Skip to content
All posts

ISO 14001:2026 Clause 6.1.4

ISO 14001:2026 for Auditors > Clause 6.1.4

Explained: Risks and Opportunities

Clause 6.1.4 of ISO 14001 asks an organisation to determine the risks and opportunities that need to be addressed within its Environmental Management System. In plain English, this means identifying what could help or hinder the EMS achieving its intended outcomes, then planning sensible action.

What is ISO 14001 Clause 6.1.4 trying to achieve?

Clause 6.1.4 helps the organisation think ahead.

It asks the organisation to identify risks and opportunities that may affect the EMS, environmental performance, compliance obligations and environmental objectives.

The aim is not to create a complicated risk register for the sake of it. The aim is to make better decisions before problems occur or opportunities are missed.

The organisation should determine which risks and opportunities need to be addressed so that the EMS can:

  • achieve its intended outcomes;
  • prevent or reduce unwanted effects;
  • respond to relevant environmental conditions;
  • support continual improvement;
  • enhance environmental performance.

What are risks and opportunities in ISO 14001?

In ISO 14001, risks and opportunities are not limited to financial or business risks. They are matters that could affect the EMS and its intended outcomes.

Risks

Risks are potential negative effects or uncertainties that could harm environmental performance, compliance, EMS effectiveness or organisational objectives.

Examples include:

  • failure to comply with environmental legislation;
  • chemical spills or pollution incidents;
  • poor contractor control;
  • unreliable waste management arrangements;
  • lack of staff competence;
  • climate-related disruption, such as flooding or heat;
  • failure to monitor significant environmental controls;
  • outdated environmental procedures;
  • loss of customer confidence due to poor environmental performance.

Opportunities

Opportunities are potential positive effects that could improve environmental performance, strengthen the EMS, reduce risk or create wider benefit.

Examples include:

  • reducing energy use;
  • improving waste segregation;
  • switching to lower-impact materials;
  • improving supplier environmental performance;
  • reducing water consumption;
  • using cleaner technology;
  • improving emergency preparedness;
  • strengthening compliance evaluation;
  • improving environmental data and reporting;
  • enhancing reputation with customers or stakeholders.

Why risks and opportunities matter in an EMS

A good EMS should be proactive. It should help the organisation anticipate environmental issues and improve performance, rather than only reacting after something goes wrong.

Risks and opportunities can affect:

  • environmental objectives;
  • operational controls;
  • emergency preparedness;
  • compliance obligations;
  • monitoring and measurement;
  • supplier and contractor management;
  • training and awareness;
  • management review;
  • continual improvement.

When risk and opportunity thinking is done well, the EMS becomes a practical decision-making tool instead of a static paperwork system.

Where do EMS risks and opportunities come from?

Risks and opportunities should not appear from nowhere. They should be linked to the organisation’s real EMS context.

They may arise from:

  • internal and external issues identified in Clause 4.1;
  • interested party needs and expectations identified in Clause 4.2;
  • the defined EMS scope in Clause 4.3;
  • environmental aspects and impacts in Clause 6.1.2;
  • compliance obligations in Clause 6.1.3;
  • environmental conditions affecting the organisation;
  • environmental conditions the organisation can affect;
  • previous incidents, complaints or audit findings;
  • changes to processes, people, suppliers, materials or sites;
  • monitoring and measurement results;
  • management review outputs.

Environmental conditions and risks and opportunities

Environmental conditions can create both risks and opportunities for the EMS.

Examples of environmental conditions include:

  • climate and weather patterns;
  • flood risk;
  • water availability;
  • air quality;
  • local land or water sensitivity;
  • biodiversity and ecosystem health;
  • resource availability;
  • local pollution levels;
  • noise, dust, odour or nuisance sensitivity.

Simple example

A site located near a watercourse may face a higher environmental risk from chemical storage, drainage failures or spill incidents. The opportunity may be to improve containment, drainage protection, inspections and emergency preparedness.

This helps connect risk and opportunity thinking to real environmental conditions, rather than treating it as a generic business-planning exercise.

Risks and opportunities are not always the same as aspects

Environmental aspects, impacts, risks and opportunities are closely connected, but they are not identical.

An aspect is the way an activity, product or service interacts with the environment.

An impact is the environmental change that results, or could result.

A risk is uncertainty or a potential negative effect that could affect the EMS or its outcomes.

An opportunity is a potential positive effect or improvement that could be pursued.

Example

Activity: vehicle deliveries. Aspect: fuel use and emissions. Impact: greenhouse gas emissions and air pollution. Risk: fuel cost increases, customer carbon-reporting pressure, or failure to reduce emissions. Opportunity: route optimisation, driver awareness, electric vehicles or improved logistics planning.

Risks and opportunities linked to compliance obligations

Compliance obligations are a major source of EMS risk and opportunity.

Risks may include:

  • missing a legal requirement;
  • failing to meet permit conditions;
  • incomplete waste documentation;
  • poor contractor controls;
  • lack of evidence during regulator inspection;
  • incorrect environmental reporting;
  • failure to update procedures after legal changes.

Opportunities may include:

  • improving compliance evaluation;
  • using clearer legal registers;
  • training process owners on relevant obligations;
  • strengthening permit monitoring;
  • reducing repeat compliance issues;
  • using audit findings to improve legal control.

Auditors should check whether compliance-related risks and opportunities are recognised and acted upon.

Risk-based thinking without overcomplication

ISO 14001 does not require a complex enterprise risk management system for every EMS issue. The organisation decides which risks and opportunities need to be addressed, taking account of its capacity, capability, context and the significance of the potential effects.

The approach should be proportionate. A small office-based organisation may use a simple risk and opportunity register. A complex manufacturing site may need a more detailed method involving scoring, legal review, operational risk assessment and management review.

The important thing is that the organisation can explain:

  • how risks and opportunities are identified;
  • how it decides which need action;
  • how actions are planned;
  • how actions are integrated into the EMS;
  • how effectiveness is evaluated.

Practical implementation guidance

Organisations may manage EMS risks and opportunities using:

  • an EMS risk and opportunity register;
  • an environmental risk assessment;
  • integration with the aspect and impact register;
  • compliance obligation reviews;
  • management review discussions;
  • project or change-management reviews;
  • business risk registers;
  • audit and incident trend analysis;
  • objectives and improvement plans.

A useful risk and opportunity record may include:

  • source of the risk or opportunity;
  • description of the issue;
  • affected EMS outcome;
  • related aspect, obligation or process;
  • potential consequence or benefit;
  • existing controls;
  • planned action;
  • owner;
  • timescale;
  • method for evaluating effectiveness.

The method should help people make decisions, not just fill in cells.

What auditors typically look for

Auditors look for evidence that risks and opportunities have been determined and are being addressed through the EMS.

Evidence may include:

  • EMS risk and opportunity register;
  • aspect and impact register;
  • compliance obligations register;
  • environmental risk assessments;
  • objectives and action plans;
  • change-planning records;
  • management review minutes;
  • audit findings and corrective actions;
  • incident and complaint records;
  • monitoring results and trend analysis;
  • supplier or contractor reviews;
  • interviews with process owners and top management.

Auditor tip

Ask the organisation to show one EMS risk and one EMS opportunity. Then follow the trail: why was it identified, what action was planned, who owns it, what changed, and how was effectiveness evaluated?

Common weaknesses in Clause 6.1.4

  • risk register is generic and not linked to environmental aspects;
  • opportunities are ignored or treated as an afterthought;
  • risks and opportunities are not linked to compliance obligations;
  • environmental conditions are not considered;
  • risks are identified but no actions are planned;
  • actions are planned but not evaluated for effectiveness;
  • risk ratings are used without clear logic;
  • risk register is not updated after incidents, changes or audit findings;
  • top management is unaware of key EMS risks;
  • risks and opportunities are disconnected from objectives and management review.

Weak example

“Environmental risks include pollution, waste and legislation. Opportunities include recycling and saving energy.”

This is weak because it is too vague. It does not explain the source of the risk or opportunity, why it matters, what action is needed, who owns it, or how the EMS will evaluate the result.

Better example

“The organisation has identified spill risk from chemical storage near surface-water drains. Existing controls include bunding, weekly inspections and spill kits. Planned actions include refresher training, contractor briefing and drain-protection review. Effectiveness will be evaluated through inspection results, audit findings and incident trends.”

This is stronger because it links risk, controls, action, ownership and evaluation.

Real-world example: distribution company

A distribution company identifies fuel use and vehicle emissions as significant EMS issues.

Risks include:

  • rising fuel costs;
  • customer pressure for carbon reporting;
  • inefficient routes increasing emissions;
  • poor vehicle maintenance affecting fuel efficiency;
  • failure to meet internal environmental objectives.

Opportunities include:

  • route optimisation;
  • driver awareness training;
  • vehicle maintenance improvements;
  • transition to lower-emission vehicles;
  • improved data for customer reporting.

An auditor could test whether these risks and opportunities are linked to objectives, monitoring, operational controls and management review.

Real-world example: manufacturing site

A manufacturing site identifies chemical storage, solvent emissions, waste handling and energy use as important EMS areas.

Risks may include:

  • spill incidents from poor storage;
  • exceeding permitted emission limits;
  • waste contractor failure;
  • poor segregation increasing disposal costs;
  • equipment failure causing abnormal emissions;
  • loss of competence after staff turnover.

Opportunities may include:

  • substituting lower-impact materials;
  • improving storage layout;
  • strengthening contractor approval;
  • reducing energy use through process optimisation;
  • using audit findings to improve operational controls.

This shows how risks and opportunities should be tied to real operations, not kept as a separate desk exercise.

Auditor questions for ISO 14001 Clause 6.1.4

  • How does the organisation determine EMS risks and opportunities?
  • Which risks and opportunities need to be addressed?
  • How are risks and opportunities linked to environmental aspects?
  • How are risks and opportunities linked to compliance obligations?
  • How are environmental conditions considered?
  • How are interested party expectations considered?
  • How does the organisation decide which risks need action?
  • How does the organisation identify opportunities for improved environmental performance?
  • Who owns actions for risks and opportunities?
  • How are actions integrated into EMS processes?
  • How is effectiveness evaluated?
  • How are risks and opportunities reviewed after changes, incidents or audit findings?

Related ISO 14001 clauses

  • Clause 4.1 — Understanding the organisation and its context
  • Clause 4.2 — Understanding interested parties
  • Clause 5.2 — Environmental policy
  • Clause 6.1.2 — Environmental aspects
  • Clause 6.1.3 — Compliance obligations
  • Clause 6.1.5 — Planning action
  • Clause 6.2 — Environmental objectives and planning
  • Clause 6.3 — Planning of changes
  • Clause 8.1 — Operational planning and control
  • Clause 9.1 — Monitoring, measurement, analysis and evaluation
  • Clause 9.3 — Management review
  • Clause 10 — Improvement

Continue learning

This page is part of SQMC’s ISO 14001:2026 guidance library for auditors, managers and QHSE professionals.

Ready to put ISO 14001 into practice?


SQMC’s ISO 14001 Internal Auditor course helps you move from understanding the Standard to auditing it with confidence. Over two practical days, you’ll learn how to plan EMS audits, gather evidence, ask better questions, write nonconformities and report findings clearly.

Learn from anywhere in our Virtual Classroom, attend one of our training centres, or arrange private in-company training for your team.

Find out more and get qualified!