2016 risk and materiality
In 2016 we continued to grapple with issues not just of sustainability but of survival. As in the previous year, therefore, our material issues and our strategy were almost entirely concerned with obviating risks.
The board this year concurred with management’s view that, to build a sustainable future for our company, we had to continue stabilising our present situation by confronting our key risks and demonstrating, in no uncertain terms, our commitment to creating value for all stakeholders..
The top 10 risks facing our company in 2016 were:
The following top (2015) risks were mitigated in 2016:
- Availability of energy
- Competition Commission issues
- Contract management
With the determination by our leadership that the overriding imperative facing our company was the need to ensure its survival by addressing (mostly external) risks, it followed, ipso facto, that our most material issues were derived from our top risks. In addition to material issues deriving from our risks, the health and safety of our employees and contractors is our foremost value and integral to our mission. Our most material issues this year were:
- Workplace safety
- Protection against unfair imports
- Unsustainable input costs
- Establishing a fair price for steel and customer focus
- Competition Commission issues
- B-BBEE compliance
- Environmental compliance
- Optimising our industrial footprint
- Training for a new operating reality
With external factors testing the effectiveness of our enterprise risk management (ERM) process to the extreme, our company this year experienced a considerably renewed, sharper focus on the importance of an effective ERM process with a particular focus on the effectiveness of risk controls being built into the combined assurance process.
This report seeks to explain how execution of our strategy and our governance practices created value in the year reported – and is likely to do so into the future. To this end we report performance on our four key, most material, strategic objectives:
- Keeping our people safe
- Driving proﬁtability
- Creating social value
- Creating a high-performance culture
We formulate our key strategic objectives by answering the following questions:
- What are the most material issues our company must address if it is to create value into the future while meeting the terms of its mission and subscribing consistently to its values?
- What are the issues that matter most to our stakeholders?
Our mission and values seek to embed safety into our DNA. Safety is non-negotiable and is always placed above any other consideration or issue; any strategy or action that compromises our ability to keep our people safe compromises our values. As a values-driven organisation, safety is our foremost material issue.
Stakeholder inclusiveness is central to determining our most material issues. Engagement with stakeholders happens through formal platforms.
Explicit and perceived stakeholder concerns are regularly reported to the executive committee and board for consideration while the company’s policies and strategic execution are communicated to stakeholders for input.
In addition to the concerns of stakeholders, we consider the macro-economic, political, social, legislative and regulatory environments in which we operate and do business, as well as the risk register, which is informed by our ongoing ERM systems and overseen by the audit and risk committee.
This year our risk register highlighted the many ways in which the environments mentioned above posed very real threats to our ability to stay in business and to continue creating value. At the outset of the year our board considered detailed reports on material risks and, in addition to safety, prioritised our most material issues accordingly. These were updated during the year.
Our ERM policy is aligned with the ArcelorMittal group risk management policy, world best practices, the King III Code and the ISO 31000 standard. The objective of the ERM policy is to enhance our ability to manage the uncertainties faced by our business. In the long run this will create greater conﬁdence in the company’s capacity to seize opportunities, alleviate risks and achieve sustainable successes. The following continuous improvements are focus areas within our business:
- Combined assurance audits to verify the control effectiveness of current controls implemented in 2016
- The project risk management process being embedded and refined
- Ongoing changes to our internally developed risk database with a focus on combined assurance and control effectiveness
- Structured opportunity risk management being implemented
- Continuous benchmarking to improve our risk management process with cross learning between ArcelorMittal South Africa and Exxaro in 2016
The following highlights in greater detail some of the continuous risk management improvement initiatives:
Asset risk mitigation
By the end of 2016, 74% of the 62 top asset risks identiﬁed in 2013 had been mitigated. Investments included signiﬁcant risk mitigation expenditure at Newcastle, chief among these the R1.8 billion blast furnace reline in 2014, stove refurbishment, a sinter plant reline and a blast oxygen furnace (BOF) ﬂare stack repair. Other business units also spent signiﬁcant amounts of risk-mitigating capital on items such as the Corex campaign extension at Saldanha (at a cost of R73 million), purchasing of critical spares, upgrading drives and the improvement or installation of ﬁre detection and suppression systems. New asset risks identiﬁed in 2016 were assessed and included in the various risk registers. Risks identiﬁed as being part of the top exposures for the company will be highlighted and addressed accordingly.
Structural risk survey
ArcelorMittal South Africa’s plants are ageing, ranging in age between 18 and 105 years. Because of the age of our plants, the risk of structural failure was identiﬁed as a focal area in 2015 with continued focus in 2016. Although structural risks were identiﬁed and mitigated in certain areas it was further decided to launch an investigation to determine the status of all critical physical structures within the company. This investigation included the identiﬁcation of structures at risk, the frequency and adequacy of structural surveys, the state of at-risk structures and actions necessary to address concerns identiﬁed. Those structural risks identified were prioritised and actions to mitigate them allocated.
Focus on maintenance oversight
The CEO maintenance governance committee, initiated in 2015, continued to meet quarterly in 2016. The principal objective of these meetings is to monitor the execution of plant maintenance and reliability performance so as to improve plant availability/reliability while minimising or eliminating major breakdowns and risks. Information discussed supports decision-making processes on:
- Operating/capital expenditure
- Maintenance practices
- Risk identification and mitigation
- Comparison against group technical benchmarking (GTB) information
Risk management database
The internally developed risk management database is used to register all risks identiﬁed at ArcelorMittal South Africa. The database was initially developed in 2006 at Saldanha Works to replace then Excel-based risk documents and was subsequently rolled out across the company, becoming an established risk management tool with the following advantages:
- Uniformity in the application of the risk management process and risk assessment methodology
- An aligned, structured approach to risk management
- Alignment in reporting
- Tracking of changes to risks
- Security of information
- Ease in collaboration of risk management (reduction in administrative burden)
- Seamless integration with the capital expenditure database
- Integration with combined assurance principles
Our board is ultimately responsible for risk management and has an audit and risk committee which oversees risk policies and strategies. Top risks are also reported to the group risk committee via the group enterprise risk manager.
IT forms an integral part of risk management, the board bearing responsibility for IT governance while delegating to management the implementation of the IT governance framework.
Risk management is structured around the following functional risk areas: sales and marketing, operations, procurement and logistics, human resources, ﬁnance, strategic, legal, health, safety and environment. The risk management process is divided into four distinct phases as per the graphic above. The link between the risk database and the capital process, which allows for risk-based budgeting and capital allocation, as well as the combined assurance process, are built into the risk process to audit current control effectiveness.
Each risk area, department or business unit has a risk ofﬁcer who reports directly to the head of each department. The manager of risk and insurance attends all high-level risk committee meetings and prepares consolidated risk management reports which are presented monthly to the executive committee and, on a quarterly basis, to the audit and risk committee and the board.
Project risk management
Project risk management, one of the focus areas in 2016, has become part of the culture of the company. All major projects, or projects with significant risks attached, go through a structured project risk management process facilitated by the risk specialists. Project risks are identified during the different project stages and are updated at a frequency determined in conjunction with the project team. Follow-up on project risks and the implementation of mitigation actions are done during the project execution phase.
Business continuity management
The business continuity management (BCM) policy we have implemented is aligned with world best practices, the King III Code and the ISO 22301 standard. The purpose of this policy is to provide a basis for understanding and implementing business continuity within ArcelorMittal South Africa and to provide conﬁdence in the organisation’s dealings with stakeholders. Business continuity plans are implemented according to the risk proﬁle of the company. This year the operational business continuity plans were revised to be aligned with changes in the business structure. In 2017 a focus will be on revising all business continuity plans including a gap analysis against best practices..
Our insurance department, with the assistance of external consultants and by using recognised international procedures and standards, undertakes regular loss-prevention audits of all plants and operations. During 2016 AIG, a top three asset insurance company, again joined our loss surveyors (Axa-Matrix) in the annual loss survey exercise.
The chief outcomes of the survey were:
- Improved ﬁre system maintenance
- Improved housekeeping which contributes, among others, towards reduced fire load
- Increased management awareness of risks and actions to address these risks
- Additional emphasis required on the reliability of fire systems.
Operational risk exposure is measured by risk consultants using a vulnerability index. Loss surveyors evaluate three main categories: management, ﬁre protection and process safety (with 39 subcategories) to determine the company’s vulnerability index. Our vulnerability index has improved by 24% over the past nine years. Action plans to improve the vulnerability rating have been drafted and form part of the risk management process.
We have in place an insurance programme which is underpinned by an approved insurance policy providing insurance cover for losses above agreed deductibles at competitive costs (measured and determined both locally and abroad). Insurance cover is, in principle, risk-based as is outlined in the policy.
Good risk management practices and vigilance by operations reduced the insurable incidents to such an extent that the company has been claim free since February 2013. This improved the company’s insurability, leading to a reduction in deductibles and premiums. The company’s cell captive in Ferrosure Isle of Man was also fully funded, allowing the payment of a dividend from the cell to support cash flow.
In 2016 the combined assurance process supported by the risk management system was implemented in full. The implementation process consisted of four phases:
- Finalising and testing the combined assurance process within the risk systems
- Training risk specialists and risk database users in combined assurance principles and changes in the database
- Conducting combined assurance (control effectiveness) audits on top risks
- Auditing the combined assurance process by internal assurance during October/November 2016. The outcome of the audit will be used to further improve on the rollout of the combined assurance process.
To improve the robustness of the ERM process we continuously review our risk management performance. A maturity model is used across the ArcelorMittal group to monitor the maturity of risk management processes. We are assessed in the top 10 within the ArcelorMittal group. The following actions to improve the maturity of our risk management processes are being pursued:
- Doing what-if and “bow-tie” analysis exercises on probable maximum loss areas to supplement existing continuous identiﬁcation and assessment processes
- Analysis of different sources of information (eg incident reporting, maintenance dashboards) as input to risk identiﬁcation
- Creating a platform whereby currently listed “opportunities” (as required by the incoming King IV Code) can be formally listed and reported on
- Embedding the combined assurance (current control effectiveness audit) process
- Benchmarking risk management processes
- Revising our business continuity plans and procedures as practical tools to reduce the impact of business interruptions
We actively participate in risk and insurance webinars where lessons and best practices are shared with other facilities within the ArcelorMittal group. These programmes inform the ongoing improvement of our risk management processes. The ArcelorMittal South Africa risk manager is a member of the global risk steering committee that is driving improvement actions for the group by using local knowledge and skills.
Compliance risk management
While the company has an effective compliance policy, with the exception of some pockets of excellence, there is no entrenched compliance culture. In 2015 we began implementing an appropriate compliance framework, this process entailing the establishment of a compliance structure (including the creation of company-wide co-ordination, capability and reporting templates), appointing compliance champions and raising awareness about the importance of compliance.
Using Compliance Institute of SA guidelines, we aim to effectively identify, monitor and report regulatory compliance risks.
In 2016 the first business unit compliance self-assessments were done and the statutory reporting schedule was also compiled. In addition, specific projects were identified for implementation, notably a rollout plan and training in protection of personal information (POPI) compliance. Training in competition law was also begun.
Outlook for 2017
We recognise that effective strategy formulation and risk management require ERM processes, principles and objectives to be aligned and embedded across the organisation. Including combined assurance principles in the risk database during 2016 contributed towards taking risk management, specifically the control effectiveness of top risks, to a new level. In the year ahead we will focus on improving the robustness of the process by, among other measures, taking the risk-control effectiveness approach to a more detailed level, testing our business continuity plans to mitigate the impact when a disaster strikes and challenging our risk financing programme when the company’s risk-bearing capacity is challenged. In 2017 various actions will be taken to embed and integrate compliance risk management at both head ofﬁce and business unit level.
Most significant risk exposures
The top strategic residual risks, as identified through our ERM process, which could impact our sustainability, are detailed in the diagram below.
Measures taken to mitigate our top strategic risks
|No||Risk name and context||Control details (controls currently
|Action details (additional actions being
considered or planned to reduce the risk)
A decline in markets due to minimal local infrastructure spend, a surge in imports
as well as a decline in steel prices lead to severe cash pressure on the company.
Sufficient cash/facilities are crucial during the current trying times
|2||Market demand decline
Global oversupply of steel puts pressure on steel prices. This, together with lower
domestic economic activity, contributes to market demand declining
Different competitive actions within the market are threatening our market share.
Increased imports, particularly from China, are the main concern
|4||Foreign exchange exposure
With a significant portion of ebitda costs being rand-based, the company is
exposed to fluctuations in the exchange rate
An increase in the raw material basket without a concomitant increase in steel
prices leads to margin squeeze, impacting profitability
Incidents causing operational instability leading to a loss of production are a risk not only to the profitability of the company but will also impact customers, which may prompt them to seek alternative supply, increasing the risk of imports
Non-compliance and non-adherence to fatality prevention standards and unsafe acts and conditions may potentially lead to lost time injuries and ultimately to fatalities
||Journey to zero incidents by:
|8||Environmental impacts from operations
Non-compliance with existing environmental laws and regulations could have a significant impact on the company, leading to penalties or even plant closures
|9||Insufficient input material supply and quality of input material
Input material disruptions due to factors such as insufficient stock holding, Transnet Freight Rail (TFR) inefficiency, supplier disruptions (such as strikes, breakdowns or incidents) and poor quality of input material could result in plant stoppages/disruptions with resultant production losses
|10||Increased input costs
Higher and rising input costs of material, services or transport which are not compensated by increases in steel prices could lead to margin squeeze with a resultant bottom-line impact