Strategic and Operational Risk Management in Mining

Strategic and Operational Risk
Management in Mining
Werner Heinze
International Lecturer of the
Technische Hochschule
Georg Agricola, University
(Bochum, Germany)
- Lecture at UNAL Medellin, Mai 2018 -
Werner Heinze
Risk Management in Mining www.thga.de
Mai 2018
Agenda (1)
• Introduction
• Goals and definitions of Risk Management (RM)
• Guidelines and principles of RM („Framework“)
• Procedures of RM: „risk management workflow“

– Identification
– Analysis and assessment
– Risk response
– Communication/Reporting and documentation
– Monitoring
Werner Heinze
Risk Management in Mining 2
Mai 2018
Agenda (2)
• Risk culture as key factor of RM

• RM in a „key risk field” of mining: Occupational Safety
and Health (OSH)
− “Seven golden rules” of ISSA Mining
− VISION ZERO – RAG’s way to zero accidents
• Current trends in RM
• RM in the Colombian mining industry: status quo and further
development
Werner Heinze
Mai 2018
Introduction
• Personal presentation
• Topics of the course
• Agenda and time table
• Learning targets
• Learning methods
• Expectations and previous knowledge of
participants
• University TH GA
• RAG AG
Werner Heinze
Mai 2018
That´s me, and you?
Please punch into

the contacts of
my iPhone your
• First name
• Name
• Email
• Mobile number
and I will take a
picture to add it
to the contact.
Werner Heinze
Mai 2018
Introduction
- Topics, learning targets, methods (1)
• RM will be presented as a comprehensive management

approach to integrate the management of risks and
opportunities at all levels/fields of activity of an enterprise
• Following this perception RM goes far beyond operational
aspects and comprises as well strategic aspects of general
management
• The presented elements and procedures of RM are based on
the experience of a major German coal mining company
(RAG AG)
• The lecturer (I myself) was responsible for establishing and
monitoring the RM-system at RAG
Werner Heinze
Mai 2018
Introduction
• The learning targets are documented in the agenda:

Participants shall acquire a basic knowledge of Enterprise
Risk Management (in general and in mining) with all it‘s
elements and procedures
• (Much) theory will be accompanied by a practitioner‘s view
• Sequence of different training phases (e.g. start-up, learning
and experience, practical phase/exercise, exam/evaluation)
• Use of participatory teaching methods (e.g. workshop,
teamworking, round table, brain storming, discussion,
feedback …)
Werner Heinze
Mai 2018
Introduction
• You receive a „handout“ of 30 pages with assignments to be

done in the course or at home
• The assignments mostly refer to the preceding contents of the
lecture, so you should listen very carefully
• At the end of the handout you find a „glossary of terms“,
which could be very useful for the understanding of the lecture
• At the end of the course you may get a pdf-file of all
presentations shown (personal use only)
• Time table will be handled flexible, but should comprise at
least 4 hours a day from today to Friday
• Daily schedule is from 9:oo to 13:00 hours
Werner Heinze
Mai 2018
Structure of daily schedule
(Proposal to be fixed)
09.00 kickoff
lecture/workshop
10.00 break
10.15 lecture/workshop
11.15 break
11.30 lecture/workshop
13.00 end
Werner Heinze
Mai 2018
Previous knowledge and
expectations of participants
Students task
• Do you have already experience - respectively previous

knowledge of Risk Management (RM)?
• What is RM good for?
• What might be (main) elements of it?
• What are your special expectations for this course?
Take 5 minutes to think about these questions and then give

your individual feedback to each aspect!
Werner Heinze
Mai 2018
TH Georg Agricola At A Glance
(see separate file)
An Introduction to the University

(State approved University of applied sciences for
raw materials, energy and environment)
Bochum, Germany
Werner Heinze
Mai 2018
Welcome to RAG Aktiengesellschaft
(see separate file)
Werner Heinze
Mai 2018
Agenda
• Introduction
• Goals and definitions of risk management (RM)
and Health (OSH)
development
Werner Heinze
Mai 2018
The world is changing at a rapid pace
and with that change comes risk
Source: EY’s global governance, risk and compliance survey 2015
Werner Heinze
Mai 2018
The world is changing at a rapid pace
and with that change comes risk
Werner Heinze
Mai 2018
A Regional Perspective of Risks
source: World Economic Forum
Werner Heinze
Mai 2018
Global Risks Landscape (WEF)
- Top 10 Results 2018
source: World Economic Forum Global Risks

Perception Survey 2017–2018
Werner Heinze
Mai 2018
Accidents and incidents in mining
- Threat of desaster and losses
Werner Heinze
Mai 2018
Risk Management
- Early origins
“It is not about predicting the

future, but about being
prepared for it.”
- Pericles, Greek statesman, ~500BC
Werner Heinze
Mai 2018
Risk Management
- New perspectives
As one of the world's foremost and

celebrated ski-mountaineers, Chris
Davenport understands risk better
than most. In this TED talk, Chris
goes into detail about his personal
Risk Management in the mountains:
https://www.youtube.com/watch?v=z
yet9fPS24k
Werner Heinze
Mai 2018
Goals and definitions of
Risk Management (RM)
Students task
• What is Risk?
Give an idea in your own words!
Werner Heinze
Mai 2018
What is risk? -1-
• The word „risk“derives from the early Italian “risicare”, which

means “to dare”
• General definition (according to ISO 31000):
− „The effect of uncertainty on objectives”
− An effect may be positive, negative or a deviation from the
expected
− Risk is often described by an event, a change in circumstances
or a consequence
− Circumstances or incidents that endanger the achievement of
an organisation‘s objectives
• The term hazard represents risks with only negative outcome
(accidents and incidents like fire, storm, flood, injury etc)
Werner Heinze
Mai 2018
What is risk?-2-
• R2C („Risk to chance ”): The focus

of RM is expanded from risks to
chances (opportunities)
• Risk/chance means the

combination of the probality of
an event and its consequence.
Consequences can range from
positive to negative (Institute of
Risk Management)
Werner Heinze
Mai 2018
Categories of Risk
- Example of a general classification
Werner Heinze
Mai 2018
What is RM?
• Identification, assessment and prioritisation

of risks
• followed by coordinated and economical application of
resources to minimize, monitor, and control the probability
and/or impact of unfortunate events or
• to maximize the realization of opportunities.
• Central part of the strategic management of any
organisation. It is the process whereby organisations
methodically address the risks (opportunities) attached to
their activities
Werner Heinze
Mai 2018
Why risk management (RM)? -1-
• „Risk is like fire: if controlled it will help you; if

uncontrolled it will rise up and destroy you“
-Theodore Roosevelt
• There is no reward without risk: turning risks
into results
• Nobody is perfect, we make mistakes in the
normal course of operation!
Werner Heinze
Mai 2018
Why risk management (RM)? -2-
• Organisations exist to achieve objectives

− Risk management enhances the understanding of the
potential upside (=opportunities) and downside (=risks) of
the factors that can affect an organisation.
− It increases the probability of success and reduces both
the probability of failure and the level of uncertainty
associated with achieving the objectives of the
organisation.
• Clear correlation between maturity of risk management and
business results (EY research, 2012)
Werner Heinze
Mai 2018
Why risk management (RM)?
- Return on investment
• increases financial value and profitability
• decreases current and future costs
• lowers insurance costs
• reduces cost of capital and increases credit worthiness
• increases trust and protects reputation
• protects against failure
Werner Heinze
Mai 2018
Scope of application
- Risk fields („risk landscape”)
• Narrow sense (traditional approach):
Focus on hazard risks/operational risk fields
=>protect production processes against incidents
=>keeping up safety
Example mining industry: RM in Occupational Safety and Health to
prevent damages from incidents and accidents
• Comprehensive sense (up to date approach):
All important functions and activities of an enterprise can be considered
as risk fields
=> strategic, financial, operational, internal, external,
reputational risks …
=> Enterprise Risk Management (ERP)
• Prerequisite of a proper RM in every (mining) enterprise:
=>detection of its specific risk fields
Werner Heinze
Mai 2018
Scope of application
-Risk fields of a mining company (RAG AG)
Source: RAG
Werner Heinze Mai

2018
Levels of Risk Management
- Strategy Pyramid
Source: Management Principles,

2012books.lardbucket.org
Werner Heinze
Mai 2018
Strategy Pyramid
- Mission and Vision
„To help people to save money so

they can live better“ (Walmart)
„To become the world wide leader

in retailing“ (Walmart)
Source: Alar Kolk, Visions &

Missions of Fortune Global
100 (slideshare)
Werner Heinze
Mai 2018
- Strategy Pyramid
Source: Management Principles,

2012books.lardbucket.org
Werner Heinze
Mai 2018
- Architecture, Strategy, Protocols and Process
Source: AIRMIC, Alarm, IRM:

A structured approach to Enterprise
Risk Management
The Risk Management Process (=operational RM) is embedded in a

context decribed by the elements Risk Architecture, Risk Strategy
and Risk Protocols (=strategic RM)
Werner Heinze
Mai 2018
Strategic and Operational RM
- Scope of lecture
• Title of lecture („Strategic and operational RM“) represents the

message, that we will deal with a comprehensive view of risks
branded as Enterprise Risk Management (ERM)
• Look at strategic as well as operational risks
• Strategic RM : all activities of an organisation concerning its

RM context/frame (architecture, risk strategy, protocols)
• Operational RM: concerns the RM process or (in other words)

the RM workflow
Werner Heinze
Mai 2018
Goals and definitions of
Risk Management (RM)
Students task
• What is the goal of RM?

• What is the purpose of (enterprise) strategy?
• What is the meaning and impact of „ERM“?
• What is the focus of strategic RM?
Werner Heinze
Mai 2018
Agenda
• Introduction
and Health (OSH)
development
Werner Heinze
Mai 2018
Development of International
Standards in RM
• 2002- Sarbanes Oxley ('Public Company Accounting Reform
and Investor Protection Act' )-response to major accounting
scandals Enron, WorldCom, Tyco etc.
• 2004- COSO (Committee of Sponsoring Organizations)
issued ‘ERM- Integrated Framework’
• 2007- SEC Guidance ‘Top down’ risk assessment
• 2007- S&P reviews RM in corporate debt ratings for financial
companies, and in…
• 2009- S&P begins to review in rating all companies
• 2009- ISO 31000 International RM Standard
• 2017- COSO update: ‘COSO Enterprise Risk Management –
Integrating with Stategy and Performance’
Werner Heinze
Mai 2018
COSO Framework (ERM)
- „Coso-Cube“
Glossary
Werner Heinze
Mai 2018
COSO Update 2017
- Components and Principles
Source: COSO 2017, COSO Enterprise Risk Management—

Integrating with Strategy and Performance
Werner Heinze
Mai 2018
ISO 31000
• ISO 31000:2009 – Developed by the International

Organization for Standardization (ISO)
• Provides principles and generic guidelines on risk
management
• Universally recognized paradigm for practitioners and
companies employing risk management processes across
different industries, subject matters and regions
• ISO 31000 is defined as “a process that provides
confidence that planned objectives will be achieved
within an acceptable degree of residual risk”
Werner Heinze
Mai 2018
Risk Management System
- Architecture, Strategy, Protocols

Risk Management
According to ISO 31000 the Risk Management Process is

embedded in a context decribed by the elements
Risk Architecture, Risk Strategy and Risk Protocols
Werner Heinze
Mai 2018
Risk Management System at RAG:
-“House of Risks“
RC ≡ Risk and Chance
RC-Strategy
Organisation of Risk Management at RAG

RC-Monitoring
- Review of risk response results

- Cost-Benefit-Analysis
RC-Communication - Update RC guidelines RC-Identification
- Internal and external reporting to - Determination of risk fields
decision makers and stakeholders - Identifikation of essential
- Selected contents for strategic- and business risks
consolidated annual report
RC-Response RC-Assessment
RC-Aggregation - Assessment of impact and likelihood

- Preventive und reactive
measures (risk portfolio)
- Bundling correlated risks and - Prioritisation of essential/
- Internal Control System
chances existence threatening risks
- Measures tracking
- Determination of overall risk und essential chances
and chance position (portfolio view)
Risk management-Software (R2C)

Werner Heinze
Mai 2018
Guidelines and principles of RM
(„Framework“)
Students task
• What is the purpose of RM frameworks?

• Name the two most important frameworks and give
an idea about the elements of these frameworks!
• What is the name and the content of the RAG RM
framework?
Werner Heinze
Mai 2018
Agenda
• Introduction
and Health (OSH)
development
Werner Heinze
Mai 2018
Do you remember Deepwater Horizon?
- Consequences of poor RM
• Financial costs for BP up to 70
billion US$
• 11 people killed
• 200 million gallons of crude oil
pumped into the Golf of Mexico
• 16.000 miles of coastline affected
• Thousands of dead animals
• Over 30.000 people involved in
cleaning up
Source: REUTERS/
U.S. Coast Guard 2010
Werner Heinze
Mai 2018
Deepwater Horizon: Mistakes to be
avoided
„The decisions made by these companies reveal systematic failures in risk

management raising questions about the risk culture in the industry“
(National Commission on the BP Deepwater Horizon Oil Spill)
• Preference for cheap and easy solutions in order to save time and money
– instead of adequate measures of maintenance
• No effective communication – workers fearing for their jobs for raising
safety concerns
• Regarding primarily risks with higher likelihood and lower impact instead
of paying more attention high impact risks with lower probability
• No scenario planning for a burst oil pipe => no adequate emergency
measures
Werner Heinze
Mai 2018
Risk Management Process
- Workflow
Risk Strategy
Monitoring of
aforementioned Identification
Organisational
activities
Security
Internal Measures
Audit Monitoring
Early Warning Controlling

Communication System(s)
Reporting Analysis and
Documentation Assessment
Source: RAG
Risk Coping Measures

Werner Heinze
RiskRisk
Response 48
Mai 2018
- 7 Rs and 4 Ts
• Recognition or identification of risks
• Ranking or assessment/evaluation of risks
• Responding to significant risks
– Terminate (avoid)
– Treat (reduce/mitigate/control)
– Transfer (share)
– Tolerate (accept)
• Resourcing controls
• Reaction planning
• Reporting and monitoring risk performance
• Reviewing the risk management framework
Werner Heinze
Mai 2018
Procedures of risk management:
- Identification
• Identification of risks means detecting any event

that may endanger achieving objectives of an
organisation partly or completely
• Identification of risks is the most critical step in RM:
not identified risks =>no active and effective RM!
• Identification can be based on a wide range of
sophisticated methods
But it also means to look further …
Werner Heinze
Mai 2018
Identification:
- What you should know
“There are known knowns. These are things we know

that we know.
There are known unknowns. That is to say, there are
things that we know we don't know.
But there are also unknown unknowns. There are things
we don't know we don't know.”
- Donald Rumsfeld
Werner Heinze
Mai 2018
Identification
- The Black Swan
“A Black Swan [...] is an event
with the following three
attributes. First, it is an outlier, as
it lies outside the realm of
regular expectations, because
nothing in the past can
convincingly point to its
possibility. Second, it carries an
extreme impact. Third, in spite of
its outlier status, human nature
makes us concoct (=to invent)
explanations for its occurrence
after the fact, making it
explainable and predictable.“
- Nassim Nicholas Taleb
Werner Heinze
Mai 2018
Identification
- „Iceberg effect“
First glance
versus
deep view
Werner Heinze
Mai 2018
Identification
- Wide range of techniques

Risk Management
Werner Heinze
Mai 2018
- Workflow
Risk Strategy
Monitoring of
Organisational
activities
Security
Internal Measures
Audit Monitoring

Source: RAG

Werner Heinze
RiskRisk
Response 55
Mai 2018
- Analysis
• Risk analysis means the systematic use of available information to

understand the nature, sources and causes of identified risks
• Risk analysis means to examine impacts and consequences of identified
risks
• Risk analysis means as well to examine the already existing controls
• Risk analysis can be supported by a risk classification system
• Risk classification systems enable organisations to identify accumulation of
similar risks
• Risk classification system must be adapted to the individual range of risks
of an organisation
Werner Heinze
Mai 2018
Risk Classification
- General Example

Risk Management
Werner Heinze
Mai 2018
Risk Classification
-Specific Example (RAG AG)
Source: RAG
Werner Heinze Mai

2018
- Assessment
• Risk assessment means the process used to determine risk management

priorities
• Risk assessment means evaluating and comparing the level of risk against
predetermined standards, target risks levels (“risk appetite”) or other criteria
• Level of risk usually is determined by the two components:
likelihood (probability of ocurrence) and impact (amount of
damage/opportunity in money)
• According to available data likelihood and impact are calculated or estimated:
quantitative, semi-quantitative or qualitative evaluation
• Final result: Risk profile and Risk ranking = basis of priorities for risk
treatment
Werner Heinze
Mai 2018
Procedures of risk management
Students task
• Remember the chart „Risk Classification of RAG“
and identify two possible risks for each of the
following risk categories: 1.Production, 2.Quality
and Sales, 3.Workforce, 4.Purchasing, and
5.Information Technology!
• Describe the process of risk identification, analysis
and assessment in your own words!
• Give examples for risk identification techniques!
Werner Heinze
Mai 2018
Illustration of Risk: Risk Profile
General Pattern Example:Introducing a New Curriculum
The more performance you seek, Source: COSO, Enterprise Risk Management— Aligning Risk
with Strategy and Performance • June 2016
the more risk you have to take!
Werner Heinze
Mai 2018
Students task
Try to catch the
main ideas of this
example for
developing a risk
profile!
(Individual reading)
Source: COSO, Enterprise Risk Management— Aligning Risk

Werner Heinze with Strategy and Performance • June 2016
Mai 2018
Students task
Try to catch the
main ideas of this
example for
developing a risk
profile!
(Individual reading)
Source: COSO, Enterprise Risk Management— Aligning Risk

with Strategy and Performance • June 2016
Werner Heinze
Mai 2018
Risk Appetite and Risk Capacity
Risk Profile with Risk Appetite Risk Profile with Risk Capacity
Risk appetite is the amount Risk capacity is the amount

of risk an entity is willing to of risk an entity is able to
accept in pursuit of strategy absorb in pursuit of strategy
and business objectives and business objectives
Werner Heinze
Mai 2018
RISK APPETITE
- Key questions
• What risks will the organization not accept?

(e.g. environmental or quality compromises)
• What risks will the organization take on new activities?

(e.g. new product lines)
• What risks will the organization accept for competing

objectives?
(e.g. gross profit vs. market share?)
Werner Heinze
Mai 2018
Illustration of Risk Assessment Results
- Risk Matrix (=Risk Map)
Werner Heinze
Mai 2018
Illustration of Risk Assessment Results
- Example Risk Map RAG AG
Werner Heinze
Mai 2018
- Workflow
Risk Strategy
Monitoring of
Organisational
activities
Security
Internal Measures
Audit Monitoring

Source: RAG

Werner Heinze
RiskRisk
Response 68
Mai 2018
Procedures of risk mangement:
- Risk coping measures / risk response
Select and implement appropriate actions for dealing with risks:
Avoid/ • Not entering or terminating a business respectively

Terminate a special activity => risk is too high (beyond risk
appetite)
Reduce/Treat/ • Probability of occurrence and/or amount of damage
Mitigate/Control (impact) will be constrained to an acceptable level
Transfer/ • Paying a third party to take the risk, e.g.

Share conventional insurance or financial instruments;
undertaking a busines in partnership/cooperation
• To take no further action: small risks with tolerable
Accept/
risk exposure; large risks with limited ability to do
Tolerate
anything about; costs of taking any action too high
in relationship to the gained benefit
Werner Heinze
Mai 2018
- Illustration of risk response
1. avoid
Overall risks
2. reduce
▪ staff
▪ technique 3. transfer
▪ organisational ▪ alternative
risktransfer
▪ Alternative risks
finances 4. accept
residual risk
identified risks ▪- Insurance Terms
of contracts
accepted risk
Non-identified risks
Source: Lect. Prof. Dr. Kretschmann,
Bangkok 2010
Werner Heinze
Mai 2018
- Risk coping measures / risk response
Select and implement appropriate actions for dealing with risks:
Avoid/ Students task

Terminate
Reduce/Treat/
Mitigate/Control
Give examples for each
Transfer/ instrument!
Share
Accept/
Tolerate
Werner Heinze
Mai 2018
Risk Response
- Interactions and complexity
Werner Heinze
Mai 2018
Risk Response
- Example of neglecting interactions and
complexity
“
Two turntables and a time time
machine... a DJ is sent to a busy city
block to mend a series of unfortunate
events.
https://www.youtube.com/watch?v=o
P59tQf_njc
Werner Heinze
Mai 2018
Risk Response
- Decision Matrix
Source: SACE, Enterprise Risk and

Portfolio Management, Milan 2014
Werner Heinze
Mai 2018
Risk Response
- Costs and benefits
Source: SACE, Enterprise Risk and

Portfolio Management, Milan 2014
Werner Heinze
Mai 2018
Risk Response Special Topic:
- Business Continuity Management (BCM)
Werner Heinze
Mai 2018
Business Continuity Management
- Incidents that may cause disruption
Example ‘PEST’ risk model
Technical Economic
IT/Systems Breakdown Industrial Accidents

Contamination Government Crisis
Industrial Accident Utilities failure
On-site product tampering Sabotage

Malicious acts Terrorism
Organisational failure Labour strikes
Off-site product tampering
People Social
Werner Heinze
Mai 2018
- Definition
Business Continuity Institute (BCI) and British Standards
Institution (BSI):
• holistic management process
• identifies potential impacts
• framework for resilience and response capability
• safeguard interests of key stakeholders
or more simply…
A process that establishes a secure and resilient business
environment capable of mounting an immediate and
effective response to a major incident.
Not just a paper plan, it also requires organisation,
planning, assessment, training, rehearsal and more.
Werner Heinze
Mai 2018
- Objectives
Source: Marsh Technologie

Conference, Zurich 2005
Werner Heinze
Mai 2018
Business Continuity Plan
- Illustration

Werner Heinze
Mai 2018
Business Continuity Plan
- Elements
Disaster
Recovery

Werner Heinze
Mai 2018
BUSINESS CONTINUITY
- MANAGEMENT CYCLE
Understanding
Your Business
Exercising, Business
Maintenance 5 BCM 2 Continuity
and Audit Strategies
Managem
P
Programme
Management
4 3
Develop and
Building & Implement BCM
Embedding a Plans & Solution(s)
BCM Culture
Source: Business Continuity Institute 2002
Werner Heinze
Mai 2018
- Business Continuity Management
Students task
• Describe BCM in your own words!

• Give examples for incidents that cause business
disruption!
• What are the elements of a BCM plan?
Werner Heinze
Mai 2018
- Workflow
Risk Strategy
Monitoring of
Organisational
activities
Security
Internal Measures
Audit Monitoring

Source: RAG

Werner Heinze
RiskRisk
Response 84
Mai 2018
- Communication: reporting and
documentation
• Transmit risk information to decision makers respectively
decision making unit
• Attributes of information: available at the right time, in the
right quantity, at the right place and in the right quality
• Prerequisite to take the right business decisions in the trade-
off between making profit and taking risks
• Risk taking requires risk monitoring: documentation to track
the achieved effects
=> Adequate and standardised instruments of reporting and
documentation
Werner Heinze
Mai 2018
Example risk documentation
- Detailed risk description
Source: SACE: Enterprise Risk and

Werner Heinze Portfolio Management, Milan 2014
Mai 2018
Example Risk reporting
- Using the IT-Tool r2c (RAG AG)
Example Risk reporting
- Input mask IT-Tool (RAG AG)
Werner Heinze Risk Management in Mining 88

Mai 2018
Example Risk Reporting
– Reporting template (RAG AG)
Werner Heinze
Mai 2018 Risk Management in Mining 89
Example Risk Reporting (RAG AG)
- Risk Map (overall risk landscape)
Werner Heinze
Mai 2018
- Monitoring
• Monitoring means to evaluate and to improve the risk management
activities:
– Measures adopted achieved the intended results?
– Procedures adopted were efficient?
– Which lessons can be learned for future assessments and controls?
• Changes in the organisation and the external business environment have
to be identified: => Modification of existing procedures
• Monitoring is an ongoing process carried out by the responsible staff
• Additionally seperate reviews respectively audits (internal and external
auditors) have to be executed
Werner Heinze
Mai 2018
Students task
• Describe instruments of documentation and

communication of risks!
• What‘s the goal of „monitoring“ in the context of
procedures of RM?
Werner Heinze
Mai 2018
Keep in mind:
Risk Management Workflow
Risk Strategy
Monitoring of
Organisational
activities
Security
Internal Measures
Audit Monitoring

Source: RAG

Werner Heinze
RiskRisk
Response 93
Mai 2018
Keep in mind:
- 7 Rs and 4 Ts
• Recognition or identification of risks
• Ranking or assessment/evaluation of risks
• Responding to significant risks
– Terminate (avoid)
– Treat (reduce/mitigate/control)
– Transfer (share)
– Tolerate (accept)
• Resourcing controls
• Reaction planning
• Reporting and monitoring risk performance
• Reviewing the risk management framework
Werner Heinze
Mai 2018
Agenda
• Introduction
and Health (OSH)
development
Werner Heinze
Mai 2018
ERM Life Cycle
Source: Lisan Sison, ERM 101

Werner Heinze
Mai 2018
What is risk culture?
• Abstractly: Ethical values, desired behaviours and

understanding of risk within an organisation
• In practice: Behaviour and actions of people concerning risks
• „Positive“ risk culture:
− Risk awareness at all levels of a company
− Readiness to communicate risks
• Risk awareness + risk communication =>risk transparancy
= prerequisite of handling risk
• but …
Werner Heinze
Mai 2018
Risk culture: Psychological aspects
• Human psychology does not necessarily support risk awareness (examples):

− As something becomes familiar, we tend to care less
− General tendancy to see things not as they are but as they ought to be
− In case of mistakes: we often end up blaming the wrong cause
=> impossible to learn from mistakes
• General characteristics of people may also hinder risk communication
(examples):
− Reluctance and politeness
− High respect for older people or leaders
− Tendancy to obey orders and statements in face-to-face-situations
− Worry of „losing face“
Werner Heinze
Mai 2018
Measures to improve risk culture
• Creation of risk awareness

− Information activities: presentations, schoolings, publications about the
risk strategy, risk situation and benefits of RM
• Measures to improve risk communication
− „Tone from the top“: commitment of the top management to RM
− Guidelines fixing RM as part of the corporate strategy
− Upgrading the formal flow of risk information (internal and external
reporting)
− Monitoring the integrity of risk information in competent boards
(morning round table talks, plant manager meetings, …)
• Establishing a „positive error culture”: open discussion of mistakes; taking
mistakes as chance of learning and improvement
Werner Heinze
Mai 2018
Risk culture
Students task
• Describe the meaning of „risk culture“ in your own

words!
• What‘s the most important factor of risk culture?
Werner Heinze
Mai 2018
Agenda
• Introduction
and Health (OSH) (=>see separate files)
development
Werner Heinze
Mai 2018
Agenda
• Introduction
and Health (OSH)
development
Werner Heinze
Mai 2018
Current trends in RM
• Increased integration of RM with other management

processes: Integration into planning, controlling and
investment processes (e.g. COSO update, REPM)
• Defining future trends and predictive indicators –
Usage of risk early warning indicators
• IT: Stronger usage of professional RM software
• Extended focus of RM: Integration of Compliance Risk
Management
• Increased emphasis on psychological aspects of RM: Exploring
cognitive biases in predecting, valuating and handling risks
Werner Heinze
Mai 2018
The Evolution of Risk Management
- Risk Enabled Performance Management
Source: EY:Insights on governance, risk and

compliance - Expecting more from risk management
Werner Heinze
Mai 2018
Extending focus of RM to Compliance
• Compliance:
− being in accordance with established rules and guidelines
or
− process of becoming so
• Permanent increase of regulatory, contractual and voluntary
requirements
=>rising compliance requirements
• Compliance with safety rules, regulations, norms and
technical guidelines is of existencial importance for the
survival of every (mining) company!
Werner Heinze
Mai 2018
Extending focus of RM to Compliance
Source: PwC
Werner Heinze
Mai 2018
Increased emphasis on psychological
aspects of RM: Cognitive biases
Source: RiskNET, Cognitive biases in predicting,

valuating, and handling risks
• Avoid biases in predicting, valuating and handling risks by

– Getting increased understanding of the psychological underpinnings
of human decision making
– Create environments in which people perform decisions to the best of
their abilities
Werner Heinze
Mai 2018
Current trends in RM
Students task
• Describe the evolution of RM!

• Give examples for extending focus and new
instruments of RM!
Werner Heinze
Mai 2018
Agenda
• Introduction
and Health (OSH)
• RM in the Colombian mining industry: status quo and
further development
Werner Heinze
Mai 2018
Mining Risks in Colombia
Great variety/diversity/heterogeneity in mining:

• Different industries (coal, nickel, goald, emeralds…)
• Small and large scale minining
• Open cast and underground mining
• National and international enterprises
• Legal and illegal mining
=>Difficulty of general evaluation and conclusions

=>Focus on selected aspects
Werner Heinze
Mai 2018
Focus on two fields of observation:

• Accidents and incidents (OSH)
• Business risks
Werner Heinze
Mai 2018
- Level of RM-Maturity in Colombia?
Werner Heinze
Mai 2018
- Level of RM-Maturity in Colombia?
Students Task:
Make a „gap analysis“ between the goals of the „seven golden

rules“ and the actual situation in OSH in Colombia (how it is
perceived by every student personally)
Use a scale from 1 – 10 points (1=low, 10=high) for your
assessment and rate the state of implementation in Colombia of
each of the seven rules!
Werner Heinze
Mai 2018
7 Golden Rules for Mining
- Level of implementation in Colombia?
1. Take Leadership – Demonstrate Commitment

2. Identify Hazards – Control Risks
3. Define Targets – Develop Programmes
4. Ensure a Safe and Healthy System – Be well organzised
5. Use Safe and Healthy Machines and Equipment
6. Improve Qualification – Develop Competence
7. Invest in People – Motivate by Participation
Werner Heinze
Mai 2018
Risk Factors in Mining
- General Survey =>Colombia?
Werner Heinze
Mai 2018
Risk factors in Mining
- Organisational view =>Colombia?
Werner Heinze
Mai 2018
- Most important risk factors in Colombia?
Students Task:
Make your own TOP 5 ranking list of the most important risk
factors concerning accidents and incidents in mining in
Columbia.
The preceding charts „General Survey“ and „Organisational
view“ offer you a possible range of topics
Werner Heinze
Mai 2018
Focus on two fields of observation:

• Accidents and incidents (OSH)
• Business risks
Werner Heinze
Mai 2018
Mining in Colombia: Business risks
- Specific country risks
Source: coface.com, Economic-

Studies-and-Country-
Risks/Colombia, 2018
Werner Heinze
Mai 2018
Mining in Colombia: Business Risks
- Investment climate (Investors view)
• Lack of institutional support for the sector

• Lack of a clear mining and environmental policy
• Changing rules, resulting in a lack of legal certainty
• Strong anti-mining socio-political climate
• Spread of illegal mining
• Lack of infrastructure
• Government institutions not ready for large-scale mining
• Fragmented and often confusing industry message to
government
Source: F. Felder, Mining Markets 08/2014
Werner Heinze
Mai 2018
TOP 10 global business risks in mining
- Importance/significance for Colombia?
Source: EY Business risks in mining

and metals 2017-2018
Werner Heinze
Mai 2018
Global business risks in mining
- Transition to a lower carbon fuel mix (1)
Werner Heinze
Mai 2018
Global business risks in mining
- Transition to a lower carbon fuel mix (2)
Werner Heinze
Mai 2018
Business Risks for mining in Colombia
- Generating a ranking list
Students Task:
Make your own TOP 5 ranking list for Colombia out of the most
important risk factors concerning business risks for mining.
The charts „Country risks“, „Investment climate“ and „Global

Business risks“ will offer you a possible range of topics.
Werner Heinze
Mai 2018
- Conclusions for the future
Discussion
1. Measures to be taken in terms of improving

Occupational Safety and Health
2. Improving general conditions for mining in
Colombia (business risks)
Werner Heinze
Mai 2018
Conclusions
• Risks and opportunities are two sides of the same coin: there is no
chance without risk
• Risk handling comprises the four main steps:
Identification, Analysis and Assessment, Treatment and Reporting
• Risk culture is the key factor to a successful RM
• Mining is a complex and risky business
=>RM in mining is of vital importance
• There is a way to zero accidents in mining – VISION ZERO
• There is a „simple“ approach for improving Risk Management in
Colombia‘s mining industry: Take advantage of successful
international best practice examples!
Werner Heinze
Mai 2018
1. Advance strategic thinking about risk
2. Optimize functions and executing RM
3. Embed proactive risk response
1. Advance
source: There’s no reward without risk — EY’s global governance, risk and compliance survey 2015
Werner Heinze
Mai 2018
Werner Heinze
Mai 2018
Backup-Charts
Werner Heinze
Mai 2018
COSO Cube
Source: COSO, Enterprise Risk Management—Aligning Risk

with Strategy and Performance, June 2016
Werner Heinze
Mai 2018
Werner Heinze
Mai 2018

Strategic and Operational Risk Management in Mining

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Strategic and Operational Risk Management in Mining

Загружено:

Авторское право:

Доступные форматы

Strategic and Operational Risk

• Goals and definitions of Risk Management (RM)

• Guidelines and principles of RM („Framework“)

• Procedures of RM: „risk management workflow“

• Risk culture as key factor of RM

Please punch into

• RM will be presented as a comprehensive management

• The learning targets are documented in the agenda:

• You receive a „handout“ of 30 pages with assignments to be

• Do you have already experience - respectively previous

Take 5 minutes to think about these questions and then give

An Introduction to the University

Source: EY’s global governance, risk and compliance survey 2015

source: World Economic Forum

source: World Economic Forum Global Risks

“It is not about predicting the

- Pericles, Greek statesman, ~500BC

As one of the world's foremost and

• The word „risk“derives from the early Italian “risicare”, which

• R2C („Risk to chance ”): The focus

• Risk/chance means the

• Identification, assessment and prioritisation

• „Risk is like fire: if controlled it will help you; if

• Organisations exist to achieve objectives

• increases financial value and profitability

• decreases current and future costs

• lowers insurance costs

• reduces cost of capital and increases credit worthiness

• increases trust and protects reputation

• protects against failure

Werner Heinze Mai

Source: Management Principles,

„To help people to save money so

„To become the world wide leader

Source: Alar Kolk, Visions &

Source: Management Principles,

Source: AIRMIC, Alarm, IRM:

The Risk Management Process (=operational RM) is embedded in a

• Title of lecture („Strategic and operational RM“) represents the

• Look at strategic as well as operational risks

• Strategic RM : all activities of an organisation concerning its

• Operational RM: concerns the RM process or (in other words)

• What is the goal of RM?

Source: COSO 2017, COSO Enterprise Risk Management—

• ISO 31000:2009 – Developed by the International

Source: AIRMIC, Alarm, IRM:

According to ISO 31000 the Risk Management Process is

Organisation of Risk Management at RAG

- Review of risk response results

RC-Aggregation - Assessment of impact and likelihood

Risk management-Software (R2C)

• What is the purpose of RM frameworks?

„The decisions made by these companies reveal systematic failures in risk

Early Warning Controlling

Risk Coping Measures

• Identification of risks means detecting any event

“There are known knowns. These are things we know

- Nassim Nicholas Taleb

Source: AIRMIC, Alarm, IRM:

Early Warning Controlling

Risk Coping Measures

• Risk analysis means the systematic use of available information to