The current suite of Industry Standards all include discussion of planning for improvement – whether in the realm of Quality, WHS, Environmental Management, Business Continuity or Information Security Management.
To paraphrase ISO 9001, ISO 14001, AS/NZS 4801, ISO 27001 and ISO 22301, the organisation shall identify their risks / hazards / aspects / impacts, including their legal and other requirements, and then determine their objectives and targets for what they are seeking to achieve. After this the organisation is to formulate management plans for achieving these objectives and targets, inclusive of the consideration of the risks/ hazards / aspects / impacts and legal requirements – these could be in the form of annual or operational plans.
The management system standards require organisations to examine, as part of this planning activity, their internal and external context to determine what needs to be addressed to manage the organisation’s risk exposures. This may reflect the ‘legal and other requirements’ or their operating environment.
Historically, this has resulted in a greater focus on the ‘negative’ risk exposures prompting lagging targets, and minimal focus on the positive opportunities or activities required to effectively manage the risk.
In considering the guidance from ISO 31000 – Risk Management, there is clearly a view that risk is more about considering the positive and the negative – it can be positive, negative or both, and can address, create or result in opportunities and threats.
In all the new and revised ISO Standard management system requirements, risk is clearly defined as the “effects of uncertainty” expressed as opportunities and threats. ISO 14001:2015 details this as the “potential adverse effects (threats) and potential beneficial effects (opportunities).”
While ISO 45001:2018 Occupational health and safety management systems – Requirements with guidance for use remains with the Technical Committee of Standards Australia for review (therefore not yet adopted in Australia), it is worth noting that it deals with risks and opportunities instead of focusing solely on risk.
The underlying key to this planning process is context, either the legislative context or the risk management context, as these set the foundations for the planning context. It is vital that any planning is undertaken in consultation with key stakeholders in an organisation. All too often, planning for WHS or Quality, Environment is seen to be the sole responsibility of a Manager responsible for the ‘specialist’ area (WHS, Quality, Environment, etc). However, planning, together with the associated development of objectives and targets, KPIs and management plans, needs to be undertaken with a range of stakeholders within an organisation to ensure consideration of all risks and opportunities across the organisation.
Please contact QRMC for more information.