Integrated Annual Report 2014
Risk management report
Key to this report.

Risk management report

We recognise that effective risk  management is critical to our continued  profitability and the long-term sustainability  of our business. Our Enterprise Risk  Management (ERM) policy is aligned with  the ArcelorMittal group risk management  policy, world best practices, the King III  Codes and the ISO 31000 standard. In  May 2014 the board reviewed and approved  a revised ERM policy. 

The revised policy accommodates the  continuous improvement processes and  principles which the company implemented  during the past year, including: 

  • control effectiveness audits to verify  current controls; 
  • implementation of inherent and desired  risk ratings on operational risks; 
  • revision of training documentation and the  scheduling of structured training and risk  identification sessions; and 
  • changes to our internally developed risk  database to accommodate the changes  implemented. 

The objective of this policy is to enhance our  ability to manage the uncertainties faced in  our business. In the long run this will create  greater confidence in the company’s capacity  to seize opportunities, alleviate risks and  achieve sustainable successes. 

In addition to the continuous risk  management improvement process, the  following actions were implemented: 

Industrial audit on asset risks 

An industrial audit was conducted to identify  the top asset risks per operational centre  that could have a significant impact on the  availability of plants. Ten out of 62 risks  identified in 2013 as priorities were  mitigated with 19 risks in the process of  being mitigated in 2014. Thus, 47% of top  risks had been wholly or partially mitigated  in the 2013/2014 period. New asset risks  identified in 2014 were assessed and  included in the risk registers. Risks  identified as being part of the company’s  top exposures will be highlighted and  addressed accordingly. 

Outcomes from these audits were shared  and discussed with relevant segment and  group managers. The information shared  clearly highlighted the capital requirements  needed to address the top exposures per  operational centre. Risks identified were also  shared among our sister companies in the  group’s Asia, Africa and CIS (ACIS) segment  for benchmarking purposes. 

Interlock investigation 

The Vanderbijlpark BOF fire in 2013 initiated  an interlock investigation into areas handling  liquid steel. The investigation entails a  cross-site assessment of all software and  programmable logic controller interlocks  to confirm that interlocks are correctly  designed to prevent emergency situations. 

Actions resulting from the investigation  are implemented to address process  safety with emergency procedures being  adapted accordingly. Progress on the  implementation of corrective actions is  discussed at quarterly chief operating  officer risk meetings. 

Best practice procedures 

Experts from ArcelorMittal group drafted  best practice procedures based on  lessons learned from incidents such as  the BOF fire. Areas where these procedures  are applicable are assessed and  improvements implemented. 

Baseline (process flow) risk  identification and assessment 

Jobs will change and hazards will change  with them. New machinery, incidents,  changes in legislation, relocations to new  environments, procedural changes, speed of  production, organisational changes and even  the capabilities of operators are all variables  that require re-study. A formal baseline risk  review process was initiated in 2014 as a  supplement to the continuous risk  identification and assessment process  adopted by the company. 

Structured risk management  awareness training 

A structured process was followed to train/  re-train all applicable employees in the basic  principles of risk management as well as  on the enterprise risk application database.  Training focused on changes adopted by  the company as part of the continuous  improvement process and on the  importance of ensuring the integrity and  detail of information in the risk database. 

2014 risk highlights 

Board accountability 

Our board is ultimately responsible for risk  management and has an audit and risk  management committee which oversees risk  policies and strategies. Risks reported to the  board are also reported to the segment  audit, risk and governance committees and  to the group risk committee. IT forms an  integral part of risk management, the board  bearing responsibility for IT governance  while delegating to management the  implementation of the IT governance  framework.  

Organisational structures and reporting framework

Organisational structures and reporting framework

The risk management reporting process is:

The risk management reporting process is:

Internal assurance

Risk management is structured around the  following functional risk areas: sales and  marketing, procurement and logistics, human  resources, finance, strategic, legal, health  and safety, environment and operations. The  risk management process is divided into four  distinct phases: 

The link between the risk database and  capital process, which allows for risk-based  budgeting and capital allocation, is  an important part of our risk  management process. 

Each risk area, department or business unit  has a risk officer who reports directly to the  head of each department. The manager: risk  and insurance attends all high-level risk  committee meetings and prepares a  consolidated risk management report that  is presented monthly to the management  committee and, on a quarterly basis, to the  executive committee, the audit and risk  committee and the board. 

Project risk management 

A project risk management process  undertaken ahead of the Newcastle blast  furnace reline identified 25 risks that it was  considered might have had material impacts  on the project. Risks such as working at  heights during installation work, salamander  not done fully and a shortage of specialised  contractors were identified through a  detailed risk identification and assessment  process undertaken with the reline team.  Detailed mitigation actions were drafted  where the risks were fully or partly under  the control of the project team.  With the significant time and cost overruns  experienced, it became apparent that  mitigation measures, particularly as they  related to the contractors’ access to  specialist skills, were materially deficient.  A follow-up investigation was undertaken  to learn and share experiences so as to  prevent similar risks materialising during  future relines. 

Business continuity management  (BCM) 

The business continuity management policy  we have implemented is aligned with world  best practices, the King III Codes and the  ISO 22301 standard. This policy outlines our  approach to the implementation and  management of business continuity. The  purpose of this policy is to provide a basis  for understanding and implementing  business continuity within ArcelorMittal  South Africa and to provide confidence in the  organisation’s dealings with stakeholders. 

Business continuity plans are implemented  according to the risk profile of the company.  This year operational business continuity  plans were implemented and tested at  Saldanha following the implementation of  such a plan at Newcastle in 2013. Similar  plans will be implemented at the other  operating sites in 2015. 


Our insurance department, with the  assistance of external consultants and using  recognised international procedures and  standards, undertakes regular loss  prevention audits of all of the company’s  plants and operations. 

Operational risk exposure is measured by  risk consultants using a vulnerability index.  Loss surveyors evaluate the three main  categories: management, fire protection and  process safety (with 39 subcategories) to  determine the company’s vulnerability index.  Our vulnerability index has reduced by a  significant 19.5% over the past five years.  Action plans are drafted and are part of the  risk management process. 

We have an insurance programme in place  which is underpinned by an approved  insurance policy that provides insurance  cover for losses above agreed deductibles  at competitive costs (measured and  determined both locally and abroad).  Insurance cover is, in principle, risk-based as  is outlined in the policy. As a result of our  claims history, we have seen significant  increases in our asset cover deductibles,  above our risk-bearing capacity. We  continuously investigate different vehicles to  reduce the impact on the company and our  customers. These include the structuring of  the captive cell, deductible buy-down,  spread loss facilities, etc. 

Continuous improvement 

To improve the robustness of the ERM  process we continuously review our risk  management performance. A maturity  model is used across the ArcelorMittal group  to monitor the maturity of risk management  processes. We are currently assessed in the  top 10 in the ArcelorMittal group. 

The following actions to improve the  maturity of our risk management process  are being pursued: 

  • Scheduling of baseline risk identification  sessions to supplement existing continuous  identification and assessment processes. 
  • The development of a risk dashboard for  risk reporting purposes. 
  • Analysis of group technical benchmark  information to determine unplanned  reliability as an input to risk identification. 
  • Analysis of group technical audit  information as an input to the risk  assessment process. 
  • Embedding of the current control  audit process. 
  • Benchmarking of risk management  processes. 

We actively participate in knowledge  management programmes where risk lessons  are shared with other facilities within the  ArcelorMittal group. These programmes  inform the ongoing improvement of our risk  management process. 


We recognise that effective risk  management requires ERM processes,  principles and objectives to be aligned and  embedded across the organisation. We have  made substantial progress in aligning the  methodology and reporting process.  Expanding the risk database contributed  to streamlining the alignment and  reporting process.  In the year ahead we will focus attention on  improving the robustness of the process  by, among other measures, continuing  baseline risk identification sessions,  improving the risk control effectiveness  approach and expanding on the combined  assurance process. 

The effectiveness of the improved risk  management process will be subject to a  formal internal assessment and risk maturity  audit in 2015. 

Most significant risk exposures 

The top strategic residual risks, as identified  through our ERM process, which could  impact our sustainability, are detailed in the  diagram below. 

2014 risk management highlights  included: 

  • There were no catastrophic operational  incidents in the year; 
  • Nineteen of the top asset risks where  capital was required were mitigated  in 2014; almost 50% of these were  in Newcastle; 
  • The vulnerability rating improved on  average by 2.7% on sites surveyed in  2014. At year-end the steel vulnerability  rating stood at 42.2% against a 2015  target of 40%; 
  • The risk management maturity level, as  assessed by internal audit, improved from  2.4 to 2.54. This rating is defined (in terms  of ISO 31000) as “managed” with a target  of becoming “sustainable”. 

2015 risk focus areas 

  • Continuation of the drive to reduce top  asset risks. Ten out of 62 risks identified in  2013 as priority were mitigated with a  further 19 risks mitigated in 2014. It is  planned to mitigate the remaining 33 in  2015/16; 
  • New asset risks identified in 2014 will be  assessed and included in the risk registers.  Risks identified as being among the  company’s top exposures will be  highlighted and addressed accordingly; 
  • Business continuity management:  Completion of the operational business  continuity plans will be driven in 2015.  Newcastle (pilot) and Saldanha have been  completed with the other operational units  to be done in 2015; 
  • Risk identification and assessment with  a focus on the identification of training  techniques. Training in specific risk  identification and assessment techniques  such as SWIFT and HAZOP will be done in  2015. The intent is to strengthen and align  the risk identification process. Training in  management of change (MOC) principles  will also be a focus area for 2015. (The  biggest gap found during audits related to  MOC.) 

ArcelorMittal South Africa risk dashboard: January 2015

ArcelorMittal South Africa risk dashboard: January 2015

Measures taken to mitigate our top strategic measures:

Control details (Controls currently implemented)
Action details (Additional actions to reduce the risk)

  • Group compliance training on ArcelorMittal policies, anti-trust, anti-corruption, and economic sanctions
  • Appropriate legal defences being adopted
  • Relationship building

  • Adequate market intelligence, including:
    • - Monitoring of imports
    • - Strategy discussions with customers
    • - Arbitration meetings
    • - Consumption modelling with customers
    • - Monitor leading market indicators
  • Target market approach
  • Further development on an ongoing basis in Africa over land market
  • Target projects (e.g. infrastructure)
  • Strategic sessions with customers
  • Further improvement of service KPIs (OTD, pricing)
  • Investment into working capital

  • Optimise electricity consumption within ArcelorMittal South Africa
  • Monthly discussion between industry and Eskom
  • Standard NRS048 “Emergency energy supply for South Africa” implemented
  • Emergency electricity network exists in Newcastle
  • Change in Vanderbijlpark works footprint
  • Energy business improvement wave to explore energy efficiency improvements requiring no or low capital

  • Monitoring of market activities and review of strategies accordingly
  • Improved customer service and reliability
  • Feedback from customers and developing account plans accordingly (target market approach)
  • Implementation of target market approach and industry plans
  • Shorten lead times and improve on-time delivery
  • Supply stability by continued focus on improvements, maintenance and operational expenditure requirements
  • Improve B-BBEE status by implementing identified actions

  • Projects implemented, e.g. waste disposal site (Vanderbijlpark), sinter clean gas (Vanderbijlpark), coke oven clean gas and water (Vanderbijlpark), EAF dust extraction system (Vereeniging)
  • Emission measurement
  • Closure of EAF and Battery 3 in Vanderbijlpark
  • Improved PPE at coke ovens
  • Individual action plans to partially remediate but are behind with capex programmes due to lack of available funds – majorprojects include:
    • – Newcastle zero effluent discharge (ZED) project
    • – Vanderbijlpark coke battery projects (eg coal water treatment and battery tightness)
  • Ongoing shop floor audits for incorrect use of PPE and violations of standard operating procedures
  • Periodic medical surveillance

  • Internal logistics improvement plan to address turnaround times
  • Road transport as alternative
  • Monthly forum between TFR and ArcelorMittal South Africa
  • Inventory management
  • Daily weekly and monthly planning meetings
  • Integrated transport plan
  • Logistics operations centre (LOC) with TFR on site
  • Alternative supply of critical input material
  • Joint optimisation project between management of ArcelorMittal and Transnet Freight Rail to improve service delivery
  • Review and maintain safety stock levels to serve as contingency

  • Weekly stock planning meetings
  • Target stock days
  • Optimise internally generated material (e.g. scrap)
  • Base volume to be negotiated (rail and road) – thus focus should be sustainable logistics performance
  • Strategic partnership
  • Increase Africa supply
  • Leakage prevention initiatives

  • Asset risk management process to mitigate risks
  • Preventative maintenance
  • Monitoring of operational drivers during monthly reviews
  • Business improvement process
  • Implementation of actions to reduce asset risks through prioritised capex plan
  • Increased focus on process safety and passive plant protection (industrial audit)
  • Increased focus on current controls

  • Dedicated resource to manage contracts
  • Identification of long-term, high-value and high-risk contracts using a rule-based approach
  • Comprehensive contracting guideline drafted
  • Spent matrix control in place for key commodities. SAP controls implemented
  • Software solution in SAP (contract lifecycle management) to effectively manage contracts
  • Management of contract register, deployment of Qlikview
  • Contract management process with contract owners implemented
  • Draft contract manual
  • Renegotiate all logistics road contracts
  • Contract management audit

  • Driving the adherence to fatality prevention standards
  • Close out of IRCA and cross site audit findings
  • Visual felt leadership
  • Improved focus on leading indicators
  • Management presence on the shop floor
Journey to zero incidents by:

  • Driving FPS standards – Level 3 at all sites in 2015
  • Implementing more practical training with focus on the behaviour of employees and language medium