ISO 14001:2015 placed its position on risk management in the Annex (A.6.1.1): “Although risks and opportunities need to be determined and addressed, there is no requirement for formal risk management or a documented risk management process. It is up to the organization to select the method it will use to determine its risks and opportunities. The method may involve a simple qualitative process or a full quantitative assessment depending on the context in which the organization operates.” However, they neutralized the confusing “risks and opportunities” phrase by defining it (3.2.11) as: “potential adverse effects (threats) and potential beneficial effects (opportunities).”
Both ISO 31000:2018 and COSO Enterprise Risk Management (2017) address the business context – “The organization considers potential effects (positive and negative) of business context on risk profile.” These risk management standards also identify key external and internal stakeholders, and seek to understand how they understand the needs and expectations of those stakeholders.” However, the basis for conducting scans of the organizations internal and external operating environment are mentioned in A.4.1 and A.4.2. So, we are off to a good start!
Actions to Address Potential Adverse Effects and Potential Beneficial Effects (A.6.1.1)
“The overall intent of the process(es) established in 6.1.1 is to ensure that the organization is able to achieve the intended outcomes of its environmental management system, to prevent or reduce undesired effects, and to achieve continual improvement. The organization can ensure this by determining its potential adverse effects (threats)l and potential beneficial effects (opportunities).”
Significant Environmental Aspects (A.6.1.2)
“A significant environmental aspect can result in one or more significant environmental impacts and can therefore result in (risks and opportunities) potential adverse effects (threats) and potential beneficial effects (opportunities) that need to be addressed to ensure the organization can achieve the intended outcomes of its environmental management system.”
Compliance Obligations (A.6.1.3)
“Compliance obligations can result in potential adverse effects (threats) and potential beneficial effects (opportunities) to the organization. Compliance obligations also include stakeholder requirements related to its environmental management system which the organization has to or chooses to comply with.”
Planning Actions (A.6.1.4)
“The organization plans, at a high level, the actions that have to be taken within the environmental management system to address ist significant environmental aspects, its compliance obligations, and the potential adverse effects (threats) and potential beneficial effects (opportunities) identified in 6.2.2 that are a priority for the organization to achieve the intended outcomes of its environmental management system”- in an uncertain world.
The Case for Risk Management (A.6.1.4)
The actions planned may include establishing environmental objectives (6.2), or may be incorporated into other environmental management system processes, either individually or in combination or through other business processes related to RISK, financial or human resource management.”
Environmental Risk Management[i]
By keeping track of opportunities and threats by the standard clause numbers, you can blow the dust off the risk management standard of your choice and start investigating the controls that can be used in your operational planning and control measures (8.1). You might even want to take some time to read the Terms Related to Planning and the Annex in your copy of ISO 14001:2015.
[i] Standards of Australia (2006). Environmental Risk Management: Principles and Purposes. HB 203:2006.
Bio:
Robert B. Pojasek, Ph.D.
Harvard University & Pojasek & Associates LLC
Risk Management & Organizational Sustainability
rpojasek@sprynet.com
(781) 777-1858 Office
(617) 401-5708 Mobile & Text
www.linkedin.com/in/bobpojasek
Organizational Risk Management and Sustainability:
A Practical Step-by-Step Guide
Now available as an e-book
http://tiny.cc/xz3fhy
Also available as an online action learning course
Expert as environment, health & safety, and sustainability professional with a record of providing leadership, training and operational support to all levels of the organization; Implements new and revised management systems to drive EHS/sustainability program conformance throughout the operation; Integrates organizational systems of management using the ISO harmonized high-level structure; Provides support for organizations implementing sustainability/risk management practices featured in my book.