RedRisks Connect Share Learn Logo

Risk Management Portal

Video on Demand (VoD),  Live Events, Blogs …

What is PESTLE? The 6 External Risks That Every Organisation Must Review

PESTLE are 6 external risks that every Organisation must review if they want to survive. But, what are they?

You may have read my previous article when I refer to “internal” and “external” risks. Just to recap:

  • Internal risks are those that you can predict, plan for and control (within moderation).
  • External risks are those over which you have little or no control and they are not always business specific.

When we are looking at identifying external risks, we can use the “PESTLE” framework, which has it’s roots in strategic business management.

What is PESTLE?

The acronym “PESTLE” stands for:

  • P = Political
  • E = Economic
  • S = Social
  • T = Technological
  • L = Legal
  • E = Environmental

And as can be expected, there are several variations of this acronym, including:

  • PEST = Political, Economic, Sociological, Technological .
  • PESTEL = Political, Economic, Sociological, Technological, Environmental, Legal (yes…just a twist of the letters!).
  • PESTLIED = Political, Economic, Social, Technological, Legal, International, Environmental, Demographic.
  • STEEPLE = Social/Demographic, Technological, Economic, Environmental, Political, Legal, Ethical.
  • SLEPT = Social, Legal, Economic, Political, Technological.
  • STEPE = Social, Technical, Economic, Political, and Ecological.
  • ETPS = Economic, Technical, Political and Social

And so on…..

I think you get the gist of where the acronyms are heading in the sense that “all roads lead to Rome” i.e., we are dealing with external risks that require consideration as part of a risk identification and assessment process.

Let’s look at each of those factors in a little more detail.


How the government might influence the economy or a certain industry.

For example:

  • Government stability.
  • Freedom of speech, corruption, party in control
  • Regulation trends.
  • Tax policy, and trade controls.
  • War
  • Government policy
  • Elections
  • Terrorism
  • Likely changes to the political environment .


Relates to innovations in technology that may impact operations and activities.

For example:

  • Impact of new technologies.
  • Inventions and innovations
  • The internet and how it affects working and business
  • Licensing and patents
  • Research funding and Development.


How the economy performs.

For example:

  • Stage of business cycle.
  • Current and projected economic growth
  • International trends
  • Job growth
  • Inflation and interest rates.
  • Unemployment and labour supply.
  • Levels of disposable income across economy and income distribution.
  • Globalisation
  • Likely changes to the economic environment.


Relates to legal drivers locally, nationally or international.

For example:

  • Home legislation
  • International legislation
  • Employment law
  • New laws
  • Regulatory bodies
  • Environmental regulation
  • Industry-specific regulations
  • Consumer protection


Events that affect the market and community socially.

For example:

  • Population growth and demographics.
  • Health, education and social mobility of the population
  • Consumer attitudes
  • Advertising and media
  • National and regional culture
  • Lifestyle choices and attitudes to these.
  • Levels of health and education
  • Major events


Factors that influence or are determined by the surrounding environment.

For example:

  • Ecology
  • International environmental issues
  • National environmental issues
  • Local environmental issues
  • Environmental regulations
  • Organisational culture
  • Staff morale and attitudes

Why is the “PESTLE” framework useful and a “must” for Organisations?

I guess we all recognise that internal risks are important to review. To a large extent, when it comes to internal risk identification and risk assessment, it’s “business as usual”.

However, it’s equally (and some may argue more) important to take into consideration external risks regardless of it being in the PESTLE format or any of the other acronyms that you might chose from the list above. 

The PESTLE approach and analysis will help an Organisation:

  • Spot business or personal opportunities.
  • Gives potential threat indication.
  • Offer some guidance on direction of change within the sector or market, thereby providing “management of change” focus.
  • Avoid costly mistakes by getting an awareness of what are the external risks that cannot be influenced by the Organisation.
  • Plan for potential risks as part of an emergency response and crisis management plan.

Progressing your review of external risks

The steps can be straight forward and in effect follows the same principles as you would for internal risks.

These include:

  • Brainstorm: Look at the various factors associated with PESTLE. Use the above list and expand or reduce as needed.
  • Identify relevance to your Organisation and nature of operations, scale, location etc.
  • Assess applicable external risks as far as reasonably practicable (ALARP) or relative to the Organisations risk criteria, attitude and risk management framework.
  • Review and communicate your findings, perhaps use a Heat Map.

In Conclusion:

  • Internal risks are reviewed by most Organisations and equal emphasis (if not more) should be placed on reviewing external risks.
  • It’s important to make the review of external risks a “regular” theme and not a “one-off”.
  • External risks should be incorporated within business and operations risks registers.
  • Just like internal risks, external risks should play key role when in the Management of Change process.
  • Potential threats and concerns should be taken into consideration with regard to Emergency Response and Crisis Management Plans.
  • The PESTLE Framework can support review of external risks to ensure nothing has been overlooked. However, it’s not the only method and can be used in conjunction with other business strategy tools (e.g., SWOT analysis).

Similar Posts