{"id":6585,"date":"2016-10-17T18:31:40","date_gmt":"2016-10-17T18:31:40","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/14001academy\/?p=6585"},"modified":"2025-03-07T10:47:11","modified_gmt":"2025-03-07T10:47:11","slug":"should-you-use-a-risk-register-for-the-iso-14001-ems","status":"publish","type":"post","link":"https:\/\/staging.advisera.com\/14001academy\/blog\/2016\/10\/17\/should-you-use-a-risk-register-for-the-iso-14001-ems\/","title":{"rendered":"Should you use a risk register for the ISO 14001 EMS?"},"content":{"rendered":"<p>One of the key elements of the <a href=\"https:\/\/staging.advisera.com\/14001academy\/knowledgebase\/iso-14001-2015-revision\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 14001:2015<\/a> standard involves risk and opportunity. Previously, in the article <a href=\"https:\/\/staging.advisera.com\/14001academy\/knowledgebase\/the-role-of-risk-management-in-the-iso-140012015-standard\/\" target=\"_blank\" rel=\"noopener noreferrer\">The role of risk management in the ISO 14001:2015 standard<\/a>, we considered exactly what the standard prescribes in terms of risk, and how this element has replaced preventive action within the management of an ISO 14001:2015 EMS (Environmental Management System). However, many EMS managers disagree on whether a risk register is mandatory, or even advantageous in the company EMS when seeking certification against <a href=\"https:\/\/staging.advisera.com\/14001academy\/what-is-iso-14001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 14001:2015<\/a>. So, what can we do to clarify this?<\/p>\n<h2>Recording risk \u2013 Why?<\/h2>\n<p>Section 6.1.1 of the ISO 14001:2015 standard deals with addressing <a href=\"https:\/\/staging.advisera.com\/14001academy\/iso-14001-documentation-toolkit\/?rel=environmental-aspects&amp;doc=procedure-for-identification-and-evaluation-of-environmental-aspects-and-risks\" target=\"_blank\" rel=\"noopener\">risk<\/a>\u00a0and opportunity, and while it does not specifically mention a \u201cregister,\u201d it does outline the requirement to maintain \u201cdocumented information\u201d required to address the identified risks and opportunities, and the processes needed to ensure that this element can be executed successfully. So, clearly, while a formal risk register is not mandatory, the EMS manager or administrator must decide how to record the risk-related actions and outcomes that the organization undertakes to ensure that proof is available for the auditor at the certification audit. In light of this requirement, what are the best options?<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2>The risk register in your EMS<\/h2>\n<p>A risk register still stands as an efficient and reasonable way to record the inputs and outputs from a company\u2019s risk process. Let us consider what should be captured here if your organization decides to use a risk register in its <a href=\"https:\/\/staging.advisera.com\/14001academy\/iso-14001-documentation-toolkit\/?rel=policy-and-manual&amp;doc=environmental-manual\" target=\"_blank\" rel=\"noopener\">EMS<\/a>:<\/p>\n<ul>\n<li>Date of the definition of risk<\/li>\n<li>Source of the definition of risk \u2013 This is critical given the leadership requirements in the ISO 14001:2015 standard. Ideas and input for risk assessment can come from any level of the organization, but due to the requirement for increased involvement from top management, it is vital that the organizational leaders play their part in the risk identification process. For more details, see the article <a href=\"https:\/\/staging.advisera.com\/14001academy\/blog\/2015\/10\/05\/how-to-demonstrate-leadership-according-to-iso-140012015\/\">How to demonstrate leadership according to ISO 14001:2015<\/a>.<\/li>\n<li>Brief description of the risk<\/li>\n<li>Responsibility for action<\/li>\n<li>Timeline predicted for closure<\/li>\n<li>Status \u2013 that is, whether the issue is open or closed<\/li>\n<\/ul>\n<p>Again, more details can be kept on the formal risk assessment document itself, which will normally be developed to outline specific details and keep track of multiple external and internal actions that may be required to record the history and closure of an identified risk. While the elements described for an EMS risk register above are again not mandatory against the 14001:2015 standard, they are sensible as a record of your organization\u2019s EMS risk identification and action and will help to satisfy the certification process that \u201cdocumented information\u201d has been maintained. So, are there any other options that can be used to record risk?<\/p>\n<h2>Recording risk \u2013 Other options<\/h2>\n<p>Many organizations choose not to use a risk register and may use various methods of recording risk to meet the terms of the standard. Let\u2019s examine one alternative method of recording risk:<\/p>\n<ul>\n<li>Record \u201crisk-based discussions\u201d in board or top management meeting minutes, with any topics deemed necessary for formal risk assessment passed onto the EMS team for execution.<\/li>\n<li>The EMS team records the receipt of these topics and delegation for responsibility in the minutes of its regular meetings.<\/li>\n<li>A formal \u201crisk assessment\u201d with details of action, links to any associated corrective actions, and so forth are outlined in the EMS.<\/li>\n<li>The top team reviews these risk assessments and outcomes and records any feedback or further actions in the regular meeting minutes, and critically \u2013 in the management review minutes.<\/li>\n<\/ul>\n<p>While this method may not seem so clean, it clearly provides an auditable history of the organization\u2019s attitude and action towards environmental risk, and critically, also demonstrates that there is leadership and <a href=\"https:\/\/staging.advisera.com\/14001academy\/iso-14001-documentation-toolkit\/?rel=management-review&amp;doc=management-review-minutes\" target=\"_blank\" rel=\"noopener\">top management<\/a> involvement in the risk process in a way that the risk register immediately does not.<\/p>\n<h2>Which method is best for your EMS?<\/h2>\n<p>As with all non-mandatory elements of the EMS, your organization will have to evaluate the advantages and disadvantages and decide for itself. The risk register can provide a focal point for your risk-based discussions and outcomes, but more informal methods can provide more information and also provide proof of other mandatory elements of the ISO 14001:2015 standard, like leadership commitment, for example. Whatever you choose, make sure that you take care of the details \u2013 this will help ensure that your risk process is effective and compliant when your certification audit date comes around.<\/p>\n<p><em>To comply with all ISO 14001 requirements, use this helpful<\/em> <a href=\"https:\/\/staging.advisera.com\/14001academy\/iso-14001-premium-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener\">ISO 14001 Premium Documentation Toolkit<\/a> <em>that provides all EMS documents.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the key elements of the ISO 14001:2015 standard involves risk and opportunity. Previously, in the article The role of risk management in the ISO 14001:2015 standard, we considered exactly what the standard prescribes in terms of risk, and how this element has replaced preventive action within the management of an ISO 14001:2015 EMS &#8230;<\/p>\n","protected":false},"author":29,"featured_media":6586,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[76,64,65,338,62],"class_list":["post-6585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-ems","tag-iso-140012015","tag-leadership","tag-risk-register","tag-top-management"],"acf":[],"_links":{"self":[{"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/posts\/6585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/comments?post=6585"}],"version-history":[{"count":2,"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/posts\/6585\/revisions"}],"predecessor-version":[{"id":32936,"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/posts\/6585\/revisions\/32936"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/media\/6586"}],"wp:attachment":[{"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/media?parent=6585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/categories?post=6585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.advisera.com\/14001academy\/wp-json\/wp\/v2\/tags?post=6585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}