aig_pagebanner02_Bulga-coal-mine

Ethics Update: Document management

Recent personal experience has highlighted the importance of every day document management for geoscientists working in industry or government.

The AIG Code of Ethics requires compliance with professional standards for balanced, material and transparent public reporting of exploration results, mineral resources and ore reserves (the JORC Code) and valuation of mineral securities (the VALMIN Code).  These codes of practice invariably require production of reports.  But they are not the only activity that requires geoscientists to document interpretations and actions of geological data, or exercise judgement in the course of our work.  Commercial disputes or perceived non-compliance with corporations, privacy and other laws can result in work performed by geoscientists becoming legally discoverable in the course of preparing for court action.  It’s not just the Complaints o Ethics and Standards Committee to which we may need to demonstrate sound professional practice.

There are several measures that have proved to be useful in my experience.

  1. Include a date and version number in every report or substantive document documenting geoscientific judgement or compliance with statutory procedures.  Document versions need to be numbered sequentially and the date of the document should be updated in a manner consistent with document versions.  I condor it good practice to record both the date the document was originally produced, which remains fixed, and a date that the document was last updated, which demonstrates the time period over which the current version of the document evolved.  Something as simple as correcting typing warrants recording a document update with the document version number and date.
  2. Record work related to a project in a notebook.  It pays to use a seperate notebook for major projects that involve public reporting or other substantive work.  I prefer a bound notebook with numbered pages, from which pages can’t be removed without it being noticed.  Notebooks can be discoverable in legal cases, which means that you’ll lose it for the duration of the preparations and hearing of the case.  I stick to paper, but it may be that electronic notebooks nowadays, using software that retains note versions and dates them like Microsoft OneNote or Evernote is a good option.  The potential advantage of these is that discovery may not lead to loss of access to the data, and the notes can be accessed from multiple devices without compromising their integrity.  Keep your paper notebooks private.
  3. File your emails.  Keep everything in an organised, logical manner, even if you think the email is not consequential or significant.  Most email programs offer good, logical filing capabilities and create threads linking messages that are part of particular conversations.
  4. Keep your electronic and paper files, again, in a logical manner and make sure that they are secure.  Access controls and good backups are a must for all electronic data.  Backups must cover you in the event of theft or destruction of both a computer and the premises where it is used.  Cloud services are a good option.  Service providers look after the backup issue and data is stored off-site, but make sure that the terms of use offered by the provider do not compromise your ownership of your data, or permit the service provider to make use of it in any way, especially disclosure of data to third parties.

What is your experience?  Do you have additional experience and ideas that can contribute to good practice by others?  Leave a post on this page to continue the conversation.

Andrew Waltho
18 July 2018

Security On-Line

Maintaining the security of personal computer systems is a constant challenge facing all of us.

Recent, global ransomware attacks that affected a number of businesses around the world area high profile example of what can happen if unauthorised, inappropriate access is obtained to any computer used for professional practice purposes.  Members have a professional and ethical responsibility to maintain confidentiality of information that may be commercially sensitive, irrespective of whether you work for a company or are a self employed consultant.

There are many and varied techniques used by people, intent on accessing others’ personal information, data, or simply intent on causing disruption and inconvenience to discuss individually.  There are, however, several basic principles that can be followed to help make your computer and data more secure, to prevent unauthorised access, and resilient if your computer is compromised.

  1. Keep your system software up to date.  New security holes are being regularly identified in all computer operating systems.  Software vendors are usually very responsive in issuing patches to correct identified problems.
  2. Use the latest version of your preferred Internet browser.  Browser software incorporates security features that form part of your computer’s front-line defence.  This has the added attraction of ensuring that your computer remains compatible with web content, which is constantly evolving to use features provided by new standards to enhance the experience of web site users.  If you are experiencing a problem reading on-line content or completing on-line forms, chances are you are using a legacy browser that you should consider updating.
  3. Install and maintain data security software.  There are a number of good security software applications, these days usually sold as a subscription service that includes regular, frequently automatic updates to the data used by this software to detect and deal with potentially malicious content.
  4. Protect your identity.  Don’t give your username and passwords for on-line accounts to anyone.
  5. Don’t open suspicious email attachments.  If you aren’t expecting an attachment from someone, delete the email or set it aside and call the sender to help verify that the attachment is safe. Security software installed on your computer will frequently identify malicious content, but there may be a time lag between new threats to your computer being deployed and your security software being updated to recognise them.  Avoid executable code in email attachments.  This can be embedded in HTML, Office document and Zip archives received as attachments as well as executable files themselves.
  6. Maintain up to date backups of your computer.  Good practice would be to make regular backups, to a disk that can’t be accessed on-line or to a cloud service, or both.  The advantage of using a cloud service is that you can access your data if your computer (and back up disks stored with it) is lost or destroyed (e.g. in a flood or fire), allowing you to get back to work quickly and easily.  Even if you only use a computer for personal reasons, the loss of family photographs or other material stored on it could be catastrophic.

In Australia, internet service providers are not obliged to report intrusions to their systems resulting in unauthorised access to client data.  This is not the case in the USA, Europe and a number of other countries where disclosure can alert Australian users of on-line services to issues.

There are several on-line services that can be used, safely, to check whether your email account has been compromised, which can be a clue to identifying more serious issues where email addresses are used as account names by on-line services.   I regularly check https://haveibeenpwned.com to check whether my email address(es) are known to have been compromised.

Finding your email on one of these lists should prompt you to immediately change your password for the affected account.

Unfortunately, these are issues that we all need to deal with in an on-line world.  Taking a few simple steps can make a big difference when it comes to keeping your data and on-line identity as safe as practicable.

The list of ideas above isn’t exhaustive.  It’s a summary of what I do routinely, day to day, and the measures are not onerous.  Do you have any ideas and experiences to share?  Add a comment to this post using the form below.

Andrew Waltho FAIG, RPGeo
July 2017.

AIG Professional Issues Subcommittee – Upcoming Member Survey

The AIG Professionals Subcommittee is a subcommittee of Council comprising:

  • Wayne Spilsbury MAIG, FAusIMM (CP), PGeo
  • Dr Julian Vearncombe BSc. PhD. FGS. FSEG. FAIG. RPGeo.
  • Kaylene Camuti   MAIG, RPGeo
  • Josh Leigh MAIG
  • Dr Robert Findlay MAIG

AIG’s vision statement is “The AIG will strive to be the preeminent Australian professional institute in advocacy for, and public promotion of, all Australian geoscientists”. This is not a static statement. As the practice of geoscience evolves with changes in technology and changes in society’s expectations of professional practice, so must AIG change to preserve its preeminent status.

Benchmarking against the major international geoscience professional institutes shows AIG may be falling behind in its entrance requirements, expectations of Continued Professional Development (CPD) by members and governance.

The Professional Issues Subcommittee was formed at the Face to Face Strategic Planning meeting in June 2016.  Its mandate was to create a “Road Map” to improve competency and increase professionalism (and the community perception of professionalism) of AIG members. The Subcommittee’s Charter is summarised in Figure 1.

Figure 1. AIG Professional Issues Subcommittee Charter and Objectives

A PDF copy of Figure 1 (above) is available here.

AIG members will soon receive a link to an on-line survey prepared by the Professional Issues Subcommittee.  We are seeking your input as we prepare the Road Map for presentation to the AIG Council.  Your responses will assist the subcommittee in its recommendations to Council for AIG to demonstrate best practice.

The survey is seeking your input on the following issues:

Membership Requirements – Education and Communication Skills

The current minimum requirements for AIG Membership are a 3 year bachelor’s degree in the geological sciences and five years relevant professional experience that includes two years in which the applicant has been required to exercise professional judgement and discretion, and is supported by at least two AIG members with personal knowledge of the applicant’s relevant professional experience.

For industry employers, an Honours degree is the desired minimum qualification for graduate employment.  This is because, under the modern degree system, most students are not exposed to work requiring problem solving and the exercise of technical and professional judgement until their Honours year.  That is, until students complete Honours, they have little to no experience in the acquisition, assessment, compilation and interpretation of data, and little experience in technical writing and professional reporting.

Some institutions require applicants to submit a recent report and undertake a personal interview to demonstrate their functional literacy skills.

In many comparable jurisdictions (Canada, USA, South Africa and Europe) the minimum education requirement for professional institute admission is a 4 year Bachelor’s degree. AIG is currently not, but could potentially be at risk of losing its Recognised Overseas Professional Organisations (ROPO) status which allows our Members to identify as Qualified Persons or Competent Persons in these jurisdictions because of our lesser education requirement[1].

Should the education requirement be changed to an Honours degree or equivalent and should new applicants be interviewed and be required to submit a recent report (or other example of written, geoscientific work)?

Membership Requirements – Law and Ethics Examination

Some professional organisations require applicants to complete a professional Law and Ethics short course, and pass an examination. The short courses are designed to increase knowledge of corporate law, stock exchange rules and other relevant legislation, and teach the obligations and responsibilities that come with adherence to a Code of Ethics. Typically these Law and Ethics short courses involve a seminar followed by an on-line exam.

Membership Requirements – Continuous Professional Development (CPD)

AIG promotes the benefits of CPD to all members and requires Registered Professional Geoscientists to complete and document a minimum of 50 hours of CPD, on average, annually over a three year period.  CPD is not a guarantee of competence.  The community at large, however, sees a commitment to CPD as being at the core of an individual being able to describe themselves as a “professional”.  Should AIG follow many professional organisations in other disciplines to make undertaking and recording CPD activities a requirement of membership?

Authoring Reports

Because geoscience is largely unregulated in Australia, essentially anyone can submit a geoscientific report to an employer, client, the public at large, or a government authority.  This arguably undermines the practice of professional geoscientists and exposes the public to risks inherent in the misrepresentation and misinterpretation of geoscientific data and observations, not just confined to exploration results and mineral resource reporting.   Should Members be encouraged to sign and seal all formal public documents that have been created by them in their professional capacity to employers, clients and the public? Should AIG promote the benefits of only accepting geoscientific reports prepared by members of a professional institute including AIG and AusIMM in Australia, or a Recognised Overseas Professional Organisation?

JORC Competent Person

The JORC Code defines a ‘Competent Person’ as “… a minerals industry professional who is a Member or Fellow of The Australasian Institute of Mining and Metallurgy, or of the Australian Institute of Geoscientists, or of a ‘Recognised Overseas Professional Organisation’ … and … must have a minimum of five years relevant experience in the style of mineralisation or type of deposit under consideration and in the activity which that person is undertaking.” (JORC 2012)  The key qualifier in the definition of a Competent Person are the words ‘relevant experience’.  What  constitutes relevant experience is left to the judgement of the Competent Person (CP) who must be confident of being able to demonstrate competence to a panel of their peers if called on to do so (convened by the AIG or AusIMM Complaints or Ethics and Standards committees)

Several reviews of JORC reports (AIG JORC Representatives, 2015 and Combes, 2016) have identified frequent shortcomings in:

  • Competent Person reports issued in compliance with the JORC Code that range from procedural breaches (e.g. omitting a consent statement by the CP);
  • provision of inadequate technical information of substance (e.g. cut-off grades and maximum internal dilution in a drill intercept, physical characteristics of industrial minerals); and, less frequently,
  • a lack of market-sensitive technical information (e.g. inadequate, opaque description of mineralisation in “intersections of massive sulphides” without describing the sulphide minerals observed or their respective abundances) which represent a failure to comply with the underlying transparency and materiality provisions of the JORC Code.

Australia, arguably, benefits from a non-prescriptive standard for exploration results, mineral resource and ore reserve information to securities exchanges.  This information, particularly for junior companies, is almost invariably market sensitive, making a high standard of compliance with JORC imperative if JORC is to be preserved, rather than replaced by more prescriptive requirements.  There appears to be a compelling argument that our JORC reporting skills need improvement.

Should the definition of a Competent Person under JORC be changed to require Registered Professional Geoscientist (RPGeo) status (and Chartered Professional status for AusIMM members) to implement a requirement for CPD and a higher standard of independent peer review of the CP’s relevant experience?  A change for Australian geoscientists would bring them into alignment with Canadian geoscientists who already need to be registered with the relevant provincial registration authority (PGeo).  This could be seen to be strengthening the access to reciprocal reporting arrangements to the TSX and TSXV, by far the world’s largest sources of exploration and mining investment capital.

Licencing or Registration

Geosciences are one of only a handful of fields of professional practice in Australia where some form of professional registration is not either mandated by government, or effectively essential due to industry imposed requirements (Waltho 2012).

The Professional Issues Subcommittee is concerned that regulation could be imposed on us, as illustrated by recently proposed Commonwealth legislation for Financial Advisors.  The Commonwealth government has released an exposure draft of legislation to raise education, training and ethical standards for Financial Advisers, including a Tertiary degree, an entrance exam, mandatory CPD and an enforceable Code of Ethics for public comment and consultation.  Geoscience could be considered to have escaped the attention of government regulators due to the limited exposure of the community to the actions of geoscience professionals.  This could, however, change rapidly should there be a scandal relating to the share price of an exploration or mining company that could, for example, have wide reaching consequences for both direct and indirect investors.  Many Australian’s superannuation investments have exposure to mining shares.

A number of Australian professional institutes are accredited through the Professional Standards Council (PSC) and regulated through State Professional Practice Acts. Information about this organisation is provided at http://www.psc.gov.au/

This accreditation provides limitations on the liabilities of an organisation and its members, and ensures that organisational self-regulation meets the current Australian standards applicable to other comparable professional organisations (such as Engineers Australia).

Accreditation of AIG by the PSC would require AIG to undertake the following (some of which are already within the scope of current activities):

  1. Both provide and track Continued Professional Development by members
  2. Maintain an effective complaints handling and disciplinary process for members
  3. Use of the PSC disclosure statement
  4. Undertake an annual risk management program review
  5. Improvements and changes to professional standards
  6. Insurance cover, claims and business asset monitoring
  7. Annual audit of members and the provision of an independent certificate

Additionally there is a cost for PSC membership including a one-time fee of $35,000 and an annual levy equivalent to $50 per AIG member.

Should AIG investigate accreditation and regulation through State Professional Practice Acts?

Paid Executive

AIG has experienced steady growth over the past 15 years with fee-paying Members doubling to about 2500. AIG’s management, however, continues to be managed by volunteer members with outsourced administrative (back office) support engaged on a contract basis. The Institute has no paid employees. If the above changes are approved, it is proposed that AIG will need to employ appropriately skilled and experienced staff to manage increased requirements for Membership, raising awareness of AIG’s activities and requirements of membership to universities, employers and regulators that will exceed reasonable expectations of volunteers.

The survey has only 9 questions and should take only about 10 minutes to complete.  Please consider your responses – your opinions are important to us.

References

AIG JORC Representatives (2015) – Strengthening the integrity of Public Reports made under the JORC Code– a confidential green paper prepared for the Australian Institute of Geoscientists

Coombes, J. (2016) Scoping Study Review – Discussion Paper presented to JORC

JORC (2012). The Australasian Code for Reporting of Exploration Results, Mineral Resources and Ore Reserves, from http://www.jorc.org/jorc_code.asp

Waltho, A. W. (2012) It’s Time to Think About Professional Registration, from https://www.aig.org.au/its-time-to-think-about-professional-registration/
[1] To date, professional experience has been assigned greater weighting than education in assessing competence.  We cannot, however, rely on the status quo continuing in view of developments overseas.

EGU 2016 – Deadline is approaching: submit your abstract for the Session EOS5 on GEOETHICS

In a few days and the deadline for submitting an abstract at EGU General Assembly 2016 will expire.

It’s time to contribute to the session EOS5 on GEOETHICS (no abstract fee charges!).

Information about this session:

EGU – General Assembly (Vienna 17-22 April 2016)
Session EOS5:
Geoethics: theoretical and practical aspects from research integrity to relationships between geosciences and society

Convener: Silvia Peppoloni
Co-conveners: Nic Bilham, Eduardo Marone, Marie Charriere, Tony Mayer

The conveners invite abstracts on both practical and theoretical aspects of geoethics, including case studies. The aim of the session is to develop ethical and social perspectives on the challenges arising from human interaction with natural systems, to complement technical approaches and solutions, and to help to define an ethical framework for geoscientists’ research and practice in addressing these challenges.

Full description of the session EOS5 at: http://www.geoethics.org/egu2016.html

The session is organized by the IAPG – International Association for Promoting Geoethics (http://www.geoethics.org) in collaboration with the Geological Society of London.

Abstract submission: http://meetingorganizer.copernicus.org/EGU2016/session/20171

Deadline: 13 January 2016

No Abstract Processing Charges!

12484587_568111546678021_7161920764414733644_o

 

Ransomware virus: Australians forced to pay as latest encryption virus is ‘unbreakable’, security expert says

Australia’s ABC News is reporting that Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus.

There has been a rise in the number of people falling victim to the latest version of an encryption virus which hijacks computer files and demands a ransom be paid to restore them.  Known as “ransomware” it infects computers through programs and credible-looking emails.  It takes computer files and photographs hostage.

More information available via the ABC News web site.

Members are urged to ensure that their computer systems and data are appropriately secured.