CHAPTER 13 PROJECT MANAGEMENT

• Jurisdiction: United States

Strategic Risk Management for Natural Resources Companies
(May 2008)
CHAPTER 13
PROJECT MANAGEMENT
Catherine J. Boggs ¹
Barrick Gold Corporation
Toronto, Ontario, Canada

Project Management: A Smorgasbord of International Operating Risks

Introduction

After an international acquisition is completed, the celebratory champagne is finished, a mining or oil and gas company must get down to the tough business of developing or operating the asset that was acquired in a country that may have legal, institutional and cultural frameworks that are significantly different from the home country. Many of the operational risks faced in developing countries are the same as those found in any jurisdiction -- how to build a mine or develop an oil and gas operation in an environmentally acceptable, safe, and financially profitable way. But operating successfully in a foreign country typically requires that these same challenges be considered and addressed in a much different context with due regard for the host countries' business practices, institutions, and culture.

Surprisingly, many companies simply do not pay much attention to operational risks once an investment in a developing country is completed. In a 2006 survey conducted by the Economist Intelligence Unit of executives around the world regarding their attitudes to operating risk management in respect of investments made in emerging markets, the survey found that while 80% of those surveyed considered political and operating risk an important part of the due diligence process, only 44% monitored and managed risk continuously once the investment was made and only 30% do so regularly.²

It is de rigueur for companies acting internationally to proclaim that they apply the same policies, and utilize the same standards and practices in developing countries that they use in their home country. Nevertheless, without appreciating the cultural differences, the political forces and the manner in which legal institutions operate in the host country, and adapting their internal procedures to ensure compliance with universal company policies, companies can easily run a foul of not only their own internal policies, but be ensnared in the wide extraterritorial jurisdiction of the United States and as well as international laws. It is a grave error to assume that because of globalization, the spread of international business practices, or the growing use of English as a common business language, that a company can operate in one country the same way it does business in another and be comfortable that its corporate policies and procedures are being followed.

[Page 13-2]

This paper is designed to highlight the kinds of activities in developing countries that can enhance the risks a company faces, despite policies or procedures that are designed and intended to protect that same company universally. It will also consider the kinds of mitigation strategies a company can employ to increase the likelihood that company procedures and policies will be followed through out all of its operations. In this regard, the paper is not addressing the market-related, technical or local law risks associated with the operation itself.³ Rather the focus is on the activities of the people in the company and how these activities when not properly managed and monitored may fail to protect: (1) the anticipated financial return from the investment; (2) the company's people and assets; and (3) the company's reputation.

Companies are exposed to a variety of risks in "emerging" markets which are commonly characterized by the potential for rapidly changing political regimes, endemic corruption, governments lacking in capacity and expertise, and weak or insufficient legal institutions.⁴ These risks include everything from (1) the political risks associated with a government changing its tax or royalty regime after a project is built; (2) potential civil and criminal liability associated with actions taken in the host country that are seemingly regular business practices, but which may constitute violations of a host of anti-corruption laws; (3) insufficient vetting of local suppliers and business partners which may result in inadvertent violations of money laundering statutes, US sanctions, or anti-terrorist legislation; (4) actions arising from security challenges in protecting a company's assets and people that may create liability under the Alien Tort Claim Act ("ATCA") or other US laws; and (5) workforce and labor challenges that make implementation of company policies difficult, and which can easily damage a company's reputation locally and bring unwanted host government attention. Each of these risks has the potential to rob the company of the value of its investment and create lasting reputation issues for the company at home.

Anti-corruption, money laundering, and ATCA are topics on which there are significant written resources and materials available that address each topic in detail, so this paper is not intended to be a primer for the application of these laws.⁵ Rather, this paper is designed to heighten the awareness of the reader to the kinds of every-day situations that may blossom into catastrophic legal events when companies do not properly assess the specific risks associated with a particular country, mitigate the risk

[Page 13-3]

by adapting their operating procedures to account for the differences in culture and common business practices that may change the manner in which people and institutions interpret and implement company policies, and continuously monitor the procedures to ensure compliance.

1.0 Risk Assessment

Risk assessment may involve a variety of tools, but in general the process is designed to (i) identify the risks applicable to the operation, (ii) assess the risk for significance, (iii) develop mitigation strategies to manage the risk, and (iv) programs to monitor the risk over the life of the project.⁶ Typically, such assessments begin in consultation with a group of internal and external stakeholders. Risks are identified and assessed as to estimated impact and likelihood of occurrence. This assessment may be the result of sophisticated mapping programs or simple categorization of risk by magnitude (e.g. numerical ratings on a scale of 1 to 4 or subjective terms such as "high", "medium", "low"; "insignificant", "minor", "moderate", "major", "extreme) and identification of fatal flaws and trigger points. Risks should be assessed not only in terms of their dollar impact, but also in terms of potential non-monetary impacts, including damage to reputation or unwanted attention from NGOs or host government oversight. Certainly, an assessment of project related risk should address the particular local business practices or cultural issues that may impede the successful implementation or enforcement of the company's policies and procedures.

The assessment should result in a form of risk register that reflects a holistic view of the project and considers all of the risks, not only technical or geologic risks that may affect the development and operation of the project. The register also should designate who or which group is accountable for managing the risk and sets forth the mitigation strategy to be undertaken. As with any tool, the key is to ensure that the risk register is communicated to all necessary members of the operations team, and used to ensure the right hand knows what the left hand is doing. It is important that well intentioned actions by one part of the operations that may be intended to address one kind of risk do not create or enhance the risk associated with another aspect of the operations.

Perhaps most important, the risk register should be considered a dynamic document that is continually reviewed and revised as necessary to reflect new or changing risks the arise as the project develops, particularly with respect to non-technical risks. As noted in the EIU Survey, many companies rely on the risk assessment that may have been done at the time of the prospective investment, but are much less likely to monitor risks on an on-going basis, despite the fact that most executives cite political risk, bribery and corruption and abrupt changes in policy as the risk that they consider the most significant.⁷

[Page 13-4]

2.0 Changing Political Environments

Historically, political risk has resulted in much of the world's mineral resource development being concentrated in the more politically stable, developed countries, including Australia, Canada, South Africa and the United States.⁸ Because permitting requirements and community attitudes changing in these jurisdictions have made new mine or oil and gas developments significantly more difficult, there is renewed interest in exploring beyond these developed jurisdictions.⁹ Companies can often no longer expect to be able to replace reserves by looking at only domestic opportunities. Coupled with booming commodities prices, junior, mid-size, and senior mining and oil and gas companies are looking farther and farther from stable, developed jurisdictions; and investors are increasingly willing to accept the risks associated with building and operating natural resource projects in countries like the Democratic Republic of the Congo, Ecuador, Kyrgyzstan, Namibia, Mongolia, and Turkey. Developing countries look to this foreign direct investment in their natural resources to spur economic growth in the country, develop or upgrade their infrastructure, educate and train their work force, and transfer necessary technology and know-how in order to compete in the global economy. They typically begin by reforming their laws to address the historic threats to foreign investment, including expropriation and nationalization, currency incontrovertibility, discrimination as against local investment, and access to foreign dispute resolution mechanisms.¹⁰ These laws, however, are only the first line of defense...