August 2018

The changing face of corporate risk tolerance

  • By Terence Jeyaretnam, Partner, Climate Change and Sustainability, EY

In an increasingly connected world, the importance of robust risk management processes from project initiation and design through to closure cannot be overstated

The complexities faced when managing mine tailings has historically posed a challenge for the mining industry. Past tailings dam failures such as Ok Tedi, Papua New Guinea (1998-2013); Mount Polley, Canada (2014); and Samarco, Brazil (2015) indicate tailings storage facility (TSF) failures are not isolated to a particular country or commodity. Although TSF failures are often a key risk that is identified in mining operations, these ongoing failures indicate managing this risk has proven challenging for the industry. We can categorise these failures as ‘black swan events’. Initially popularised by Nassim Taleb for financial events, black swan events are now attributed to events that are rare, have an extreme impact and are retrospectively predictable.

If this risk is identified but continues to occur throughout the industry, how do we close the gap? It may be worth reviewing who is responsible for managing the risk and challenges presented by these black swan events long-term.

Times are changing in relation to reputational consequences following major environmental incidents, driven by the increasing connectivity of communities through social media platforms. These platforms highlight incidents that may have been protected by geographical isolation in the past, increasing the reputational consequences for a company or its owners. Given the growing understanding within communities of the risks posed to their livelihoods by TSF failures, how have increased community and investor expectations regarding the design and management of TSFs influenced corporate risk appetite?

Corporate risk management

Sound corporate governance requires recognition and management of the risks that businesses have on government, the community and other stakeholders. Principle 7 of the ASX Principles and Guidelines, ‘Recognise and manage risk’, guides boards or their delegates to set the nature and extent of the risks the entity is prepared to operate with. For the risk level to be managed, the board is required to ensure a robust risk management framework is in place and a continuous review process implemented. A comprehensive integrated risk management framework requires the following:

  • risks identified
  • risks measured
  • mitigating controls implemented
  • risks monitored
  • variances reported and acted on.

Risks are often identified, measured and the controls identified in the one key activity. Implementation, monitoring and reporting of these controls is then an ongoing process and, with time, the effectiveness of these controls can vary from original intent. Reduced effectiveness can also be exacerbated by inadequate information sharing, which can occur when a company spreads and grows geographically or culturally. The challenge that black swan events present is that by their nature they are rare, thus potentially lulling companies into a false sense of security with regards to the efficacy of its controls.

Major incidents remind us of the ramifications that could occur if companies forego auditing practices that ‘stress test’ risk processes. This is particularly important if historically the effectiveness of managing a particular risks has proven challenging.

The changing face of setting corporate risk

Tolerance towards corporate risk is predominantly guided by shareholders and relevant government regulations. In developed countries with clearly established legislation protecting environmental and community impacts, corporate risk is stymied somewhat to comply with these frameworks. In Australia, legislation defines the environmental responsibilities of the board or their nominated risk committee. For major environmental incidents, this responsibility lies with company directors, who are required to demonstrate due diligence in order to discharge their duties. Therefore, this places the onus on the individual, rather than the entity, to ensure a comprehensive environment risk management framework is in place.

The importance of due diligence specifically in regards to TSF risks was recognised by miners on the International Council of Mining and Metals who, following the Mount Polley and Samarco incidents, participated in an industry-wide review into the management of tailings dams.

In developing countries where standardised legal frameworks are often less mature, what drives corporate risk tolerance? Historically, the higher risk allowances that came with operating in a deregulated environment would have been conducive to foreign investment and the resulting economic benefits. However, looking forward, to what degree does the growing visibility of environmental incidents then drive mining companies to operate to increasingly higher social responsibility benchmarks?

In EY’s annual report on the top 10 mining risk in 2016, social license to operate (SLTO) was ranked number four. This risk remained in the 2017-2018 report following several instances of significant community unrest, particularly in Peru, Guatemala and Romania. Closer to home, a 2017 CSIRO study revealed three quarters of Australians believed that mining companies should require consent from local communities before they operate. The economic challenge in this sentiment was echoed in the World Economic Forum’s 2018 Global Risk Report, where four of the top five risks in terms of economic impact were societal or environmental in nature. This is symptomatic of the changing perceptions and influence of communities, and in the board room we are seeing this play out with investors pressuring companies to further articulate their environmental and social responsibility standards. For mining companies, this could lead to a moderation of corporate risk tolerance, with a focus currently on TSFs.

The growing importance of risk management

The importance of robust risk management processes from project initiation and design through to closure cannot be overstated. In an increasingly connected world, where negative publicity is at times contagious, resource companies’ ability to manage their social licences to operate will be a key consideration in mine profitability. Review and auditing of risk controls are a key step to managing this, but in particular stress testing controls for black swan events will become increasingly important. Longer-term changes to the world around us such as climate change, politics, digital and technological solutions will continue to impact the efficacy and viability of various controls. If controls are not continually evolving as real world factors change, then this warrants a review of the management framework. Major risks that materialise are a reminder to us that risks are dynamic and therefore the management of the controls needs to keep up. 

The views expressed in this article are the views of the author, not Ernst & Young. This article provides general information, does not constitute advice and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.


Bonnie Campbell, P. H. (2004). Regulating Mining in Africa – For whose benefit? Nordic Africa Instistute, 80-84.

Council, A. C. (2014). Corporate Governance Principles & Recommendations 3rd Edition. ASX, 28-30.

EPA Victoria. (2013). Your organisation’s environmental responsibility – leadership actions for company directors and officers. EPA Guidance – Publication 1526, 1-5.

  1. (2018). Top 10 business risks facing mining & metals 2017-2018. EY Internal document, 8.

Moffat, K., Pert, P., McCrea, R., Boughen, N., Rodriguez, S., & Lacey, J. (2018). Australia attitudes towards mining: Citizen Survey – 2017 Results. CSIRO, p. 1-5.

World Economic Forum. (2018, June 28). The Global Risks Report 2018, 13th Edition. Retrieved from World Economic Forum:

Share This Article