ISO 14001:2015 placed its position on risk management in the Annex (A.6.1.1): “Although risks and opportunities need to be determined and addressed, there is no requirement for formal risk management or a documented risk management process. It is up to the organization to select the method it will use to determine its risks and opportunities. The method may involve a simple qualitative process or a full quantitative assessment depending on the context in which the organization operates.”  However, they neutralized the confusing “risks and opportunities” phrase by defining it (3.2.11) as: “potential adverse effects (threats) and potential beneficial effects (opportunities).” Continue reading →