Governance and Ethics

Risk management

HSEC Assurance Programme

In 2005, Xstrata implemented a comprehensive, independent Group-wide HSEC Assurance Programme to provide assurance to the Board. Every managed site, project and commodity business was independently audited in 2005 against Xstrata’s HSEC policy, business principles and 17 management standards to provide a baseline. The Assurance Programme assesses both HSEC management systems and HSEC performance, providing a separate systems and performance score for each of the 17 Standards and provides management with a detailed report outlining the steps to be taken to improve performance. Examples of good practices identified through the assurance programme are collated and shared with all operations.

A total of 21 operations were audited in 2006, including 15 sites that did not attain Xstrata’s minimum ‘satisfactory’ level (requiring a minimum average score of 65% across all criteria). Average scores in 2006 compared to 2005 performance are set out on page 10 of this report. A further 27 sites or complexes, including five former Falconbridge operations, will be audited in 2007.

Xstrata monitors non-managed operations and joint ventures to ensure that Group HSEC policies and standards are aligned. Where operations are owned jointly with other international mining groups with comparable assurance programmes, audits are carried out on a rotational basis to determine performance against each shareholder company’s policies and management standards. In December 2006, the Antamina copper-zinc operation in Peru was audited according to BHP Billiton HSEC Standards.

Photo: The Falcondo Foundation school sponsorship programme has benefited over 78,000 students in the Dominican Republic.

The Falcondo Foundation school sponsorship programme has benefited over 78,000 students in the Dominican Republic.

Risk management and internal audit

Xstrata has implemented a well established, on-going process for identifying, evaluating and managing significant risks faced by the Group as an essential element of business planning. Xstrata’s risk management policy is published on our website. Principal risks and uncertainties from a Group perspective are outlined on pages 22 to 25 of the 2006 Annual Report.

Our approach to risk management is value driven and has the stated objective of ensuring ‘an environment where we can confidently grow shareholder value through developing and protecting our people, our assets, our environment and our reputation’. The Group-wide risk management process is led by the Global Head of Internal Audit and Risk, who reports directly to the Board Audit Committee.

Each commodity business unit and Xstrata’s corporate centre carry out a comprehensive annual risk review, including risk workshops attended by Group internal audit and external advisers as appropriate. Site, divisional, commodity business and Group risk registers are updated regularly and include financial, HSEC and operational risks.

Objectives in the business plan are aligned with risks and a summary of the key risks, related internal controls, accountabilities and further mitigating actions that are planned is included in business plans and are reviewed and approved by the Executive Committee. Progress against plans, significant changes in the business risk profile and actions taken to address controls and mitigate risks are reported quarterly to the commodity business and Board Audit Committees and to the Executive Committee and the Board as appropriate.

A standardised reporting and monitoring system – CURA – was implemented across the Group in 2005 to allow consistent reporting of risk and mitigating actions across all business units. In 2006, Xstrata’s commodity businesses developed risk profile reporting, which enables executive management and the Audit Committees to gain a better perspective of how and the extent to which key risks are being managed and monitored within the Group. A risk and control management maturity model has also been developed to assess levels of ‘risk maturity’ within Xstrata.

Xstrata’s Risk Management methodology and framework were implemented across the assets acquired in 2006 (Falconbridge and Tintaya) and completed by the end of 2006. Risk champions and coordinators were appointed in each of the new divisions and operations and received comprehensive training in Xstrata’s governance and risk management policy, procedures and methodology, together with risk analysis training.

Xstrata’s Internal Audit function is another important element of the overall process by which the Executive Committee and the Board obtain assurance that risks are being properly identified, managed and controlled. Risk-based internal audit plans are prepared annually, and findings and recommendations are reported to the various Audit Committees on a quarterly basis. Internal Audit activities in 2006 focused on the more significant risks and related internal controls identified in the risk self-assessment process. Findings and agreed actions were reported to management and the Audit Committees.

Sustainable Development Document Hierarchy