THIS IS GOLD FIELDS Risk management

Risk management and materiality

The overriding purpose of our Enterprise Risk Management (ERM) process is to assist Gold Fields to achieve its strategic and operational objectives and help the company to become as resilient as possible in the prevailing global business environment.

Gold Fields uses a set of four well-defined processes to assess its risks, opportunities and material issues:

The outputs from these four processes have informed the identification of the risks, opportunities and material issues listed on this page.

Gold Fields' approach to enterprise risk management is based on the requirements of King IV, the South African Corporate Governance Code of Conduct and ISO 31000, the international guideline on risk management. The Group also subscribes to the risk management requirements of the ICMM's 10 Principles.

Gold Fields' ERM process comprises the following three pillars, which are deployed intuitively and form part of our day-to-day operations:

Strategic risk management: Developing and integrating sound, sustainable business controls that reduce the Company's exposure to material risks to an acceptable level, ensuring business and strategic objectives are achieved

Operational risk management: Continuously identifying, quantifying and mitigating operational risks to create a safe, healthy and efficient business environment and reduce business disruptions to achieve operational targets

Catastrophic risk management: Identifying potential disastrous events that may cause loss of life, extensive damage to infrastructure and prolonged production losses; implementing mitigating actions, strategies and policies to prevent or reduce the risk effect by strengthening resilience to absorb or reduce losses

We also regularly examine emerging global trends as a multinational company like Gold Fields is shaped by external social, economic and political dynamics in the regions in which it operates.

The Group and regional risk heat maps, the top catastrophic risks and key emerging global trends can be found in our Integrated Annual Report 2021
Risk management review process and reporting structure

Risk management processes are integrated from the foundation of the process described below, through all the various levels of risk management to the top, where the Risk Committee and Board are informed of all the significant risks facing Gold Fields. This includes a clear understanding of the external risk environment and the potential impacts or opportunities it may have on the Company. The global risk landscape and macro risk trends are analysed and integrated with our executive management strategic review process.

MATERIALITY ASSESSMENT

Gold Fields has carried out a formal process to assess and prioritise its material sustainability issues. It has done so using criteria aligned with those set out in the GRI Standards Guidelines taking into account the actual or potential impact of these issues on Gold Fields and its stakeholders

The process is based on a series of iterative assessments using a common, quantitative scoring framework. It draws on a range of internal and external sources, as well as detailed engagement with senior executives at the Company and representatives of external stakeholders – including industry, government, community and environmental organisations. These stakeholders were briefed on the GRI process and asked to evaluate all GRI Standards in terms of importance to Gold Fields and its stakeholders.

The outcome – depicted in the Integrated Annual Report – ranks health and safety, water management, environmental and compliance issues as the key GRI aspects that internal and external stakeholders consider most material to Gold Fields and its wider stakeholder base.

RISK APPETITE AND TOLERANCE

During 2021, we reviewed and enhanced our Risk Appetite and Tolerance (RA&T) Standard to ensure we approach risk management consistently at both Group level and regional operations. The standard provides minimum requirements and good practice principles to guide RA&T levels at strategic and operational risk management levels.

Understanding the relationship between our strategy and our approach to evaluating risks as a basis for setting RA&T is crucial. Firstly, RA&T does not relate to the risk itself, but rather the consequences of such a risk – this distinction is important to establish a practical set of RA&T positions.

We use our strategic objectives as a starting point, the achievement of which is critical for setting our RA&T levels. It follows that the consequences of the risks we are exposed to can create a variance from where we aim to be in terms of our strategic objectives. The level of variance we are willing to accept without making significant changes to the strategic objective sets the variance point for our risk appetite, while the level of variance we can accept before we need to review our risk treatment plans determines our tolerance position.

The amount of variance we can accept or tolerate is typically linear, expressed as a varying consequence of one or more risk consequences.

To support the achievement of strategic objectives and business plans, and to ensure tolerance positions are not breached, Gold Fields has a comprehensive monthly and quarterly business review and monitoring process in place. Performance is monitored and shortcomings are addressed swiftly and effectively. A colour-coding system is used during presentations to alert executives if targets are being achieved, and enables discussions around remediation measures.

Shortly after the quarterly business reviews are concluded, the Board of Directors conducts quarterly governance and oversight meetings, during which significant aspects of the business are comprehensively questioned and reviewed. Any misalignment with Company objectives or good corporate governance is discussed and remedial action requested. This is in line with our formal Approval Framework, which strictly defines decision parameters and risk tolerance.