Risk management policy
Risk is an intrinsic aspect of business and is inseparable from opportunity. It is our ability to pursue opportunity with enthusiasm, entrepreneurial flair and innovation, secure in the knowledge and confidence that we have effectively identified and managed the associated risks that determines our success.
A robust and comprehensive programme - embedded throughout the organisation - to identify, understand and manage risks provides greater certainty to our shareholders, employees and other stakeholders that we will be successful in our Mission.
The objective of our risk management system is to ensure an environment where we can confidently grow shareholder value through developing and protecting our people, our assets, our environment and our reputation.
To achieve this, we have implemented a structured and comprehensive risk management system across the Group, which establishes a common understanding, language and methodology for identifying, assessing, monitoring and reporting risks and which provides management and the Board with the assurance that key risks are being identified and managed. To this end management should manage their risks under one uniform framework in accordance with industry accepted risk management structures (ISO 31000: 2009). While the responsibility for the risk management system ultimately rests with the Board clear roles and responsibilities are established for each commodity business unit.
Our risk management policy requires each commodity business and corporate function to undertake a comprehensive annual risk review, as part of their ongoing process for identifying, evaluating and managing significant risks the results of which are communicated to the respective Audit Committees of the Group. The conclusions of this review are fully integrated into the annual business plans presented for Board approval. The commodity business units are responsible for implementing and managing appropriate risk control systems and processes within their operations. Progress against plans, significant changes in the business risk profile and treatment plans established to address controls and mitigate risks to be reported to the CBU and PLC Audit Committees, the Executive Committee and the Board.
The Audit Committee, on behalf of the Board, reviews the effectiveness of the Company’s risk management system. Assurance that risks are being effectively identified, managed and controlled is provided to the Group Executive Committee and the Board through the assurance programmes operated independently of management by Group Audit Services and the Sustainability Development Group.
OBJECTIVE
Risk management is viewed as central to the organisations management processes in that Risk is defined as the effect of uncertainty on objectives. Xstrata’s governance structure and process will be based on the management of risk. Effective risk management by managers is regarded as essential for the achievement to the organisations objectives.
By managing all the risks we face using a consistent framework and methodology we will seek and exploit opportunities to create benefits while managing the potential downsides, therefore ensuring that shareholder value is created and enhanced.
SCOPE
This Policy and Framework establishes a common methodology which applies to all areas of the Xstrata plc Commodity Business Units, to all Divisions, Projects, Site and new or acquired Divisions and / or sites.
Typical applications include:
- Whole of Mine Broad Brush Risk Assessments (BBRA) / Baseline Risk Assessment;
- Operational activities;
- Application for Expenditure (AFE);
- Request for Major Operating Expenditure;
- Major Projects;
- Major Contracts;
- Business Planning Reviews;
- Life of Mine Risk Assessments; and
- Operating Unit Closure.
Additional detail is provided in the Xstrata place Risk Management Procedure.
RESPONSIBILITIES AND IMPLEMENTATION
It is the responsibility of the Global Head of Audit and Risk to review this policy on a regular basis.
The Chief Financial Officer, the Executive Committee of Xstrata (Schweiz) AG, and the Chief Financial Officer of the Business Units are responsible for providing leadership, resources and active support for implementing this policy and framework.
REQUIREMENTS (CODES, STANDARDS, LEGISLAITON AND REGULATIONS)
To ensure effective and leading practice processes in the management of risks due cognisance needs to be taken of the requirements contained in:
ISO 9001:2007
ISO 14001:2004
ISO 31000:2009
ISO Guide 73: 2009
OSHAS 18001:2008
ICMM Standards
Applicable SD legislation
UK Combined Code - Financial Reporting Council
Internal Control: Guidance for Directors on the Combined Code / Turnbull Guidance
Xstrata plc 17 Standards