The new ISO 14001: Risks and opportunities
In their penultimate article for SHP, Greg Roberts and Mike Shaw, Ramboll Environ, explain the risks and opportunities that come with the new ISO 14001, launched in September 2015.
By Greg Roberts and Mike Shaw, Ramboll Environ
The new ISO 14001 standard, published in September last year, is the first update in a decade. As well as offering easier integration between ISO 14001, ISO 9001 and the new OHSAS 18001 replacement, ISO 45001, published this year, it brings with it additional requirements, grouped around five key areas: leadership, strategic context, interested party analysis and communication, risks and opportunities and lifecycle perspective. These changes are designed to increase corporate resilience and competitive advantage and, as such, early transition to the new standard is advocated.
Ramboll Environ Manager Greg Roberts is the UK Expert on the ISO Technical Committee overseeing the development of guidance to ISO 14001. Following an initial overview of the changes and an in-depth look at the first three steps ─ leadership, strategic context and stakeholders ─ he and Mike Shaw, head of Ramboll Environ’s UK health and safety practice, will be examining the remaining two pillars in more detail over the next few months to give senior management teams and health, safety and environmental practitioners a better understanding of these new requirements. This month: risk and opportunities.
Risk management is vital to every organisation in every sector. It is intrinsic to compliance, reputation, growth and profitability and its proper handling within the health, safety and environmental arena can be a major contributor to overall success.
Good health and safety and environmental management systems should already be identifying and mitigating risks to people and the environment. However, the change in the revised ISO 14001 and new 45001 standard means that organisations will now need to widen the scope of this risk process, so that it helps build more robust and resilient management systems too.
Need to know
ISO 14001:2015 and ISO 45001 take a broader view when identifying risks (potential adverse effects) and opportunities (potential beneficial effects), when compared to their predecessors.
Now, organisations not only need to think about the impact they have on the environment and people, but also consider the impact that a changing environment, for example climate change and resource scarcity, will have on them. In addition, organisations will need to consider other internal and external issues that can help or hinder them having successful management systems. These could be related to the organisation’s own internal systems and processes, for example finance or procurement, or external factors such as government policy and incentives. While on the one hand it can be considered more onerous, this broader approach will help organisations better pinpoint the success (or otherwise) of their management systems and their impact on the business as a whole.
Although ISO 45001 is still in development, much is already being learned from organisations implementing or transitioning to the 2015 version of ISO 14001 which will apply equally to the health and safety arena.
Identifying environmental risks and opportunities
Examples of possible risks could be the threat of increasing energy prices due to carbon taxation, making a company uncompetitive – or an organisation being noncompliant with legislation which could lead to a loss of custom due to negative publicity. A risk to the success of the management system could be presented from an organisation’s own financial processes that do not allow easy investment in emerging technologies.
Examples of an opportunity might be an organisation capitalising on energy efficiency measures which cut production costs, leading to an increase in competitiveness – or positive publicity surrounding environmental initiatives which results in new customers. Stakeholder perceptions, financial impact or potential prosecution are all vital and the best systems truly get to the heart of what the business is and what it needs.
ISO 14001:2015 identifies three possible sources that present risks and opportunities to the business 1) environmental aspects, 2) compliance obligations and 3) issues and requirements from the context review. The strategic context and interested parties workshops, outlined in previous articles, along with its aspects and compliance obligations will have given an organisation the knowledge to understand its risks and opportunities.
The vital few
It’s tempting to want to capitalise on or mitigate all possible opportunities and risks identified, but by doing so the most important will lack the attention they require – a risk assessment process is therefore required.
Under ISO 14001: 2015, organisations are free to choose the process used to assess the risks and opportunities that need to be addressed. The standard just requires that there is an approach in place to address risks and opportunities in order to ensure a successful EMS, and that the intended outcomes of the EMS are achieved – with unintended effects either avoided or reduced.
A very workable method can involve a simple qualitative process or a quantitative assessment. Or where possible existing business processes should be investigated and used if possible, for example business enterprise risk management or sustainability materiality assessment.
Putting a plan in place
Once the priority or material risks and opportunities – i.e. those that need to be addressed – have been identified, organisations then need to address the plan at a high level and focus on making the changes needed.
Action can be taken in a variety of ways. It may include establishing environmental objectives or be incorporated into other EMS processes, either individually or in combination, for example operational control procedures. Some actions may be addressed through other management systems, such as those related to occupational health and safety or business continuity, or through other business processes, such as supplier evaluation or competency or training processes. As a result, the organisation is likely to see the EMS filter into other areas of the business which were previously excluded.
With the scope for identifying environmental risks and opportunities widening to now cover the effects on the organisation and its management systems, the revised ISO 14001 and eventually ISO 45001 standard brings with it the potential to add extra value to the business. Taking the premise outlined here, companies can effectively and efficiently identify opportunities and mitigate risks to make more informed decisions in the environmental area and help the wider organisation reap the benefits.