To achieve our goals, it is vital to identify and understand those factors that have the potential to limit our ability to deliver on our strategy and its strategic objectives. Equally, we need to understand which factors present opportunities.
Enterprise risk management process
Our enterprise risk management (ERM) function empowers employees to deliver on strategic objectives by embedding effective risk treatment and fostering resilience. As the global, regional and operational landscape continues to shift, our proactive and integrated approach to risk management remains central to our strategy.
Our industry is shaped by safety imperatives, market volatility and evolving regulation, making risk management a strategic enabler of value creation across all our capitals.
In line with the principles of King IV, Harmony recognises that good governance and integrated thinking require that risk management be embedded in all strategic decision-making processes. Aligned with the ISO 31000:2018 standard, our ERM process supports informed decision making, enhances resilience and ensures that risks and opportunities are considered holistically across all capitals. Our risk management framework is integrated into Harmony’s strategic and operational ecosystem.
Risk governance
Harmony’s risk governance model ensures effective risk identification and management at every level:
- Overall governance of risk
- Sets the risk appetite.
- Assists the board in carrying out its responsibilities
- Reporting structure for governance
- Monitors and reviews strategic risks
- Approves the ERM policy
- Monitors the ERM plan deliverables.
- Monitors effectiveness of risk responses
- Ensures action plans are implemented timely.
- Own and manage risks within their operational areas
- Develop and implement effective controls to manage identified risks
- Monitor and test the effectiveness of controls
- Initiate corrective actions to address control deficiencies.
Risk management manual
Our approach to safety encompasses critical control management, preparedness, prevention and the monitoring, review and analysis of relevant Safety and Health indicators
Determining our most significant risks and opportunities
The Board, Executive Steering Committee, senior management, and ERM team conduct regular assessments of the global and industry risks facing Harmony. Strategic risks identified in FY25 were thoroughly evaluated, with the recognition that these risks cannot be viewed in isolation.
Developing and implementing effective risk response strategies requires navigating trade-offs, mitigating certain risks while potentially amplifying others, and yet also uncovering opportunities. These opportunities are vital to driving future growth and advancing our sustainability ambitions, serving as a complement to our strategic risk framework.
For detailed information on our approach to risk and opportunities, kindly refer to the Integrated Report 2025.
The risks highlighted below are the top strategic risks that fall outside our risk appetite and tolerance levels.
- Safety and health
- Cybersecurity
- Systemic failure of public infrastructure
- Water management and impact on securing and safely maintaining our water use licences and directive
- Supply security of electricity/power and the impact of higher electricity costs
- Political tensions (geopolitical and local)
- Impact of climate change
- Trackless mobile machinery-related risks
Opportunities are important for our future growth and sustainability aspirations and complement our strategic risks.
- Organic growth opportunities to increase the quality of ounces and drive down costs
- Inclusion of near-term copper in the business portfolio
- Productivity improvement projects
- Value-accretive mergers, acquisitions and divestments
- Achieving more reliable and lower-emissions power
- Leveraging Harmony’s water resources
- Fuel-efficient and low-emission technologies
- AI integration
