The mining industry is at a turning point regarding cybersecurity threats, technology disruption, and HSE management.
In face of this changing ecosystem, mining companies must decide where to invest and how to position themselves in the coming decades.
Risk and safety management is an area in which innovation and decision-making can be determining factors in the continuity of business.
Treats faced by the mining includes variables that until a few years ago were not even on the map.
These can stall or cancel a project even if they are not appropriately addressed with a modern approach.
Who owns risk?
A risk assessment matrix is a fundamental tool in integrating safety management and control.
Not only it allows you to identify where they are and what their main threats are, as well as vulnerabilities of the operation. It also determines the level of risk severity to prioritize and implement preventive measures where it is more urgent or essential.
It is even more relevant today when the risks that the mining and industries in general face have ceased to be operational only.
Because of their potential economic impact, these threats cannot be the responsibility of the safety specialist only. The top leadership must bear its control and management, from high executives to the Board of Directors.
The traditional risk assessment matrix includes five levels that miners use to prioritize vulnerability management, according to impact.
Probability of risk
Severity of impact of damage caused by risk
A risk with 80% of probability of appearing during project execution.
Risks that can paralyze a project totally or partially. Must be priority of risk management programs.
Risks with 60-80% of likelihood.
Risks that can cause large losses.
Risks with 50% likelihood.
Risks that can cause considerable losses.
Low probability of occurrence, but can’t be discarded, either.
Damages are not significant and do not affect the feasibility or continuity of the project.
Rare and exceptional cases with a probability equal to or less than 10%
Although very widespread, this approach has a problem: it does not visualize those responsible for minimizing risk.
Let's suppose a safety expert does not detect a tailings leak that results in an impact of immeasurable cost to the surrounding ecosystem, and the closure of the mine eventually.
Is the specialist the only one responsible for the accident?
From 5 to 7 variables: a more comprehensive and accurate approach
The 7 Operational Risk Matrix expands the scope of assessment and includes new threats of growing prominence among mining companies, such as environmental hazards.
Introducing two more levels and restructuring the traditional matrix increases accuracy in valuation and more precise measures of vulnerabilities in the operation.
Mining companies must not only adopt new technologies like collaborative platforms or cloud-based software (SAAS) to get to the next level in efficiency and performance.
They also must look at other industries to take advantage of internal know-how and insights to create space for innovation and improvement.
One of these approaches is the 7 risks matrix depending on probability, described as follows:
Risk frequency metrics
Economic impact metrics
Can happen more than 4 times per year
> US 100 million
Can occur up to 4 times per year
< US 100 million
Can occur 1 time per year
> US 50 million
Can occur once every 2 years
> US 25 million
Can occur once every 5 years
> US 5 million
Can occur once every 10 years
> US 1 million
Can occur once in more than 10 years.
> US 0.5 million
Also, separating threats in seven levels facilitates a better visualization of the impact that each probable risk may have on the following factors of severity:
· Occupational Health and Safety (OHS)
Continuing in this order, for example, the probability of an Almost Certain Risk of Critical severity can result in:
· Fatalities and accidents with a permanent disability.
· Severe and permanent impacts on soil, biodiversity, ecosystems, water, and air.
· Alternatively, violations of human rights, as well as the destruction of community infrastructure in the project’s areas of interest. It can also involve the total and irreversible desecration of multiple structures, objects or places.
· Censorship by interest groups, the media, government, regulators, NGOs and company employees, with consequent long-term (more than six months) damage to the social standing of the business.
· The damage could cause bankruptcy or permanent closure of the operation.
· Costs exceeding US$2 billion.
Specifying the probability of these seven risks and its environmental, social, legal, and financial consequences, has advantages over the traditional model, primarily by determining who is responsible for minimizing risk at the operational and management levels. Among them:
· Assesses the scale of inherent risk: The probability of occurrence thereof and the economic impact.
· Measures whether existing controls are adequate in minimizing risk.
· Determines the residual magnitude of each risk, indicating the effectiveness of existing controls.
· Identifies the owner or responsible for managing and repositioning risk to a new level of acceptance or tolerance.
· Monitors the effectiveness of controls and the status of action plans for risks under the responsibility of the risk owner.
The convergence of mobile devices and social networks intensifies its effect, so organizations must rethink how to address risk management and control to meet new blows to its image.
Another risk is critical environmental issues. Deloitte says that the concept of social license to operate is requiring mining companies to increasingly consider the voice of the communities where they invest.
In some cases, obtaining this permission is difficult because of previous incidents in the project’s areas of interest or due to concerns over the ecological and social impacts that the investment will have, mainly in traditional farming areas.
In this context, risk management and control transcend corporate social responsibility and a project’s sustainable development program. As a framework for proactive and preventive action, it can be a determinant factor in viability.
To reduce the ecological impact of a mining operation, miners need to recover the trust of stakeholders to obtain the social license necessary to start operations.
However, all these efforts mean nothing if there are blind spots in risk management and control.
By redefining their strategic priorities given a new risk ecosystem, mining companies must adopt new operational approaches.
These new methods will transform how mining companies operate, injecting visibility and accountability at all levels of the organization.
By adopting a 7 Operational Risk Matrix like the one used by the automotive, pharmaceutical and oil industries, the mining sector can streamline the way it confronts severe operational risks.