By: Mark Noppé, Director, The University of Queensland’s Sustainable Minerals Institute (SMI).AbstractThis paper was first published in the Tenth International Mine Geology Conference Proceedings 2017 (Hobart, Tasmania, Australia) by the Australasian Institute of Mining and Metallurgy.Mining is inherently a risk based business and risk governance is an integral part of corporate assurance and business decision making. Mineral Resources and Ore Reserves are the key assets for a minerals company and senior management/company boards require assurance regarding the likely accuracy of estimated and reported technical information. Reviews and audits improve the level of assurance in the reliability of estimated short-term (grade control) estimates, reconciliation, Mineral Resources and Ore Reserves. Peer reviews and audits contribute not only to governance processes, but also provide valuable technical improvement opportunities, as well as mentoring and professional development guidance to those whose work is being reviewed. Technical review is particularly crucial at a time in the industry when companies are running lean or perhaps inexperienced teams, with limited technical or management oversight.Despite both industry guidance and some company’s standards expecting or requiring reviews and/or audits of Mineral Resource and Ore Reserve generation and reporting processes, it is surprising how infrequently or ineffectively these are actually carried out. Examples of governance systems are presented which include appropriate peer review processes which if effectively applied can identify shortcomings in technical processes and provide timely correction to prevent, or mitigate against, erroneous outcomes. Peer reviews are ideally carried out concurrently with the preparation of data, selection of estimation procedures and validation of outputs from Mineral Resource and Ore Reserve estimation prior to the handover of results between disciplines, or the final reporting of results. Audits, on the other hand, are generally retrospective reviews by independent and/or external reviewers who rate the risks inherent with an already completed process, identifying opportunities for improvements in the future.The paper outlines the main components of peer reviews and audits, discussing how a combination of these can provide a structured and objective assurance system leading to systematic and disciplined processes to improve the effectiveness of, and confidence in, grade control, reconciliation, Mineral Resource and Ore Reserve risk management and support good governance.IntroductionMineral Resources and Ore Reserves are the main assets of a commodity-focussed company. Similarly to the requirements for financial, legal and environmental governance, assurance is required regarding the processes applied to data collection, estimation and reporting of Mineral Resources and Ore Reserves. The assurance processes applied should also benefit the company and its people by providing improvement opportunities and recommendations to mitigate identified risks.The author has observed several common themes in recent times when reviewing and auditing Mineral Resource and Ore Reserve preparation, reconciliation and reporting for companies of different sizes, maturity, location, and commodity types. These common themes have included the following:1. There are well-qualified, enthusiastic people tasked with and performing work they are inexperienced to do. This practice of using less experienced people would be acceptable if these people were being closely peer reviewed and guided or mentored as they learned, as this is how they need to develop the necessary skills to enhance and advance their professional experience, however the necessary peer review was often lacking.2. Some companies engaged external reviewers to provide peer review and guidance when the company recognised their own people did not have the time or skills, or it was thought that a fresh (independent) view was required to provide the appropriate level of guidance/assurance. It is commendable when this gap in essential peer review or mentoring is recognised and acted upon, however there are also some mature minerals companies with strategically important mineral assets where this peer review is not being provided at all.3. There were several areas of concern identified, some with potentially material impacts that required either immediate correction, an improvement or refinement in a process before the next internal or public reporting period, or even the public disclosure of the error, its impact and its correction. In one case, the correction resulted in a 20 percent change to contained metal content in the inclusive Mineral Resource classified as Indicated or Measured, and hence the subsequent Ore Reserve. In another case, an error in the data preparation assumptions changed the Mineral Resource metal content by some 12 to 15 percent. In other examples, the recommended improvements resulted in the reclassification of some Resource categories, with resulting changes of close to 10 percent in the estimate of tonnage, grade and/or contained metal within some categories. The over-riding concern raised by the above examples was that the identified errors and improvements were avoidable and concerned basic data verification and data preparation processes, rather than somewhat more subjective choices about estimation-related parameters. These issues highlighted the lack of experience of the people tasked with the estimation and the lack of adequate internal peer review to identify these issues early.A common concern identified was that many companies have not recognised the critical role peer review plays in improving the skills of individuals and in supporting the confidence in technical outputs. In some cases, while the importance of peer review was formally recognised by the companies in their procedures, there was no practical or effective peer review actually being carried out. On the other hand, there are also several examples where the value of peer review processes has recently been recognised and there are improvements in the application of these processes, but the point remains that a system of peer review should always have been in place.Defining Peer Reviews and Technical AuditsThere are differing meanings for the terms “peer review” and “audit” in use in the industry today. The terms and definitions used in this paper can be defined as follows:Peer reviews are ideally carried out concurrently with the preparation of data, selection of estimation procedures and validation of outputs from Mineral Resource and Ore Reserve estimation prior to the handover of results between disciplines or final reporting of results. The peer review may involve a detailed investigation, or “drill down”, into the data being reviewed and even the recalculation or re-estimation of values to verify the numbers if warranted. Audits are generally retrospective and are intended to review and rate the risks inherent with an already completed process, identifying opportunities for improvement in the future. Audits are generally focused on people, processes and systems and do not necessarily include a detailed investigation into all of the available data or a verification of the reported numbers. De Lange (2016) notes the “primary purpose of the audit process is to provide assurance over internal controls. The process ensures the adequacy of the process design, that is, that the controls work as intended (effectiveness)”. He goes on to identify the other benefits derived from the audit process, namely 1) that where weaknesses are identified, recommendations can be made on how to improve the controls, and 2) that more systematic issues can be identified over time, and a top down corrective action developed to address the identified control weaknesses.It is useful to note that while the JORC Code (2012) does not discuss the purpose of reviews or audits, the Table 1 Checklist of the JORC Code prompts companies and Competent Persons to provide “the results of any audits or reviews of sampling techniques and data, Mineral Resource estimates, and Ore Reserve estimates”. Practitioners generally recognise that the process of conducting reviews or audits results in improved practices and greater confidence in the resultant data. Certainly, when conducting any due diligence on a resource project, those completing due diligence often look to understand what reviews or audits have been conducted, when these were done, what findings were made and how these findings were dealt with by the company’s technical staff and management. The audit processes used by some companies to provide assurance on their Mineral Resource and Ore Reserve reporting provide useful assurance on the overall processes, but are mostly retrospective. Depending on the audit brief, the audits may be of relatively short duration focussing essentially on the adequacy and effectiveness of the control processes in place. Such audits are appropriate to identify improvement opportunities, but since the improvements are not identified concurrently with the Mineral Resource or Ore Reserve preparation, the learning opportunities may be several months in the past. In these cases, if the company does not have internal peer review to provide verification or validation of the actual numbers generated, this lack of internal control may indeed be the weak-link in the assurance of the generated and reported Mineral Resources and Ore Reserves. Background to Managing RiskThe Institute of Internal Auditors (IIA) provides an outline of an effective risk management and control process called “The Three Lines of Defence” model (IIA, 2013). The author has seen this model adopted by some minerals companies and applied effectively for managing risk in the Mineral Resource and Ore Reserve generation and reporting process.The Three Lines of Defence model provides a coordinated and structured approach to design and manage essential risk management duties. It provides a fresh way to look at operations and is suitable for organisations of any size or complexity, regardless of whether they have a formal risk management framework or system in place (IIA, 2013). The position paper describes the Three Lines of Defence, where:ν Management control is the first line of defence, ν Risk controls and compliance oversight functions established by management are the second line of defence, and ν Independent assurance is the third line of defence. Each of these Three Lines of Defence plays a key role within a company’s broader governance framework (Figure 1). Senior management and boards of directors are not explicitly part of the Three Lines of Defence, however these groups are the primary stakeholders served by the assurance process and are best placed to ensure adequate assurance processes are reflected in the company’s risk management and governance control processes. Essentially, the “control environment” for the company is established and driven from the top ranks of the company, (namely the “tone from the top” set by the senior management and board), and is underpinned by the necessary competency of the people performing the work. The relevant staff need to know what the company wants to achieve (objectives) and what can go wrong in achieving those objectives (De Lange, 2016).An example of the Three Lines of Defence model applied to the risk management and control of Mineral Resource and Ore Reserve generation and reporting is as follows:ν First Line of Defence: Peer review of technical work at specific stages of the various estimate generation and reporting stages by suitable qualified / experienced peers within the company structure (colleagues working within the same project, mine or department), or external reviewers if internal reviewers are not available. These peer reviews are carried out concurrently as the work proceeds. The outcomes of these reviews are generally managed by and reported to the local technical and operating management (the risk owners / managers) for that project, mine or business unit.ν Second Line of Defence: Oversight and selectively applied peer reviews of the technical processes and compliance to procedures, standards and the operation of the controls in place at specific stages of the estimate generation and reporting. This oversight is generally carried out by suitably qualified and experienced peers, typically technical peers or indirect supervisors with at least one reporting line removed from those performing the original work. This may include assessments carried out under the guidance of the company’s internal technical risk or audit function. For example, peer reviewers for this oversight function may be from the company’s central technical services team, or a separate operation or business unit, or external reviewers if internal reviewers are not available. The oversight and peer reviews are typically carried out concurrently as the work proceeds, or at least at specific and planned stages of the estimate generation and reporting process. The outcomes of these reviews are generally of limited independence and are managed by and reported to the local technical management for that project, mine or business unit, providing support for the risk control and compliance of the process.ν Third Line of Defence: Independent reviews and/or audits generally managed by and reported through the company’s internal audit group rather than through the technical management group whose work is the subject of the review or audit. The reviewers are typically both independent and/or external to the company, and the outcomes are reported through to the technical management, the senior management and the board (often through a board-appointed technical or audit committee). These reviews or audits are of greater independence and provide the final line of assurance for senior management and company boards.Examples of Mineral Resource and Ore Reserve GovernanceRio Tinto Plc (Rio Tinto) outlined its Mineral Resource and Ore Reserve governance system in a paper in the AusIMM’s Monograph 30, Guide to Good Practice (Hunt and Eldridge, 2014) and in its annual report (Rio Tinto, 2016). With assets held on six continents and in a range of commodities, Rio Tinto recognised the requirement for a rigorous and structured approach to reporting data across the company and has established a governance system supporting the generation and publication of Mineral Resources and Ore Reserves, which includes a series of structures and processes independent of the operational reporting. The Rio Tinto system comprises three main levels for Mineral Resource and Ore Reserve governance, managed through three governance committees, namely:1. The primary vehicle for Mineral Resource and Ore Reserve governance is the Ore Reserve Steering Committee (ORSC). The ORSC meets at least quarterly to discuss resource and reserve matters and provides sponsorship of Competent Person training and development. 2. The ORSC reports to the Rio Tinto Executive Committee independently of the various product group lines.3. The Board Audit Committee (BAC) has governance of Mineral Resources and Ore Reserves in its remit. This is achieved through the process of annual reviews of Mineral Resources and Ore Reserves at a group level as provided by the ORSC, and the review of findings and progress from a group-wide Mineral Resources and Ore Reserves audit program, administered and managed independently of the ORSC by Rio Tinto’s internal Audit and Assurance function.Rio Tinto considers that the three committee levels of Mineral Resource and Ore Reserve governance ensure visibility of related issues at the top levels of the company. Rio Tinto notes that the ORSC is a key element of the governance framework since its mandate includes vetting all nominated Competent Persons, reviewing the annual Mineral Resource and Ore Reserve figures and Competent Person technical reports, promoting and supporting the role of the Competent Person and on-going Competent Person training, and supporting the Mineral Resource and Ore Reserve estimators through reporting guidance and facilitating peer reviews (Hunt and Eldridge, 2014). These functions of the ORSC essentially support and provide the Second Line of Defence in the Three Lines of Defence model discussed earlier in this paper.As noted above, the governance is further enhanced by having the internal Rio Tinto Audit and Assurance function manage the ongoing Mineral Resource and Ore Reserve audit program. This ensures the audits are managed and reported independently of the technical management whose work or whose staff are the subject of the audits. This is an example of the Third Line of Defence in the Three Lines of Defence model discussed earlier in this paper.In a similar model, Atlas Iron Limited describes its Mineral Resources and Ore Reserves Corporate Governance as follows (Atlas, 2017): “Atlas has an established Ore Reserve Steering Committee (ORSC) that oversees the Mineral Resources and Ore Reserves processes and reporting. The committee includes management from geology, operations and mine planning. It meets regularly and is responsible for reconciliation, estimation and reporting of Mineral Resources and Ore Reserves. Ore Reserves undergo rigorous governance and signoff processes extending to all disciplines responsible to satisfy JORC [Code] compliance with this process audited by external consultants.Atlas continues to develop its internal systems and controls in order to maintain JORC [Code] (2012) compliance in all external reporting, including the preparation of all reported data by Competent Persons as members of the Australasian Institute of Mining and Metallurgy”.Designing a Governance SystemAll companies large or small, publically listed or not, require some form of Quality Control and demonstrable assurance to support good governance. In the author’s opinion, this assurance and governance must extend to the Mineral Resource and Ore Reserve assets of minerals companies in a similar way that a company provides the board with assurance on financial, legal, safety, environmental and community issues. The assurance of reliable Mineral Resource and Ore Reserve reporting must therefore be included within the company’s risk management and control framework. As a minimum, a control process of internal peer review, akin to a First Line of Defence and/or a Second Line of Defence is needed. Internal peer review provides effective control and assurance as well as value-add improvement opportunities for Mineral Resource and Ore Reserve generation and reporting for even small companies. Ideally such peer review should be conducted at both the First and Second Line of Defence levels, however if a company were to select only one level, then the author recommends the First Line of Defence with concurrent peer review by suitable qualified / experienced peers.These forms of internal peer review are common in consultancy practices to provide assurance on external client deliverables. In a consultancy, the best defence an individual or the company has of their work practice is to test whether it is likely that the majority of other specialists using the same information would generate a similar outcome or conclusion. Consultancies provide themselves with this assurance through a system of peer review or due diligence of their work and outputs to ensure the reasoning and techniques employed have been carefully considered (Gardiner-Hill, 2014; Livesley, 2014). Such peer review effectively provides the client with a second opinion on the issues, as well as providing professional development learning to both those being reviewed and the reviewer. However, despite the many advantages of peer review, the author notes that in many cases the peer review process in minerals companies is ad hoc, inconsistently applied, not well planned or in some cases, not carried out at all. In the case of work provided by consultancies, despite the clear value-add of peer review, some minerals companies question the charges for such peer review and sometimes seek to minimise this cost.Audit style reviews (the Third Line of Defence with independent and/or external reviewers) are generally triggered when studies have to pass particular stage-gates, such as when major capital expenditure requires approval, or when a Mineral Resource or Ore Reserve estimate is likely to result in a material change to the previously reported estimates. In some cases, an external audit is only called for when an unexpected error has been identified. External assurance is then sought to “sign-off” that the problem has been adequately and effectively addressed and that the new processes put in place will likely be effective in avoiding such an error in the future.De Lange (2016) proposes a model of assurance that would provide an Audit Committee with the required assurance regarding Mineral Resource and Ore Reserve processes. The suggested approach ties the assurance needs of the senior management and board to the needs of the technical experts in the company, therefore involving and benefiting two important stakeholders. De Lange further notes that an assurance process should be aimed at continuous improvement that further enhances the robustness and reliability of the Mineral Resources and Ore Reserves reported by a company.A number of mid-tier companies (along with most of the major minerals companies), particularly those publically listed, have a rolling schedule of Mineral Resource and Ore Reserve external reviews or audits in place. Typically, this audit or review program would see all of their advanced projects and operating mines audited once in three years. The companies may choose to run these as reviews concurrently with their annual Mineral Resource and Ore Reserve generation calendar, or as retrospective audits on previously completed or reported Mineral Resources and Ore Reserves.When designing a Mineral Resource and Ore Reserve assurance system or framework, there needs to be a structure and agreed process and format for the review itself and for the reporting of the review or audit outputs. It is generally not enough to have a simple “sign-off” or, in the case of an audit, a final “tick-box” checklist. There needs to be an engagement plan, communication process (including defined escalation and reporting levels), staged reporting, and a follow up mechanism for tracking actions resulting from the recommendations from the review or audit.The Institute of Internal Auditors provides the following recommendations for designing a structured assurance system (IIA, 2013):ν Risk and control processes should be structured according to the Three Lines of Defence model.ν Each line of defence should be supported by appropriate policies and clear role definitions, including assigned responsibilities and accountabilities, ν There should be active coordination between the separate lines of defence to ensure efficiency and effectiveness,ν Risk and control functions at the different lines should share knowledge and information for improved efficiency, without being combined or coordinated so as to compromise their effectiveness,ν Where risk and control functions at different lines are combined the senior management / company board should be informed and advised of its impact on the effectiveness of the assurance process, andν For companies without an established internal audit function or activity, senior management and/or the company board should disclose to their stakeholders how adequate assurance on the effectiveness of the company’s governance, risk management and control structure will be provided.DiscussionSo, why is peer review and/or technical audit not more consistently applied by minerals companies, given the importance of these review and audit processes to the assurance required to support good governance?De Lange (2016) comments that the Mineral Resource and Ore Reserve estimation processes are surprisingly underrepresented in minerals companies’ assurance systems given that these are the material assets of the companies. However, when press reports expose the Mineral Resource or Ore Reserve as being inaccurately reported, or when they are reported in merger and acquisitions processes, then their importance becomes obvious. In particular, the impact of erroneous Mineral Resource and Ore Reserve numbers (both positive and negative) could have a material impact on a company’s reputation and value (Noppé, 2014).De Lange (2016) notes that the technical nature and “black magic” connotations of the Mineral Resource and Ore Reserve estimation processes are possibly reasons why company audit committees are not actively involved with their monitoring, and that company internal auditors avoid these processes for similar reasons. He goes on to note that stakeholders’ expectations of good governance are growing, and part of this increased focus is to attain a higher degree of certainty about the current and forecast position of companies, and that “stakeholders are also increasingly more interested in non-financial areas of entities, as the future success of an entity is more than a set of financial metrics”. De Lange (2016) concludes that Mineral Resource and Ore Reserve generation and reporting processes should be on the agendas of company audit committees. This requires the monitoring of key controls as part of the governance obligations for senior management and the company board. Some people are nervous or suspicious about having their work checked, or believe it is a sign of weakness to be subjected to peer review. This may lead to defensiveness, and other detrimental behaviours, such as providing information or answers that are thought to be what the reviewer wants to see, rather than what they need to see. In some cases, an upcoming review or audit triggers a flurry of work to generate the backup, support and validation for work previously completed, whereas that work should have been concurrent with the estimation process to support decisions and assumptions made at the time.Some people see audits as a “tick and flick” or “checkbox” exercise. This view may have arisen because an audit system has been in place for a number of years and the audit process has become “stale”, or the original champions have moved on and the new incumbents administering the assurance process have lost sight of the intent and value behind the final deliverable (which may be based on, or presented as, a summary checklist). The purpose of the checklist is to ensure all key activities have been reviewed and serves as a summary to note those activities for which improvements are required which are then described elsewhere in more detail. If people interpret an audit to begin and end with a checklist, then this is clearly missing the point of the checklist as just one tool in a more comprehensive process to help support and report the review or audit process. Some managers prefer a report that is all “prose” and without checklists; if time is precious, there may be little value in re-describing every process that was reviewed, when these issues are best discussed by exception. So, where the report includes a checklist summary, this can look like a “tick-box” exercise and be mistaken as the start and end of the audit process. However, nothing is further from the truth, since the investigation and review carried out by an experienced reviewer/auditor encompasses a wealth of knowledge applied and shared in generally a very short review time frame. A well-designed and executed audit process should provide clear support and justification for management action plans to improve processes identified for improvement. The audit process should include a clear engagement plan, communication and investigation process, feedback loops, and ultimate findings and recommendations for improvement. A checklist provides a useful tool to summarise and check that all relevant processes have been captured and reviewed, and to highlight which processes have been found acceptable and draw attention to those that have not and therefore require more detailed explanation.A properly structured audit process to provide adequate and effective risk management and control is really a formalised peer review process. The difference between an audit and peer review is that the emphasis of an audit is on high-level topics such as the people, systems and processes, rather than on the verification of the numbers. Having said that, it is not uncommon for companies to make use of the presence of the experienced auditors and extend the scope of the audit in places to include a more detailed peer review or drill-down assessment of some items. In such cases, it is best not to confuse the structured audit with the detailed peer review, and therefore best to separate the audit/review report into a separate audit component, and technical review feedback. This separation of work and audience for the report feedback is also important, since the stakeholders for audit-style feedback are primarily senior management and the board (or its executive and/or audit committee), whereas the primary stakeholders for the internal peer review feedback are the estimators and technical management. Conclusions1. An effective assurance process for the governance of Mineral Resources and Ore Reserves is one consisting of three lines of defence; two levels of internal peer review/oversight and a final level of independent review or audit, administered and monitored by appropriately mandated levels of management oversight. 2. Peer reviews and audits contribute not only to governance, but also provide valuable technical improvement opportunities, as well as mentoring and professional development guidance to those whose work is being reviewed. Technical review is particularly crucial at a time in the industry when companies are running lean or perhaps inexperienced teams with limited technical or management oversight.3. If the company does not have a system of at least internal peer review (as opposed to a formal external peer review process) to provide verification or validation of the actual numbers generated, then this lack of internal control may indeed be a weak-link in the assurance of the generated and reported Mineral Resources and Ore Reserves. Indeed, for companies without an established internal audit function or activity, senior management and/or the company board should disclose to their stakeholders how adequate assurance on the effectiveness of the company’s governance, risk management and control structure will be provided.ReferencesAtlas. 2017. Mineral Resources and Ore Reserves Corporate Governance. [online]. Disponible en: <http://www.atlasiron.com.au/irm/content/dso-resources-and-reserves.aspx?RID=241> [consultado el 18 de marzo de 2017].De Lange, L J. 2016. Resources and reserve assurance processes – a framework for improved governance – The AusIMM International Mine Management Proceedings, pág. 21-34 (The Australasian Institute of Mining and Metallurgy: Melbourne).Gardiner-Hill, F. 2014. Liability issues arising in relation to exploration, Mineral Resource and Ore Reserve reports included in takeover documents – The AusIMM Guide to Good Practice - Segunda Edición, pág. 839-842 (The Australasian Institute of Mining and Metallurgy: Melbourne).Hunt, S J y Eldridge, C S. 2014. Rio Tinto Mineral Resource and Ore Reserve governance – The AusIMM Guide to Good Practice - Segunda Edición, pág. 835-838 (The Australasian Institute of Mining and Metallurgy: Melbourne).IIA. 2013. The Three Lines of Defense in effective risk management and control – IIA Position Paper, Enero 2013 (The Institute of Internal Auditors: Altamonte Springs, Fla., EE.UU.).JORC. 2012. Australasian Code for Reporting of Identified Mineral Resources and Ore Reserves. Report of the Joint Committee of the Australasian Institute of Mining and Metallurgy, Australian Institute of Geoscientists and Minerals Council of Australia (JORC).Livesley, K. 2014. Liability of Competent Persons for JORC Reports – The AusIMM Guide to Good Practice - Segunda Edición, pág. 843-848 (The Australasian Institute of Mining and Metallurgy: Melbourne).Noppé, M A. 2014. Reporting and converting resources to reserves – how confident are we, en Monograph 30 - Mineral Resource and Ore Reserve Estimation – The AusIMM Guide to Good Practice - Segunda Edición, pág. 805-814 (The Australasian Institute of Mining and Metallurgy: Melbourne).Rio Tinto. 2016. Informe Anual 2016 – Producción, Reservas y Operaciones. [en línea]. Disponible en: http://www.riotinto.com/documents/RT_AR2016_Production_reserves_operations.pdf> [consultado el 27 de mayo de 2017].