Mining companies need to think outside the mines: consultant

Whilst nothing could have saved the mining sector from the extreme fallout from the global financial crisis, it could have been better prepared had boards and senior management put in place more robust risk and assurance processes, a leading risk expert says.
According to managing director of global risk consulting firm Protiviti Mr Garran Duncan, the mining sector became complacent in terms of identifying potential risks during the preceding period of unprecedented economic growth.
“The sector ceased to be creatively challenging. A mindset of potential risk modelling within the normal parameters prevailed. Few, if any varied their techniques,” Duncan said.
In fact this was apparent in a study into the resource sector by Protiviti early in 2008 - well before the financial crisis occurred. The study found that internal auditors in multi-national resource companies should extend their skills beyond their established areas of responsibility to present a consistent message to management and shareholders.
Only 58 per cent of respondents - primarily larger mining companies - had established enterprise risk management frameworks.
The study also found that smaller companies focus their risk management activity on occupational health and safety, Sarbanes-Oxley compliance or environmental regulatory compliance.
One quarter of the companies surveyed did not have a risk management framework at all.
“We also discovered that only 42 per cent of them have their internal audit function integrated with the overall risk management framework, so this can be seen as a global area for improvement for internal audit functions,” Duncan said.
Another revelation was that only half of the companies surveyed had procedures in place that identify what assurance is being provided within their organisations and by whom this assurance is given.
“This shows that there is still a large amount of silo style assurances being given over the management of key risks within the organisation,” Duncan said.
The centre of attention for most internal auditors is standard financial process risk such as accounts payable, and payroll.
Few functions provide assurance over the management of operational areas, for example, project development and health and safety, or strategic areas including investor relations, merger and acquisitions and the increasingly important area of climate change and energy.
Instead internal auditors are often giving assurances in tandem with external assurance providers or in some in instances not reviewing key risk areas at all.
“In situations like this, the business could receive inconsistent methods of assurance or worse no assurance at all. It is critical in today’s business world that Boards and Management have a clear understanding of their risk profiles and what level of assurance is provided.” Duncan predicted.
Another major concern was that 58 per cent of companies stated that external audit sees limited or no assurance on the work performed by internal audit.
“Internal audit is a key component of any effective risk management framework and without the integration of internal audit into an adequate and effective risk management framework, it will be difficult for the board and executive management to obtain reasonable assurance that the organisation’s key risks are being managed to an acceptable level,” Duncan warned.
Proviti is a global consulting and internal audit firm composed of experts specialising in risk and advisory services. For more information visit: www.protiviti.com.au