2 minute read
4 Risk and opportunity management
4.1 Risk and opportunity management strategy
[Organization Name]’s strategy with respect to the high-level management of risk and opportunity is to broadly adopt the principles of the ISO31000 standard (Risk management –principles and guidelines) so that risk and opportunity management:
Creates and protects value Is an integral part of all organizational processes Is part of decision-making Explicitly addresses uncertainty Is systematic, structured and timely Is based on the best available information Is tailored Takes human and cultural factors into account Is transparent and inclusive Is dynamic, iterative and responsive to change Facilitates continual improvement of the organization
These principles will also be applied to the management of risk and opportunity with respect to the business objectives of the organization.
4.2 Risk appetite
The EMS is designed to address the major environmental risks that are identified to [Organization Name]. In identifying, assessing and managing these risks there are a number of options open to the organization according to its appetite for risk.
In general terms the organization’s appetite for risk may be said to be Low / Moderate / High (delete as appropriate).
[Low] The strategy of the organization is to avoid risk where possible and to invest resources in mitigating residual risk through effective measures.
[Moderate] The strategy of the organization is to accept reasonable levels of risk whilst making some effort to ensure measures are in place to handle risks if they occur.
[High] The strategy of the organization is to accept significant levels of risk as an integral part of the business it is in, on the basis that the resulting rewards will be sufficient justification.
This level of risk appetite will be applied to the risk assessments that are carried out as part of the EMS and will determine the actions that need to be taken to mitigate risk to an acceptable degree.
4.3 Internal issues
With regard to the business operations of [Organization Name], there are a number of internal issues that create uncertainty that gives rise to risk and opportunity. These include:
[List any specific risk factors, for example:
The strategic direction of the organization The nature of the organization’s products and services Internal environmental conditions Uncertainties in employee relations Significant organizational changes Location moves Company financial performance Perceptions, values and culture Available capabilities and knowledge Available resourcing levels]
You could choose to group internal issues using a SWOT analysis –Strengths, Weaknesses, Opportunities and Threats]
These general internal factors will be considered in more detail as part of the risk and opportunity assessment process.
4.4 External issues
With regard to the external environment in which [Organization Name] operates, there are a number of external issues that create uncertainty that gives rise to risk and opportunity.
These include:
[List any specific external issues. These are often grouped under the areas defined by the term PESTLE, for example:
Political o Government policy changes o Government instability o Unrest in countries in which the organization operates o Trade restrictions and tariffs Economic o Prevailing economic climate o Interest and inflation rates o Supplier failure o Lack of customer demand o Increasing globalization of supply and/or demand
o Increasing competition Social o Changing demographics o Population growth changes o Social attitudes Technology o Pace of innovation o Supporting technologies and infrastructure o Automation and artificial intelligence Legal o Potential legislative changes o Regulatory changes o Data protection Environmental o Climate change o Fire, flood, earthquake etc o Pollution]
These general external factors will be considered in more detail as part of the risk and opportunity assessment process.
