The scope of internal assurance covers all areas of the Group's operations including activities such as the financial, human resources, safety, health, environmental, operational and legal issues. It also extends to activities that a company is associated with such as the employment of contractors, the purchase of goods, the conduct of companies in which there is a financial interest but no management control, and the use of products.

Rio Tinto and its businesses maintain systems to ensure that the Company meets its responsibilities. Our internal assurance process aims to:

• provide relevant information for the directors and executives of Rio Tinto to enable them to fulfil their responsibilities in terms of the policies contained in The way we work;
• provide mechanisms to assist in reviewing and improving social and environment performance; and
• ensure we meet our obligations to voluntary commitments such as the Global Compact.

Our internal assurance activities are undertaken by individual businesses and at the Group level. The activities undertaken at a minimum by businesses are:

• health, safety and environment audits of policy, systems, programmes and performance. These include regulatory and system certification audits;
• regular inspection programmes as part of routine management activities;
• social audits, against guidelines which were introduced in 2000; and
• inspections of major waste and water storage facilities, which are required to be undertaken by an independent, qualified expert every two years.

Assurance activities undertaken at the Group level include:

• four yearly reviews of each business to identify and manage strategic risks in relation to health, safety, the environment and community;
• audits against Rio Tinto safety, occupational health and environment standards;
• annual risk management audits of all business units;
• risk reviews for specific concerns, such as cyanide management and smelter operations.
• reviews to assess environmental data quality at operations: eight businesses were reviewed in 2003 and in the future these will increasingly cover other types of non financial data;
• completion of annual internal control questionnaires by all Group business unit leaders covering financial, social, health and safety and environment matters; and
• Group wide reporting of the results of these activities, including critical and significant issues and incidents, and social and environment parameters.

Graphic: Internal assurance process: Flash | Image