The Future of ISO Is Risk Management

The future of ISO 14001 is acknowledgement and accountability for risk management, and by risk all three components of life must be accounted for: social, economic and financial. Whoa — wait. Where is the risk to the environment; isn’t this an environmental standard? Yes, and in the clear new focus of ISO, there is no separation between people and planet. Social is the environment of flora and fauna of all species, including humanoid.

Environmental instability endangers social peace, continuity and harmony and therefore continuous sales and profits. This is a fact of life in the 21st century global economy, and while corporate sustainability was introduced a century ago, it has not taken hold here in the US as it has abroad. The International Standard Organization is made up of a blend of major stakeholders in the economies of many countries, and this blending of values strengthens all organizations that adhere to the tenants of an ISO standard in facing the risks of the future.

Just as air knows no fences, borders, customs agents or differences between people, no longer will companies be able to fence-in the risks just around local operations and ignore, for example, the impacts to the environment from the trucks that bring and take away goods and products. Accountability is coming, and we in the US will be required to be accountable for risks now poorly accounted for by many certified organizations.

Standardized processes and vigorous monitoring reduce risk and expense of unintended consequences; this is the strength of ISO. I expect the new requirements will strengthen existing programs and be a challenge for new and small organizations. Standardized processes require planning and the standard’s new focus on planning will be an adjustment to many who live day-to-day in their factories bouncing from crisis to crisis at the end of a value chain of suppliers, manufacturing processes and transport, storage and disposal facilities.

Many environmental programs are still bolt-on, compliance management programs. They are not true environmental management systems, and they are not truly integrated with the C-suite of the parent company. To the question, “We have a compliance program, why do we need ISO?” I can only answer because compliance is the floor of the management system, not the ceiling, and marketing’s future trend is sustainability.

Millions are being spent across the world to develop and bring new technologies to market, and the risk of ignoring these advancements for a return on investment quota are substantial to the environment. New opportunities to improve environmental performance mitigate environmental risks. Even new applications of old technology, like using batteries to offset high peak energy usage charges and/or shut down risk during brown-outs and black-outs are all too infrequently applied to industry or quick to reach manufacturers. Despite the demonstrated value of solar roof panels, few industrial facilities use them to offset energy needs.

The new standard will not allow strictly compliance programs any more than it accepts safety programs alone as EMS even though if people are safe so should be the environment. It now speaks directly of lifecycle perspectives and the requirements of interested parties.

Often, like an unwanted child, environmental management systems are embedded in, not subsumed by, larger authority groups like safety programs, human resource offices or even the quality system, not appearing even as separate costs for budgeting resources in the upper level of accounting systems. The day-to-day expenses of clean up and routine disposal instead are often merged with other costs not related to production, and there we see where the breakdown occurs; for if you cannot monitor it, you cannot measure it, control it or improve it. So it is with carbon emissions. Accountability is the future of environmental management systems and management reviews should require it.

There is often a considerable gap between corporate sustainability reports and the actions described by EMS documentation. Rarely, if ever, have I seen a schematic of the environmental management system that is truly a reflection of the entire process. Typically the evidence supplied is instead a schematic of how the EMS fits into the organization and not an organizational diagram of the process used to mitigate environment risks from purchasing and emptying the trash all the way to the CSR. Even CSRs that are backed up with environmental data at facilities are rare.

The new revision of the standard uses the phrase, “take into account” as a tool of monitoring and which creates the need to improve the way we think about the organization of the environmental management system and its connections with interested parties, shareholders and stakeholders. Audit trails must be improved to satisfy the demands for documented information.

The new environmental standard places strong emphasis on accountability with the phrase, “take into account” appearing in the context of value chain control of operations from a lifecycle perspective, requirements of interested parties, significant environmental aspects and compliance obligations.

Clearly, risk management includes the environment because a lifecycle perspective has to include all the emissions that go into the air and we breathe and not just the emissions EPA currently monitors. Does this mean that an ISO Certified organization that manufactures products known to kill important insects, though not by intent, must now consider the risk to these small flying creatures? Yes. What does that mean for their product, intended for improving agriculture but now needing to be held accountable for the death of colonies of pollinators? What does that mean for their corporate image and profitability? How are those costs measured when there is no penalty for killing pollinators? And finally, how does the organization form systems to mitigate and control the risk? Tough questions for tough times, but they have to be answered whether an organization is certified or not.

Finally, too many corporate headquarters demand the plants be certified while they themselves are not. Through purchasing contracts and other policies, the plants often have little or no control over the inputs or the outputs of their operations. To mitigate certification risk, this divorce must be reconciled.

Lynn Jean McSparrin is former Registration Accreditation Board Certified LEAD environmental management system auditor. She is owner and principal of Best Impressions Environmental Management Services and writes on the International Standards Organization and its application in North America.