Managing our Risks

Risk is inherent in all business activities. We maintain a comprehensive risk management framework that serves to identify, assess and respond to our principal risks. Our approach is not intended to eliminate risk entirely, but rather to provide the structural means to identify, prioritise and manage the risks involved in our activities in order to support our value creation objectives.


The Board of Directors is responsible for maintaining the Company’s risk management and internal control systems. The Board’s mandate includes defining risk appetite and monitoring risk exposures to ensure that the nature and extent of significant risks taken by the Company are aligned with our overall goals and strategic objectives.

In accordance with our governance practices, the Audit Committee supports the Board of Directors in monitoring the Company’s risk exposures and is responsible for reviewing the effectiveness of the risk management and internal control systems. The Risk Manager and Internal Audit support the Audit Committee in evaluating the design and operating effectiveness of the risk mitigation strategies and the internal controls implemented by management.

Executive Management reviews strategic objectives and risk appetite, assesses the level of risk related to achieving these objectives, and incorporates controls into the strategic and operating plans to mitigate them. This top-down risk identification and assessment process helps to ensure that the bottom-up process performed at the business unit level is aligned with and focused on current strategy and objectives.

Risk heat map

AR17 Risk Heat Map

The risk heat map illustrates the relative positioning of our principal risks in terms of impact and likelihood;
  1. Impact of global macroeconomic developments »
  2. Access to land »
  3. Potential actions by the government »
  4. Security »
  5. Public perception against mining »
  6. Safety »
  7. Projects (performance risk) »
  8. Union relations »
  9. Exploration »
  10. Cyber Security »
  11. Human resources »
  12. Environmental incidents »

Risk Management System

The annual and ongoing elements of the Group’s risk management process are controlled by well-established risk identification, assessment and monitoring processes.

We have continued to build on our existing risk management framework, enhancing risk management and internal control systems across the business in line with changes to the UK Corporate Governance Code.

In addition to our established risk management activities, our priority was to promote a ‘monitoring environment’ which consists of validating the effectiveness of our current controls in order to support the Board in their responsibilities of monitoring and reviewing risk management and the internal control systems. For this task, operations managers, the controllership group, HSECR managers and exploration managers have all been engaged in strengthening their understanding of internal controls monitoring requirements.

Risk management framework diagram »

Risk Assessment

A risk assessment exercise took place across all our operations, advanced projects, exploration offices and support and corporate areas, which identified and evaluated 107 risks, including three new risks added over the course of the year that reflect specific circumstances related to certain projects (2015: 104 risks). This universe was narrowed down into major risks monitored by Executive Management and the Audit Committee, and then further consolidated into 11 principal risks closely monitored by the Board of Directors.