The role of risk management changes at each level of an organisation in the mining industry. The criteria used to evaluate results will therefore be extremely varied. Corporate management will be interested in risks that are vastly different to those that keep general managers at minesites awake at night. But what effective corporate and minesite risk management has in common is that it should primarily be concerned about removing surprises.
Everyone in the business should be focused on the following simple questions:
- What are the real, material risks?
- What are we doing about them?
- Is it actually working?
The first question is the most important. If you are focusing on the wrong risks then whatever actions are taken will not reduce surprises that can have the biggest business impacts. The traditional spreadsheet approach to risk management is often at fault. It leads to a focus on static top ten risk lists that treat risks as unconnected items. This approach often causes the business to look in the wrong direction.
John Summers, the former chief risk advisor at Rio Tinto and now an independent risk consultant, presents some thought-provoking ideas: “In risk registers we tend to list individual risks on individual lines because they are, more or less, spreadsheet-based applications; but this leads us to treat each risk as a linear, independent element.”
“If we start to look at the connectivity between risks, we can understand more about the real risks in our business and how there are themes and connections that we have not identified yet. This opens up the potential for a richer discussion about how risks should be understood, how contingency planning for operations and businesses need to be thought about and actually how disastrous or business-threatening catastrophes could play out.
Black swans and risk connectivity
This thinking goes beyond current discussions on so-called Black Swan events. Black Swans are low probability, high impact events. They are often of such low probability that when risks are scored and compared they do not make it onto the management radar. However, they could have such catastrophic impacts that they should not be ignored, especially at the strategic level.
Risk Connectivity theory is subtly different. It aims to highlight risks that might be quite small when viewed in isolation but, because they are highly connected, could act as catalysts for other, much bigger, risks. The impact comes from the chain reaction or the fact that a network of risks can be triggered by just one small risk. When thought about, this becomes a more accurate model of the real world than the old school top ten risk list approach. The trick is to build in some measure of connectivity when you capture and assess risks.
A typical mine operation will have numerous risk and compliance systems and registers, often using standalone spreadsheets. There will be risk registers for health and safety, engineering, maintenance, operations, legal, finance and for special projects requiring major investment, but often this information is not readily available or in the right format to help each level of the business make the right decisions and spot the connections. Risk connectivity cannot be seen if the risks themselves are being held in separate spreadsheet silos. A move to an enterprise approach and single system is needed.
John Summers continues: “There are risks potentially lower down in the pecking order that would not normally come to management and the board’s attention but that are nevertheless highly connected. The question the risk manager must answer is whether he should consider presenting to the board amber risks that are highly connected because they may need more management activity than perhaps a very poorly connected red risk?”
Only those material risks that impact goals are real. Everything else is interesting but not necessarily relevant. Again the traditional top ten risk list approach causes problems here. The risks, which often make it to such reports, stay the same year in, year out.
Organisations get caught in the risk admiration trap, where pet risks are identified and kept on reports when they no longer have relevance. This leads to board members disengaging from the risk process and rarely challenging the rankings that are on risk registers. They think that the people in the business have done a lot of hard work in bringing the top ten or twenty to them. So there is very little for them to be able to engage with.
“The real innovation is getting from the risk data that they have invested a lot of money on collecting into the corporate database, knowledge that they did not know was there, knowledge that does not come out through the conventional slicing and dicing of risk maps and summary risk registers. That’s where a lot of the power comes from the potential use of these tools and techniques,” concludes Summers.
It is time to go beyond static top ten risks lists to avoid the risk surprises that impact strategy, reputation and performance. For more information on how businesses can benefit from being able to see risk connections, watch the interview featuring John Summers.Loren Padelford is the executive vice president and general manager of Active Risk.
Read the article online at: https://www.worldcoal.com/coal/17062013/active_risk_-a_new_approach_to_risk_management_226/