GN1.1: Collating and evaluating environmental risks

Guidance Note purpose 

The purpose of this Guidance Note is to provide asset managers, property managers and facilities managers with information about collating and evaluating environmental risks in relation to real estate. 


Environmental risks relate to the potential effects that may result from environmental related activities or events. These effects can be: 

  • Negative, relating to potential adverse outcomes (threats). 
  • Positive, relating to potential beneficial outcomes (opportunities). 

There are a number of common methods for identifying environmental risks. The International Organisation for Standardisation (ISO) describes three sources of risk identification within the ISO14001 Environmental Management System Standard: 

  • Compliance obligations. 
  • Aspects and impacts. 
  • Wider context. 

Risks can be rated by reference to the potential significance of an event’s consequence alongside the likelihood of the event taking place. 

Those risks that are rated as having a potential ‘significant’ effect on a company should be collated in a risk register and subject to controls that aim to mitigate the effect to a level which is acceptable. 

Environmental risk registers should be developed at appropriate organisational levels, including the company, portfolio and property. 


Collating and evaluating environmental risks is an important part of property management.   

Understanding environmental risk allows an organisation to prepare to mitigate the potential negative effects and to realise the potential positive effects relating to the environment. This could involve, for example: 

  • Preparing to comply with emerging legislation. 
  • Planning to minimise costs associated with resource use. 

The process of risk identification and collation enables asset, property and facilities managers to consider environmental risks consistently and efficiently.  Risk evaluation contributes towards this by helping to direct focus on the risks that are likely to matter most. 

Having a formal system for managing environmental risks is a requirement of various rating and certification schemes, for example ISO14001. 

Responsibilities & Interests

The table below summarises the key activities associated with collating and evaluating environmental risks, and highlights where asset managers, property managers and facilities managers are likely to have a responsibility or specific interest. 

  • AM - Asset Manager
  • PM - Property Manager
  • FM - Facilities Manager

Step 1: Develop a method to rate environmental risks  


Step 2: Identify and evaluate environmental risks 


Step 3: Collate environmental risks 


Show less

How to



Usually, the environmental risk framework adopted for a property or portfolio will be specified by an asset manager, in alignment to a wider corporate risk framework.  The process of collating and evaluating environmental risks is often co-ordinated by a property manager, with input from a facilities manager where required. 

Collating and evaluating environmental risks generally considers the following steps: 

Step 1: Develop a method to rate environmental risks


It is important that a method to rate environmental risks is adopted and applied consistently within a property and, where relevant, throughout a property portfolio. 

A standard approach to rating environmental risks involves considering, and applying a quantifiable score to two elements: 

The severity of consequence and likelihood of occurrence and applying a quantifiable score. 

  • Severity: Relates to the severity of consequence – or impact – associated with the environmental event.  This can be rated in terms of legal, financial and reputation impacts. 
  • Likelihood: Relates to the probability of an event taking place.  This can be rated in terms of the level of control that exists over the event taking place. 

Risk rating is typically undertaken using a risk evaluation matrix.  The matrix enables a visual representation of the significance of a risk.  More significant risks being positioned in the upper right-hand side of the matrix. 

Variations in methods for evaluating risks generally involve differences in the approach to scoring or quantifying the rating of a risk. 

  • Often, ratings are generated using a scale of one to five for each metric and multiplying these to create an aggregate score. 
  • Alternatively, a scale of one to three can be used, adding scores as opposed to multiplying scores, to produce an aggregate rating. 

Some companies may have a preferred corporate risk rating method which could be applied to environmental risks.  In other cases, companies may provide flexibility on the use of risk rating method.  Whichever method is chosen, the primary focus should be on the outcome, i.e., categorising risks and the identification of those rated as ‘significant’. 

The choice of method is secondary to the robustness in which the rating is generated.  Often, a group of internal stakeholders is convened to collectively consider the risk rating.  This may include technical and operational experts, for example, and is often facilitated by an environment or risk manager. 

Risk evaluation matrix 

Step 2: Identify and evaluate environmental risks


As part of Environmental Management Standard ISO14001, the International Organisation for Standardisation (ISO) described three primary sources for the identification of risks: 

Compliance registers 

Compliance registers collate legal and regulatory requirements, as well as other obligations to which a company has voluntarily committed.  Compliance registers are usually developed and held at a company or portfolio level. 

Compliance driven risks are usually rated as ‘significant’.   

Aspects and Impacts register 

Aspects and impacts registers consider the environmental interactions and associated effects relating to business activities.  Aspect and impact registers are often developed and held at the property level. 

The rating of aspect and impacts driven risks will vary based on individual circumstances.   

Wider context 

Understanding the wider context of an organisation involves scanning the horizon to consider a range of factors that may present risk to a company, both today and in the future. Horizon scanning activities are usually developed and held at a company or portfolio levels. 

The rating of wider context driven risks will vary based on individual circumstances. 

Environmental risk identification sources 

Step 3: Collate environmental risks


Environmental risks identified through compliance registers, aspects and impacts registers and horizon scanning, and rated as significant, should be collated into a risk register. 

A risk register should be developed at company, portfolio and property levels.  At each respective level, the risk register should include significant risks that may affect, or be affected by, the respective operations, or fall within managerial control at the respective level. 

The risk register should provide a summary description of the risk and well as reference to the control mechanism that has been identified for each risk.  

An environmental risk register should ideally be a single list and should be made available to stakeholders who may affect or be affected by the risks or who may have a role to play in managing these. 

Related Guidance Notes 

The following Guidance Notes contain related information:

Additional Resources