As global volatility rises, mining companies should no longer solely rely on their risk registers to identify critical risks. Systemic issues—such as insufficient risk sensing, a “tick the box” mentality, and complex operating models—are forcing them to predict the impact of emerging events and prioritize key risks. It’s time to embrace more strategic risk management practices.
Go straight to smart. Get the Deloitte Insights app
It is at present almost an understatement to say that global volatility is on the rise. From Brexit, US/China trade discussions, and instances of rising nationalism and xenophobia to disease outbreaks, environmental disasters, and climate change, the world faces significant uncertainty. Market anxiety about the world’s economic outlook and, in particular, China’s trade situation with the US and uncertain growth trajectory seem to be weighing on trade and commodity prices. Some investors have become risk averse and are unwinding their positions in base metals, with valuations suffering as a result.
At the same time, traditional mining sector risks—in areas such as health and safety, strikes and social activism, regulatory compliance, stakeholder relations, cybersecurity, data privacy, finance, and operations—remain firmly in place.
And there is an entire new range of risks as technology sweeps ahead. Increased automation brings a host of new security risks, such as managing the rise of artificial intelligence and addressing sophisticated cybersecurity threats. At the same time as aging infrastructure is heightening safety concerns, some nontraditional competitors are changing formerly staid market dynamics, and the growing prevalence of social media means reputational damage can be inflicted in minutes.
Mining companies have long relied on risk protocols, risk committee oversight, and detailed risk registers. Yet, confronted by the plethora of new risks, these traditional tools do not seem to be working:
“It’s not that mining companies lack data about emerging risk events,” explains Patricia Muricy, Global Risk Advisory Leader, Mining & Metals, Deloitte Brazil. “It’s that the data they’re relying on is often outmoded. Typically, they’ll ask what industry insiders are saying about risk, what economists are saying about commodity prices, what the markets are saying about investment trends, what analysts are saying about geopolitical threats or labor issues or environmental risks. But they often lack the methodology to use this historical data to predict what may be coming down the road.”
So how is it that these risks keep being missed?
People have an inherent bias; they don’t like to focus on negative things being said about them. Mining companies may be ignoring engineering deficiencies, or regulatory non-compliance, or weak oversight in corrupt jurisdictions.
Insufficient risk sensing isn’t the only problem. A “tick the box” mentality can be equally damaging.
In jurisdictions prone to corruption—which are often where mining companies operate —companies can place little or no reliance on the local regulatory framework to protect them. It’s up to management and the board to challenge the compliance framework appropriately and put enhanced protocols in place.
There’s another reason traditional risk and assurance processes can only go so far in alerting global mining companies to hidden risks: the complexity of their operating models. Andrew Swart, Global Mining & Metals Leader, Deloitte Touche Tohmatsu Limited, explains: “For a common risk, like failure to maintain critical assets, seven or eight functions within the organization have some kind of accountability for managing that risk—engineering, maintenance, safety, assets, finance, specific commodities. All these different stakeholders are setting expectations and controls around how these activities should be done, and business units don’t have a clear sense of their roles or responsibilities.”
This dispersed functional control over risk prevents many organizations from developing a common risk language. This means that although dozens, or potentially hundreds, of risk registers are being generated across the enterprise, there’s no reliable methodology for identifying even the top ten risks that merit board attention. As a result, miners tend to apply the same standard to common risks across all their sites (e.g., how they manage tailings dams), even though some sites could require more rigorous oversight than others.
All of these challenges—insufficient risk sensing, a “tick the box” mentality, and operational complexity—typically have a direct impact on how mining companies deal with risks they believe are out of their control, such as black swan events. On analysis, however, it seems that many black swan events can in fact be anticipated—if you know the red flags to watch for.
“Most black swan investigations blame poorly trained staff or equipment failure, but it’s more,” says Kevin Bin Xu, Mining & Metals Leader, Deloitte China.
When an organization enjoys a successful track record for months or even years, staff tend to become overly confident, which can result in a deterioration in risk culture.
“Black swans happen due to the incapacity of companies to foresee and prepare for downturn scenarios,” Xu continues. “Sometimes they lack the risk methodology or the methodology fails to take all scenarios into account. Lack of training, long working hours, cost cutting, tight deadlines, and equipment failures play a role, but so do governance, inappropriate performance metrics, siloed approaches, lack of independence, the wrong tone at the top and safety culture, and insufficient crisis management.”
To counter these challenges, it’s time for mining companies to consider transitioning from risk registers to more strategic risk management.