We recognise that effective risk management is critical to our continued proﬁtability and the long-term sustainability of our business. Our Enterprise Risk Management (ERM) policy is aligned with the ArcelorMittal group risk management policy, world best practices, the King III Codes and the ISO 31000 standard. In May 2014 the board reviewed and approved a revised ERM policy.
The revised policy accommodates the continuous improvement processes and principles which the company implemented during the past year, including:
- control effectiveness audits to verify current controls;
- implementation of inherent and desired risk ratings on operational risks;
- revision of training documentation and the scheduling of structured training and risk identification sessions; and
- changes to our internally developed risk database to accommodate the changes implemented.
The objective of this policy is to enhance our ability to manage the uncertainties faced in our business. In the long run this will create greater conﬁdence in the company’s capacity to seize opportunities, alleviate risks and achieve sustainable successes.
In addition to the continuous risk management improvement process, the following actions were implemented:
Industrial audit on asset risks
An industrial audit was conducted to identify the top asset risks per operational centre that could have a significant impact on the availability of plants. Ten out of 62 risks identified in 2013 as priorities were mitigated with 19 risks in the process of being mitigated in 2014. Thus, 47% of top risks had been wholly or partially mitigated in the 2013/2014 period. New asset risks identified in 2014 were assessed and included in the risk registers. Risks identified as being part of the company’s top exposures will be highlighted and addressed accordingly.
Outcomes from these audits were shared and discussed with relevant segment and group managers. The information shared clearly highlighted the capital requirements needed to address the top exposures per operational centre. Risks identified were also shared among our sister companies in the group’s Asia, Africa and CIS (ACIS) segment for benchmarking purposes.
The Vanderbijlpark BOF fire in 2013 initiated an interlock investigation into areas handling liquid steel. The investigation entails a cross-site assessment of all software and programmable logic controller interlocks to confirm that interlocks are correctly designed to prevent emergency situations.
Actions resulting from the investigation are implemented to address process safety with emergency procedures being adapted accordingly. Progress on the implementation of corrective actions is discussed at quarterly chief operating officer risk meetings.
Best practice procedures
Experts from ArcelorMittal group drafted best practice procedures based on lessons learned from incidents such as the BOF fire. Areas where these procedures are applicable are assessed and improvements implemented.
Baseline (process flow) risk identification and assessment
Jobs will change and hazards will change with them. New machinery, incidents, changes in legislation, relocations to new environments, procedural changes, speed of production, organisational changes and even the capabilities of operators are all variables that require re-study. A formal baseline risk review process was initiated in 2014 as a supplement to the continuous risk identification and assessment process adopted by the company.
Structured risk management awareness training
A structured process was followed to train/ re-train all applicable employees in the basic principles of risk management as well as on the enterprise risk application database. Training focused on changes adopted by the company as part of the continuous improvement process and on the importance of ensuring the integrity and detail of information in the risk database.
2014 risk highlights
Our board is ultimately responsible for risk management and has an audit and risk management committee which oversees risk policies and strategies. Risks reported to the board are also reported to the segment audit, risk and governance committees and to the group risk committee. IT forms an integral part of risk management, the board bearing responsibility for IT governance while delegating to management the implementation of the IT governance framework.
Organisational structures and reporting framework
The risk management reporting process is:
Risk management is structured around the following functional risk areas: sales and marketing, procurement and logistics, human resources, ﬁnance, strategic, legal, health and safety, environment and operations. The risk management process is divided into four distinct phases:
The link between the risk database and capital process, which allows for risk-based budgeting and capital allocation, is an important part of our risk management process.
Each risk area, department or business unit has a risk ofﬁcer who reports directly to the head of each department. The manager: risk and insurance attends all high-level risk committee meetings and prepares a consolidated risk management report that is presented monthly to the management committee and, on a quarterly basis, to the executive committee, the audit and risk committee and the board.
Project risk management
A project risk management process undertaken ahead of the Newcastle blast furnace reline identified 25 risks that it was considered might have had material impacts on the project. Risks such as working at heights during installation work, salamander not done fully and a shortage of specialised contractors were identified through a detailed risk identification and assessment process undertaken with the reline team. Detailed mitigation actions were drafted where the risks were fully or partly under the control of the project team. With the significant time and cost overruns experienced, it became apparent that mitigation measures, particularly as they related to the contractors’ access to specialist skills, were materially deficient. A follow-up investigation was undertaken to learn and share experiences so as to prevent similar risks materialising during future relines.
Business continuity management (BCM)
The business continuity management policy we have implemented is aligned with world best practices, the King III Codes and the ISO 22301 standard. This policy outlines our approach to the implementation and management of business continuity. The purpose of this policy is to provide a basis for understanding and implementing business continuity within ArcelorMittal South Africa and to provide conﬁdence in the organisation’s dealings with stakeholders.
Business continuity plans are implemented according to the risk profile of the company. This year operational business continuity plans were implemented and tested at Saldanha following the implementation of such a plan at Newcastle in 2013. Similar plans will be implemented at the other operating sites in 2015.
Our insurance department, with the assistance of external consultants and using recognised international procedures and standards, undertakes regular loss prevention audits of all of the company’s plants and operations.
Operational risk exposure is measured by risk consultants using a vulnerability index. Loss surveyors evaluate the three main categories: management, fire protection and process safety (with 39 subcategories) to determine the company’s vulnerability index. Our vulnerability index has reduced by a signiﬁcant 19.5% over the past five years. Action plans are drafted and are part of the risk management process.
We have an insurance programme in place which is underpinned by an approved insurance policy that provides insurance cover for losses above agreed deductibles at competitive costs (measured and determined both locally and abroad). Insurance cover is, in principle, risk-based as is outlined in the policy. As a result of our claims history, we have seen significant increases in our asset cover deductibles, above our risk-bearing capacity. We continuously investigate different vehicles to reduce the impact on the company and our customers. These include the structuring of the captive cell, deductible buy-down, spread loss facilities, etc.
To improve the robustness of the ERM process we continuously review our risk management performance. A maturity model is used across the ArcelorMittal group to monitor the maturity of risk management processes. We are currently assessed in the top 10 in the ArcelorMittal group.
The following actions to improve the maturity of our risk management process are being pursued:
- Scheduling of baseline risk identification sessions to supplement existing continuous identification and assessment processes.
- The development of a risk dashboard for risk reporting purposes.
- Analysis of group technical benchmark information to determine unplanned reliability as an input to risk identification.
- Analysis of group technical audit information as an input to the risk assessment process.
- Embedding of the current control audit process.
- Benchmarking of risk management processes.
We actively participate in knowledge management programmes where risk lessons are shared with other facilities within the ArcelorMittal group. These programmes inform the ongoing improvement of our risk management process.
We recognise that effective risk management requires ERM processes, principles and objectives to be aligned and embedded across the organisation. We have made substantial progress in aligning the methodology and reporting process. Expanding the risk database contributed to streamlining the alignment and reporting process. In the year ahead we will focus attention on improving the robustness of the process by, among other measures, continuing baseline risk identification sessions, improving the risk control effectiveness approach and expanding on the combined assurance process.
The effectiveness of the improved risk management process will be subject to a formal internal assessment and risk maturity audit in 2015.
Most signiﬁcant risk exposures
The top strategic residual risks, as identiﬁed through our ERM process, which could impact our sustainability, are detailed in the diagram below.
2014 risk management highlights included:
- There were no catastrophic operational incidents in the year;
- Nineteen of the top asset risks where capital was required were mitigated in 2014; almost 50% of these were in Newcastle;
- The vulnerability rating improved on average by 2.7% on sites surveyed in 2014. At year-end the steel vulnerability rating stood at 42.2% against a 2015 target of 40%;
- The risk management maturity level, as assessed by internal audit, improved from 2.4 to 2.54. This rating is defined (in terms of ISO 31000) as “managed” with a target of becoming “sustainable”.
2015 risk focus areas
- Continuation of the drive to reduce top asset risks. Ten out of 62 risks identified in 2013 as priority were mitigated with a further 19 risks mitigated in 2014. It is planned to mitigate the remaining 33 in 2015/16;
- New asset risks identified in 2014 will be assessed and included in the risk registers. Risks identified as being among the company’s top exposures will be highlighted and addressed accordingly;
- Business continuity management: Completion of the operational business continuity plans will be driven in 2015. Newcastle (pilot) and Saldanha have been completed with the other operational units to be done in 2015;
- Risk identification and assessment with a focus on the identification of training techniques. Training in specific risk identification and assessment techniques such as SWIFT and HAZOP will be done in 2015. The intent is to strengthen and align the risk identification process. Training in management of change (MOC) principles will also be a focus area for 2015. (The biggest gap found during audits related to MOC.)
ArcelorMittal South Africa risk dashboard: January 2015
Measures taken to mitigate our top strategic measures:
- Group compliance training on ArcelorMittal policies, anti-trust, anti-corruption, and economic sanctions
- Appropriate legal defences being adopted
- Relationship building
- Adequate market intelligence, including:
- - Monitoring of imports
- - Strategy discussions with customers
- - Arbitration meetings
- - Consumption modelling with customers
- - Monitor leading market indicators
- Target market approach
- Further development on an ongoing basis in Africa over land market
- Target projects (e.g. infrastructure)
- Strategic sessions with customers
- Further improvement of service KPIs (OTD, pricing)
- Investment into working capital
- Optimise electricity consumption within ArcelorMittal South Africa
- Monthly discussion between industry and Eskom
- Standard NRS048 “Emergency energy supply for South Africa” implemented
- Emergency electricity network exists in Newcastle
- Change in Vanderbijlpark works footprint
- Energy business improvement wave to explore energy efficiency improvements requiring no or low capital
- Monitoring of market activities and review of strategies accordingly
- Improved customer service and reliability
- Feedback from customers and developing account plans accordingly (target market approach)
- Implementation of target market approach and industry plans
- Shorten lead times and improve on-time delivery
- Supply stability by continued focus on improvements, maintenance and operational expenditure requirements
- Improve B-BBEE status by implementing identified actions
- Projects implemented, e.g. waste disposal site (Vanderbijlpark), sinter clean gas (Vanderbijlpark), coke oven clean gas and water (Vanderbijlpark), EAF dust extraction system (Vereeniging)
- Emission measurement
- Closure of EAF and Battery 3 in Vanderbijlpark
- Improved PPE at coke ovens
- Individual action plans to partially remediate but are behind with capex programmes due to lack of available funds – majorprojects include:
- – Newcastle zero effluent discharge (ZED) project
- – Vanderbijlpark coke battery projects (eg coal water treatment and battery tightness)
- Ongoing shop floor audits for incorrect use of PPE and violations of standard operating procedures
- Periodic medical surveillance
- Internal logistics improvement plan to address turnaround times
- Road transport as alternative
- Monthly forum between TFR and ArcelorMittal South Africa
- Inventory management
- Daily weekly and monthly planning meetings
- Integrated transport plan
- Logistics operations centre (LOC) with TFR on site
- Alternative supply of critical input material
- Joint optimisation project between management of ArcelorMittal and Transnet Freight Rail to improve service delivery
- Review and maintain safety stock levels to serve as contingency
- Weekly stock planning meetings
- Target stock days
- Optimise internally generated material (e.g. scrap)
- Base volume to be negotiated (rail and road) – thus focus should be sustainable logistics performance
- Strategic partnership
- Increase Africa supply
- Leakage prevention initiatives
- Asset risk management process to mitigate risks
- Preventative maintenance
- Monitoring of operational drivers during monthly reviews
- Business improvement process
- Implementation of actions to reduce asset risks through prioritised capex plan
- Increased focus on process safety and passive plant protection (industrial audit)
- Increased focus on current controls
- Dedicated resource to manage contracts
- Identification of long-term, high-value and high-risk contracts using a rule-based approach
- Comprehensive contracting guideline drafted
- Spent matrix control in place for key commodities. SAP controls implemented
- Software solution in SAP (contract lifecycle management) to effectively manage contracts
- Management of contract register, deployment of Qlikview
- Contract management process with contract owners implemented
- Draft contract manual
- Renegotiate all logistics road contracts
- Contract management audit
- Driving the adherence to fatality prevention standards
- Close out of IRCA and cross site audit findings
- Visual felt leadership
- Improved focus on leading indicators
- Management presence on the shop floor
- Driving FPS standards – Level 3 at all sites in 2015
- Implementing more practical training with focus on the behaviour of employees and language medium