As a global mining company, we have a risk profile that is inherently broad and evolving. A number of political, social, environmental, safety, operational and financial risks have the potential to impact our reputation and license to operate. In order to become the world’s leading gold mining company and to deliver on our commitments, we must effectively identify and manage our material risks and capitalize on opportunities that deliver shared value to all our stakeholders.
Our global Risk Management Standard requires all operating regions and functions during every phase of the mine lifecycle to manage our material – including catastrophic – risks using a common risk assessment framework based on the International Standard for Risk Management (ISO 31000). Below demonstrates how this six-step framework helps create informed decisions on risk treatment options that directly impact the bottom line, using our Fatality Risk Management approach as an example.
Our top risks are categorized as either tactical (anticipated risk horizon of one to three years) or strategic (anticipated risk horizon of three-plus years), with risk ownership assigned to the appropriate region and/or function within the Company.
One of the many risk management tools we use is our country risk program, which identifies countries that are important to our business and ranks them based on their economic, political, social, environmental, infrastructure and security risks. Country strategies provide a baseline from which to track and manage the identified risks.
Our Integrated Management System (IMS), which we are in the process of fully implementing, improves our risk management approach by integrating common core processes from our health, safety, security, environment and community relations systems into a common framework. Among IMS’s benefits are the use of one global tool for capturing, tracking and reporting risk information and the ability to employ a risk- and performance-based approach for our audit program.
Our Enterprise Risk Management (ERM) process provides Newmont’s executive leadership team (ELT) and Board of Directors updates on the top risks facing the Company, as well details of the risk assessments and corresponding management plans.
When a crisis or emergency response to an event or issue is required, Newmont’s Rapid Response system ensures quick activation of the plans, people and resources required to respond and engage with all relevant stakeholders. The system virtually connects teams located around the world and provides a single source of information to support an effective and coordinated response at the local, regional and global levels. Every team must conduct annual training, as well as drills and simulations, to ensure a state of readiness in the event of a major incident.
In 2016, work continued across a number of fronts to enhance our ability to effectively manage the risks in our business. Among the highlights of these efforts:
- We launched the first phase of our Integrated Management System (IMS), which focused on implementing key standards and operating procedures related to risk, event reporting, assessments (including interactions, inspections and audits) and corrective actions; developing a single global risk register; and selecting a global certification provider.
- To better understand our exposure to the significant risks present in our business, we conducted comprehensive global risk assessments related to fatalities, cyanide management, suppliers and security teams and participated in the International Council on Mining and Metals’ (ICMM) global review of tailings storage facilities. Findings from the reviews were used to develop action plans, strengthen controls and improve standards and procedures. We also reviewed risks associated with changes and additions to regulations impacting our business activities.
- Our cross-functional global cyber security committee continued work to advance our ability to identify, prevent, detect, respond and recover from cyber security threats and protect the confidentiality, integrity and availability of our digital assets company-wide. We implemented cyber security governance, awareness and training, engineering, and vulnerability management programs.
More detailed information about risks considered most material to our business is included throughout this report. In addition, a list of our significant risk factors can be found in our 2016 10-K report, beginning on page 12.
We will continue work to develop stronger core competencies in risk analysis and further embed effective risk management and analysis into the way we do business. Areas of focus for 2017 include:
- Continue to mitigate and manage cyber security risks through:
- Conducting a global risk assessment to better understand the risks present in our computer-based mining systems and to ensure efforts are aligned with our overall strategic business objectives;
- Advancing our ability to prevent and quickly detect and respond to threats as well as, when needed, effectively and efficiently restoring digital assets with minimal operational impact; and
- Enhancing training programs that educate and raise awareness on risk mitigation techniques.
- Complete the Integrated Management System (IMS) phase two implementation, which is focused on implementing standards and operating procedures related to legal, documents and records management, monitoring and measurement, management of change, operational control, and leadership and management review. We also plan to transition other core functions – such as supply chain – onto the IMS platform.
- Begin implementation of the IMS’s third and final phases, which focus on standards, addressing planning, objectives and targets, supplier management, training and awareness, communication, emergency preparedness and crisis management, and achieving global ISO umbrella certification in 2018, which should result in cost savings and a reduction in the number of audits.