Professional Documents
Culture Documents
017
RISK MANAGEMENT
Brief description
Performance requirements for the identification, assessment, control and monitoring of material risk issues
that could threaten the Corporate Objective and business plans.
Key contact
Annette McIlroy, Risk Manager Processes
The potential for impacts on the achievement of the Corporate Objective and business plans must be identified
through risk assessments using approved materiality and tolerability criteria. Risk assessments must be
supported by clear accountabilities and leadership, and adequate risk resources.
Incorporate risk assessments in key decision-making and business planning processes (Appendix 2).
Identify material risk issues by applying the mandated materiality and tolerability criteria for BHP
Billiton, Customer Sector Groups (CSGs), and Group Functions (GFs) (Appendix 2).
Develop, authorise and apply materiality and tolerability criteria for Assets, projects, Marketing and
Minerals Exploration (Appendix 2). Materiality criteria must include financial and non-financial severity level,
maximum foreseeable loss (MFL), and residual risk rating (RRR).
Implement risk management plans to assess, control and monitor material risk issues.
Authorise the risk profile before submission to the Business Group Risk and Audit Committee (RAC)
(Appendix 1).
Appoint adequate risk management resources, ensuring roles and responsibilities are documented and
obligations understood and training provided.
2. Risk assessment
A risk assessment (risk identification, risk analysis and risk evaluation) must be conducted for all material risk
issues to understand the nature and tolerance of the material risk issues related to the Corporate Objective
and business plans and decisions.
Conduct and document a risk assessment for all material risk issues (Appendix 2) and record material
risk issue assessments in a Risk Register.
Apply the risk rating methodology, including, MFL, RRR and severity factors (Appendix 3).
Perform a risk analysis or Bow Tie Analysis for the material risk issues. Determine and document the
relationship between the following elements: risk event, risk owner, cause, impact, existing preventative
controls, existing mitigating controls, improvement tasks.
Identify critical controls for material risks issues.
Conduct a tolerance assessment for BHP Billiton, CSGs, Assets, GFs, projects, Marketing and Mineral
Exploration to ensure material risk issues are maintained within tolerability criteria (Appendix 2).
Incorporate a formal review of the risk profile into the regular management agenda and update the risk
profile based on the Risk Register at least annually, identifying new or changes to existing risk issues.
3. Risk control
Risk controls must be designed, implemented, operating and assessed to produce a residual risk which is
tolerable.
Establish minimum performance standards (a benchmark, target, reference level or operating parameter
against which performance may be tracked) for each critical control. Design and operating performance
standard criteria must be considered for all critical controls for material risk issues.
Design, document, implement, operate and monitor critical controls for material risk issues.
Conduct and document self assessment of critical control design adequacy, implementation and
operation against the established minimum performance standards at least annually.
Rate the effectiveness of critical controls (applying the control ratings, (Appendix 4) at least annually, to
determine risk profile tolerance.
Record, monitor and complete improvement tasks to address weaknesses in control effectiveness to
ensure a tolerable risk profile.
Document, implement, and where practicable test and maintain business continuity management plans
current for material risk issues that interrupt business.
Report risk profiles and critical control assessments to leadership teams and the Business Group RAC.
Appendix 1. Authorities
10.8.1 BHP Billiton risk profile including continued tolerance of material risks
GMC
Board RAC
10.8.2 CSG risk profile including continued tolerance of material risk issues
CSG President
10.8.3 Asset risk profile including continued tolerance of material risk issues
Asset Leader
CSG President
10.8.5 Marketing risk profile including continued tolerance of material risk issues
President Marketing
10.8.6 Mineral Exploration risk profile including continued tolerance of material risk issues
Asset Leader
CSG President
President Marketing
Materiality criteria
Risk materiality criteria must consider non-financial impacts (Appendix 3 Severity Table). Risk issues are
considered material if they meet either of the MFL or RRR criteria (Appendix 3).
Tolerability criteria
BHP Billiton 300 residual risk rating (RRR) and “well controlled” control rating. If ≥
300 RRR and controls require some improvement then a management
action plan to reduce the residual risk or improve the controls is required.
CSG or GF 90 residual risk rating (RRR) and “well controlled” control rating. If ≥ 90
RRR and controls require some improvement then a management action
plan to reduce the residual risk or improve the controls is required.
The methodology involves the calculation of two parameters – MFL and RRR. The MFL and RRR needs to be
determined for all material risk events within the risk issue. Risk issue ratings must be defined by the highest MFL
and the highest RRR from the risk events contained within the risk issue. The MFL and the RRR can derive from
different risk events related to the one risk issue.
Maximum foreseeable loss (MFL)
In addition to MFL as defined, the plausible worst foreseeable consequence can be expressed in non-financial
impacts in the Severity Table, and can be applied to all risk issues and loss scenarios – not just to those involving
damage to operational facilities. In a plausible worst case scenario all active risk controls – including insurance
and hedging contracts – are assumed to be ineffective. Record the basis and assumptions used in calculating the
MFL in a Risk Register.
Residual Risk Rating
1. Identify risk events with potentially material consequences associated with the risk issue.
2. For each material risk event, calculate and document the expected maximum harm assuming reasonable
effectiveness of existing and tested mitigating controls. This is the “severity” of the risk event and is the
basis for selecting the severity factor. The basis and assumptions used in calculating the severity must
be documented in the Risk Register.
3. Select from severity table the severity factor description best fitting the expected degree of gain, harm,
injury or loss from material risk event being assessed. Interpolation between the levels is not permitted.
4. In proposals for future work and projects where there are no “existing” controls in place, the mitigating
controls planned and budgeted for must be assumed when selecting the “expected” degree of gain,
harm, injury or loss.
5. Where there is the potential for more than one impact type associated with a single risk event (for
example safety impacts and financial impacts), the severity factor must be the highest numerical rating
amongst those individual “expected degrees of gain, harm, injury or loss”.
6. Where the “financial” impact is expected to be a one-off amount, it must be calculated as the resultant
change in the Earnings Before Interest and Tax (EBIT) in that year.
7. Where the “financial” impact is expected to be an ongoing annual reduction in EBIT, it must be calculated
as the Net Present Value (NPV) of those future reductions in EBIT.
8. For joint ventures where BHP Billiton has less than 100 per cent financial interest, the severity factor for
financial consequences only, must be adjusted to reflect BHP Billiton’s interest.
Impact types
Severity
Severity
level Health and safety Environment Social and cultural Reputation Legal Financial
factor
7 >50 fatalities. Unplanned permanent Complete breakdown of social order. Prolonged (>2 months) international multi-NGO Hostile takeover, public >US$2.5 1000
Very serious environmental impact over Widespread desecration of items of global and media condemnation. shareholder discontent billion
irreversible injury to extensive area. cultural significance. Company directly resulting in loss of
>500 persons. Permanent loss of responsible or complicit in severe, and Chairman/CEO/Board,
ecosystem or extinction of widespread long term impacts on human bankruptcy, closure of
species. rights. operations on multiple
sites or BHP Billiton.
6 >20 fatalities. Unplanned severe impact A breakdown of social order. International multi-NGO and media Lack of valid operating US$250 300
Very serious (>20 years) on ecosystem Widespread damage to items of global condemnation. BHPB direct action (includes title, forced closure of an million –
irreversible injury to or Threatened Species. cultural significance. Highly offensive partner/contractor action) results in reputation operation, Anti-trust or US$2.5
>100 persons. infringements of cultural heritage. Company issue. Foreign Corrupt billion
directly responsible or complicit in severe, Large violent protest (>100 people) resulting in Practices inquiry.
long-term impacts on human rights fatal injuries.
5 2 -20 fatalities. Unplanned serious or Extensive long-term social impacts. Serious public or national media outcry Fines and prosecutions US$50 100
Short or long term extensive impact (<20 Widespread damage to structures/items/ (international coverage). Damaging NGO relating to criminal million –
health exposures years) on ecosystem or locations of national cultural significance. campaign. BHP Billiton reputation severely breaches including jail US$250
leading to significant Threatened Species. Serious infringements of cultural heritage. tarnished. Third party actions (where BHPB is terms and being the million
irreversible human Company directly responsible or complicit one of many in a group) result in reputation subject of a royal
health effects to >50 in multiple aggravated impacts on human impact. commission.
persons. rights. Large protest (>100 people) with significant
violence & serious, multiple injuries
4 Single fatality. Unplanned major impact Major long-term social impacts or on-going Major adverse national media/ public/ NGO Major civil litigation US$5million 30
Severe irreversible (<5 years) on ecosystem social issues. Damage to structures/ items attention. including class actions. – US$50
or Threatened Species. of national cultural significance. Major million
disability or 20- 100 people protest, people restrained with
impairment (>30% of infringement and disregard of cultural force, arrests and injuries. Asset/CSG reputation
body) to one or more heritage. Company directly responsible or majorly impacted.
persons. complicit in major human rights impacts.
3 Moderate Unplanned moderate Moderate medium-term social impacts or Attention from regional media and/or heightened Breach of regulation, US$500,000 10
irreversible disability impact (< 1 year) to frequent social issues. Moderate damage concern by local community. Criticism by Lack of valid exploration – US$5
or impairment (<30% ecosystem or non- to structures/ items of local cultural community, NGOs or activists. Asset reputation title. million
of body) to one or threatened species. significance. Moderate infringement of adversely affected.
more persons. cultural heritage/ sacred locations.
Days lost due to Moderate, temporary human rights impacts.
injury.
2 Objective but Unplanned minor impact (< Minor medium-term social impacts on small Adverse local public or media attention and Minor legal issues, non- US$50,000 – 3
reversible 3 months) to non- number of people. Minor repairable complaints. Heightened scrutiny from regulator. compliances and US$ 500,000
disability/impairment threatened species or their damage or disturbance to property, Asset reputation is adversely affected with a breaches of regulation.
Medical treatment habitat. structures, or items. Minor infringement of small number of people.
injury. cultural heritage. Minor, temporary human
rights impacts.
1 Low level short-term Unplanned low level Low-level social impacts. Low-level Public concern restricted to local complaints. Low-level legal issue. <US$50,000 1
subjective environmental impact infringement of cultural heritage or minimal Low level interest from local media and/or
inconvenience or disturbance to heritage structures. Minimal regulator.
symptoms. No impact on human rights.
medical treatment.
Page 7 of 9
GLD.017
RISK MANAGEMENT
could be incurred more than once in a Almost certain could be expected to occur more than 10
year once during the study or project delivery
could be incurred over a one to two Likely could easily be incurred and has 3
year budget period generally occurred in similar studies or
projects
could be incurred within a five year Possible incurred in a minority of similar studies 1
strategic planning period or projects
could be incurred within a five to ten Unlikely known to happen, but only rarely 0.3
year time frame
could be incurred in a 20 to 30 year Rare Has not occurred in similar studies or 0.1
timeframe projects, but could
For a system failure: Very rare conceivable, but only in extreme 0.03
circumstances
This consequence has not happened
in the industry in the last 50 years.
For a natural hazard:
The predicted return period for a risk
event of this strength/magnitude is
one in 100 years or longer.