The ISO 14001:2015 standard follows a risk-based approach much like the ISO 9001:2015 standard. ISO 14001 has always concentrated on the importance of environmental aspects and how to reduce/control undesirable effects within the Organisation to help control environmental performance. So that begs the question, under the newer ISO 14001:2015 standard, what is an environmental risk?
In short, risks (and their associated opportunities which arise from addressing those risks) could be anything from a legal requirement potentially being overlooked due to not recognising a new requirement or a change in law, or a raw material issue where potentially a critical material used in your processes could be discontinued and you subsequently have to source a less environmentally-friendly material to replace it, or perhaps your preferred local supplier of material goods is no longer trading and the next closest supplier is further away (meaning more fuel usage and mileage). It could be as simple as a change of cleaning company meaning the cleaning products used are no longer environmentally friendly.
The new standard is looking for companies to identify, document and look to address, potential environmental risks within their processes to look to achieve their required Environmental Objectives (such as better waste management, recycling in the office, reduced use of electricity, reduced noise pollution etc), prevent any real-time nasty incidents that could seriously harm the environment (such as fuel leakage, incorrect chemical waste removal, cleaning products being tipped into the wrong drain system) and ultimately achieve the continual improvement of your Environmental Management System.
Emergency plans, responses and Business Continuity Plans also have a place within the risk consideration, including those that may result in an environmental impact (such as a fire at a chemical company. Ultimately the standard is looking for the company to acknowledge the key risks that could occur within their processes and to have a documented action plan to either eliminate, or at least reduce, the impact of that risk happening. It is understood that not all risks can be eliminated entirely, but at least having documented plans in place to try to mitigate the risk as much as possible to ensure the protection of the environment (and the company!) means an understanding of the issues and their significant affects.
The last area to consider in regard to environmental risks is the Management Review Meeting and Internal Audit processes. Risks and opportunities should be reviewed frequently to ensure any new risks are identified as well as current risk actions and opportunities are up to date and still practical for the Organisation. The Management Review Meeting gives the perfect opportunity to discuss risks with Senior Management and document any changes/additions to the system.