Why mining needs a 7 Operational Risk Matrix


The mining industry is at a turning point regarding cybersecurity threats, technology disruption, and HSE management.

In face of this changing ecosystem, mining companies must decide where to invest and how to position themselves in the coming decades.

Risk and safety management is an area in which innovation and decision-making can be determining factors in the continuity of business.

Treats faced by the mining includes variables that until a few years ago were not even on the map.

These can stall or cancel a project even if they are not appropriately addressed with a modern approach.

Who owns risk?

A risk assessment matrix is a fundamental tool in integrating safety management and control.

Not only it allows you to identify where they are and what their main threats are, as well as vulnerabilities of the operation. It also determines the level of risk severity to prioritize and implement preventive measures where it is more urgent or essential.

It is even more relevant today when the risks that the mining and industries in general face have ceased to be operational only.

Because of their potential economic impact, these threats cannot be the responsibility of the safety specialist only. The top leadership must bear its control and management, from high executives to the Board of Directors.

The traditional risk assessment matrix includes five levels that miners use to prioritize vulnerability management, according to impact.

Probability of risk Severity of impact of damage caused by risk
1. Definitive A risk with 80% of probability of appearing during project execution.  1. Catastrophic Risks that can paralyze a project totally or partially. Must be priority of risk management programs.
 2. Likely Risks with 60-80% of likelihood.  2. Critical Risks that can cause large losses.
 3. Occassional  Risks with 50% likelihood.  3. Moderate Risks that can cause considerable losses.
4. Remote Low probability of occurrence, but can’t be discarded, either.  4. Marginal Damages are not significant and do not affect the feasibility or continuity of the project.
5. Unlikely  Rare and exceptional cases with a probability equal to or less than 10%  5. Insignificant Minor damages to the progress of the project

Source: Bright Hub Project Management

Although very widespread, this approach has a problem: it does not visualize those responsible for minimizing risk.

Let's suppose a safety expert does not detect a tailings leak that results in an impact of immeasurable cost to the surrounding ecosystem, and the closure of the mine eventually.

Is the specialist the only one responsible for the accident?

From 5 to 7 variables: a more comprehensive and accurate approach

The 7 Operational Risk Matrix expands the scope of assessment and includes new threats of growing prominence among mining companies, such as environmental hazards.

Introducing two more levels and restructuring the traditional matrix increases accuracy in valuation and more precise measures of vulnerabilities in the operation.

Mining companies must not only adopt new technologies like collaborative platforms or cloud-based software (SAAS) to get to the next level in efficiency and performance.

They also must look at other industries to take advantage of internal know-how and insights to create space for innovation and improvement.

One of these approaches is the 7 risks matrix depending on probability, described as follows:

Risk frequency metrics Economic impact metrics
Level Description Frequency/Probability Description Level Impact
7 Almost definite Can happen more than 4 times per year Critical 7 > US 100 million
6 Very likely Can occur up to 4 times per year Very high 6 < US 100 million
5 Likely Can occur 1 time per year High 5 > US 50 million
4 Possible Can occur once every 2 years Significant 4 > US 25 million
3 Unlikely Can occur once every 5 years Medium 3 > US 5 million
2 Remote Can occur once every 10 years Low 2 > US 1 million
1 Improbable Can occur once in more than 10 years. Very low 1 > US 0.5 million

Also, separating threats in seven levels facilitates a better visualization of the impact that each probable risk may have on the following factors of severity:

· Occupational Health and Safety (OHS)
· Environment
· Community
· Reputation
· Legal
· Financial

Continuing in this order, for example, the probability of an Almost Certain Risk of Critical severity can result in:

· Fatalities and accidents with a permanent disability.

· Severe and permanent impacts on soil, biodiversity, ecosystems, water, and air.

· Alternatively, violations of human rights, as well as the destruction of community infrastructure in the project’s areas of interest. It can also involve the total and irreversible desecration of multiple structures, objects or places.

· Censorship by interest groups, the media, government, regulators, NGOs and company employees, with consequent long-term (more than six months) damage to the social standing of the business.

· The damage could cause bankruptcy or permanent closure of the operation.

· Costs exceeding US$2 billion.

Specifying the probability of these seven risks and its environmental, social, legal, and financial consequences, has advantages over the traditional model, primarily by determining who is responsible for minimizing risk at the operational and management levels. Among them:

· Assesses the scale of inherent risk: The probability of occurrence thereof and the economic impact.

· Measures whether existing controls are adequate in minimizing risk.

· Determines the residual magnitude of each risk, indicating the effectiveness of existing controls.

· Identifies the owner or responsible for managing and repositioning risk to a new level of acceptance or tolerance.

· Monitors the effectiveness of controls and the status of action plans for risks under the responsibility of the risk owner.

The future of risk

In its 10 Trends Driving the Future of Risk report, consulting firm Deloitte explains that the threat of reputational risk is on the rise and its scope is magnifying.

The convergence of mobile devices and social networks intensifies its effect, so organizations must rethink how to address risk management and control to meet new blows to its image.

Another risk is critical environmental issues. Deloitte says that the concept of social license to operate is requiring mining companies to increasingly consider the voice of the communities where they invest.

Communities affected by investment projects are increasingly demanding new regulations like the voluntary adoption of Convention 169 over Indigenous Communities consultations by the International Labor Organization (ILO).

In some cases, obtaining this permission is difficult because of previous incidents in the project’s areas of interest or due to concerns over the ecological and social impacts that the investment will have, mainly in traditional farming areas.

Also, regulators expect mining companies to comply with a series of disclosures, while shareholders are showing more interest in reducing the carbon footprint of mining products; in some cases this is a motivation by itself, while in others companies are encouraged to benefit from impact assessment and reduction initiatives like the Carbon Disclosure Project.

In this context, risk management and control transcend corporate social responsibility and a project’s sustainable development program. As a framework for proactive and preventive action, it can be a determinant factor in viability.

To reduce the ecological impact of a mining operation, miners need to recover the trust of stakeholders to obtain the social license necessary to start operations.

However, all these efforts mean nothing if there are blind spots in risk management and control.


By redefining their strategic priorities given a new risk ecosystem, mining companies must adopt new operational approaches.

These new methods will transform how mining companies operate, injecting visibility and accountability at all levels of the organization.

By adopting a 7 Operational Risk Matrix like the one used by the automotive, pharmaceutical and oil industries, the mining sector can streamline the way it confronts severe operational risks.

Request a demo

Let's Connect Linkedin

If you've reached that far it means that this post interested you some how, I would love to hear your thoughts