Skip to main content

ARM logoARM logo
We do it better
 
 
 
 
 
 

Risk management programme

ENTERPRISE RISK MANAGEMENT PROCEDURE

The objective of ARM's procedure is to ensure that ARM is proactive and appropriately prepared for potential risks, challenges and opportunities.

The Enterprise Risk Management process sets out ARM's risk management philosophy and policy, the management and reporting functions, processes, roles and responsibilities provides standards and guidelines, and identifies risk appetite and risk tolerance levels (periodically reviewed by the Audit and Risk Committee to the Board for approval) for operations, divisions and the Company.

The Enterprise Risk Management process which is aligned to International Organisation for Standardisation (ISO) 31 000 and the risk management requirements of King IVTM:

  • provides an effective and efficient management tool for continuous improvement;
  • facilitates the ongoing process of moving from exception reporting to performance of controls;
  • identifies risks (from long-term strategic planning to business unit level risks) with the specific objective of reviewing and ensuring that appropriate and relevant mitigation is in place;
  • constantly reassesses risk management initiatives to ensure that they are relevant and that they anticipate emerging risks and opportunities;
  • adds value to the efficiency and effectiveness of ARM's risk preparedness; and
  • meets corporate governance requirements.

ARM recognises that the field of risk management is dynamic and thus ARM's Enterprise Risk Management Policy will continue to evolve to meet the challenges and changes faced by ARM, its divisions and operations.

ENHANCEMENTS TO THE RISK PROCESS

Risk management is an increasingly important business driver for ARM and its stakeholders. It is an entrenched discipline and a recognised business management tool, with the aim of enabling sustainable growth. Outputs from successful risk management include more informed, less uncertain decisions, a learning organisation that does not repeat mistakes, compliance, assurance and enhanced decision-making. These outputs should provide benefits by way of improvements in the efficiency of operations, effectiveness of tactics and businesses.

To continuously improve the risk management process within ARM, we initiated a review of the company's current risk management methodology, processes, maturity and culture in April 2018.

A key output of this process is the full alignment of the current risk methodology with ISO 31000, which is the International Standards' Organisation (ISO) standard for risk management. ISO 31000 is globally acknowledged as a leading risk management practice and is the most universally adopted risk management standard.

FOCUS AND ADDING VALUE

In respect of risk management, the Audit and Risk Committee, in its oversight role of the Management Risk and Compliance Committee, inter alia:

  • reviewed the Enterprise Risk Management Framework setting out ARM's policies and processes on risk assessment and risk management throughout the Group and Company;
  • ensured that the Group and Company have applied a Combined Assurance Model in support of a coordinated approach to all assurance activities; and
  • considered and reviewed the findings and recommendations of the Management Risk and Compliance Committee.

ENHANCED RISK METHODOLOGY

Developing an impact rating scale for ARM requires alignment of these aspects to ARM's strategy and the strategic factors through which the Company drives and measures business performance.

ARM's business strategy is focused on quality growth in ARM's existing portfolio of commodities, operational efficiencies, exploration, acquisitions and partnerships. The Board, along with the joint venture boards of directors and board committees, provides strategic direction and leadership, monitors implementation of business and strategic plans, and approves the capital funding for these plans. ARM further expands these strategic focus areas into the values that guide the way it strives to conduct its business.

  • CONTEXT SETTING

    Including stakeholders context objective validation

    Grey arrow
  • IDENTIFY RISKS

    Grey arrow
  • ACTION PLANS TO REDUCE OR MITIGATE THE RISK ARE IDENTIFIED

    Grey arrow
  • DETERMINE RISK CONTROL EFFICIENCY (RCE)

    Grey arrow
  • RECORD MAXIMUM FORESEEABLE LOSS (MFL)

The risk rating methodology links strategic factors to impact factors as follows:

  • STRATEGIC INTENT FACTORS
    Focus on the efficient allocation of capital image1
    Improve our financial position image2
    Maintain a safe and healthy work environment image3
    Improve operational efficiencies and contain unit cost increases image4
    Partner with and invest in our employees image5
    Improve our relationship with key stakeholders image6
    Remain responsible stewards of our environmental resources image7
  • IMPACT FACTORS
    Financial
    Safety and Health
    Project Management
    Operations
    Compliance
    Industrial Relations
    Internal Stakeholders
    External Stakeholders/ Reputation
    Environment
    Information Technology (IT)

A MATURE RISK MANAGEMENT UNIVERSE

IMPROVED BUSINESS CONTINUITY MANAGEMENT

ARM's Emergency and Crisis Management and Business Continuity Management functions should not be seen as mutually exclusive, but as a continuum and complementary management response to different types of events. Emergency and Crisis Management recovery is primarily focused on being able to contain and manage an emergency or crisis in order to ensure the safety of people and assets, to halt the situation at its source and to manage the range of impacts that pre-determined events could have. Business Continuity, on the other hand, is for managing business interruption events and getting the business back on track, once the crisis or emergency has been resolved.

This continuum is illustrated in the following diagram:

Continuum diagram

Successful recovery from a disaster depends on promptly recognising the emergency or crisis at hand and taking appropriate action in terms of pre-approved disaster preparedness and business continuity plans. When a speci?c period of downtime occurs, whatever the reason, the appropriate actions must be taken within the time allowed. Avoiding the situation in the ?rst place is the most desirable outcome, but this may not be achievable in practice. Planning the actions that will need to be taken if the event does actually occur is essential to a sound and comprehensive risk management strategy. Being prepared in times of disasters and business continuity events is also, ultimately about business sustainability.

ARM's risk management enhancement project includes the following stage by stage approach to improve ARM's business continuity maturity:

stage by stage approach to improve ARM's business continuity maturity

Sustainability report

Sustainability Report 2019


African Rainbow Minerals © 2019 | Site map | Contact us | Disclaimer