Leveraging EHS Expertise for Non-financial Risk Management

Charles Redinger

Organizational risk management has evolved from a singular focus on financial risk, to a broader perspective that includes enterprise-wide and non-financial risks.  Approaches such as enterprise risk management, strategic risk management, value risk management, etc. are morphing into an area called non-financial risk management (NFRM).  A paradox in this arena is that even though risk management is important, it is fragmented, siloed and poorly integrated in companies.  NFRM frameworks are weak or non-existent.

A solution to this paradox can be found right down hall in the EHS/S (environmental, health, safety and sustainability) department. But the decades of risk management experience that the EHS/S function has, often goes unnoticed because of the historic focus on regulatory compliance.

In many organizations, the EHS/S function is more mature than the broader NFRM function.  The challenges that EHS/S has had to address closely parallel the NFRM challenges, such as: comprehensive risk assessment; increasing employee engagement; breaking down silos;  developing reliable frameworks; and developing meaningful metrics.

The EHS/S function and its professionals have well-developed structures and skills that can be used to address the accelerate development of the risk management function.  This could be bad news for some readers who are worried about more work.  On the other hand, it can be viewed as an opportunity to make a significant contribution in your organization.

Consider these EHS/S structures, practices and skills:

  • EHS/S departments engage with every operational function in the organization;
  • They have expertise in understanding regulatory compliance and “beyond compliance” approaches;
  • They have unique sets of data that quantifies and measures a wide range of operations
  • They have experience breaking down organizational silos and strength in generating engagement from the C-Suite downto the plant floor;
  • They have the ability to analyze data used to predict outcomes;
  • They have the skills to design and employ new systems within the various operations of the organization;
  • With a robust EHS/S management system, they have a platform to build a strong ISO 31000-based risk management framework;
  • EHS/S auditing functions are mature and can support evolving risk management performance measurement activities.

Possibly the most valuable of the above is the ability to quickly develop a strong risk management framework (or you could say, a Risk Management System) using the existing integrated EHS/S management system. The blending of ISO 31000 into a mature ISO 14001/OHSAS 18001 EHS/S MS, provides the strong risk management framework that can unify a fragmented risk management function.

Strictly speaking, ISO 31000 is not a management system.  The intent of this standard is to augment existing management structures to achieve risk management goals. Not only can an ISO 14001/OHSAS 18001 management system provide a strong risk management foundation, when augmented with ISO 31000, the converse is also true.  A 14001/18001 integrated system can be turbo-charged by folding in key elements of 31000, such as 31000 pieces on “establishing the context” (Sec. 5.3) and with EHS/S integration in an organization (Sec. 4.3.4).  Finally, 31000 provides the lens through which a wide range of “risks” can be identified and controlled (Sec. 5.4 and 5.5), such as those associated with social responsibility, sustainability, and supply-chain issues.

When it comes to developing a framework for addressing non-financial risks, what has been your company’s approach? What other lessons do you think we could learn from the evolution of the EHS/S function?


About Charles Redinger

Dr. Charles Redinger is a principal with Redinger EHS in Harvard, Mass. He has been at the forefront of environmental health & safety (EHS) management system and performance measurement research and methods development since the early 1990s. He has been a member of the US TAG to ISO 31000 on Risk Management and an active leader in American Industrial Hygiene Association. He is a Director at the Center for Safety and Health Sustainability and is a Certified Industrial Hygienist.

View all post by Charles Redinger »

  1. Stephen Evanoff

    October 10, 2011


    Thanks for a thorough assessment of NFRM and for reminding us that EHS practitioners have developed skills that can be a valuable asset to the larger enterprise when conducting a risk assessment.

    In response of your second question, successful EHS managers have developed (at least) two other valuable skills that can serve them and their organizations well: (1) the ability to establish and lead cross-functional teams, and (2) understanding and satisfying customer and outside stakeholder expectations and requirements.

  2. Alex Dali

    October 13, 2011

    For those well-involved in risk management, you might wish to join the official discussion group on the content of the ISO 31000 Risk Management Standard

    Here is the link :

    In this discussion forum, you will better understand why Charles Redinger believes that “with a robust EHS/S management system, they (organisations) have a platform to build a strong ISO 31000-based risk management framework”

    Alex Dali
    Moderator of the ISO 31000 Risk Management Standard group

Leave your comment