The Board determines the nature and extent of the significant risks that the Group will accept to achieve its strategic objectives, and maintains sound risk management systems.
The Board receives detailed analysis of key matters for consideration in advance of Board meetings. This includes reports on the Group’s operating performance, including safety and health, financial, environmental, legal and social matters, key developments in the Group’s exploration, project and business development activities, information on the commodity markets, updates on talent management and analysis of financial investments.
The provision of this information allows the early identification of potential issues and the assessment of any necessary preventive and mitigating actions.
The Audit and Risk Committee assists the Board by reviewing the effectiveness of the risk management process and monitoring key risks, preventive and mitigation procedures and action plans. The Chairman of the Committee reports to the Board following each Committee meeting and, if necessary, the Board discusses the matters raised in more detail.
These processes allow the Board to monitor effectively the Group’s major risks and the preventive and mitigating procedures, and to assess whether the actual exposure is consistent with the defined risk appetite. If a gap is identified, additional action plans are prepared and analysed. Risk management reports are sent to the Board quarterly.
The Risk and Compliance Management Department is responsible for risk management systems across the Group. It promotes the risk management policy, vision and purpose, ensuring a strong risk management culture exists at all levels of the organisation. The department supports business areas in analysing their risks, identifying existing preventive and mitigating controls, and defining further action plans. It maintains and regularly updates the Group’s risk register.
The department reports quarterly to the Audit and Risk Committee on the overall risk management process, with detailed updates of key risks, mitigation activities and actions being taken.
The General Managers of each of the operations have overall responsibility for leading and supporting risk management.
Risk owners within each operation have direct responsibility for the risk management processes and for the continuous updating of individual business risk registers, including relevant mitigation activities. The owners of the risks and controls at each business unit are identified, providing effective and direct management of risk. Each operation holds its own annual risk workshop in which the business unit’s risks and mitigation activities are reviewed in detail and updated as necessary. Workshops are also used to assess key risks that may affect relationships with stakeholders, limit resources, interrupt operations and/or negatively affect potential future growth.
Mitigation techniques for significant strategic and business unit risks are annually reviewed by the Risk and Compliance Management Department.
The Group promotes a consistent risk management process across the different business units, ensuring risk is considered at all levels of the organisation. Adequate risk information flows from the business units to the centre and from the Board back to the business units.