An international mining group had many dissimilar and fragmentary approaches to risk management across its business units, arising from the series of acquisitions and mergers that had led to its formation.
The group felt that its approach to risk management as part of safety and environmental management was well advanced. However, it needed a fresh, consistent and comprehensive approach for all forms of risk across all its sites, including newly acquired upstream assets. In particular the group approach should to address the risks associated with asset integrity, trading and treasury activities, as well as mining operations.
The group asked Broadleaf for practical advice on how to develop and enhance a suitable framework for managing all risks consistently (sometimes called enterprise risk management, or ERM) across its operations. We suggested that this should be based on a critical evaluation of the elements already in place and should be informed by what is generally regarded as good practice in the resources sector.
The entire project was spread over a year. Broadleaf supported the group until it felt confident in its own leadership of the changes required.
Based on considerable experience, we believe that the most efficient and effective approach to developing a new framework and the associated implementation plan involves, broadly, using a gap analysis as an input to a management of change process. This is depicted in the Y Model shown in Figure 1 and described below.
To be successful and efficient, the approach requires:
- An accepted and accurate representation of the current arrangements for managing different forms of risk – the present situation
- The fundamental concepts of risk and risk management and the desired goals in terms of the risk management framework and process to be clearly understood by those sponsoring the change – the wanted situation
- A clear and accepted appreciation of the elements of the existing framework that need to be enhanced or improved, the nature of those changes and any additional elements that need to be created – what needs to change
- The exploration of options, constraints, enablers and critical paths leading to an appropriate plan of actions with timings
- A clear commitment to the plan and its implementation through the allocation of suitable resources by senior management and by their continued oversight of progress.
These steps can be tackled separately and the results reported to senior management. However, the most efficient approach, and the one that gains the greatest degree of ownership and endorsement, is to involve representatives of senior management in all these steps over a short space of time.
Phase 1 – Engagement and gap analysis
Broadleaf facilitated a two-day, intensive workshop that covered the five steps described above with a group of champions drawn from across the business. The workshop involved a series of modules that briefed the participants, facilitated gap analyses, developed a blue print for the framework, devised tools, wrote a policy statement and developed the implementation plan. The outline agenda for the workshop is shown in Table 1.
The workshop was based on ISO 31000:2009, as this provides the most widely used, up to date and comprehensive prescription for a framework for managing risk. The international standard has also been adopted widely as a national standard in many countries, including most locations where the group had operating assets.
1 Fundamental concepts
An appreciation of the fundamental terms and concepts behind effective risk management. This includes how an organisation can build and develop its capacity to manage risk.
2 ISO 31000 – principles and attributes of effective risk management
How the risk management process supports decision-making.
An understanding of the process for integration.
Agreement on the wanted situation, the design intent of the framework.
3 Evaluation and gap analysis
A clear definition of the current situation.
Acceptance of what needs to change.
Motivation for change.
4 Work items and options
Agreed, tangible tasks to lead to an enhanced framework.
5 Risk management toolkit
The basis for a risk management toolkit for the group.
This required further detailed development after the workshop.
6 Policy statement
Draft policy for review and endorsement by the Management Committee.
7 Draft risk management plan
Agreed plan and schedule.
Agreed process to steer and monitor progress on the implementation of the plan.
The basis for governance reporting
The evaluation and gap analyses (module 3) used protocols and tools supplied by Broadleaf.
Broadleaf recorded all outcomes as they were developed. These included:
- Draft policy statement
- Framework design intent
- Basis for the risk management toolkit
- Risk management plan
- Description of the desired governance and oversight arrangements.
Phase 2 – Guidance on risk assessment and treatment
Broadleaf prepared a guideline that included the risk rating system developed previously. It also included a range of templates and tools and described a process for establishing the context, conducting a risk assessment and developing risk treatment plans.
This guideline, tools and templates were used as the basis of the subsequent training course.
Phase 3 – Risk management champions’ training course
This took place over four days and included many practical exercises including a half-day group case study. It was held twice, in Europe and North America.
The training objective was to equip champions with sufficient skills to facilitate risk assessments and help their management teams start integrating the group risk management process into decision-making processes at their sites.
2 RM Process - Communication and consultation
3 RM Process - Establishing the context
4 RM Process - Risk identification
5 RM Process - Risk analysis
6 RM Process - Monitor and review
7 Project risk management
8 Group case study (1/2 day)
9 Group case study feedback
10 Integrating risk management
11 Implementing risk management
12 Personal planning
Site engagement and roll out
Broadleaf supported the group with the rollout of the framework at two locations in Europe and North America. The objective was to demonstrate the application of the concepts and tools introduced to champions in the training courses and to trial the process for risk assessment and treatment in the guideline.
Broadleaf produced an engagement pack for use at all locations. It included templates, copies of the policy, standards and guidelines and a short training workshop for managers. The training materials were to be used on sites to:
- Introduce the group framework
- Provide a fundamental understanding of risk, controls and risk management
- Prepare for a subsequent baseline risk assessment and risk treatment planning exercise
- Describe how a management team should integrate the risk management process into their decision-making processes and the purpose of a risk management plan
- Explain, in particular, how the risk management process was to be used in future in support of the group planning and sustaining capital programs.
Broadleaf led two engagement exercises, one at a smelter and one at a mine site. The group risk manager and champions participated at each site so there was a transfer of skills.
Each site engagement took four days. It consisted of:
- Introductory workshop
- Site tour and induction
- Establishing the context
- Preparation of a briefing note
- Facilitation of a baseline risk assessment
- Development of a definitive baseline risk register for the site
- Facilitation of risk treatment workshops and the creation of risk treatment plans
- Facilitation of the creation of a risk management plan for the site
- A close out presentation to management that confirmed what had been found and the next steps required by them.
The close out presentation included the results of risk analyses, such as those shown in Figure 2, Figure 3 and Figure 4. The numbers in the matrices are the identifiers for the risks.
Sites were also provided with a risk management enhancement plan for the next 12 months. An outline plan is shown in Figure 5.
After many years and projects of a similar nature, it is clear to us that a contractor should not ‘do risk management’ for a client. Our role must be to facilitate the process, to help our client’s staff understand and adopt good practice, not to do all the work for them.
Key components of all risk management frameworks are the strategies adopted to train and build capability. In this case it was vital to:
- Train champions and others in the fundamental concepts of risk management before they were equipped to conduct a gap analysis and evaluation
- Provide practical training, with many exercises, so that champions quickly became confident in facilitating the risk management process
- Reinforce theoretical training with involvement in a real engagement and risk assessment exercise on a site
- As the first part of engagement and roll out of the new framework at a site, provide basic training to managers on the fundamentals of risk management.
A PDF of this case study can be downloaded here