How important can governance, risk and compliance (GRC) be to a mining company? If handled with an open mind and leaning towards innovation, important enough to save around $800 thousand in less than 12 months.
That has certainly been the case for Exxaro, one of the largest black-owned, South African based diversified resources company. The company predominantly mines through a number of operations in the Mhlanga province of South Africa.
In 2010, following a major restructuring, the company began to look at and reassess its GRC processes. For Saret Van Loggerenberg, Manager, Risk and Compliance at Exxaro, this was more about shifting the way in which mining companies including Exxaro conducted those GRC processes.
“Up until the restructure, what bothered me the most was that people seemed to treat governance and corporate compliance as something of a box ticking exercise,” she says.
Loggerenberg believes that for many mining organisations, GRC was completed for the sake of simple GRC. Through the implementation of SAP Process control, Loggerenberg and Exxaro has been able to prove a demonstrable increase in value to shareholders through a more streamlined and open minded approach to GRC
This mindset and approach was born out of a time in the industry where each and every department and business unit within a mining company was fighting for survival and proving that each departmental business process would be of value to and enhance the company.
“My focus was to turn governance risk and compliance upside down,” says Loggerenberg.
“To really prove to people that the only reason you should be doing this [GRC] is because it creates business value and a more resilient company that is more sustainable and adds money to the bottom line.”
At the start of this process back in 2010 Loggerenberg discovered that Exxaro, as with almost all mining companies, contained separate risk management processes in separate functional areas. For example, people in the safety department ran their own processes, the operational teams ran their own processes.
“Even strategic processes ran at a strategic level and all of these separate risk management processes never really spoke to the overall strategy of the company,” she says.
Part of this process of turning GRC “upside down” involved the implementation of some SAP Governance, Risk and Compliance (SAP GRC) solutions, namely SAP Risk Management and SAP Process control. both of which significantly contributed to that $800 thousand in savings.
“Using technology applications such as SAP helps us immensely throughout this journey and really creates a transparent interactive dashboard,” says Loggerenberg.
This dashboard presents an overall sense of visibility across the whole business and allows the company to better determine whether it is on track to meeting strategic objectives, whether those objectives are still relevant and keep track of the company’s sustainability KPI’s and whether it is meeting its important compliance requirements. All of this, available on one screen.
“It creates true exceptional reporting that cuts through complexity and provides the exact information and numbers that in some cases can be debated. Through SAP's governance tools, Exxaro moves to solution mode a lot quicker than before,” she says.
The most robust decisions can only be made when there is the necessary information is at hand. Technology such as the SAP dashboard solution allows information on risk management and the complete integration of strategy risk and performance management to be available at people’s fingertips.
In examining the way in which the company is meeting it’s GRC requirements, it forced Loggerenberg to ask if there was more to risk management than simply complying?
As a company, Exxaro’s risk management processes are in place to ensure that the company remains sustainable and be more innovative. To do this, it was soon apparent that like any company, restructure and transformation puts a spotlight on silos and a siloed way of thinking.
“Everyone follows their own process underpinned by their own risk language, which means people aren’t speaking a common risk language,” says Loggerenberg.
Loggerenberg set out to create transparency, through SAP solutions, by breaking down these silos on the strategic, tactical and operational layer. The aim of which was to create a situation where everyone from every level within the organisation was following the same risk management process.
“By doing so we teach people that proactive thinking is so important, regardless of your standing in the business.” She says.
In creating this collaborative and more integrated level of thinking, Loggerenberg was able to break down barriers and to allow the company to better understand why it does risk management in the first place while promoting the responsibility of the people to be proactive.
Despite the notable focus on GRC, the restructure process is not restricted simply to the way in which the company approaches its GRC. For Loggerenberg, the overall process is about establishing integration across the whole business to better harness the potential synergies that can be utilised through that integration.
“It’s about ensuring that you as a business are not spending the same amount of dedication towards a compliance legislation where the penalty is $500 as you would to legislation around licence to operate,” she says.
Loggerenberg, through the SAP solutions, set out to establish this integration to ensure that it speaks to the overall company strategies and not simply GRC. To not only break down those silos and that siloed way of thinking, but to break down the siloed approach overall.
The process began in 2010 and as we reach the end of 2016, Loggerenberg admits that the company hasn’t reached the end point yet. For any company, a process of change management is not a process that can happen overnight. A crucial element of this entire process has been getting people to believe in this journey and with so many different functionalities and areas of expertise, it does not come without its challenges.
The strategic level, the operational level, the GRC level, all need to be pulling in the same direction. Loggerenberg admits that it is “extremely difficult for people to relinquish their own siloed thinking in pursuit of something bigger.”
But after five years, and strong figures that represent the business heading into a new but ultimately innovative and right direction, Loggerenberg believes the results speak for themselves.
“I think we created something that people now view as an integral part of the business and not simply beside the business,”
Part of this success can be attributed to the pace of change. Flexibility in company strategy is key to the success of the business as that change is unpredictable, forcing a need to be more open minded and willing to change that strategy.
“Nothing focuses the mind like the sight of the gallows. This process, and not only through GRC, has opened the minds of stakeholders and strategic level right through to operational and even audit level on the need for better integration to better work to the organisation’s overall goals,” she says.
“It has created a whole new perspective.” She concludes.
Success has come in cost savings. $800 thousand saved in just under 12 months through the adoption of SAP solutions. 20 percent of those savings have been achieved through more effective risk management and integration.
The December issue of Mining Global is live!
Get in touch with our editor Dale Benton at [email protected]