Managing our Risks

Risk is inherent in all business activities. We maintain a comprehensive risk management framework that serves to identify, assess and respond to our principal risks. Our approach is not intended to eliminate risk entirely, but rather to provide the structural means to identify, prioritise and manage the risks involved in our activities in order to support our value creation objectives.


The Board of Directors is responsible for maintaining the Company’s risk management and internal control systems. The Board’s mandate includes defining risk appetite and monitoring risk exposures to ensure that the nature and extent of significant risks taken by the Company are aligned with our overall goals and strategic objectives.

In accordance with our governance practices, the Audit Committee supports the Board of Directors in monitoring the Company’s risk exposures and is responsible for reviewing the effectiveness of the risk management and internal control systems. The Risk Manager and Internal Audit support the Audit Committee in evaluating the design and operating effectiveness of the risk mitigation strategies and the internal controls implemented by management.

Executive Management reviews strategic objectives and risk appetite, assesses the level of risk related to achieving these objectives, and incorporates controls into the strategic and operating plans to mitigate them. This top-down risk identification and assessment process helps to ensure that the bottom-up process performed at the business unit level is aligned with and focused on current strategy and objectives.

Risk heat map

A consistent assessment of the probability and impact of risk occurrence is fundamental to establishing, prioritising and managing the risk profile of the Company. In reflecting good practice, Fresnillo plc uses a probability and impact matrix for this purpose.

AR21 Corp Gov Risk Heat Map

The risk heat map illustrates the relative positioning of our principal risks in terms of impact and likelihood;
  1. Potential actions by the Government (political, legal and regulatory) »
  2. Security »
  3. Impact of metals prices and global macroeconomic developments »
  4. Access to land »
  5. License to operate (community relations) »
  6. Human resources (attract and retain requisite skilled people) »
  7. Projects (Performance Risk) »
  8. Union relations (labour relations) »
  9. Cybersecurity »
  10. Safety »
  11. Tailings and environmental incidents »
  12. Climate Change »
  13. Exploration (new ore resources) »

Risk Management System

Our risk management system is based on risk identification, assessment, prioritisation, mitigation and monitoring processes, which are continually evaluated, improved and enhanced in line with best practice. In addition to our established risk management activities, our executives, including operations managers, the controllership group, HSECR managers and exploration managers regularly engage in strengthening the effectiveness of our current controls. This supports the executives and the Board in each of their responsibilities. 

Within the identification phase of our risk management system, the Company also captures emerging risks that could arise as a result of new developments that have a chance of impacting Fresnillo, either at a macro or operational level. Examples of these are new requirements imposed by changes to regulation, including stricter environmental rules, the commissioning of a new project and the use of state of the art underground technology, amongst others.

Risk management framework diagram »

Risk Assessment

As part of our bottom-up process, each business unit head determined the perceived level of risk for their individual unit’s risk universe. Executive management then reviewed and challenged each perceived risk level, and compared it to Fresnillo plc’s risk universe (109 risks) as a whole. The results of this exercise were used as an additional input to define the Group’s principal risks. We conducted the same risk analysis on advanced projects, detailing the specific risks faced by each project according to their unique characteristics and conditions. During our 2019 risk assessment exercise, 144 people provided input to evaluate 109 risks across all our operations, advanced projects, exploration offices, and support and corporate areas. The ERM narrowed down our 109 risks into major risks which are monitored by executive management and the Audit Committee. We then further consolidated these into 12 principal risks which are closely monitored by the Board of Directors. Following this exercise, there were no changes to the principal risks identified, however, the likelihood and potential impact increased in respect of Safety, Union relations, Exploration and Projects.