Application of ISO 31000 standard on tailings dam safety

Tailings dam safety is a frequent subject of discussion during mining project development. However, due to recent accidents with these structures, this issue has become even more prominent. A highlighted point is the risk management, which can be defined as the identification, analysis and maintenance of risks at acceptable levels during the design, construction and operation phases. Therefore, this article aims to present the direct application of ISO 31000: Risk Management applied to the safety management of tailings dams. Although not widespread, this standard brings guidelines and principles for the safety management of dams that will contribute to manage the risks associated with these structures in a systematic and effective way.


Mining Mineração
The safety of tailings dams has become a subject increasingly studied by several professionals, considering that the issue gained even greater notoriety after the Fundão dam collapse in 2015 in the municipality of Mariana / MG / Brazil. Among the most relevant aspects of the subject is the risk management associated with these structures. Klimkievicz (2016) states that risk management can be defined as the identification, analysis and maintenance of risks at acceptable levels during the design, construction and operation phases. Law number 12334 / 2010 (Brazilian National Policy on Dam Safety -PNSB) provides the definition of risk management as normative actions, as well as the application of measures for prevention, control and mitigation of risks. In addition, Silva (2012) states that it is necessary to consider the analysis, evaluation, control, acceptance and risk mitigation plans at all stages of the structure. Adiansyah et al. (2015) also emphasize the need to treat risk management as a fundamental tool in prevention actions with frequent updates.
According to current regulations, mining companies must adopt some type of risk management tool applied to tailings dam safety. Currently, most mining companies adopt risk management models based on the integrated development of risk analysis, risk assessment and risk control activities (Slingerland et.al., 2018). According to the authors, there are operations of coal and oil sand mines, and their tailings dams and ponds, following these procedures in Canada. In this context, ISO 31000 recommends the engagement of all hierarchical levels of a mining company which allows more effectiveness of tailings dam management compared to current standards. Regarding the safety of tailings dam evaluation, there are some examples with the use of a Set Pair Analysis (SPA) method. Zheng et al. (2018) developed a research using the SPA method to evaluate the safety level of a selected tailings dam in China. Considering the control of risk, the appropriate measures can be listed as: mitigation, prevention, detection, emergency planning, review and risk communication (Pimenta, 2009).
ISO 31000 (2009) provides guidelines and principles for managing any kind of risk in a systematic, transparent and reliable manner, within any scope and context. This regulation came up due to the lack of terminology standards and divergences between risk management processes in different sectors. Vick (2017) presented an application of Failure Modes and Effects Analysis (FMEA) and Hazard Analysis (HA) for identifying critical components of a failure. Silva (2012) states that, in this context, risk management is applied in a fragmented way in the mining industry and within each company. As a result, ISO 31000 standardizes the risk management process, establishing principles and guidelines for its implementation, but most mining companies still do not use it.
If risk management is implemented and maintained to the standard, organizations will be following international standards and regulatory requirements. As a result, the governance, operational controls, stakeholder confidence, decisionmaking, planning, loss prevention, and incident management can be improved. Mining companies that already have a risk management process in accordance with ISO 31000 can carry out periodic reviews of procedures according to specific operational characteristics, maintaining a common language.
Therefore, the purpose of this study is to adapt the ISO 31000 standard for the risk management associated to tailings dam safety in a generic way. Whereupon the standard can and should be applied in this context. It should be noted that the standard itself states that organizations that already have risk management should review it and adapt the ISO 31000 in their current management. In this sense, this article seeks to present another tool that contributes to the safety of dams.
2. Principles of the ISO 31000 standard applied to tailings dams ISO 31000 (2009) can be applied to any type of risk in any industrial segment because it is a standard that addresses procedures related to risk management. This regulation deals with the risk management process, establishing principles and guidelines for its implementation. The basic structure is divided into 3 sectors: principles for risk management; structure for risk management and processes for risk management.
There is a recommendation that each organization must adapt its operational characteristics. Notwithstanding, the basic principles of risk management established by ISO 31000 should be absorbed by companies. In the case of tailings dams, owners or managers must follow this premise to ensure that the continuity of the risk management process is effective. This section seeks to present a suggestion for the direct application of this standard for safety management of tailings dams with the addition of one more tool. The eleven principles listed by the standard and adapted here for the management of risks in tailings dams are: • The standard creates value: Risk management demonstrates that the company has an attitude towards the dam safety, legal and regulatory compliance before society in general; • Integral part of organizational processes: With application of the standard, risk management is not restricted to an exclusive sector of the mining company, such as the dam safety team. This is also incorporated into the company's top management, all organizational processes, project management, including strategic planning and change management processes; • Part of decision making: Risk management is an essential tool to help decision-makers make mindful choices and prioritize actions; • Explicitly addresses of uncertainty: Risk management prioritizes the analysis of uncertainty, its nature and how it can be addressed; • Systematic, structured and timely: Structured risk management contributes to efficiency and reliable results; • Based on the best available information: The input data should be careful with evaluation of methods and sources; • Tailored: Risk management can and should be adapted to the context of the mining company and its risk profile; • Takes human and cultural factors into account: Consider the perceptions and intentions of people who are directly and indirectly linked to the safety process of tailings dams.
• Transparent and inclusive: Ensure representativeness of all stakeholders; • Dynamic, interactive and responsive to change: Monitoring and continuous critical analysis to detect new risks due to the change of events in the internal and external context; • Facilitates continual improvement and enhancement of the organization: Important strategy of mining companies to improve their maturity in risk management.
The principles described above are the basis for the risk management proposed by ISO 31000, which then has two more stages. According to the methodology proposed by this standard, the following two steps must relate to each other, since one feeds the other. The first stage acts in a generalized way representing the management structure. The second is specific to the management process. Figure 1 shows the management structure composed by the design, implementation, monitoring and critical analysis and continuous improvement of risk management. All these components must be secured through the commitment of the mining administration, which includes policy definition and plans, objectives, mandates, responsibilities, resources, processes and activities. In this way, the structure ensures that the information obtained in the risk management process is properly reported and used as a basis for decision making as well as for accountability at all levels of mining, thus achieving effective and integrated risk management within the scope and strategic policies and practices of the mining company. The risk management process deals with the systematic application of policies, procedures and management practices for internal and external communication activities, consultation, establishment of the context, process of risk assessment, monitoring and critical analysis.

Framework for risk managing
According to ISO 31000 (2009), the effectiveness of risk management depends basically on the structure, since it provides the fundamentals and the arrangements that it will incorporate. The structure assists risk management effectively by applying the risk management process at different levels. The structure ensures that risk information from the process is adequately reported and used as the basis for decision making and accountability at all levels of mining. In Figure 2, it is possible to verify how the standard makes available the components of the structure in order to manage risks. In the sequence, approached was the manner in which each component is adapted for the safety management related to the safety of tailings dams.

Design of framework for managing risk
To ensure effective risk management for the safety of tailings dams, there should be a strong and sustained commitment made by top management (Executive board), including rigorous and strategic planning for this commitment to be at all levels. To this end, top management must implement at least the following items: 1. Define and approve the risk management policy related to tailings dams; 2. Ensure that the values and mission of the mining company are linked to the safety of tailings dams; 3. Define performance indicators for the risk management related to the safety of dams that are in line with the performance of the mining company; 4. Align the objectives of the risk management related to the safety of dams with the objectives of the mining company; 5. Ensure legal and regulatory compliance; 6. Allocate responsibilities at the appropriate levels within mining in relation to the risk management related to tailings dams; 7. Ensure that the necessary resources are allocated for the risks management related to the tailings dam; 8. Communicate the benefits of risk management to all stakeholders; 9. Ensure that the risk management framework continues to be improved. This project begins with an understanding of the internal context related to the tailings dam: projects, useful life, flood areas, regulatory and environmental aspects, importance of the structure for mining, costs involved in the project, which impacts have the structure in the objectives of the project. mining, associated risks. The external context related to the tailings dam is related to: regulatory aspects, environmental impacts, self-rescue areas, community, associated risks and others.
The mining company must also have a risk management policy that declares the general safety intentions and guidelines of the structure. The risk management should include clear objectives and defined responsibilities, which will allow the proper functioning of the structure respecting the technical and environmental parameters of the same. Finally, it is necessary to ensure the continuous improvement of this policy.
Considering aspects of accountability, the mining company, in the figure of its senior management, should establish a risk policy in its company that clearly defines the objectives of the safety management of the dam. Estab-lish the appointment of those responsible for the activities and providing resources, whether material, personal or financial. Ensuring accountability, authority and appropriate competence to manage risks.
The risk management of tailings dams should be integrated with the strategic planning of the company, being interconnected with the top management of the mining company. The mining company's top management must guarantee enough resources to implement and manage the risk management related to tailings dams in their fullness. This should include financial resources, training, information management systems, IT and others. Mining should establish an internal communication plan to promote and support risk ownership, as well as promote a communication system to communicate with external stakeholders.
The implementation of risk management is divided by the standard in two stages: implementation of the structure and implementation of the process. To implement the risk management structure, the mining company must implement a dam safety team or geotechnical management as provided in its chart. Regarding the second stage, implementation of the risk management process, a risk management plan for each structure should be adopted as an integral part of its daily mining practices and processes.
This step verifies how efficient is the risk management related to the dam safety. The indicators proposed by senior management must be in perfect harmony with the plan executed. Some suggestions for indicators in this step may be: what improvements have been made to the structures in a given period, whether the safety fac-tors of the structures are within the established limits, whether the results of the external audits are within the established, if there was an accident or incident in a certain period of time, if there was interruption in the operation of the structure in the period under review, if there was recycling of the team responsible for dam safety, and if the legal norms were met in the period under analysis. These are some suggestions of indicators for this phase, however each mining company must establish its indicators according to its context.

Risk management process
The risk management process refers to the application of the policy and procedures established in the structure, and must be an integral part of management, being incorporated into the culture and practices of mining. This stage is interconnected with the structure that implements the risk management plan for the dam; that is, identification and analysis of risks, assessments and treatment of dams.
In this step, the risk tolerances that guide and direct the decision making on the risk response strategy are also determined. Figure 3 summarizes the risk management process that the standard recommends.
The communication and consultation stage permeate the whole process of risk management. It involves the mining company and stakeholders, as it must establish continuous and interactive communication processes to provide, share and obtain information regarding the society's vision of dam safety. The standard foresees that communication and consultation must be present at all stages of the management process, so that those responsible for decision-making and any necessary action are aware of the risks. Risk communication is the key to the success in the risk management process. The establishment of the external and internal contexts of the risk management process very much resembles the context determined in the structure, but in the case analyzed, the detail is larger. One premise at this stage is the definition of the risk tolerance curves that will guide / direct the decision making about the risk response strategy, i.e. the attitude towards the risk that the company will take, thereby defining the mining risk appetite.
One of the tools used to define risk tolerability are the so-called tolerability curves. In general, they can be presented both in terms of financial impacts and in terms of potential for loss of life. Whitman (1984) presents a widely used curve in these cases and contextualizes both in terms of financial loss and in terms of potential loss of life, as can be observed in Figure  4. The Whitman tolerability curve is an alternative to evaluate tolerability for tailings dams, represented by field named as "Dams".
It is important to emphasize that at this stage of the risk management process, it is essential that the mining companies make their tolerance curves according to their context, choosing, therefore, the scale that best represents their reality, so that they can have reference to the risks they are assuming in the dams.
The purpose of risk identification is to develop a comprehensive list of sources of risks and events that may impair the structure's functioning and / or cause its disruption. The list should be comprehensive, since unidentified risks can become a threat to the structure. To develop it, a systematic process must be used, in a structured way, using predefined key elements. (ISO 31000, 2009). It is important to note that it is essential that the people involved in risk identification are aware of the dam's aspects, that is, it must be done by an experienced and multidisciplinary team so that the risks involved in the structure can be covered.
Risk analysis aims to promote understanding of the level of risk and its nature. The level of risk is determined by combining consequences and probability. The standard recommends that the risk analysis be performed considering several levels of detail, depending on the risk, the purpose of the analysis, the information, data and available resources. The analysis can be qualitative, semi-qualitative or quantitative, or the combination between them. Scales and methods for such a combination shall be compatible with available dam information (ISO 31000, 2009). The risk assessment stage is the decision-making process based on the results of the risk analysis. Here they determine which risks need treatment as well as the priority to treat them. In this step, the level of risk found is compared with the risk criteria established in the context. The definition of the treatment to be applied to risks is based on management policy (ISO 31000, 2009).
This step includes the selection of the most appropriate options for the treatment of risks, the preparation and implementation of the treatment. It refers, therefore, to the process of risk modification as determined in the risk assessment. This process involves changing the probability and / or consequences, removing the source of risk (ISO 31000, 2009). The treatment of risks is composed of the stage of evaluation of the treatment already performed, by checking the tolerance of residual risk levels, and if not, defining new treatments. Finally, one should conclude by evaluating the efficacy of the treatment.
The standard provides that the risk management process should be continuously monitored to ensure the efficiency and effectiveness of controls, to obtain additional information to improve risk assessment, to analyse the events, changes, trends, successes and failures, to detect changes in the contexts that may influence risk criteria and risk and to identify emerging risks (ISO 31000, 2009).

Discussion of the results for tailings dams
Applying risk management as described in the previous item, based on ISO 31000, the mining company is expected to improve its management related to waste dams by identifying and analyzing a broader range of risk-related issues inherent in these structures, providing a systematic way of making decisions based on information. This will provide all those involved in dam safety, including senior mining management, with a systematic approach to risk management that is an integral part of their responsibilities.
We can cite as beneficial after the implementation of this standard, in the context of dams: reducing uncertainties, taking advantage of opportunities for continuous improvement, improvement in planning and performance, economy and efficiency, improvements with stakehold-ers, decision, and reputation improvement among others (ISO31000, 2009). It is important to emphasize that the methodology proposed by the standard registers and requires the effective participation of the top management of the mining company, which is a fundamental factor for the success of risk management. Management commitment is the key factor in the risk management framework (Hui et al., 2017) Another relevant factor that risk management proposes is to provide, when it is implemented as recommended by the standard, the transparency of results through communication to stakeholders, especially to the external public, where it will have information about what types of risks and how they are being treated. More importantly, what are the risks to the dam, and what the mining company is assuming, i.e., what is the mining company's appetite for the tailings dam? This information will be of paramount importance to improve society's confidence in the industry. After the implementation of ISO 31000 in the safety management of tailings dams, the schematic result will be a flowchart where the structure of the risk management (RM) is defined, as shown in Figure 5. Figure 6 presents a flowchart of the risk management process of tailings dams.

Figure 5
Components of the structure for risk management in tailings dams (Adapted from ISO 31000).

Figure 6
Risk management process for tailings dams (Adapted from ISO 31000).

Practical Approach
Considering the Brazilian legislation that currently regulates the operation of tailings dams, there are two legal provisions. Law number 12.334 / 2010 (Brazilian National Policy on Dam Safety -PNSB) and DNPM Ordinance number 70389 / 2017 establish the minimum obligations that those responsible for tailings dams should carry out to ensure the safety of these structures. The main obligations are the biweekly internal inspections, special inspections in case of abnormality, semi-annual external audits, certificate of structural stability and the emergency action plan. Therefore, conventional tailings dam risk management focuses on three key components: monitoring, periodic safety reviews, and maintenance procedures (Klimkievicz, 2016). This description summarizes the current operating procedures for tailing dams in Brazil.
The practical application of ISO 31000 differs from current procedures because it has a broader scope. The three main components, cited above as a summary of conventional practices, are included as part of the risk management process presented in Figure 6. Thus, the operation of dams according to ISO 31000 provides for the fulfillment of current requirements in addition to the commitment of the whole organization. Figure 7 shows that current practices are embedded in ISO 31000, which makes the risk management process more comprehensive and structural within the organization. The current practice is focused on meeting only the obligations provided by law, and this places dams as marginal structures that generate only costs. With the application of ISO 31000, dams become an important part of the company's strategic plans. This practice counts on the participation of top management that identifies opportunities to insert this structure into value chains.
The involvement of all hierarchical levels of a company ensures greater proactivity, operational efficiency and greater effectiveness in the treatment of risks.

Figure 7
Practical application of ISO 31000 applied to tailings dam risk management.

Conclusion
With the implementation of risk management based on the ISO 31000 standard for tailings dams, the expected results are a systematic structure with the involvement of all hierarchical levels of the mining company, making clear the responsibility of each one in the safety management of the dam. Those responsible for tailings dams at all levels will have a significant improvement in safety-related outcomes by identifying and analyzing a broader range of issues, providing a systematic way to make informed decisions.
Another important factor that the norm emphasizes is a result of the its application and the communication among the interested party, and with the external community, thus improving the image and credibility of the mining company. A structured risk management approach also stimulates and enhances the identification of better opportunities for continuous improvement through innovation in the safety management of tailings dams. Therefore, the risk management of tailings dams should be integrated with the mining philosophy. The board of directors and the mining company's top management should be responsible for establishing the risk management policy for tailings dams; that is, it must ensure that it is aligned with the mining company's critical performance measures. Continuation of this research must be guided by the practical applications and development of case studies using the updated version of ISO31000:2018. The present study and future work aim to develop mining tailings management more committed to sustainability without departing from productivity standards.