1. MANAGING ENVIRONMENTAL RISK

A senior individual should be nominated to take overall accountability for environmental risk at the corporate level.  In larger companies, accountabilities for environmental risk may be allocated across a number of roles or departments. 

It is important that risk management responsibilities are also allocated through the company, at the property and portfolio levels.  This allocation should reflect the structure of the framework adopted to govern environmental risk. 

• GN1.5: Environmental risk control and assurance

A framework for governing environmental risk should be documented at the corporate level.  This framework should include environmental risk responsibilities, and the structure of meetings where environmental risk is reviewed.  

Environmental risk may be integrated within a wider governance framework and should include the way in which risk related information transfers within a company, and between related asset, property and facilities managers. 

• GN1.5: Environmental risk control and assurance 

An environmental risk register should be established at the level of the organisation at which environmental risks are managed.  Whether this is at the company, portfolio or property level, it is important that the risks included in the register reflect the scope of management control. 

The register should collate environmental risks from various sources, including those relating to compliance obligations, aspects and impacts and the organisation’s wider context.  It may be that the register is a single list, or a group of lists that are made available collectively. 

While it is not always possible for risks to be evaluated using a common assessment method, the register should indicate environmental risks that are rated as ‘significant’, and should reference associated responsibilities and controls.   

• GN1.1: Collating and evaluating environmental risks
• GN1.2: An environmental compliance register
• GN1.3: Environmental aspects and impacts
• GN1.4: Risk associated with the wider context

An environmental compliance register references various types of environmental obligation, including legal and regulatory requirements, industry guidance adopted by each company, voluntary commitments, and the expectations of interested parties of significant importance. 

An environmental compliance register should include a summary of each requirement and the way in which they affect the company. 

Ideally, the register will be held corporately, but will involve interaction at all levels of the organisation to identify and collate all applicable obligations. The relevance of compliance obligations for inclusion in portfolio or property risk registers is determined via an aspect and impact assessment. 

• GN1.2: An environmental compliance register 
• GN1.3: Environmental aspects and impacts

An assessment of environmental aspects and impacts associated with business activities should be undertaken, most likely at the property level. This will enable the identification of risks that should be incorporated in property risk registers and, where necessary, risk registers at the portfolio or company level. 

An aspect and impact assessment reviews the way in which business activities interact with, and impact on, the environment, and evaluates the associated risks.  The assessment considers the relevance of obligations within the compliance register as well as financial and reputation consequences of environmental impacts. 

• GN1.3: Environmental aspects and impacts

The way in which the broader context of a company could influence how it achieves its environmental objectives is an important component of a risk register. 

Most commonly undertaken at a corporate or portfolio level, an environmentally focused ‘PESTLE’ analysis is one option to horizon-scan for future risks relating to Political, Economic, Social, Technological, Legal and Environmental issues. 

Risks associated with the company’s wider context that are rated as ‘significant’ should be made available, along with the compliance register, at the portfolio and property level for consideration within respective risk registers. 

• GN1.4: Risk associated with the wider context

As accountabilities for managing environmental risk vary across a range of roles and seniority levels within a company, training and awareness material that is tailored to the competence requirements of specific roles should be made available. 

Controls should be established for environmental risks rated as ‘significant’ and implemented at the appropriate level of the organisation. 

Controls should reflect the strategic or tactical nature of risks at company, portfolio or property levels. They may include, for example, management initiatives, operational procedures or technology, and should be accompanied by monitoring and maintenance arrangements. 

The process for property acquisition and disposal should include information relating to environmental risks and the associated controls. 

• GN1.5: Environmental risk control and assurance

It is important to evaluate the effectiveness of environmental risk controls regularly. This involves checking whether compliance obligations are being met, determining whether controls are being implemented as planned, and confirming whether controls are having the intended effect. 

The evaluation should be relevant to the nature of risks recorded in company, portfolio or property registers.  At a property level, this evaluation typically involves site audits alongside the preparation of occurrence and non-conformance investigations and collation of performance trends. 

• GN1.5: Environmental risk control and assurance

A regular review of the outcome of environmental risk control evaluation should be undertaken within the governance framework at the company, portfolio and property levels.  The focus should be on actions that will continually improve environmental risk management. 

• GN1.5: Environmental risk control and assurance