The board is responsible for determining the nature and extent of the significant risks the group has to manage in order to achieve its strategic objectives. The group’s businesses are responsible for the maintenance of effective risk management and a system of internal controls, in line with the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. Throughout the year the board monitored the group’s risk management and system of internal controls, adopting an integrated approach to risk management which covers all material financial, operational, compliance, reputational and sustainable development risks. The board in conjunction with the audit committee regularly considered the group’s principal risks. The board’s review focused on the effectiveness of the group’s risk management and system of internal controls, assisted by the assessments undertaken by the audit committee. These assessments, which occurred both during the year and at the year end, evaluated the group’s principal risks, taking into account the strength of the group’s system of internal controls and its appetite for risk.
The board delegates responsibility for day to day risk management to the CEO who in turn relies on the group’s management to identify, evaluate, mitigate and monitor the key risks facing the group and to implement the group’s integrated risk management processes and controls. For further details of the executive committee, who are the senior members of management, please see pages 20 to 21 of our annual report.
The group’s integrated approach to risk management is outlined in the risk management triangle set out on page 217 of this annual report. The group’s businesses are responsible for maintaining an effective risk management and internal control environment. These are embedded throughout the group and in the day to day operations of the mines under the direction of management. This includes the implementation and regular monitoring of processes and controls which are designed to ensure adherence with the board’s appetite for risk and group policies and procedures.
The group’s business functions monitor adherence to these processes and controls and provide guidance to the business on their implementation and application. This includes ongoing reviews by key functions within the group. The group’s management is actively involved in all the group’s operations throughout the year, including numerous visits to the group’s sites and operations, attending monthly meetings with general managers and participating in weekly meetings with other senior members of staff, in each case to discuss critical issues affecting the operations, all of which are undertaken to assist in managing and mitigating the group’s risk exposure.
A comprehensive risk register is maintained and presented annually to the audit committee. The audit committee reviews the risk register and the risk management framework which the board and management use to identify and scrutinise key risks facing the group, and consider whether those risks are appropriately managed. The risk register and framework use the company’s existing risk matrix and universal risk prioritisation, and rating scale, which grade and prioritise perceived and known risks. The risk register assists management in identifying and assessing the key risks facing the business.
The audit committee acknowledges that there are many risks inherent to a mining business and the challenge is to effectively manage those risks. By its nature, the risk register is a dynamic document subject to change. However, it is used by management to perform their duties while at the same time allowing internal audit to review and evaluate the activities of management in their efforts to control issues of risk and assess whether these activities are sufficient for the mitigation and management of risk.
Assurance over the group's risk management, internal controls and governance processes is provided by the group's internal audit function.
As part of the preparation of the company’s annual report on Form 20-F, which is filed with the SEC, the substantial risk factors are identified and set out, highlighting to the market those aspects which could have a material effect on the company’s business.
The board carried out a robust assessment of the principal risk factors and uncertainties which it considers either individually or in combination as having the potential to have a material adverse effect on the group’s business, including those that would threaten the company’s business model, future performance, solvency or liquidity.
The group’s strategy takes into account known risks but there may be additional risks unknown to the group and other risks, currently believed to be immaterial, which could develop into material risks. Full details relating to the group’s industry generally can be found in the annual report on Form 20-F filed with the SEC, a copy of which is available on the company’s website www.randgoldresources.com.
Country Ranking System
As part of the risk management process, and in fulfilment of its risk management responsibilities, the group’s management regularly undertakes a detailed analysis of all countries in Africa based on the following approach, which is presented and agreed with the audit committee and the board on an annual basis, as outlined on page 224 of our annual report.
Ranking is dependent on a qualitative assessment combining each of the following on an equal weighting basis:
- Geological opportunity
- Economic and fiscal regime
- Political stability