The purpose of this Guidance Note is to provide asset managers, property managers and facilities managers with information about environmental risk control and assurance in relation to real estate.
Managing environmental risk involves establishing a range of control and assurance arrangements that are integrated within a wider governance framework.
This includes nominating roles with accountability for risk, and roles with responsibility for undertaking various risk management activities, and enabling individuals undertaking these responsibilities to develop the required risk management competencies.
Alongside the identification and evaluation of risks, it is important to develop controls to mitigate significant risks. The effectiveness of these controls should be assessed, and the assessment outcomes reviewed regularly, by individuals at the appropriate level of managerial control.
Risk controls enable the effects associated with environmental risks to be mitigated, preventing exposure to potential threats and the loss of potential opportunities. Assuring the effectiveness of risk control enable a company to make robust, informed decisions regarding how best to manage uncertainties about the future.
Having a formal system for managing environmental risks is a requirement of various rating and certification schemes, for example ISO14001.
The table below summarises the key activities associated with environmental risk control and assurance, and highlights where asset managers, property managers and facilities managers are likely to have a responsibility or specific interest.
Step 1: Allocate environmental risk responsibilities
Step 2: Define competence and provide training
Step 3: Develop risk controls
Step 4: Assess the effectiveness of risk controls
Step 5: Provide governance over environmental risk
Usually, the environmental risk framework adopted for a property or portfolio will be specified by an asset manager, in alignment to a wider corporate risk framework. The process of environmental risk control and assurance is often co-ordinated by a property manager, with input from a facilities manager where required.
Environmental risk control and assurance generally considers the following steps:
It is important that a senior individual is nominated to be accountable for environmental risk across a company. It is likely that environmental risks are combined with wider accountabilities for non-environmental risk.
The responsibilities for various risk management tasks should be allocated to individuals at the company, portfolio and property levels. These may include, for example:
As accountabilities for managing environmental risk vary across a range of roles and seniority, it is important that appropriate training is provided to enable individuals undertaking these roles to undertake their responsibilities competently.
Senior leaders with overall accountability for environmental and non-environmental risk should have a robust understanding of the way in which environmental risks may affect the company strategy and how to interpret the outcomes from the assessment of risk controls.
This competency can be developed through a combination of formal briefings from qualified risk professionals, for example, and through the provision of concise briefing material.
Risk assessment specialists should have in depth knowledge of risk assessment and auditing.
Individuals undertaking local aspects and impacts assessment should be familiar with the process and associated documentation.
The competencies for risk assessment specialists and practitioners can be developed by undertaking accredited training courses and attaining qualifications, for example, and through in-house classroom style courses or e-learning.
Risk controls are often developed at managerial and operational levels.
Operational controls are usually prepared:
The assessment of the effectiveness of risk controls can be undertaken in various ways. For example, audit programmes are:
Environmental occurrence trends are also used to help assess the effectiveness of environmental controls. Environmental occurrences indicate where an environmental control has not been effective in controlling risk. Through investigations into the root-cause of the occurrence, remedial action can be undertaken to improve the control, or its deployment.
It is important that the management of environmental risk is undertaken within an appropriate governance framework.
The governance of environmental risk most often includes a series of meetings throughout an organisational hierarchy to review identified risks, their significance and the associated controls. It is important to that the effectiveness of environmental risk control is also reviewed within these frameworks, including:
By considering both environmental and non-environmental risks, risk governance frameworks usually aggregate the assurance of risk for the local property level through to portfolio and company levels.
Likewise, risks identified at the corporate level may be cascaded to the most local level of managerial control.
Related Guidance Notes (as text links)
The following Guidance Notes contain related information: