If you’ve ever looked at your business operations and wondered what could actually go wrong from an environmental standpoint – you’ve already started thinking like an environmental risk assessor.
Environmental risk assessments (ERAs) are one of the most fundamental tools in a compliance toolkit. They’re not just paperwork for regulators. Done well, an ERA helps you understand where your environmental vulnerabilities actually sit, before something goes wrong and the choice of how to respond is taken out of your hands.
This article explains what an environmental risk assessment is, what it covers, why it matters for businesses of all sizes, and how to think about whether your current approach is fit for purpose.
What Is an Environmental Risk Assessment?
An environmental risk assessment is a structured process for identifying activities, materials, or conditions within your business that could cause harm to the environment – and evaluating how likely those harms are to occur and how significant they could be.
At its core, an ERA asks three questions:
- What could go wrong? (hazard identification)
- How likely is it? (likelihood or probability)
- How bad could it be? (consequence or severity)
The combination of likelihood and consequence gives you a risk rating – typically expressed as low, medium, high, or critical. That rating then drives what you do next: whether you accept the risk, manage it more actively, or take immediate action to reduce it.
Unlike a general business risk assessment, an ERA focuses specifically on environmental pathways – how something could reach and damage the natural environment, whether that’s soil, water, air, biodiversity, or the communities that depend on them.
“An ERA helps you understand where your environmental vulnerabilities actually sit – before something goes wrong and the choice of how to respond is taken out of your hands“.
What Does an Environmental Risk Assessment Cover?
The scope of an ERA varies depending on your industry, the size of your operations, and the regulatory environment you operate in. But broadly, most environmental risk assessments examine:
Operational activities: What does your business actually do day-to-day, and where does that create environmental exposure? Manufacturing, transport, storage, maintenance activities, cleaning, and construction all carry different risk profiles.
Hazardous materials and substances: What chemicals, fuels, solvents, or other substances are present on site? How are they stored, handled, and disposed of? What happens if there’s a spill, a leak, or a fire?
Waste streams: What types of waste does your business generate? How is it classified, stored, and managed? Are there risks of contamination, improper disposal, or exceeding permitted volumes?
Site-specific sensitivities: Is your facility near a waterway, a wetland, a drinking water source, or a residential area? Proximity to sensitive receiving environments dramatically affects the consequence rating of any given risk.
Legal and compliance obligations: What permits, consents, or regulatory requirements apply to your operations? Non-compliance with these can itself constitute an environmental risk — one with financial and reputational consequences.
Historical use and legacy issues: Has the land been used for industrial purposes before? Are there contaminated soils, asbestos, or residual infrastructure that could become a liability?
Not every ERA will cover all of these in equal depth. A small retail business has a very different risk profile from a fuel distribution company or a construction firm. The goal is to identify the risks that are material to your operations, not to produce a comprehensive academic study.
Why Does Your Business Need One?
1. Compliance isn’t optional – and ignorance isn’t a defence
In most jurisdictions, businesses that cause environmental harm can be held liable even if the harm was unintentional. Regulators are generally more sympathetic to businesses that can demonstrate they proactively assessed and managed their environmental risks. A documented ERA is evidence of due diligence.
If you’re operating under resource consents, environmental permits, or industry-specific licences, you may already have a legal obligation to conduct and maintain an ERA. But even where it isn’t explicitly required, it’s increasingly considered standard practice – and in some sectors, a prerequisite for tendering or maintaining insurance coverage.
2. It helps you find problems before they find you
The value of an ERA isn’t just compliance – it’s early warning. Most environmental incidents don’t come out of nowhere. They come from conditions or practices that have been developing quietly: a bund that wasn’t maintained, a chemical stored near a stormwater drain, a process change that introduced a new waste stream without anyone formally reviewing the implications.
A well-conducted ERA forces you to look at your operations systematically, often surfacing issues that are obvious in hindsight but were invisible in the day-to-day. Identifying a high-risk storage configuration before a spill occurs is infinitely less expensive than managing the cleanup, regulatory response, and reputational fallout afterward.
“Most environmental incidents don’t come out of nowhere. They come from conditions or practices that have been developing quietly.”
3. It prioritises your effort and resources
One of the most practical benefits of an ERA is that it tells you where to focus. Most businesses – particularly small and medium-sized ones – don’t have unlimited time or budget for environmental management. A risk assessment helps you separate the issues that genuinely need attention from those that are low-risk and can be managed with minimal oversight.
Without this structure, environmental management tends to become reactive: you deal with whatever’s most visible or most complained about, rather than what’s most significant. An ERA gives you a rational basis for deciding where to invest.
4. It supports your broader environmental management system
An ERA doesn’t sit in isolation. It feeds into your environmental policy, your operational controls, your staff training priorities, your incident response planning, and your monitoring programme. Think of it as the foundation document – the thing that tells you what risks exist so that every other part of your management system can be designed around controlling them.
If you’ve already developed an environmental policy or an incident response plan, revisiting your ERA will help you check that those documents are actually targeting the right risks. (And if you haven’t developed those documents yet, starting with an ERA is a logical first step.)
5. Stakeholders increasingly expect it
Regulatory bodies, insurers, lenders, and commercial partners are all paying closer attention to environmental risk management than they were a decade ago. ESG (environmental, social, and governance) expectations have moved from the domain of large listed companies into mainstream business practice. Demonstrating that you understand and actively manage your environmental risks is increasingly a factor in business relationships – not just a regulatory obligation.
How Often Should an ERA Be Reviewed?
An ERA is not a one-off exercise. Environmental risks change as your business evolves – new equipment, new products, new sites, changes to regulations, changes to the surrounding environment. A static ERA that was completed five years ago and filed away provides much weaker protection than a living document that’s regularly reviewed and updated.
As a general principle, you should review your ERA:
- Annually, as a minimum scheduled review
- After any significant operational change – new processes, new chemicals, changes to site layout or waste management arrangements
- Following any environmental incident or near-miss, to understand whether your existing risk controls failed or weren’t in place
- When regulatory requirements change in ways that affect your risk profile or obligations
The depth of each review will vary. An annual check might be a relatively brief desktop exercise confirming that existing risk ratings still hold. A post-incident review will likely be more thorough.
“A static ERA filed away five years ago provides much weaker protection than a living document that’s regularly reviewed and updated.”
Common Mistakes Businesses Make
Understanding what an ERA is also means understanding where they tend to go wrong.
Treating it as a compliance tick-box. An ERA produced purely to satisfy a regulator or auditor – without genuine engagement with the content – provides very little real-world protection. The goal is to actually understand your risks, not to produce a document that looks like you do.
Scoping it too narrowly. It’s easy to focus on the obvious risks and overlook the less visible ones: gradual contamination from poor drainage, cumulative impacts of low-level chemical use, or third-party risks from contractors working on your site.
Not translating it into action. An ERA that identifies high and critical risks but doesn’t lead to documented control measures and follow-through is an incomplete exercise. The risk assessment is the beginning of a management process, not the end of it.
“An ERA produced purely to satisfy a regulator – without genuine engagement with the content – provides very little real-world protection.”
Letting it go stale. A risk assessment that no longer reflects current operations is worse than useless – it creates a false sense of security and may actively mislead anyone relying on it.
Underestimating consequence ratings near sensitive environments. The likelihood of a spill event might be low, but if your site sits adjacent to a waterway, the consequence of that spill could be critical. Context matters enormously in risk rating.
Where to From Here?
An environmental risk assessment doesn’t have to be complicated to be effective, particularly for small and medium-sized businesses operating relatively straightforward activities. What it does need to be is honest, systematic, and genuinely connected to how your business actually operates.
If you don’t currently have a formal ERA in place – or if the one you have hasn’t been reviewed in years – it’s worth making it a priority. It’s one of the highest-leverage things you can do for your environmental compliance position.
ORDUM’s Environmental Risk Assessment Template is included in the Environmental Compliance Starter Kit – along with the other core documents you need to build a functional compliance foundation. The template walks you through the full process step by step, with a structured risk register, pre-populated risk categories, likelihood and consequence rating guides, and control measure prompts. It’s designed to be practical and accessible for businesses without dedicated environmental staff.
Explore the Environmental Compliance Starter Kit →
Not sure where your environmental compliance stands overall? Download the free Environmental Compliance Starter Guide to get your bearings, or work through the Self-Assessment Checklist to identify your priority gaps.
Related Resources
How to Measure Your Environmental Performance
Environmental Performance Metrics Tracker
Environmental Permits and Consents: A Practical Guide for Business Owners
Leave a Reply