Since its publication in 1996, more than 310,000 companies worldwide have established and had certified an environmental management system in accordance with ISO 14001. The increasing acceptance and popularity is evidence that companies of all types and sizes can benefit from the positive impetus of this international standard. The 2015 revision also gave the environmental standard broad scope for dealing with risks and opportunities. However, there are no requirements for formal risk management in this process. The organization determines its own method for determining its risks and opportunities. A simple qualitative process is possible, as is a full quantitative assessment.


Risks and Opportunities in ISO 14001 - A Change of Perspective

For a long time, the view of business risk was limited to a financial comparison of results. Today, there is general consensus that companies of different types and sizes are subject to manifold internal and external factors and influences - the standard speaks of "issues". Structural and cyclical changes in the business environment, as well as new market entrants, lead to uncertainty as to whether and when the organization will achieve its goals.

The effect of this uncertainty on corporate goals, monetary or otherwise, can be described as "risk." This way of looking at things also made its way into environmental management with the revision of the standard in 2015 (Chapter 6 "Planning").

ISO 14001:2015 - Environmental management systems -Requirements with guidance for use. The standard is available from the ISO website.

The terms "risks and opportunities" are defined in chapter 3.2.11:

Risks = potentially unfavorable impacts (threats)Opportunities = potentially favorable impacts (opportunities).

The risk-based approach in ISO 14001 concretizes the earlier requirements on preventive measures. However, the core, prevention and avoidance, remains the same. Management can effectively manage risks and opportunities by integrating environmental management into business processes and their strategic direction and decision making.

Determine risks and opportunities

The risk-based approach, analogous to ISO 9001, is one of the main components of the planning phase (PDCA cycle) and thus a key approach in environmental management. It is a systematic extension of thinking in terms of corrective and preventive actions and provides companies with new ways of looking at the future: What if?

The overarching purpose of the processes required by ISO 14001, Chapter 6.1.1 is to ensure that the company is able to:

  • Achieve the intended results of the environmental management system (EMS)
  • Prevent or reduce undesirable impacts
  • Achieve continuous improvement

ISO 14001 - Sustainable Environmental Management

Certified environmental management system in accordance with recognized standard ★ Improve environmental performance and minimize risks Responsible and sustainable operations ★

To state it up front: It is not the purpose of the ISO standard to add corresponding opportunities and risks for all in-house procedural instructions. Rather, the determination is about whether the company's "intended result" can be achieved by implementing the environmental management system. Or: What factors can occur so that this result does not come about?

Intended results - This is the minimum

The intended results of an environmental management system include as a minimum result:

  1. Improvement of environmental performance
  2. Fulfillment of binding commitments
  3. Achievement of environmental objectives

Typically, however, the organization specifies additional intended results beyond these. For example, it may commit to social and environmental principles. Understanding the context of the organization plays a very important role. No company floats in a "vacuum." It is always influenced by external and internal issues, such as changing market demands, the availability of resources, or employee participation. Not to be forgotten are investors who, as providers of capital, want to see their involvement appropriately recognized.

Risks and opportunities in context

It quickly becomes clear that various interested parties may have a variety of requirements and expectations of the company. However, not every expectation is relevant to the environmental management system. Therefore, the next step for the organization is to filter out the relevant needs and expectations (i.e., requirements) of the interested parties and then determine which of these will become binding obligations for them. These can be, for example, agreements of all kinds with customers, associations or community groups, but also codes of conduct, industry standards or organizational requirements, etc.

In connection with the identification of binding obligations, this contextual understanding is the prerequisite for being able to define the scope of the environmental management system (EMS). The scope indicates the spatial and organizational boundaries of the environmental management system, so that it goes far beyond the area of activity (scope) of a company. The scope is described, for example, on the certificate. The two should not be confused with each other.

The definition of the scope includes:

  • External and internal issues
  • Binding obligations
  • Organizational units, functions and physical boundaries
  • Activities, products and services
  • Authority and ability to exercise control and
  • Influence (= outsourced processes)

Measures for dealing with risks and opportunities in ISO 14001

According to ISO 14001, opportunities and risks must be identified for the following areas so that intended results can be achieved, undesirable effects can be countered, and continuous improvement can be achieved:

  • External and internal issues (4.1)
  • Expectations of relevant interested parties (4.2)
  • Significant environmental aspects (6.1.2)
  • Binding commitments (6.1.3)

These are minimum requirements. The company is free to include other fields of consideration. According to ISO 14001 (6.1.1), the organization shall establish, implement and maintain processes to determine the risks and opportunities. These processes shall ensure that the environmental management system can achieve its intended results and that undesirable effects are prevented or reduced. This includes external environmental conditions that affect the business.

For example, access roads may become impassable due to flood-like inundation or tree breakage as a result of local hurricanes. What would the scenario look like if this made it impossible to remove IBCs (intermediate bulk containers) containing production sludge? Or if the storage capacity at the plant were exhausted? In addition, another problem arises in many cases: The determination of environmental aspects in emergency situations. According to the requirements in Chapter 6.1.2, conditions that are not intended and reasonably foreseeable emergency situations must also be assessed.

Risk assessment using a risk matrix - an example

A logistics company answers the question about potentially leaking fuel or engine oil by saying that all drivers have absorbents in their vehicles and are trained accordingly. But how should the situation be assessed on weekends? The truck fleet is parked on normal interlocking pavement, which is crisscrossed by rain gutters including collection manholes. The main collector empties into the local sewer system at the property line. However, there are no gate valves or oil separators. In this respect, a foreseeable emergency situation would be a fuel or engine oil spill over the weekend. A sample risk assessment using a risk matrix may look like the following:

Risk identification The unimpeded discharge of fuel or engine oil into the combined sewer system.

Risk analysis The probability of occurrence is low due to regular maintenance intervals of the trucks. The extent of damage to the environment is high. Especially because the municipal sewage treatment plant is quite close (short flow paths) and no buffering can be done there.

Risk assessment The risk lies in the yellow, medium limit range and is thus not tolerable.

Risk management Reduction of the extent of damage through a combination of organizational measures (plant security checks for leaks under the vehicles) and technical measures (installation of a liquid separator or box in the parking lot with collection equipment and cover mats).

Monitoring and review Training/sensitization of logistics staff and security guards incl. inclusion in the next emergency drill, recurring inspections of the separator.

The example shows how environmental aspects can be evaluated for emergency response. A positive side effect in this company is that the parking lot was cleaned of old contamination for better leak detection. From now on, all employees meticulously ensure that this remains the case. In this respect, this procedure is in line with the requirements for planning measures. Accordingly, measures must be planned for dealing with significant environmental aspects, binding commitments, and risks and opportunities as identified in ISO 14001 Chapter 6.1.1.

For each identified risk, an adequate opportunity?

As described, opportunities and risks must be identified for binding commitments. Binding commitments extend not only to applicable laws and regulations, but also to voluntary commitments such as organizational and industry standards, contractual relationships, or agreements with environmental organizations. The risk of non-compliance with unknown requirements due to an inappropriate system is quickly identified. But what is the opportunity? Comprehensive screening, like a 360-degree radar, could identify changes as early as the draft stage and identify potential impacts on the company at an early stage.

Conclusion: Opportunities and risks in ISO14001

ISO 14001 provides companies with a systematic framework to protect the environment and respond to changing environmental conditions. The risk-based approach has been of great importance since the 2015 revision: it helps to identify new fields of action. However, it is up to the companies themselves to decide which system to use. It is important that the assessment criteria are objectively comprehensible so that the risk classification (high, medium, low) remains transparent.

audits-dqs-audit wuerfel nebeneinander auf tisch

Certification according to ISO 14001

What effort do you have to reckon with to have your management system certified according to ISO 14001? Find out free of charge and without obligation.

In many companies there are different levels of risk assessment. The risks and opportunities from the context determination follow more the strategic approach, while on the operational level more the risks and opportunities for defined environmental processes are determined. Ideally, care should be taken to ensure that the levels of consideration can be linked with each other in order to provide an overall corporate picture and to be able to identify interfaces/interactions. As a result, strategies can be derived in response to seriously changing environmental conditions, such as drought, low water, severe weather events, or market and customer behavior.

DQS - Simply leveraging Quality.

Today, economic success and environmental protection are equally important corporate goals for successful companies. Systematic, professional environmental management in accordance with the internationally recognized ISO 14001 standard helps them to sustainably pursue their goals and continuously improve their operational environmental performance.

Our more than 20 years of experience with ISO 14001 - DQS received its accreditation with the first publication of ISO 14001 in 1996 - make us your competent partner in certification.

Expertise and Trust

Please note: Our articles are written exclusively by our in-house experts for management systems and auditors of many years. If you have any questions for our authors about the content, please contact us. We look forward to talking to you.

Robert Bernacik

Expert for environmental protection and occupational safety, trained specialist for occupational safety of the German Verwaltungs-Berufsgenossenschaft (VBG) and long-standing DQS auditor for quality, environmental protection, occupational safety, and energy management.

After studying environmental engineering, Robert Bernacik completed postgraduate studies in economics and graduated in 2002 with a degree in life cycle assessment. Afterwards, he dedicated himself to the topic of the ecological advantages of beverage packaging for the Deutsche Mineralbrunnen entity, among others. As a representative of DQS, he helped shape ISO 14001:2015 in the National Standards Committee on Basic Environmental Protection (NAGUS) and was a member of the German DIN standards committee for the revision of ISO 45001. Today, Robert Bernacik works as a freelancer in consulting, training and auditing in environmental protection and occupational safety.


Relevant articles and events

You may also be interested in this
revision-iso-14001-dqs-offshore wind turbine with clouds blue sky and sea

No revision of ISO 14001 in sight for the time being

umwelt-header-blog-dqs-mit gruenen pflanzen bepflanzte treppe bestehend aus weissen steinen

Scope in ISO 14001 - What does the standard require?

umwelt-header-blog-dqs-mit gruenen pflanzen bepflanzte treppe bestehend aus weissen steinen

Improving environmental performance - What does the standard require?