CRO interview

Adrian Clements, asset risk manager, ArcelorMittal

Patrick Claude, corporate risk management, ArcelorMittal

How does risk management work within ArcelorMittal?

Adrian Clements: The first thing you have to do is to decide what is risk management? For example, in my area I deal with the physical, tangible assets. We conduct benchmark audits based on our own internal guidelines for every facility in the world, so we know what the benchmarks should be, and we generate recommendations for the group on how to improve and mitigate those risks.

Of course we see differences: some plants are at the bottom of the learning curve; others are at the top. One strategy is to twin a good plant with another, not so good one, to exchange knowledge laterally. As opposed to corporate coming down with a big hammer and saying, ‘that’s the way it should be done’.

Each of our plants is responsible for doing its own risk management within a corporate framework: health, safety, environment, assets, supplier and customer risks. We still have to comply with local laws, but we can do that within the corporate framework. We facilitate and offer support and guidance, which at the end of the day reflects the image of the company.

Patrick, what is your role?

Patrick Claude: Since the beginning of September, the department has been moved from internal assurance to the finance department. The big advantage of working like that is we can build the risk management process on what finance has already implemented. Of course the support of the CFO is very important as well and it puts the emphasis on financial loss and opportunity. And financial impact is no longer in the background.

“We actually have recommendations from insurance companies to put sprinklers over areas where we have liquid metal. There's no way we can do that.

Adrian Clements, asset risk manager, ArcelorMittal

One of my main roles is to introduce risk management into the normal management committee meetings. We have to explain to the different management committees that they have to think about risks. But as a corporate function we should not be arrogant. That means we should convince instead of imposing.

Adrian Clements: We talk about risk, and people immediately think it is negative. Risk is also positive, otherwise we would never do anything. In my area, a fire or explosion is a negative risk, but over time when the frequency of explosions and fires, business interruptions, machines breaking down decreases, then it becomes a competitive advantage. To mitigate one area adds a competitive advantage in another.

Like Patrick says, if you integrate the risk thought process into normal management then it becomes natural. It should be in the everyday lives of every manager of every company to think about it.

What challenges do you face today Adrian?

Adrian Clements: If I do my job 100% correctly and I ensure process safety and management are so good that the probability of a fire is almost nil, I am still under a lot of pressure to put in sprinklers because the insurance companies won’t insure me unless I do. If I do perfect ERM then I may not need fire protection. But then I have this problem that insurance becomes very difficult to buy. Out of this dilemma the trend towards captives and self financing is created.

We actually have recommendations from insurance companies to put sprinklers over areas where we have liquid metal. And I’m sorry but there’s no way we can do that, it’s more dangerous. So sometimes the solutions that you have are contradictory. We are being influenced very strongly by external experts who say, ‘we will give you cheap insurance if you do this’. The problem is they are not really looking at the true risks to the company. When it comes down to signing a contract in the risk transfer area the clauses are basically archaic.

The agreement to merge Arcelor and Mittal steel on 25 June 2006, created the world’s largest steel company. As the number one company, what challenges are you facing?

Adrian Clements: Being number one in the steel industry we find ourselves compared with other number ones. We are not necessarily being compared with our direct competitors.

“If you integrate the risk thought process into normal management then it becomes natural. It should be in the everyday lives of every manager of every company to think about it.

Adrian Clements, asset risk manager, ArcelorMittal

What we are trying to do is to lead the way, not only in tons of steel produced, quality and delivery times but in some of the risk management methodologies also.

Patrick Claude: LNM Holdings and ISPAT International, were merged to form Mittal Steel in 2000. The merger with ISG took place in 2005. Arcelor was created through the merger of Arbed (Luxembourg), Aceralia (Spain) and Usinor (France) in 2002. All this merging activity has led to many different views on risk management methodologies, risk mapping, and appreciation.

As a global steel producer how do you take a view of all the risks you are facing around the world?

Patrick Claude: That’s my job. Because of the merger we do not yet have a consistent view of all the different issues.

We have spent a lot of time inside ArcelorMittal trying to harmonise our risk management systems, getting the best from the different existing practices. In June we had a meeting with the audit committee and at that time, it was decided to launch our risk mapping and collate all the different risk assessments on a consistent basis across the group.

We are lucky in that we have a lot of experience inside our business units. For example, in South Africa they have well established risk management legislation. We look at where is the best practice and try to build it into the system.

Adrian Clements: Patrick is trying to identify the best ideas, strategies, bring those up into corporate and try to consolidate them, create and identify the critical paths and key areas and distribute that around the whole group. Within this framework the individual plants are still responsible for complying with local laws and legislation.

As a global company, there must be lots of different risks you are exposed to?

“I don't think that there is an infinite number of risks; you have to focus on the major ones.

Patrick Claude, corporate risk management, ArcelorMittal

Patrick Claude: It depends how you define risk, because all of our business units are operating using the same raw material so there are a limited number of risks on which we are focusing. I don’t think that there is an infinite number of risks; you have to focus on the major ones.

Adrian Clements: The global viewpoint is sometimes very different to the local viewpoint. In some areas we have a very specific risk. For example, within the old Arbed, we had three or four blast furnaces, but now with ArcelorMittal we have 72 blast furnaces. Where before there was a critical risk, affecting certain key production processes, growth and risk taking has mitigated this and now we have many of them.

Also, being a global player, flexibility plays an important role. How flexible is the company to adapt to change? This is what stakeholders also need to review. Three or four blast furnaces don’t give you much flexibility, but with 72 blast furnaces you become more flexible.

How do you tell which risks are critical?

Adrian Clements: That’s where your risk mapping comes into play. We use the COSO cube for risk mapping, which is three dimensional with different layers for risk assessment, mapping and quantification. One small risk in a single site might be critical to the whole process. So you need a system which allows these different points to be highlighted.

That’s perhaps one of the critical aspects in any company today – risk mapping. Your company should be transparent enough so that you allow these critical risks to shine through to the board. That effect could be anything, loss of a specific customer, loss of market share, bad image, millions of things.

Patrick Claude: Reputational risk could be the most critical risk to us, because most of the other risks can probably be mitigated by the global cash flow of ArcelorMittal. If you take the foreign exchange risks for example, the high level of the Brazilian real can be considered a risk for all Brazilian affiliates, but it’s an opportunity, for sure, for our North American affiliates.

Adrian Clements: But you have to be able to identify it and be able to respond quickly before the opportunity passes.

“Your company should be transparent enough so that you allow these critical risks to shine through to the board

Adrian Clements, asset risk manager, ArcelorMittal

Patrick Claude: For sure, and our people are working on that at the moment. I’m sure if it’s something affecting the image of ArcelorMittal then we have big problems.

So reputation risk is the biggest concern?

Patrick Claude: We have not yet quantified and analysed enough to be sure it is really the biggest risk, and to understand what could be the drivers of such a risk. But in my opinion it is.

Adrian Clements: If you take risk as being an event that occurs, then before that you had a cause to trigger that event. Well, for every event you have maybe a thousand causes and a million root causes. To identify which one is critical is the challenge.

What I try and do in asset risk is identify what we call lead indicators, so we are not reacting but we have the ability to be proactive. For example, what has caused all of these fires and explosions and business interruptions in the past in other industries? What is the root cause? By attacking the root causes you immediately reduce the potential causes and you also reduce the severity of the impact. When it comes down to identifying the lead indicators, what’s causing these problems, a lot of it is guesswork. But within ArcelorMittal we have approximated 39 lead indicators for asset risk management. These are used for budget building and performance indicators.

Patrick Claude: There is a challenge also to prove that ERM can really bring benefits to the organisation. We believe, and management is also convinced, that it can help. But really to prove it is very hard.

Adrian Clements: If it never happens you can’t prove it and if it does it’s too late already. So it’s very tough.

Patrick Claude: For the shareholder it’s important to have clear and transparent information regarding the real risk of the company. That’s probably the future information that will be required in the annual report, not only financial figures which we have published in the past but real transparent information about the risk. And it will be a major challenge.

“But as we have seen in the last weeks even the banks do not know what they are buying into. I think the banks have focused too much on the historical data to predict the future. It is not the only way to assess the risk.

Patrick Claude, corporate risk manager, ArcelorMittal

Adrian Clements: For me it is common sense that an investor who is buying a share in an oil company knows that the oil company can suffer a big explosion. That should also be part of their risk management thought process. The investor should be aware of what risks he is buying into.

Patrick Claude: But as we have seen in the last weeks even the banks do not know what they are buying into. I think the banks have focused too much on the historical data to predict the future. It is not the only way to assess the risk.

So how can organisations use historical data to assess risk effectively?

Adrian Clements: The key to enterprise risk is having the knobs or the buttons which, through fine tuning, can correctly predict future events based on historical information. The information has to be corrected for historical changes. I can’t for example take the root cause of a loss from 1970 and say it might still happen. I have to manipulate the historical data.

What about the emerging risks?

Adrian Clements: There are a lot of risks coming up today which don’t have any historical data. So how do you take very few incidents and simulate them into the future and implement that into your company? That is very difficult if not impossible.

Obviously we know what happens inside our company, so we try and mitigate risk based on our company memory. The company memory will get better and more stable as the company gets older. We are a very young company right now, so we are still trying to go into those memory banks to find out what’s actually there. What experiences do we have? What knowledge do we have? That has to be consolidated. It’s only then that you can take a step forward.

Patrick Claude: Some of the emerging risks that are coming find their origin in what decisions we make for the future.

I’m not sure that based on our current exposure terrorism risk is something we are exposed to. But depending on our decision to invest in some part of the world or not we can increase our risk.

To my knowledge there is no such process for identifying emerging risks but it is a real concern for the risk management function. We will certainly discuss this with our senior management.