Description: Zinc and Copper Mining
Location: South Africa
Products: Zinc and Copper
Our client had become concerned that multiple management systems and processes were not delivering the expected results. Pressure being placed on their business and industry as a whole was giving further concern as to the types of decisions they were being made by managers.
As the commodity prices fell and it became difficult to control and lower operational costs and increase volume sufficiently to enable the business to demonstrate historic performance.
Inappropriate actions and decisions and no decisions were becoming evident. Our consultants were asked to develop a risk profile of the company and management team, to enable proactive measure to be taken to mitigate or reduce risk.
The implementation phase of this project took the form of a business review. After interviewing several layers of the organisation the following issues confirmed the HR perception of heightened risk, which leads to a lack of effectiveness and in some management processes and systems. Some leading attributes were:
- Frequent discussions/debates about the quality of various processes without any solid data/analytics to support the debates and to move these discussions from a subjective ground to more objective.
- Complaints from line managers on the quality of various processes.
- Lack of Controls for key processes. In many cases, the controls were absent.
- Lack of proper risk framework and analytics.
- Dispersed and unclear risk accountabilities for processes.
- Lack of improvement plans for processes based on solid risk data.
- Lack of understanding and managing risk.
Upon concluding the review the client considered the opportunity to improve how they capture and use data to expose unacceptable risk.
Understanding the different types of decisions being made within the hierarchy of the business allowed our client to fully appreciate the potential and impact of indecision or poor decision making within the organisation and how valuing risk at each level of the hierarchy allowed appropriate controls to be developed.
|Typical Role||Description of the Risk|
|Company Director / CEO||Corporate Risks – is a probable loss or missed opportunities from non-achievement of the Corporate Strategy|
|Executive General Manager or C.O.O, C.F.O,||Strategic Risks – is a probable loss or missed opportunities due to an absence of functional strategies or non-achievement one or several of its strategic objectives|
|General Manager||Business Risks – is a probable loss or missed opportunities due to non-delivery of functional plans and objectives to support the implementation of functional strategies in business units|
|Subject Matter Experts / Site Managers||System Risks – is a probable loss or missed opportunities due to low maturity of organisational systems and ineffective management of system risks (with KPIs, KRIs, and KCIs)|
|First Line Management||Basic Operational Risks – is a probable loss or missed opportunities due to a non-compliance from organisational System users (site section leaders) in regard to the certain formalised requirements developed by System Owners (Chief Advisors)|
Elements of managing risk were used to develop an audit tool which was used to assess the existing risk profile at each organisational layer and key positions. Some of the elements consisting of:
- Descriptions of the organisational systems and processes
- Key Performance Indicators (KPI) for each system and process
- Key Risk Indicators (KRI) for each system and process
- Key Control Indicators (KCI) for each system and process
- Regular Risk Evaluations
- Risk and Loss Registry
- Risk Management Action Plans
- Risk Analytics
- Risk Reports
To enable the client to check and track the progress being made and to raise awareness to areas of heightened concern or solicit the appropriate management focus it was suggested the audit tool be collected on a regular basis (monthly, quarterly) and used to capture analyse and review the status of the risk profile.
Further advice included that for every process a set of Key Indicators should be developed and a Risk report will be prepared, based on the analytics provided by our consultants.
The results were being presented to the management on a regular basis showing clear Indicators, calculations and risk profiles. To ensure the details were accurate and the task not cumbersome it was also suggested that the risk profiles be automated to deliver simplicity and timeliness for specialists.
Resulting in a business that has readily available and current information to enable Risk Management and analytics will be improved significantly. Risk action planned could then be prepared automatically for sign-off from all required managers.
All Risk would be registered and updated on a regular basis and all losses from risks would be archived and accessible to ensure organisational learning and development.
The client was then advised on the type of controls that could be employed to help mitigate and removed the risks identified.
|Control Types||Mechanisms and Indicators|
|Directive Control||Reduce a probability of risk by developing, implementing and complying with policy, procedure and standard for systems and processes.|
|Preventive Control||Reduce a probability of risk and non-achievement of process and system’s KPIs by preventing the risk event from occurring (early warning system)|
|Detective Control||Reduce an impact of risks and non-achievement of process and system’s KPIs by timely detecting risk events and reduce their impact|
|Corrective Control||Reduce an impact of risks and return the process and system into a normal condition and minimise the duration of risk impact|
As every individual and business inherently have different appetites for risk, the client was advised that a clear set of parameters be developed to enable Risk levels to be communicated and actions according to the established Risk categories. Furthermore, it not only exposes Risk using definitive descriptions but also allows priorities to be set and Cost or effort Vs reward considered. 5 Levels of Risk tolerance were recommended:
- Absolutely acceptable level of key indicator – the value of the key indicator that is considered safe for the company and there is no action and resource required.
- Acceptable level of key indicator – the value of the key indicator that the Company can tolerate and will not deems expedient to spend resources on its correction.
- Transitional level of key indicator – the value of the key indicator that is not tolerable by the Company and means that the indicator should be watched closely by analysing the trends of changes and the action plan must be in place to prevent further decline in the indicator’s value.
- Unacceptable level of key indicator – the value of key indicator that requires actions to bring the value of the indicator to the acceptable level.
- Absolutely unacceptable level of key indicator – maximum HR risk that requires urgent actions.
Once the processes had been identified, considered and Risk rated the action plans could would then be developed and reported against. To keep reporting simple, direct and relevant it was recommended that reporting considered the following:
- Any losses related to unacceptable level of risks (financial, reputational)
- Causes of Losses and unacceptable levels of indicators
- Actions required to bring the level of risks to acceptable level
- Resources (methods, financial resources, human resources, information resources)
- Accountable team members
- Results reported
The reports would be discussed at regular Risk meetings to ensure actions were being closed off and benefits recognised. Additionally, it was also recommended that there be an annual review or health check on the whole Risk Management System.