The board is responsible for determining the nature and extent of the significant risks the group has to manage in order to achieve its strategic objectives. The board believes in the maintenance of sound risk management and internal control systems.
Throughout the year the board monitored the group’s risk management and internal control systems, adopting an integrated approach to risk management which covers all material financial, operational, compliance, reputational and sustainable development risks.
The board in conjunction with the audit committee regularly considered the group’s principal risks. The board’s review focused on the effectiveness of the group’s risk management and internal control systems, assisted by the assessments undertaken by the audit committee. These assessments, which occurred both during the year and at the year end, evaluated the group’s principal risks, taking into account the strength of the group’s control systems and its appetite for risk.
The board delegates responsibility for day to day risk management to the CEO who in turn relies on the executive committee to identify, evaluate, mitigate and monitor the key risks facing the group and to implement the group’s integrated risk management processes and controls. For further details of the executive committee please see page 20 of this annual report.
The group’s integrated approach to risk management is outlined in the risk management triangle set out above. The group’s businesses are responsible for maintaining an effective risk management and internal control environment. These are embedded throughout the group and in the day to day operations of the mines under the direction of the executive committee. This includes the implementation and regular monitoring of processes and controls which are designed to ensure adherence with the board’s appetite for risk and group policies and procedures.
The group’s business functions monitor adherence to these processes and controls and provide guidance to the business on their implementation and application. This includes ongoing reviews by key functions within the group. The group’s management team is actively involved in all the group’s operations throughout the year, including numerous visits to the group’s sites and operations, attending monthly meetings with general managers and participating in weekly meetings with other senior members of staff, in each case to discuss critical issues affecting the operations, all of which are undertaken to assist in reducing the group’s risk exposure.
A comprehensive risk register is maintained and presented annually to the audit committee. The audit committee reviews the risk register and the risk management framework which the board and senior management uses to identify and scrutinise key risks facing the group, and consider whether those risks are appropriately managed. The risk register and framework use the company’s existing risk matrix and universal risk prioritisation, and rating scale, which grade and prioritise perceived and known risks. The risk register assists management in identifying and assessing the key risks facing the business.
The audit committee acknowledges there are many risks inherent to a mining business that exist and the challenge is to effectively manage those risks. By its nature, the risk register is a dynamic document subject to change. However, it is used by management to perform their duties while at the same time allowing the internal audit function to review and evaluate the activities of management in their efforts to control issues of risk and assess whether these activities are sufficient for the mitigation and management of risk.
Assurance over the group’s risk management, internal control and governance processes is provided by the group’s internal audit function. As part of the preparation of the company’s annual report on Form 20-F, which is filed with the SEC, the substantial risk factors are again identified and set out, highlighting to the market those aspects which could have a material effect on the company’s business.
The board carried out an assessment of the principal risk factors and uncertainties which it considers either individually or in combination as having the potential to have a material adverse effect on the group’s business, including those that would threaten the company’s business model, future performance, solvency or liquidity. The group’s strategy takes into account known risks but there may be additional risks unknown to the group and other risks, currently believed to be immaterial, which could develop into material risks.
Full details relating to the group’s industry generally can be found in the annual report on Form 20-F filed with the SEC, a copy of which is available on the company’s website at www.randgoldresources.com. From its assessment the board has itemised several key risks, including the Key Performance Indicators (KPIs) as per the download.
Country Ranking System
As part of the risk management process and in fulfilment of its risk management responsibilities, management regularly undertakes a detailed analysis of all countries in Africa based on the following formula, which is presented and agreed with the audit committee and the board on an annual basis, as outlined on page 180 of the 2015 annual report.
Ranking is dependent on a qualitative assessment combining each of the following on an equal weighting basis:
- Geological opportunity
- Economic and fiscal regime
- Political stability