Centamin recognises that nothing is without risk. We believe a successful and sustainable business model requires a robust and proactive risk management framework as its foundation. This is supported by a strong culture of risk awareness, encouraging openness and integrity, alongside a clearly defined appetite for risk. This enables the Company to consider risks and opportunities for more effective decision-making, delivery on our objectives and improve our performance as a responsible mining company.
RISK OVERSIGHT AND ACCOUNTABILITY
The Board has overall responsibility, supported by the Audit and Risk Committee, for establishing a framework that allows for the review of existing and emerging risks in the context of both opportunities and potential threats that informs the principal risks and uncertainties. The risk management framework and the system of internal controls are designed to operate effectively together and report through to the Audit and Risk Committee on a regular basis.
Our approach incorporates international good practice, reflect the UK 2018 Code and ISO 31000 Risk Management Guidelines. The framework adopts a top-down and bottom-up approach, enabling thorough identification, assessment, mitigation and monitoring of risks throughout the business. There are three lines of defence to provide review and oversight whilst ensuring the information that flows from the reporting lines is relevant, timely and can genuinely support the Board’s strategic decisions.
Understanding climate change-related risks and opportunities across all aspects of our business is vital to inform our strategy and our continued ability to operate. Climate change is integrated into our risk management processes in the understanding, identification and mitigation of risk and opportunities.
Our approach to corporate governance has been developed to ensure that the Board understand the level of risk we are willing to take, as defined in Risk Appetite below, supported by a level of assurance that risk is appropriately managed and the system of internal control is effective.
Executive and senior management, review, challenge and monitor ongoing risks on a regular basis alongside regular review performed at an operational level. The consolidation and analysis of this information is assessed on a quarterly basis and reported to the Board through the Audit and Risk Committee.
MEASURING OUR RISK
The Board considers risks in terms of potential severity based on the ‘likelihood’ of the risk occurring, given the mitigating factors in place, and relative ‘impact’, should an event materially impact on the business to form a residual severity. The Company considers the residual position of all of the Principal risks to be potentially material if they were to occur. In 2022 we also introduced the concept of the velocity of the risks. Risk velocity measures how fast an exposure can impact an organisation. It is the time that passes between the occurrence of an event and the point at which the organisation first feels its effects and allows us to focus the existing and future mitigation efforts. Velocity is considered from Very Slow, which can occur over multiple years, to Instantaneous, which could happen immediately. Further information is given below under the Risk Scoring Criteria.
The risks are then considered against Centamin’s risk appetite, as shown above, to provide ‘themes’, which are those areas of concern that are discussed and debated.
The diagram shows the key information on the principal risks including the appetite of the Company to the particular risk, whether this is an external, strategic, or operational risk, and also the potential velocity of the risk.
To view our detailed Principal Risks and Uncertainties.
RISK SCORING CRITERIA
A consistent assessment of the probability and impact of risk occurrence is fundamental to establishing, prioritising and managing the risk profile of the Company. In common with many organisations and reflecting good practice, Centamin uses a probability and impact matrix for this purpose. When risks are scored residually (post-existing controls), a consistent methodology for scoring should be used to enable a more effective comparison of risk severity across the company. We have now also included the consideration of the potential velocity of the risk where this considers the time that passes between the risk materialising and when the company first feels its effects.
Below is the criteria to determine the potential Impact, Likelihood and Velocity. Based on the overall residual severity (Impact x Likelihood) + Velocity the risk will then be flagged for escalation based on who should be notified, who is responsible for management and the monitoring & reporting of these risks and our level of tolerability of the risk.
|Risk Severity||Risks are scored from a 1 to 5 basis on a sliding scale as shown below for each area|
|Risk Likelihood||Considers the potential chances of the risk materialising on a probability basis using a 1 to 5 rating|
|Risk Impact||Considers the potential impact of the risk on a 1 to 5 rating, with the existing controls in place, against a number of areas including: Safety, Health & Wellbeing, Environmental & Climate Change, Social & Governance, Operational, Security, Legal & Compliance, Reputation and Financial|
|Velocity||Considers the time that passes between the risk materialising and the point at which the company first feels its effects from potentially straight away to over a period of a number of years using a 1 to 5 rating|