Risks and opportunities in ISO 14001:2015 – What they are and why they are important
The year 2015 saw the release of ISO 14001:2015, the standard that guides organizations on effective management of their EMS (Environmental Management System) with the end goal of environmental protection and preservation. Previously, in the article 12 Steps to make the transition from ISO 14001:2004 to the 2015 revision, we looked at the steps you should consider to transition smoothly, but one of the key changes between the two standards is the element of “risk and opportunity” and the effect that this can have on your EMS performance. The “risk and opportunity” element effectively replaces the old preventive action process, so what do we need to know to ensure we meet the terms of the standard and, just as importantly, we use “risk and opportunity” to maintain and improve our environmental performance?
Risk & opportunity: What do we have to do?
The standard suggests that the risks and opportunities should be considered in terms of the following elements:
- The compliance obligations you will have identified as relevant to your EMS and business
- The environmental aspects you have identified for your EMS
- The stakeholders and interested parties identified when you considered the scope and context of the organization on establishment and review of your EMS
These are all laid out with the aim of ensuring the EMS can meet its intended expectations, reducing the risk of any external conditions affecting the EMS, and ensuring continual improvement is seen and that any emergency situations are assessed and action taken to address them. So, now that we have an idea of what the “risk and opportunity” element is designed to address, how do we best go about this?
Risk and opportunity: Practical application
The ISO 31000 standard deals with the principles of risk management and obviously, if you are familiar with this, then it will prove to be of assistance, but let us look at how we can practically address risk and the resulting opportunity specifically within our EMS and the 14001:2015 standard itself:
- The standard now requires that documented information shall be kept of the risks and opportunities and the processes required to ensure that the process meets expectations; therefore, it may be good practice to create a formal Risk Register within the EMS where identification, discussion, actions, outcome, and monitoring can all be listed and results clearly evaluated.
- Ensure there is both leadership commitment and employee involvement. Both parties may well have unique views of what constitutes environmental risk within the business, so ensure both are sought and considered and that the communication channel up and down exists. You can read more about leadership requirements in the article How to demonstrate leadership according to ISO 14001:2015.
- Consider establishing a “risk and opportunity” forum or monthly meeting. Given that businesses change swiftly, it is important that focus is kept on the environmental risk and the resulting action required to mitigate that risk. Document the outcome as suggested above.
- Remember the “opportunity” element and give it due importance. Every risk presents an opportunity to improve and, in effect, if you can mitigate a risk before it turns into an incident, then you will guarantee continual improvement for the EMS.
- Ensure your monitoring, measuring, analysis, and evaluation are accurate and frequent. This process forms the basis for assigning values to the effectiveness of your risk and opportunity process and can provide you with the foundation for improving future performance.
So, is there anything else we need to pay attention to?
Making your process work for you
Assessing risk and opportunity within an EMS is of crucial importance, with prevention being better than cure in environmental terms, where there is often no way of repairing the damage an incident does after occurrence. Having a team that is focused on risk and prevention can go a long way towards mitigating environmental risk, but only supported by the correct processes within the EMS. Ensure compliance terms are always met and a great portion of risk will be reduced. Ensure that all risk assessments are recorded, actioned, measured, and improvement action taken. Make risk and opportunity a staple of the mindset of the team. A team that is focused on risk and opportunity is a team that can preside over continual improvement, and that result will be of benefit to your organization and the EMS.
To ensure that you meet the standard’s requirements, visit our ISO 14001:2015 Internal Auditor online course.