adventurer today? From a private, professional, industrial and entrepreneurial point of view, this raises questions.

For Jean-Marc Rallo, the question is less about risk than about responsibility. "Companies are being asked to be increasingly responsible. In the past, if there was a very serious problem, we would resort to the adage 'those are the risks of the job'. Today, certain things are inconceivable in France. Getting injured at work, for example, or dying from an accident or occupational disease. Even soldiers on overseas operations are increasingly challenging this. There is now a demand for responsibility from institutions, coupled with a growing awareness of environmental and social issues.”

In everyday language, there is a certain amount of confusion between the notion of risk management and the notion of conformity/compliance, and the terms are often used interchangeably. While conformity refers to the legal and regulatory aspect, risk management refers to the operational and organisational practices of a given institution. The two concepts are in fact complementary. Regulations anticipate risk and, on the basis of feedback, lay down rules to prevent an incident from occurring. It's a start, but it's not enough, as each organisation is unique, and obligations must always be contextualised to the company. The key to effective risk management therefore lies in controlling your specific activity, and therefore in controlling your operational and organisational processes. "Processes are analysed in stages, and each stage is important to understand in terms of risk management because regulations never provide for everything. Our legal experts dissect the texts, identify the requirements and classify them according to management principles. One requirement will relate to training, another to monitoring, another to operations... In the end, we produce a conformity assessment reference framework, also known as an audit reference framework, in which everything is highly standardised. Our processes are ISO-certified 14001 (environmental management system / EMS), 45001 (occupational health and safety management system / OHS), 27001 (information security management system / ISMS) or 22000 (food safety management system / FSMS)".

Are we all aware of the requirements that apply to us? And if so, are we implementing them adequately? While a plethora of standards is always counterproductive, it has to be recognised that the existence of standards encourages companies to improve their practices. An audit encourages organisational introspection, and navel-gazing often leads to a virtuous cycle. "Because it's necessary, it forces us to ask the right questions. These days, a company can no longer be understood solely in terms of its financial performance. Conformity is the visible expression of its degree of responsibility. It's a bit like a business highway code. Added to this is the fact that a whole chain of responsibility is being put in place. "Some principals decide to work only with certified subcontractors. So you can imagine the consequences if a company loses its certification.”

Preventeo markets software and user-friendly legal databases. They have opted for a high level of quality, in contrast to models that are all about scoring and colourful dashboards. The most important thing is the realistic action plan that will emerge from the discussions and the fine-tuning of the data, tailored to the context of the company. The regulations may be the same, but depending on the activity, the critical level may be different, so the settings will not be the same. A substance classified as critical level 5 at a customer site may well be classified as critical level 1 elsewhere, or even ignored.

When an incident occurs, it needs to be analysed to prevent it from happening again. The five Ms method and the cause tree are qualitative methods, used today at Preventeo, which help to identify the causes of an incident. But things are starting to move. Jean-Marc Rallo emphasises the great potential of AI. "I think that many of the existing methods used until now to analyse the causes of an incident are going to be called into question. »

AI can now be configured to analyse incident reports and at the same time cross-reference them with elements of context and internal company data. In my opinion, this represents a minor revolution in our sector of activity. Compared with a human expert, AI generates more precise descriptions of the circumstances of the incident and always suggests two or three more elements for the risk manager to consider, which encourages him or her to ask more questions. We are starting to experiment with this approach to incident management with some of our customers. The results are more than encouraging.

With a customer base of major accounts with roots in France, Preventeo is continuing to grow and should soon have around sixty employees. With sales of €7 million today and a target of €10 million in 3 years' time, France remains its main market. Its software is exported via the subsidiaries of its partner clients abroad. England, Romania, Portugal, the United States, China... Long live multilingual functionality, which is far from simple. The company is celebrating its 20th anniversary this year. The anniversary also marks an equally long fruitful partnership with the Ecole des Mines, which has been supporting the company with R&D consultancy since the start of the adventure. They really are extremely involved...