COPPERMOLY LTD

RISK MANAGEMENT POLICY

Risk is the chance of something happening that will have an impact on objectives.
The purpose of risk management is to identify potential events that may impact on the company,
quantify the impact and likelihood of the occurrence and then manage the risk in accordance with the
company’s risk appetite.
Coppermoly Ltd is committed to the full integration of a pro-active risk culture via the process of
identification, communication and mitigation in accordance with the ASX Principles of Good
Corporate Governance embedded into all aspects of corporate activity.
Coppermoly aims to achieve a balance between realising opportunities for gains whilst minimising
losses. Whilst the Board acknowledges that it is responsible for the overall internal control
framework, it is also cognisant that no cost effective internal control system will preclude all errors
and irregularities.
Coppermoly, whilst being committed to the philosophy of effective risk management as a core
management capability, is primarily required to create growth of long-term shareholder wealth. To
this end, the Company must pursue opportunities that involve some degree of risk. Shareholders
and stakeholders must expect that optimisation of such rewards are only gained from this degree of
risk taking.
Coppermoly’s Risk Management Policy seeks to ensure that its physical, financial and human
resources will be applied to enable the Company to operate in a safe and productive manner.
The Risk Management system is implemented to ensure the identification, assessment and
management of risks across the operations. The key elements are:
ƒ The Board reviews the Company’s risk management systems and control frameworks and
the effectiveness of their implementation and the management of risk at its regular
meetings.
ƒ Establishment of risk mitigation / control plans to address significant risks.
ƒ The Board or senior management may consult with the external advisors on risk matters as
required.
ƒ The Company annually reviews current insurance policies.

1.0 BOARD RESPONSIBILITY

The Board determines the Company’s risk profile and is responsible for overseeing and approving
risk management strategies and policies, internal compliance and control.
The Company’s risk management systems and control frameworks for identifying, assessing,
monitoring and managing its material risks, as established by the Board, in conjunction with the
management and include:
ƒ Establishing the Company’s goals and objectives, and implementing and monitoring
strategies and policies to achieve these goals and objectives.
ƒ Define the Company’s Risk Appetite (the amount of risk a director or Board will accept in
meeting its goals). In defining risk appetite for the company, the board ensures that the
appetite aligns to the risk culture, the mission, vision and values of the company
ƒ Continuous identification and reaction to risks that might impact upon the achievement of
the Company’s goals and objectives, and monitoring the environment for emerging factors
and trends that affect these risks.
Coppermoly Ltd Risk Management Policy

ƒ Formulating risk management strategies to manage identified risks and the design and
implementation of appropriate risk management policies and internal controls.
ƒ Monitoring performance of and continuously improving the effectiveness of risk
management systems and internal compliance and controls including an ongoing
assessment of their effectiveness.
ƒ The approving, implementing and reviewing of the Company’s overall risk management,
internal controls and systems.
ƒ The comprehensive system of budgeting, forecasting and reporting to the Board.
ƒ Approval procedures for significant capital expenditure above threshold levels.
ƒ Regular reviews of all areas of significant financial risk and all significant transactions not
part of the Company’s normal business activities.
ƒ Regular reporting to the Board by management on the management of risk.
ƒ Comprehensive written policies in relation to corporate governance issues and business
activities.
ƒ Regular communication and review processes between the Board and management.

2.0 RISK MANAGEMENT COMMITTEE

The Company’s Risk Management Committee is comprised of the same members as the Planning
and Operations Committee.
The Risk Management Committee meets at least four times per annum. Minutes of the Committee
are tabled at the next subsequent Meeting of the Board of Directors. The “Risk Management
Procedure” is formally documented and approved by the Board and is implemented through the
Risk Management Committee.

______________________
Peter Swiridiuk
Managing Director

Reviewed and amended at Board Meeting held on 18 November 2008

Reviewed and amended at Board Meeting held on 13 May 2010
Reviewed and adopted at Board Meeting held on 10 May 2011

2
Coppermoly Ltd Risk Management Policy

COPPERMOLY LTD

RISK MANAGEMENT PROCEDURE

This procedure is to be read in conjunction with the Company’s Risk Management Policy.
It is the responsibility of the Company’s Risk Management Committee to monitor and enforce
the implementation of this Procedure.

1.0 RISK MANAGEMENT COMMITTEE

The role of the Risk Management Committee is to consider:
• The nature and extent of the risks facing the company;
• The likelihood of the risks concerned materializing;
• The Company’s ability to reduce the incidence and impact on the business of the risks that do
materialise; and
• The cost of operating particular controls relative to the benefit thereby obtained in managing the
relating risks.
In pursuing its role the Risk Management Committee will consider the following:

2.0 RISK CULTURE

The Risk Management Committee will seek to communicate to all employees and other stakeholders
that the Company’s approach to risk Management is not merely focused upon eliminating risk but also
on the management of risks in an informed and open environment. The Company’s risk culture should
facilitate the reporting of errors, near misses, unsafe conditions, inappropriate procedures and any other
relevant concerns by all employees and other stakeholders.

3.0 RISK APPETITE

The Risk Management Committee will consider:
• What are the activities of the company?
• What are the risks?
• What are the critical control points?
• What is acceptable? and
• Within what range

4.0 CATEGORIES OF RISKS

The Risk Management Committee will consider:
ƒ What can happen?
ƒ Who can cause it to happen?
ƒ Who can stop / minimise it?
ƒ Who can prevent it? and
ƒ Who or what can minimise the damage if it does occur?
and may refer to Annexure A in its deliberations.

3
Coppermoly Ltd Risk Management Policy

5.0 LIKELIHOOD AND CONSEQUENCES RATINGS

The Risk Management Committee may rate the likelihood, potential frequency and potential
consequences of identified risks. In doing so the Committee may refer to the ratings tables in Annexure
B.

6.0 RISK CONTROL / MITIGATION

The Risk Management Committee will decide, or when it considers it necessary may recommend to the
Board, appropriate procedures, methods and actions for risk control and / or mitigation. In so doing the
Committee may refer to the tables in Annexure B.

7.0 CONTEXT
The Risk Management Committee’s deliberations must be made within the context of the industry and
jurisdictions in which the Company operates. The context is broadly defined in Annexure C.

4
Coppermoly Ltd Risk Management Policy

Annexure A: Categories and Definitions of Risks

MARKET RISKS
Market risk is the risk to earnings from changes in market factors such as interest and foreign exchange
rates, commodity prices, or liquidity and funding profiles. A change in the market can impact the price at
which the Company's shares may trade.

GROWTH RISKS
Growth of the Company will require preparedness for the deployment of management systems relating to
financial monitoring and controls, human resources, corporate compliance, marketing, technical and
changes in the competitive landscape. The Company recognises the need to employ qualified people to
fill roles within the organisation and believe that such individuals can be attracted to the Company,
although in the initial phase of the Company's operation, its size may be a limiting factor in being able to
attract suitable candidates.

FUTURE ACQUISITIONS RISKS

The Company intends to investigate and consider selective acquisitions of tenements in accordance with
the Constitution, the business needs and strategic direction of the Company. There are no assurances
that the Company will be able to identify / acquire suitable acquisition tenements.

CAPITAL ACCESS AND ADEQUACY RISKS

To expand its operations the Company will require additional capital from time to time. The ability of the
Company to raise this capital will be affected by, amongst other things, the state of the market, the
performance of the Company, the preparedness of investors to invest into the Company and the quality of
the opportunity.

EXPLORATION AND MINING RISK

Mineral exploration is a speculative activity that may be hampered by circumstances beyond the control of
Coppermoly. Profitability depends on successful exploration and/or acquisition of mineral reserves,
design and construction of efficient processing facilities, and proficient financial management.
Many of the tenements in which Coppermoly has an interest are at the exploration stage only. There can
be no assurance that exploration of these tenements, or any other tenements in which Coppermoly may
acquire an interest in the future, will result in the discovery of an economic ore deposit. Even if an
apparently viable deposit is identified, there is no guarantee that the deposit can be profitably exploited.
The business of mineral exploration, development and production may be affected by various factors,
including failure to achieve predicted grades in exploration, operational and technical difficulties
encountered, commissioning and operating plant and equipment, mechanical failure or plant breakdown,
adverse weather conditions, industrial and environmental accidents, industrial disputes, unexpected
shortages or increases in the costs of labour, consumables, spare parts, plant and equipment and in the
development phase unanticipated metallurgical problems which may affect extraction costs.

SOVEREIGN / LANDOWNER RISK

Landowner groups have not made any claims in respect of Coppermoly’s 100% owned tenements and
tenement applications in Papua New Guinea to date. Future claims however affect Coppermoly’s
operations by way of delays in the granting of tenement applications and Coppermoly experiencing delays
or incurring additional expenses in relation to gaining access to its tenements. It is possible that if
understandings and agreement is not reached with the relevant regulator (Mining Advisory Council)
affected, the applications for exploration tenements may not be granted or, if granted, may be subject to
conditions. Tenement renewals could be effected in a similar manner.
5
Coppermoly Ltd Risk Management Policy

ENVIRONMENTAL RISK
The exploration operations and proposed activities of Coppermoly are environmentally sensitive and
cannot be carried out without prior approval from and compliance with all requirements of the relevant
environmental authorities. Coppermoly intends to conduct all its activities in a manner that is
environmentally responsible and in accordance with all relevant laws. The Board is not aware of any
significant breaches of environmental requirements to date.

LEGISLATIVE RISK
Changes in Government regulations and policies may adversely affect Coppermoly from carrying out
some of its existing and proposed activities.

FINANCIAL RISK
The MD and CFO are required to declare in writing to the Board on an annual basis that the financial
reporting, risk management framework and associated compliance and controls have been assessed and
found to be operating effectively and efficiently. The operational and other risk management compliance
and controls have also been assessed and found to be operating effectively and efficiently.
To ensure reporting accuracy and compliance with the financial reporting regulatory framework there is a
budgeting system with an annual budget approved by the Board. Actual results are reported along with
cash flow estimates on a regular basis. Half-yearly and annual statutory accounts are reviewed and
audited respectively by the Company's Auditors and reported to the ASX.
Six monthly financial and operational reports are provided to the Investment and Promotion Authority of
PNG.
All business transactions of a material nature are properly authorised and executed.

COMPETITIVE RISK
Coppermoly is subject to normal competition risks from other parties who are presently in, or in the future
will enter, the mineral exploration sector in which Coppermoly currently operates. There is also the
potential for increased competition in this market sector. If this was to occur, it may have a material
adverse effect on the operating and financial performance of Coppermoly.

6
Coppermoly Ltd Risk Management Policy

Annexure B: Risk Rating Tables

Likelihood and Frequency

RATING SCORE DESCRIPTION

Almost 5 Expected frequency > once per year
certain May happen several times per year with the defined consequence
Likely 4 Expected frequency of once per year
May happen once in the next year with the defined consequence
Moderate 3 Expected frequency once per 5-7 years
Has occurred in the industry with the defined consequence
Unlikely 2 Expected frequency once per 10-15 years
Low chance that the situation with the defined consequence will occur
Rare 1 Expected frequency , once per 25-30 years
Possible but very unlikely that the situation will occur with the defined
consequence

Consequence

Cost (Loss of net income or

Rating Score Liability People Reputation
increase in costs)
Insignificant 1 Low Financial losses Minimal impact on exploration Minor injury Internal knowledge
<$10K No loss of business First Aid only
<5% of individual project cost No environmental impact

Minor 2 Minor financial losses Delays to exploration Serious injury Concerns from
$10K - $300K <5% reduction of performance OH&S report stakeholders
Loss of operational availability
Environmentally sensitive situation
immediately contained

Moderate 3 Moderate financial losses Major disruption to exploration Multiple serious Intra-industry
$300K - $500K Regular disruption to operations injuries knowledge
High loss of commercial requirements
Environmentally sensitive situation
contained with outside assistance

Major 4 Major financial losses Major loss to exploration activities Single fatality Adverse local
$500K - $5M Major delays to operations media coverage
Environmentally sensitive situation
contained with outside assistance. No
sustained detrimental effects

Catastrophic 5 Extreme Financial losses Major loss to exploration activities Multiple fatalities Adverse national &
>$5M No recovery prospects international
Environmentally sensitive situation.
media coverage
Significant detrimental effects

7
Coppermoly Ltd Risk Management Policy

Risk Rating

Likelihood

Almost certain

Likely high

Possible medium

Unlikley low

rare
insigificant minor moderate major catastrophic

Consequence

Risk Mitigation

AVOIDANCE
ƒ Not proceed with task, project activity or decision that is likely to generate the risk

ACCEPTANCE
ƒ Accept the risk in the context of the risk appetite and management systems to establish as low as
reasonably practicable frameworks for moving forward
ƒ Establish capital finance plans, management systems and action plans
ƒ Active reporting and related triggers for action by the board

REDUCE OCCURANCE (likelihood)

ƒ Develop processes or put into place controls to reduce the likelihood of the risk occurring

REDUCE CONSEQUENCES
ƒ Transfer all or part of the risk to a second or third party through insurances, contractual
arrangements (JV’s) or organisational structures
ƒ Develop new systems of work, processes and controls (the risk may still remain with the directors
and the board)

RETAIN
ƒ Accept the risk in context of the risk appetite and management systems to establish as low as
reasonably practical frameworks for moving forward.
ƒ Establish a capital and finance plan, management systems and action plans
ƒ Active reporting and related triggers for action by the board

8
Coppermoly Ltd Risk Management Policy

Annexure C: Context

External Context

Coppermoly operates in the mineral exploration industry within Papua New Guinea (PNG) and also has
involvement in Queensland, Australia by the way of the provision of management services.
Stakeholders are global including a concentration of shareholders in Australia and Canada. The
commercial and community stakeholders are primarily in Canada and Australia. The governments of PNG
and Australia have an interest in the company’s operation in regards to taxation, licensing and regulatory
compliance.
Financially the Company is closely linked to the world demand and prices of precious and base metals,
which drive cyclical investor interest in the resources sector.

Internal Context

The company operates through a public company listed on the Australian Stock Exchange and via Papua
New Guinea subsidiaries approved by the Investment and Promotion Authority of PNG. The Parent
company and its subsidiaries are comprised of employees and offices in Australia and PNG.
Internal stakeholders include consultants and employees many of whom have an equity interest through
direct share ownership and/or option entitlements.

9
Coppermoly Ltd Risk Management Policy

Annexure D: Definitions

For the purpose of this document, the definitions below (taken from AS 4360:2004) apply.

Consequence
Outcome or impact of an event (1.1.3)
NOTE 1: There can be more than one consequence from one event.
NOTE 2: Consequences can range from positive to negative.
NOTE 3: Consequences can be expressed qualitatively or quantitatively.
NOTE 4: Consequences are considered in relation to the achievement of objectives.
Control
An existing process, policy, device, practice or other action that acts to minimise negative risk or
enhance positive opportunities.
NOTE: The work ‘control’ may also be applied to a process designed to provide reasonable
assurance regarding the achievement of objectives.
Event
Occurrence of a particular set of circumstances.
NOTE 1: The event can be certain or uncertain.
NOTE 2: The event can be a single occurrence or a series of occurrences.
(ISO/IEC Guide 73, in part)
Likelihood
Used as a general description of probability or frequency.
NOTE: Can be expressed qualitatively or quantitatively.
Loss
Any negative consequence (1.1.1) or adverse effect, financial or otherwise.
Monitor
To check, supervise, observe critically or measure the progress of an activity, action or system on a
regular basis in order to identify change from the performance level required or expected.
Risk
The chance of something happening that will have an impact on objectives.
NOTE 1: A risk is often specified in terms of an event or circumstance and the consequences that
may flow from it.
NOTE 2: Risk is measured in terms of a combination of the consequences of an event (10.3) and
their likelihood (10.4).
NOTE 3: Risk may have a positive or negative impact.
NOTE 4: See ISO/IEC Guide 51, for issues related to safety.
Risk Analysis
Systematic process to understand the nature of and to deduce the level of risk.
NOTE 1: Provides the basis for risk evaluation and decisions about risk treatment.
NOTE 2: See ISO/IEC Guide 51 for risk analysis in the context of safety.
Risk Appetite
The amount of risk a director or Board will accept in meeting its goals.
10
Coppermoly Ltd Risk Management Policy

Risk Assessment
The overall process of risk identification (10.14), risk analysis (10.8) and risk evaluation (10.13).
Risk Avoidance
A decision not to become involved in, or to withdraw from, a risk (10.7) situation.
Risk Criteria
Terms of reference by which the significance of risk (10.7) is assessed.
NOTE: Risk criteria can include associated costs and benefits, legal and statutory requirements,
socioeconomic and environmental aspects, the concerns of stakeholders (10.22), priorities and other
inputs to the assessment.
Risk Evaluation
Process of comparing the level of risk (10.7) against risk criteria (10.12).
NOTE 1: Risk evaluation assists in decisions about risk treatment.
NOTE 2: See ISO/IEC Guide 51 for risk evaluation in the context of safety.
Risk Identification
The process of determining what, where, when, why and how something could happen.
Risk Management
The culture, processes and structures that are directed towards realizing potential opportunities whilst
managing adverse effects.
Risk Management Process
The systematic application of management policies, procedures and practices to the tasks of
communicating, establishing the context, identifying, analysing, evaluating, treating, monitoring and
reviewing risk (10.7).
Risk Management Framework
Set if elements of an organisation’s management system concerned with managing risk (10.7).
NOTE 1: Management system elements can include strategic planning, decision making, and other
strategies, processes and practices for dealing with risk.
NOTE 2: The culture of an organisation is reflected in its risk management system.
Risk Reduction
Actions taken to lessen the likelihood (10.4), negative consequences (10.1) or both associated with
a risk (10.7).
Risk Retention
Acceptance of the burden of loss, or benefit of gain, from a particular risk (10.7).
NOTE 1: Risk retention includes the acceptance of risks that have not been identified.
NOTE 2: The level of risk retained may depend on risk criteria (10.12).
(ISO/IEC Guide 73, in part)
Risk Sharing
Sharing with another party the burden of loss, or benefit of gain from a particular risk (10.7).
NOTE 1: Legal or statutory requirements can limit, prohibit or mandate the sharing of some risks.
NOTE 2: Risk sharing can be carried out through insurance or other agreements.
NOTE 3: Risk sharing can create new risks or modify an existing risk.

11
Coppermoly Ltd Risk Management Policy

Risk Treatment
Process of selection and implementation of measures to modify risk (10.7).
NOTE 1: The term ‘risk treatment’ is sometimes used for the measures themselves.
NOTE 2: Risk treatment measures can include avoiding, modifying, sharing or retaining risk.
(ISO/IEC Guide 73, in part)
Stakeholders
Those people and organisations who may affect, be affected by, or perceive themselves to be
affected by a decision, activity or risk.
NOTE: The term ‘stakeholders’ may also include ‘interested parties’ as defined in AS/NZS ISO 14050
and AS/NZS ISO 14004.
(Based on ISO/IEC Guide 73).
In order to deal with identified risks there is a need to estimate the significance of a risk, assess the
likelihood and frequency of a risk occurring and consider how the risk should be managed. It is arbitrary,
but this has been quantified by probability of occurrence in set timeframes.

12