Risk and opportunities

• Risks and opportunities in ISO 14001 – A change of perspective
• Determining risks and opportunities
• Intended results – the minimum
• Risks and opportunities in context
• Measures for dealing with risks and opportunities in ISO 14001
• Risk assessment using a risk matrix – an example
• For each identified risk, an adequate opportunity?
• Conclusion: Opportunities and Risks in ISO 14001

Risks and Opportunities in ISO 14001 – A Change of Perspective

For a long time, the view of business risk was limited to a financial comparison of results. Today, there is consensus that companies of different types and sizes are subject to manifold internal and external factors and influences – the standard speaks of “issues”. Structural and cyclical changes in the business environment, as well as new market entrants, lead to uncertainty as to whether and when the organization will achieve its goals.

The effect of this uncertainty on corporate goals, monetary or otherwise, can be described as “risk.” This way of looking at things also made its way into environmental management with the revision of the standard in 2015 (Chapter 6 “Planning”).

ISO 14001:2015 – Environmental management systems –
Requirements with guidance for use. The standard is available from the ISO website.

The terms “risks and opportunities” are defined in chapter 3.2.11:

Risks = potentially unfavorable impacts (threats)
Opportunities = potentially favorable impacts (opportunities).

The risk-based approach in ISO 14001 concretizes the earlier requirements on preventive measures. However, the core, prevention and avoidance, remains the same. Management can effectively manage risks and opportunities by integrating environmental management into business processes and their strategic direction and decision making.

Determine risks and opportunities

The risk-based approach, analogous to ISO 9001, is one of the main components of the planning phase (PDCA cycle) and thus a key approach in environmental management. It is a systematic extension of thinking in terms of corrective and preventive actions and provides companies with new ways of looking at the future: What if?

The overarching purpose of the processes required by ISO 14001, Chapter 6.1.1 is to ensure that the company is able to:

• Achieve the intended results of the environmental management system (EMS)
• Prevent or reduce undesirable impacts
• Achieving continuous improvement

ISO 14001 – Sustainable Environmental Management

Certified environmental management system in accordance with recognized standard ★ Improve environmental performance and minimize risks Responsible and sustainable operations ★

To state it up front: It is not the purpose of the ISO standard to add corresponding opportunities and risks for all in-house procedural instructions. Rather, the determination is about whether the company’s “intended result” can be achieved by implementing the environmental management system. Or: What factors can occur so that this result does not come about?

Intended results – This is the minimum

The intended results of an environmental management system include as a minimum result:

1. Improvement of environmental performance
2. Fulfillment of binding commitments
3. Achievement of environmental objectives

Typically, however, the organization specifies additional intended results beyond these. For example, it may be committed to social and environmental principles. Understanding the context of the organization plays a very important role. No company floats in a “vacuum.” It is always influenced by external and internal issues, such as changing market demands, the availability of resources, or employee participation. Not to be forgotten are investors who, as providers of capital, want to see their involvement appropriately recognized.

Risks and opportunities in context

It quickly becomes clear that various interested parties may have a variety of requirements and expectations of the company. However, not every expectation is relevant to the environmental management system. Therefore, the next step for the organization is to filter out the relevant needs and expectations (i.e., requirements) of the interested parties and then determine which of these will become binding obligations for them. These can be, for example, agreements of all kinds with customers, associations or community groups, but also codes of conduct, industry standards or organizational requirements, etc.

In connection with the identification of binding obligations, this contextual understanding is the prerequisite for being able to define the scope of the environmental management system (EMS). The scope indicates the spatial and organizational boundaries of the environmental management system, so that it goes far beyond the area of activity (scope) of a company. The scope is described, for example, on the certificate. The two should not be confused with each other.

The definition of the scope includes:

• External and internal issues
• Binding obligations
• Organizational units, functions and physical boundaries
• Activities, products and services
• Authority and ability to exercise control and
• Influence (= outsourced processes)

Measures for dealing with risks and opportunities in ISO 14001

According to ISO 14001, opportunities and risks must be identified for the following areas so that intended results can be achieved, undesirable effects can be countered, and continuous improvement can be achieved:

• External and internal issues (4.1)
• Expectations of relevant interested parties (4.2)
• Significant environmental aspects (6.1.2)
• Binding commitments (6.1.3)

These are minimum requirements. The company is free to include other fields of consideration. According to ISO 14001 (6.1.1), the organization shall establish, implement and maintain processes to determine the risks and opportunities. These processes should ensure that the environmental management system can achieve its intended results and that undesirable effects are prevented or reduced. This includes external environmental conditions that affect the business.

For example, access roads may become impassable due to flood-like inundation or tree breakage because of local hurricanes. What would the scenario look like if this made it impossible to remove IBCs (intermediate bulk containers) containing production sludge? Or if the storage capacity at the plant were exhausted? In addition, another problem arises in many cases: The determination of environmental aspects in emergency situations. According to the requirements in Chapter 6.1.2, conditions that are not intended and reasonably foreseeable emergency situations must also be assessed.

Risk assessment using a risk matrix – an example

A logistics company answers the question about potentially leaking fuel or engine oil by saying that all drivers are absorbent in their vehicles and are trained accordingly. But how should the situation be assessed at weekends? The truck fleet is parked on normal interlocking pavement, which is crisscrossed by rain gutters including collection manholes. The main collector empties into the local sewer system at the property line. However, there are no gate valves or oil separators. In this respect, a foreseeable emergency would be a fuel or engine oil spill over the weekend. A sample risk assessment using a risk matrix may look like the following:

Risk identification the unimpeded discharge of fuel or engine oil into the combined sewer system.

Risk analysis the probability of occurrence is low due to regular maintenance intervals of the trucks. The extent of damage to the environment is high. Especially because the municipal sewage treatment plant is quite close (short flow paths) and no buffering can be done there.

Risk assessment the risk lies in the yellow, medium limit range and is thus not tolerable.

Risk management Reduction of the extent of damage through a combination of organizational measures (plant security checks for leaks under the vehicles) and technical measures (installation of a liquid separator or box in the parking lot with collection equipment and cover mats).

Monitoring and review Training/sensitization of logistics staff and security guards incl. inclusion in the next emergency drill, recurring inspections of the separator.

The example shows how environmental aspects can be evaluated for emergency response. A positive side effect in this company is that the parking lot was cleaned of old contamination for better leak detection. From now on, all employees meticulously ensure that this remains the case. In this respect, this procedure is in line with the requirements for planning measures. Accordingly, measures must be planned for dealing with significant environmental aspects, binding commitments, and risks and opportunities as identified in ISO 14001 Chapter 6.1.1.

For each identified risk, an adequate opportunity?

As described, opportunities and risks must be identified for binding commitments. Binding commitments extend not only to applicable laws and regulations, but also to voluntary commitments such as organizational and industry standards, contractual relationships, or agreements with environmental organizations. The risk of non-compliance with unknown requirements due to an inappropriate system is quickly identified. But what is the opportunity? Comprehensive screening, like a 360-degree radar, could identify changes as early as the draft stage and identify potential impacts on the company at an early stage.

 Conclusion: Opportunities and risks in ISO14001

ISO 14001 provides companies with a systematic framework to protect the environment and respond to changing environmental conditions. The risk-based approach has been of great importance since the 2015 revision: it helps to identify new fields of action. However, it is up to the companies themselves to decide which system to use. It is important that the assessment criteria are objectively comprehensible so that the risk classification (high, medium, low) remains transparent.