Unlike the old standard, the new ISO 14001 standard expects you to “determine the risk associated with threats and opportunities”. So what does this mean and what does the new standard expect you to do? It expects you to start by developing a risk planning process and then to use this process to figure out how to address your context, to handle your interested parties, to meet your compliance obligations, to deal with your environmental aspects and impacts, and to manage your threats and opportunities.

And once you've done all of this it expects you to define actions to address your environmental aspects, your compliance obligations, and your threats and opportunities. Then, to make sure that all of these actions will be carried out, it asks you to make them an integral part of your EMS processes, and then to implement, control, evaluate, and review the effectiveness of these actions and these processes.

While risk planning is now an integral part of the new ISO 14001standard, it does not actually expect you to implement a formal risk management process nor does it expect you to document your approach to risk planning.