Technology is changing how mining companies can manage risk. But is the industry tech-ready to prepare for the diverse risks it now faces? Ben Creagh finds out.
Risk is a constant consideration in the mining industry. Miners have been addressing risk since the primitive days of the Middle Ages when commodities such as iron, lead and silver were in demand.
While risk may be a relentless consideration in mining, the type of risks impacting the industry consistently change as the market environment evolves.
As Deloitte’s 2019 Tracking the Trends explains, the risk landscape is currently characterised by mounting tariffs and sanctions, potential trade wars, cyber threats, uncertain tax and royalty regimes, rising input costs, heightened scrutiny from investors, environmental disasters, infrastructure concerns that suspend operations, social media attacks and geopolitical perils in less stable regions.
With such as extensive list of risks in modern-day mining, how do companies control and mitigate each of them at the same time?
Deloitte partner Darren Gerber says the foundation of risk management in today’s mining environment is nothing new, as companies first need to establish a proper understanding of what they face.
“If you have a look at the significant events that have impacted miners, whether it is a tailings dam failure or whether it is bribery or corruption in parts of the world, those risks have been around for a long while,” Gerber tells Australian Mining.
“But how do you actually truly understand those risks and improve the management of them for better outcomes?”
Like most areas of the mining industry, digital technology is emerging to play a major role to help companies improve their understanding of the risks.
Mining companies have historically addressed risk as a tractable concern where issues and opportunities they faced have been ranked using a risk register and then considered in a cyclical nature.
Change in the mining industry has however accelerated, making this approach itself a risky technique. Digital technology offers a way to move from this tradition by providing unparalleled access to enterprise-wide information and the capabilities to use external data.
Mining boards and management can apply digital tools to anticipate risks, changing a previously backward-looking process into a proactive, predictive function that builds awareness of what could happen before it does.
Gerber says mining companies have identified the opportunity to make this change to how they manage risk, with analytics and artificial intelligence (AI) key parts of what will drive the new approach.
“It is early days, no doubt, but the vision and the willingness is there,” Gerber says. “Analytics and AI, they are not new concepts, but they are rapidly being deployed into organisations; they are also being deployed into the risk functions of these organisations.”
Technology’s influence is also leading the mining industry towards the next generation of internal auditing, known as Internal Audit 3.0, according to Deloitte.
Internal Audit 3.0 offers new features and functionality, while retaining the best of the previous versions, Tracking the Trends explains.
The latest version is being shaped by a range of drivers, including the speed at which organisations are now expected to evolve and innovate for the fourth industry revolution.
“Internal Audit 3.0 gives internal audit functions the opportunity to think about how they leverage technology to do their task better,” Gerber says.
“How can data be used to enable better testing and better insights? It is about using data to predict and anticipate control failures and when risk events will occur.”
Gerber urges mining companies to broaden their outlook of the risks they face by using the new approach.
The aforementioned list of risks that characterise the modern-day industry primarily focus on the dangers that could potentially confront mining companies.
However, focusing only on the negative impacts can be a limitation of the risk management function at some companies, according to Gerber.
He says mining companies should not limit their management to just the downside risks, but instead also include growth opportunities like mergers and acquisitions in their scope.
“With risk there comes reward – it is not just about stopping the bad things from happening but also enabling the good too,” Gerber says.
“There are organisations out there that overmanage what could be better, either from conservatism or lack of confidence.
“Risk management is still absolutely about the downside, but it is also about enabling the confidence for the upside. Good risk management using quality data in the right business model can enable both of those.”
Regardless of the type of risk, mining companies now have a pathway for addressing them at an enterprise-wide level rather than in an isolated, reflective way that occurs after the fact.
“Can all these amazing systems be used to do things more effectively and in an insightful way? It’s early days but organisations are trying this,” Gerber concludes.
Deloitte’s leading strategies:
See the future
Risk sensing, which combines advanced analytics with human judgement, provides a panoramic view of risk, extending well beyond traditional risk registers of identified risks.
Reducing the unknown unknowns
Risk learning applies analytics to risk events to tease out casual relationships. If a risk event occurs, analysts can examine what else occurred before, during and after.
One way to link risk management to real-world controls is by making management and the board accountable for risk assessment.
To effect change, internal audit functions need people with a mix of business and technology skills that allow them to understand new cognitive technologies in a business context.
Often, operators either do not or cannot provide an objective view of prevailing risks due to biases or the role they played in adopting less-than-effective controls. To overcome this challenge, consider asking external auditors or risk advisors to conduct an independent risk assessment.
Learn to share
With mining companies, risk management expertise tends to be dispersed across functions and geographic locations. To strengthen a risk management, companies should aim to share lessons learned and leading practices.
This article also appears in the May edition of Australian Mining.