A version of this article was published originally in The Mining Chronicle, Vol. 2, No. 6, July 1997, by Dr Stephen Grey, Associate Director. Note that AS/NZS 4360 has since been superseded by ISO 31000 and IEC 62198.
Of all the major industry sectors, mining can probably claim the greatest familiarity with risk. The very real danger to life and limb faced by the earliest miners remains a feature of modern operations, but explicit attention to risk is now spreading to other areas of mining, from process operation and projects through to the strategic management of a business. The traditional focus on safety has expanded to encompass the social and environmental effects of mining and mineral processing, and risk management has made its way into project planning and investment analysis, as well as being a central plank of good corporate governance.
Formal risk management practices now extend to all aspects of mining and processing, and the larger operators are beginning to integrate all their risk management practices under a unified corporate strategy. However, you don’t need to be BHP to find that the uncertainties surrounding your business require more than seasoned professionals and good judgement to ensure success. As well as being sure in your own mind that you are making sound decisions, there is an increasing need to demonstrate that the processes by which those decisions have been reached conform to current best practice.
Successful businesses are already managing risk effectively, otherwise they would not have survived. However, in a world where the pressure on business is increasing all the time, we need to think about how we can keep up with the combined demands of:
- Rising expectations of safety, social and environmental impacts
- Globally oriented and increasingly demanding financiers
- The need to exploit more and more marginal resources.
Australia leads the world in having a national standard for risk management, AS/NZS 4360:1999. The standard sets out a generic approach to managing any type of risk, and it is proving its worth in a wide range of industries. Use of a standard can help you demonstrate that your risk management practices are well founded and up to date. With the Australian Standard gaining increasing attention around the world, and likely to be taken as a model by other countries, it is a sound starting point for anyone concerned with the subject. The generic process has to be tailored to a particular application, and the experience required to do this in a range of mining applications has been growing steadily since the first edition of the Standard was released in late 1995.
The safety of people, plant and the environment is central to process planning and management. There are fashions in the methods and techniques used to assess such risks even though the underlying principles are always the same. However, with the growing need to be seen to do the right thing as well as actually doing it, while minimising the cost of studies, the approach to risk identification and assessment has started to become more formal.
Process risk assessment and management takes in everything from long term low level hazards to major catastrophic events, as well as OH&S. A strong technical input is generally required to ensure that all significant issues are identified, and the assessment of the likelihoods and impacts of process risks usually rests on engineering analysis. Techniques for analysing major risks, such as explosion, fire or the release of toxic materials, are often specialist fields in their own right, supported by sophisticated computer based tools.
Project risk assessment is mainly concerned with the cost and schedule of a piece of work. Quality or performance is also an issue in some cases, but often the technical performance requirement is fixed and any uncertainty about performance turns into the risk of having to spend more time and money to get it right.
A qualitative or subjective approach to project risk identification and assessment requires relatively little effort, so long as you know what you are doing. It can expose the issues likely to jeopardise your project’s success, help you rank them in priority order and determine what to do about them. A qualitative risk assessment deals with the risks one by one, possibly using some numbers to describe an issue and its impact, but often relying on subjective or semi-quantitative scales, such as High-Medium-Low or something similar, to represent the likelihood and impact of a risk.
Qualitative risk assessments run out of steam when you need to compare alternative projects, alternative investments of money, time and other resources. It is difficult to look at two project risk assessments, each describing several dozen risks, and decide which one you would put your money on. Sometimes the answer is clear, but often it is not.
Quantitative assessment techniques can go that next step and give you a way of comparing a project with other investments. They can tell you the chance of achieving a payback within a given time for each of your alternatives, the risk of failing to complete a development on time, or the confidence with which you can expect to achieve the target IRR or NPV.
Compared to the mathematics and computer resources which might be applied to assessing an explosion risk, quantitative project risk assessment can be relatively light weight. Inexpensive spreadsheet tools and some straightforward modelling techniques are all that is required to understand cost, schedule and cash flow risk for instance.
The viability of an entire enterprise, or a major part of a business, can be at risk from process and project risks, as well as from issues which only arise at the business level. These might be anything from long term trends in technology, markets and economic circumstances to a critical dependence on a few key personnel.
Business risk assessment can be tackled as a one off snap shot, but it is a lot easier to draw all your risks together and manage them as a whole if you have a corporate risk management plan setting out processes and priorities. You cannot expect operational staff to act in line with the corporate attitude to risk if they don’t understand it, either because a policy has not been spelled out or because it has not been communicated to them. A risk management plan need not be hard to follow, in fact it must not be if it is to be effective, but it does need careful preparation.
A corporate policy on risk is likely to acknowledge the fact that there is no such thing as a risk free operation of any type, which will be news to some people, and set out the priorities which will drive the way you manage risks. One organisation, for instance, might rely on its in-house expertise and aim for its engineers and managers to work to world’s best practice in everything they do, including risk management. They might buy in specialist support for the risk management process itself, but rely on their own technical expertise. Another could decide that all major technical and operational decisions and policies will be audited by external specialists. One business might accept high risks and go for high margins while another opts for lower margins and less risk.
The best risk management policy for a given business will depend on a multitude of factors. Ultimately it will be driven by the personal attitudes of those funding the operation.
Formal risk management is relatively new to many areas of business. Even after the release of the recent Australian and New Zealand Standard on Risk Management, AS/NZS 4360, it is a dynamic subject and everyone is feeling their way to a certain extent.
Risk management goes to the heart of most important decisions in a business, from the detailed working of an engineering process up to long term strategy and policy formulation. The need for a formal approach and cost-effective analysis and assessment methods is growing, as business becomes more competitive and aggressive every year. The mining industry is no exception to this trend, and is beginning to find that explicit attention to risk management pays off in better quality decisions and more predictable business.