Effective Risk Management: Making It Personal

The whole article can be found in the February issue of World Coal. Subscribers can login here to view the full issue.

Effective risk management in the coal industry is all about people. To succeed, you need to embed a risk-aware culture and make the risk process simple and relevant so that it becomes part of everyone’s daily job. At the end of the day it is people who manage risks, minesites and organisations. They need to see the value for the time they invest into the risk process, both to them and to the organisation. Risk management needs to be made personal to stick.

This is a great principle with which to start. However, at every level of an organisation in the coal industry, the role of risk management will be different and the criteria used to evaluate the results will vary enormously. Corporate management will be interested in risks that are vastly different to those that keep general managers at minesites awake at night. But what effective minesite and corporate risk management have in common is that they should be about removing surprises. Everyone from the coal face to the board room should be focused on the following simple questions:

• What are the real material risks?
• What is being done about real risks?
• Is it working?

Sharing information

A typical mine operation will have numerous risk and compliance systems and registers, often using standalone spreadsheets. There will be risk registers for health and safety, engineering, maintenance, operations, legal, finance and for special projects requiring major investment, but often this information is not readily available or in the right format to help each level of the business answer the three questions above.

So how can pertinent risk data get to the right people at the right time and in the right format? How do divisions get risk information to the mine manager? How does the mine manager get risk information to the corporation? At a corporate level, how can risk data be collated in an understandable way to show the true impact on production targets, strategic goals, revenues and reputation across multiple sites?

Implementing enterprise risk management (ERM) software helps to standardise the process and provide a foundation for risk decisions across the operation. However, it needs to be made simple, valuable and personal to be truly accepted throughout the business.

Health and safety may use a 5 x 5 risk matrix, while legal and finance prefer a 4 x 4 matrix or an entirely different method of recording risks. An ERM solution must be able to handle these variations and provide aggregation and roll-up, with scoring and re-scoring at each level, based on the different needs. Some risks rated as high by minesite management may only rate as medium and low at a divisional or corporate level. Other risks, rated as medium or low by individual mines, may become more important at the corporate level. This higher perspective may make it apparent that the same risks are being reported at multiple sites with potential strategic impact. Using ERM software to automate the risk process allows organisations to see risk at different levels, understand the impact of the risks and focus resources to manage them at the appropriate levels and locations.

With a standardised ERM solution the communication and flow of risk data is simplified, while avoiding the manual collation and manipulation often associated with spreadsheet-based risk systems. The goal is to gain the speed to give the maximum number of options. If a risk is identified early enough, cost-effective mitigation processes can be implemented saving time, money and lives.

Revisit risk regularly

On a regular basis, managers throughout the operation should be encouraged to revisit the three key risk management questions:

• What are the real material risks? Only those material risks that impact goals are real. Everything else is interesting but not necessarily relevant. Care should be taken not to get caught in the “risk admiration” trap, in which “pet risks” are identified and kept on reports when they no longer have relevance. If a risk does not impact on a goal then look at it later – if at all.
• What is being done about real risks? What, who, when, why, how much – all of these questions apply. A risk with no plan to manage it is a ticking time-bomb.
• Is it working? Many operations have controls in place, but have no idea if they need them all, if they need more, or even if the ones they have are working. For example, in 2011 there were US$ 350 billion in losses reported by businesses around the world, but only US$ 106 billion were insured. So for many organisations, the insurance they had simply did not relate to their real risks.

Developing risk-awareness

The difference between risk management and risk awareness is immense. In a risk-aware culture, risk is part of everyone’s daily activity. Most firms would argue that they have a risk management “process” or “policy” in place, but a true risk-aware culture means that risk is analysed to a granular level – where it has the most impact.

This means that every single person within an organisation – from the CEO to the newest project manager – not only understands their risks, but implements and uses risk management on a daily basis. If everyone understands that their role involves a component of risk management and that risk management needs to be practiced every day, then the organisation’s ability to understand its risk at a more in-depth, mature level increases.

Research is showing that organisations with higher levels of risk maturity have improved in profitability, enterprise value and opportunity generation. So there are sound financial reasons why it is worth the effort to implement an ERM system and to use this to underpin a risk-aware culture. The trick is to make risk management simple, valuable and personal for all employees from the board room to the coal face.

Author

Loren Padelford is executive vice president and general manager of Active Risk. Loren has a broad track record of success in technology and business services. Before joining Active Risk, he was vice president of strategic alliances and global sales director for Dyadem International, an enterprise HSE software provider working with leading mining, oil and manufacturing customers.

Written by Loren Padelford

The whole article can be found in the February issue of World Coal. Subscribers can login here to view the full issue.

Read the article online at: https://www.worldcoal.com/coal/07022013/effective_risk_management_making_it_personal_3182/