Auditing the new ISO 14001:2015: Environment Impacts does not equal Risk
In recent transition audits, there has been one common misconception that I have seen repeated, and that is that environmental impacts are risks. This is not correct. Environmental impacts do not equal risk.
Let’s start with the definition of environmental impact from the ISO 14001:2015 standard.
“3.2.4 – environmental impact: change to the environment, whether adverse or beneficial, wholly or partially resulting from an organization’s environmental aspects.”
An example of an issue from the appendix to ISO 14001:2015:
“environmental conditions related to climate, air quality, water quality, land use, existing contamination, natural resource availability and biodiversity, that can either affect the organization’s purpose, or be affected by its environmental aspects”
These two terms are very similar. So, we can say that an environmental impact is an example of an issue that affects the environment. But this is still not a risk.
The definition of risk from the ISO 14001:2015 standard is:
“3.2.10 – risk: effect of uncertainty”
We must take all the issues, as well as compliance obligations (which are identified from the relevant interested parties) and determine if they are sufficiently controlled through the processes within the Environmental Management System (EMS). The uncertainty, otherwise known as risk, lies where there are gaps in the EMS.
Once an organization understands it’s gaps, then it can identify the severity of the potential threat or opportunity (remember there are positive risks) and the likelihood of it happening. Finally, the organization needs to decide what actions need to be taken to address these identified risks.
In summation, an environmental impact may or may not be a risk, depending on the level of control that is established through the EMS. It should not be a direct assumption that an environmental impact is automatically a risk.