As a global mining company, we have a risk profile that is inherently broad and evolving, and effectively managing these risks is crucial to delivering on our strategy and achieving our purpose.
Our global Risk Management Standard and supporting risk management system procedure (MSP) are embedded in our Integrated Management System (IMS) and require that all areas of the business use a common risk assessment framework based on the International Standard for Risk Management (ISO 31000). This six-step framework helps create informed decisions on risk treatment options that directly impact the bottom line.
Because mining is increasingly concentrated in developing countries and many new opportunities are located in comparatively risky locations, it is vital that we understand and effectively manage our socio-political risks. Augmenting our ERM process is Newmont’s country risk program. Key components of the program include:
- Country risk model – a common measurement of country risk within Newmont to inform investment decision making and strategy development.
- Country tier framework – prioritizes countries according to the level of interest to Newmont and highlights high-risk countries; an internal cross-functional Country Risk Council reviews country tier rankings quarterly; and each country where Newmont operates has an executive leadership team (ELT) sponsor who reviews country risk strategies and ensures these strategies are communicated to Company leadership. The Board of Directors also reviews country risk program developments annually.
- Country risk analysis – identifies risks through an iterative process in which a cross-functional team catalogs perceived risks that are then reviewed by internal global risk experts and supplemented by external analysis as appropriate. This work informs investment and business plan decisions, provides the basis for the development of country risk management strategies, and is presented to our Board of Directors to inform relevant oversight and decision making.
While our risk management program is designed to identify credible potential event scenarios, when a crisis or significant incident does occur, our Rapid Response system ensures timely activation of the plans, people and resources required to respond and engage with all relevant stakeholders. Three tiers of teams – site, region and corporate – use the system to support an effective and coordinated response at the local, regional and global levels. On an annual basis, each team conducts training and runs a simulation (with the exception of Yanacocha in 2018 due to scheduling conflicts associated with moving the regional headquarters from Lima to Miami). We also conduct an annual global simulation involving a hypothetical scenario that activates all three tiers.
Our IMS tracks and reports our risk information in a company-wide risk register. The IMS risk register documents identified risks and assigns risk ownership to the region and/or function within Newmont that has the most knowledge and experience of the risk. Management periodically reviews top risks to determine whether additional risk analysis is required.
While initially designed to manage aspects of our health, safety, security, and sustainability and external relations functions, our IMS risk program has been integrated across other business functions. Implementation of the IMS – which began in 2015 and was completed in 2018 – has resulted in notable improvements in risk management and communications; audit efficiency; linkages between events with control failures and root cause identification; management of change processes; global governance; and prioritization.
Each quarter, tier 1 ERM risks related to sustainability matters are reviewed by the Sustainability and External Relations leadership team to ensure effective mitigation plans are in place. The Board’s Safety and Sustainability Committee reviews top enterprise sustainability risks each quarter and has a more robust discussion on all risk mitigation measures at least annually. All top risks facing the Company, along with details of the risk assessments and corresponding management plans, are reviewed by the full Board.
We enhanced our risk management approach through assessments, audits and programs on key sustainability matters. Among the notable efforts in improving our ability to manage our sustainability risks were the implementation of our Supplier Risk Management program, enhancing our tailings stewardship by aligning our standards and practices with the International Council on Mining and Metals (ICMM) governance framework, and improving our Fatality Risk Management program’s critical controls.
To increase our focus on areas where we can improve our ability to manage a risk and enhance our ERM communications, we are developing a risk management capability scorecard. The scorecard asks specific questions around assurance activities and assigns a score based on how well the risk is being managed. In 2019, we will apply the new scorecard approach to all ERM tier 1 risks with scorecard updates being conducted depending on the assurance level.
As part of our continuous improvement activities, we reviewed our Risk Management Standard and MSP, leading to updates that support a more consistent communication of risk information throughout the Company.
A focus for 2019 will be on applying a more consistent approach and common philosophy around controls, such as our Fatality Risk Management critical controls and tailings management controls, across our top risk profile.
For 2018, the Company’s tier 1 sustainability risks identified through our ERM process were:
- Tailings storage facility (TSF) structural integrity – A major failure of a TSF would result in significant operational, financial, environmental, safety, health and reputational impacts. We will continue to review, assess and modify, as needed, our global and regional strategies to ensure our controls effectively manage these risks.
- A cyanide ban within a specific geopolitical jurisdiction – Newmont’s cyanide management approach, which includes our long-standing commitment to ensure full compliance with the International Cyanide Management Code, supports efforts to mitigate this risk.
- Government and/or political actions that result in value loss – The purpose of our country risk program is to monitor and assess these risks and serve as an early warning mechanism on any key developments.
- Increasing government regulation on environmental standards – We address this risk through our stringent environmental standards; extensive engagement and collaboration with government, regulatory and community stakeholders; and programs, such as environmental participatory monitoring, that increase awareness of mining activities among community members and build our understanding of stakeholder concerns.
- Water availability – Our global and regional water strategies aim to identify and effectively manage the risks associated with water access and availability as NGOs, communities and governments are pressuring water-intensive industries, such as mining, to limit use.
More detailed information about the sustainability risks associated with the topics most material to our stakeholders and our business is included throughout this report. In addition, a list of our significant risk factors can be found in our 2018 10-K report, beginning on page 14.
As Newmont’s pipeline of development projects continues to strengthen, we will work to ensure project design includes an adequate understanding of sustainability risks and opportunities.
Country risk trends
While each region and jurisdiction where we operate presents unique geopolitical risks, our country risk program identified the following three major risk trends across our regions:
- Government efforts to increase revenues from mining operations;
- Potential regulatory changes; and
- Operating environment uncertainties due to elections.
To address and effectively manage these risks, we developed comprehensive engagement strategies that were executed in 2018 and will continue through 2019. Our country risk program will continue to expand so that risks are identified prior to investment decisions and future needs are anticipated.
As the world becomes increasingly connected and the digital world expands, like many businesses and organizations, Newmont faces constant and evolving cyber threats. With cyber security as one of our most significant business risks, we began implementing phase two of our three-phase program to enhance our cyber security capabilities across the business and reduce the risk of these threats.
One notable change to our approach in 2018 was establishing information technology (IT) and operating technology (OT) as separate and distinct.
On the IT side, the second phase of our cyber security program significantly strengthened our ability to detect and protect our assets around the globe. This included enhancements to our endpoint, network, and application landscape.
In the OT environment, we focused on the verification and validation of an OT cyber security strategy. This strategy targets critical mining and processing systems within the organization and establishes a framework to protect those critical systems from attack and unauthorized access. Our Nevada and Australia regions commenced strategic planning during the year, and in 2019 we will begin to implement the new OT cyber strategy in Australia, with other locations to follow over the course of the next five years.
From a governance perspective, we adopted two new global standards (based on the ISO 27001 standard) – Acceptable Technology Use and Cyber Security – that establish the minimum requirements for protecting the confidentiality, integrity and availability of Newmont information and communications technology assets. To improve our cyber incident response capabilities, in 2018 we partnered with other mining and minerals companies to form a Cyber Information Sharing consortium.
During 2019, we will enter our cyber security program’s third phase, which will focus on fine-tuning and optimizing our cyber security prevention and detection capabilities and addressing any emergent threats that present themselves to the organization.
Systems and services
During the year, we completed the final implementation phase of our IMS, which we use to capture, track and report our sustainability risks. Elements of this phase include completing a final set of standards, integrating our Supplier Risk Management program into the IMS, and achieving global ISO 14001:2015 umbrella certification – the latter of which is expected to significantly reduce audit costs, reduce the audit burden for sites, and reinforce a risk- and performance-based focus.