Sundance Tragedy a Risk Management Warning
by Graeme Mickelberg
The recent loss of the entire board of Sundance Resources in an aircraft crash in a remote part of Africa was a tragic reminder of the risks of operating in such areas. As Graeme Mickelberg writes, the situation provides an interesting insight to the approach to managing business risks.
Business and other organisations are well aware that risk is an ever-present part of corporate life, and many businesses are quick to emphasise that they embrace best practice in risk management.
Businesses spend a great deal of time identifying the risks confronting them and developing strategies to manage such risks, which are often documented in corporate risk registers and subject to risk management plans. Similarly, some businesses appoint board members to their risk management committee and the annual report to shareholders inevitably includes statements concerning the approach taken to managing risks.
This approach might be regarded as responsible and reflecting good governance; however, the real litmus test for risk management depends on more than rhetoric and risk management plans.
Many large companies retain the services of risk management advisors, who have access to databases detailing key information about companies that provide services, including air services, to their clients.
Media reporting following the air crash that resulted in the deaths of the Sundance board members indicated that Sundance had been advised not to use aircraft from a particular company; yet it seems that advice was overlooked.
That situation was further compounded by the decision for the entire board to travel on the same aircraft.
Although there may have been practical reasons for these decisions, ultimately the consequences were catastrophic, confronting the shareholders of Sundance Resources with a dilemma not often experienced by Australian companies and investors.
The identification of risks should be an exhaustive process involving key managers, with specialist advice drawn from sources internal and external to their business, including insurers and legal counsel along with other advisors.
Once risks are identified, they should be evaluated in terms of their potential impact on the business, and measures to treat those risks should be identified. Identified risks and the measures to treat them should be documented in a corporate risk register.
Once documented, risks and counter-risk measures inform the development and review of other policies, including, for example, the travel policy, which mandates what airlines may be used, who should travel and under what circumstances key people should travel or not travel together.
Good corporate governance dependent on good decisionmaking
The approach outlined above is fundamental to good corporate governance and it could be argued that it is also common sense to ensure that senior leaders and managers avoid risks that may compromise their safety. Unfortunately and tragically, situations arise where individuals, although they should know better, are prepared to compromise their common sense for the sake of an expedient outcome to satisfy a short-term priority.
Conversely, it may also be argued that business risk management planning is intended to provide a management framework, which can be adapted to circumstances as they arise, noting the requirement for a degree of flexibility balanced against the training and experience of senior managers responsible for taking decisions relating to risks.
It is apparent that the required approach, and the one which is taken by most businesses, to managing risks rests somewhere between policies and plans that are ‘set in concrete’ and a flexible framework that permits shifts in the approach that may be taken.
It is also apparent that the effective management of risks depends on managers who have the strength of character and self-confidence to trust their judgement to make hard and perhaps unpopular decisions without fear of adverse reaction from their superiors and/or peers.
Underpinning effective risk management is the requirement for managers to be conscious of risks confronting their businesses, to be aware of changes to the risk profile, and to ensure they have the knowledge or can quickly acquire the advice they need to inform their decisions.
This article first appeared in Australian Security Magazine (ASM), September/October 2010