The Board and CEO are committed to ensuring that risk is managed effectively to ensure we meet our strategic business objectives. Our Group Risk Management Framework aims to provide assurance that all risks across the Group have been properly assessed, mitigated, and monitored, within appropriate risk tolerance levels.
Risk management framework
Effective risk management requires that we identify, assess, evaluate and respond to the risks faced by the business. In order to do this effectively we reviewed our Risk Management Framework to align AngloGold Ashanti’s risk management practices with the new Operating Model. This resulted in a revised Framework, where we replaced the standalone Risk Policy through with risk management principles embedded in various Group policies and set a minimum standard of risk management as part of the work we do.
The revised Group Risk Management Framework adheres to the King IV Corporate Governance Risk Principles, ISO 31000 and the Committee of Sponsoring Organisations (COSO) Enterprise Risk Management Framework.
The Framework applies across the Company and to its managed entities. It guides us in a proactive and systematic way to monitor potential risks and opportunities. These can be associated with uncertainty, societal and political transition, economic fluctuations, regulatory changes and operational and production risks across all areas of our business and by all levels of management.
The governance of risk is entrenched in the Board’s structure and oversight. A level of risk governance is also embedded in the new Operating Model’s single-point accountability function and in the revised new Group Delegation of Authority. The Group Risk Appetite and Tolerance Statement is a Board accountability function and requires Board approval to ensure the enterprise and operational matrices used to assess risks adequately reflect the threshold of acceptable risk for the Group. Assurance, mainly through the Group Internal Audit department, is an integral part of our overall risk governance.
Risk management is integral to business activity and is integrated into Group-wide policies with our risk strategy part of executive accountability. The Group Risk Management Standard is an integral part of our Group-wide suite of Standards.
For details on our principal risks, see the 2022 <IR>:Managing our risks and opportunities
Ensuring that AngloGold Ashanti technology assets are always protected is key for our sustainability. As cyber related threats continue to grow, with malicious parties targeting industrial organisations with extortion through ransomware, we are committed to minimising the risk to the business. Maintaining cybersecurity across our operations receives ongoing focus and oversight.
The cybersecurity team operates a global 24/7 service that monitors all information technology assets in real-time, scanning for any imminent threats. We are committed to minimising the risk to the business and have incorporated the NIST Cyber Security framework into our cybersecurity operating model at all levels. For assurance, all policies and procedures are reviewed on a regular basis and audited for compliance.
Fake web domains & Social media scams
As a global organisation, we are aware of fake web domain and social media scams specifically targeting AngloGold Ashanti. These potential threats are under constant monitoring and we urge the public to inspect any email or web link that may be masked as a fake message and report these using our whistle-blowing platform, www.tip-offs.com
For more information on fake domains, refer to the 2019 press release by the Internet Service Providers Association.