Transforming Risk Management at Akawini Copper
Associate Director, Broadleaf Capital International
This case study describes how the approach to managing risk can be transformed and enhanced in a company. The case study is based on a hypothetical mining company, Akawini Copper, that has recently been acquired by an international concern, United Minerals. Akawini has a rudimentary approach to risk management (RM) that must be improved if the new owners are to realize the level of return claimed in the business case that was used to justify the acquisition. Akawini owns a single mine and concentrate plant approximately 50 kilometers from the coast. It ships the concentrate using trucks to a nearby port for export. The company earns revenue of $774 million a year from the sale of concentrate and employs a total of 1,500 people at the mine site and port.
THE ACQUISITION AND DUE DILIGENCE
United Minerals has developed and implemented a framework for managing risk based on ISO 31000 (ISO 2009). In particular, this has enabled it to properly integrate the risk management process into its approach to making decisions on major projects and investment decisions and also into the way it develops, plans, and executes projects.
During due diligence prior to the acquisition, the risk management team for United Minerals reviewed the current approach to risk management at Akawini and, from a cursory examination of documents, was able to determine that the approach was very limited and was unlikely to yield much real value. The team found, for example, that:
• A process for formal risk assessment was applied only to what were described as "business risks." This occurred only once a year as part of a risk review that updated the current risk register so that it could be reported to an Audit Committee.
• There was a different process applied for safety risks that actually did not consider risks as such but generated a risk rating using a matrix system only for hazards.
• No systematic process for assessing and treating risks was used in support of major decisions. In particular, project management did not include any form of explicit risk management process.
• The Akawini risk manager mostly dealt with insurance matters and asked the company's external audit provider to offer a facilitator for the annual risk review.
• The annual internal audit plan did not seem to be based on the outcomes of the risk assessment and did not focus on assuring many of the critical controls.
• The risk criteria systems used for both "business risks" and "safety risks" covered only detrimental consequences and seemed to be based on five levels of consequences and consequence types that were not associated in any meaningful way with the company's objectives.
• Both systems used the term probability to estimate likelihood and did not consider the frequency or return period for consequences.
• In both systems, risks were analyzed incorrectly by combining the likelihood of an event with what was described as "the plausible worse-case consequences." This produced many "extreme" risks, which were then being discounted by managers as implausible.
• Once risk registers were created on spreadsheets, they were kept on separate personal computers and were rarely considered until the next yearly review. Any risk treatment actions decided on were not followed up or closed out.
• Critical controls were not identified and were not assigned to individuals for ongoing monitoring and periodic review.
• There was no coherent process that defined and captured learnings from successes and failures.
The risk management team signaled its concerns to the acquisition team, and the need for improvement of Akawini Copper's approach to risk management to bring it into line with ISO 31000:2009. Then, the United Minerals framework was placed on the transformation plan and given a high priority.