ISO 14001:2015 Environmental Management System Standard: Addressing Risk and Opportunity


In September 2015, the International Organization for Standardization published an updated version of the ISO 14001 environmental management system (EMS) standard. The revised standard (ISO 14001:2015) requires that current certificate holders transition to the requirements of the new standard over a three year period.  The transition period will end in September 2018, meaning that the ISO 14001:2004 standard will cease to exist after September of 2018. 
While the new standard emphasizes many of the core themes from the ISO 14001:2004 standard, it incorporates a new organizational structure (i.e., Annex SL) to facilitate development and implementation of integrated management systems, and introduces new themes that address sustainability considerations as well as integration of the EMS into an entity's business processes. This article addresses how risks and opportunities are integrated into an effective EMS.

Requirements to Address Risk and Opportunity

How does the ISO 14001:2015 standard specifically address risks and opportunities? There is relevant language in several clauses of the standard and associated guidance in the Annex that addresses these new provisions.  These areas are discussed below, with insight into why they may be challenging.

ISO 14001:2015 clauses that address risk and opportunity

Actions to Address Risks and Opportunities
These clauses underscore the need to determine risks and opportunities related to environmental aspects, compliance obligations, and other issues and requirements. While most entities already address risk (i.e., threats) through its process to identify aspects/impacts and to determine significant aspects, identifying opportunities (i.e., beneficial effects) is not commonplace and can be more elusive.1 Compliance obligations can result in risks and opportunities to an organization, and identified risks and opportunities affect planning actions as well. The standard emphasizes that a formal risk assessment is not required for conformance and whether the organization can exert control or influence as one basis for addressing risks and opportunities.

Environmental Objectives
The standard requires that an organization establish environmental objectives based on significant environmental aspects, compliance obligations, and considering its risks and opportunities. Objectives can be designed to mitigate an undesirable impact (e.g., reduce emissions) or to leverage a desirable outcome (e.g., increase use of renewable energy) and are established so that the organization can achieve the intended outcomes for the EMS. Companies may already be addressing this to some degree, although predicated on adverse impacts and/or potential compliance issues.

Management Review
The management review is an integral part of reviewing the suitability, adequacy, and effectiveness of the EMS. Reviewing changes in risks and opportunities is a new and essential component of the EMS that needs to be considered during the management review.

Annex to the Standard - Actions to Address Risks and Opportunities
This Annex emphasizes the importance of determining an organization's risks and opportunities and planning action to address them. These can apply to environmental aspects, with adverse or beneficial environmental impacts; compliance obligations, by failing to comply or performing beyond compliance; or other issues, to address the needs and expectations of interested parties that may affect the ability to achieve intended outcomes of the EMS.

Annex to the Standard - Operational Planning and Control
The type and extent of operational control(s) depends on the operations themselves, as well as significant environmental aspects, compliance obligations, and risks and opportunities. This applies to an organization's own operations, as well as business processes intended to control or influence outsourced processes or providers of products and services.

How to Assess Risk and Opportunity

How does an organization take risk and opportunity into consideration given that EHS management tends to focus on mitigating or eliminating threats? Consider thinking about risk vs. opportunity as one would change mindset from a “glass half empty” to a “glass half full.” Opportunity is the flip side of risk, where one considers both positive and negative outcomes. Considering both risks and opportunities necessitates taking an enterprise risk view, where EHS risks are integral to traditional business risks.2 Consider an oil and gas or mining company that prospects for oil and gas or ore. These companies take risks to identify natural resources, which requires investment and consumes company resources. But by doing so, the company identifies a potential opportunity to produce the resource, generate revenue and (with a sustainability hat on) improve the local economy, infrastructure, and lifestyles within which the new asset is operating. 
This concept is illustrated in the graphic below, where one pursues a balance between risk and opportunity.

Assessing risk and opportunity 
In fact, when a company is assessing its aspects/impacts, it is possible to identify relevant opportunities associated with traditional environmental risks and take these into consideration in determining significant aspects and associated environmental objectives. In some cases this may require no more than a change in mindset. A sampling of these is provided in the table below.

Sample of risks and opportunities

Risk Example
Typically companies/facilities certified to the ISO 14001:2004 standard utilize a methodology to rank the significance of their environmental aspects. Such is necessary to select and justify those aspects that are most significant as one basis for establishing environmental objectives. A few simple examples are illustrated in the table below.

Examples of ranking environmental aspects

Opportunity Example
Under the 2004 standard, consideration of opportunities was not a requirement. To address this new requirement, it is necessary to look at the “flip side of risk” and consider the beneficial consequences of environmental aspects. A few simple examples are illustrated in the table below.

Examples of opportunity ranking


These opportunity examples repeat those in the risk table by transforming threats into beneficial outcomes. The latter set of examples reflect taking a “glass half full” perspective. Note that the final item in each table has essentially the same outcome; it represents a low risk and beneficial outcome.


Managing Change

Why is change management crucial to addressing risks and opportunities in an EMS? Risk and opportunity is explicitly addressed through the Clauses in 6.1 and by reference (to Clause 6.1) within Clause 8.1, Operational Planning and Control. Lack of change management can be a root cause of many environmental incidents where the change can have a “domino effect” with unwanted implications. An effective EMS allows a facility or an organization to operate at an acceptable level of risk and improve aspects of operation based on system performance and feedback.

Whether risk or opportunity based, managing change provides greater assurance that the objectives of the intended change are achieved. For example, if one is substantially updating a facility's emergency response plan, it would be essential to provide orientation and training to all affected employees and contractors, and even emergency responders from the community. Otherwise, the appropriate response procedures to mitigate an immediate threat or risk may not be effectively implemented. In another example, should a company develop a means to convert a hazardous waste into a viable feedstock, lack of change management (e.g., process/ procedure, training) could result in continued disposal of the waste instead of its use as a beneficial feedstock.

As a component of normal business practice, all changes (i.e., these can include processes, procedures, personnel, equipment, materials, suppliers, assets, etc.) should be reviewed. Changes with higher environmental risks (i.e., potential for larger environmental or business impacts) should be reviewed in greater detail. Change management should be implemented as part of normal business practices to perform environmental screening of all business and operational changes.



The new EMS standard incorporates several new themes, including consideration of risks and opportunities in addressing aspects and impacts, compliance obligations, and operations. This requires a change in mindset to look beyond undesirable outcomes to potentially desirable outcomes. While many companies already address risk with respect to identifying their significant aspects, setting objectives, and effecting operational control, they need to incorporate explicit consideration of potential opportunities that may be beneficial to effective environmental management and improved performance. Change management is key to ensure achievement of proposed changes, both to mitigate undesirable impacts and to perpetuate and enhance desirable opportunities. For further information, please contact John Fillo, Principal Consultant, at (724) 996-1946 or


 1 Determining risks and opportunities can be addressed through existing aspects/impacts and compliance obligations processes, or as a separate process, potentially linked to a company's enterprise risk process.

2  See Improving Corporate Performance through Effective Management of EHS Business Risk