Critical Control Management: Effective Lead Indicators

Business Risk & Due Diligence Critical Control Management Critical Risk Management

How effective is your critical control verification activity?

Critical Control Management (CCM), often referred to as Critical Risk Management, is an internationally recognised approach1 for high risk organisations . It focuses on effective critical controls to prevent and mitigate those rare but potentially fatal and major unwanted events.

Industry-leading CCM should provide the following outcomes:

  1. Major Hazards: An overall approach for mapping major hazards and managing Material Unwanted Events (MUE)
  2. Critical Control Identification: Risk analysis, carefully selected and challenged list of specific critical controls that are crucial, measurable, and ideally indicative of the risk of major unwanted events 
  3. Building Capability: Performance standards should set clear expectations and building the right capability to support the approach
  4. Verification: Assurance critical controls are not only available, but also effective
  5. Performance Measurement: Timely performance reporting on critical control effectiveness and ideally provide an indication of any changes to the risk of major unwanted events occurring.

To enable effective CCM outcomes, focus on:

  • Finding the missing controls that are needed, making note of the ones already in place, e.g., act, objects or systems.
  • Identifying which of those controls are critical, and
  • Enabling supervisors and managers to be able to monitor those critical controls effectively

So, what does the CCM process look like?

Here is a simplified process based on the ICMM’s ‘Critical Control Management: Good practice guide’.

But one of the most challenging aspects of a successful CCM is the implementation of the verification process. The verification output of any CCM is one of the most significant enhancements of previous good practice risk management, because it provides feedback. And, as one of my clients put it, “Feedback is the breakfast of champions!”.

Verification is outlined in the ICMM as “the process of checking the extent to which the performance requirements set for a critical control are being met in practice”. This means that the verification process should align with the defined Critical Control (CC) performance requirements and supported by effective conversations.

In 2020, the Health and Safety Index2 result for senior managers having visible effective safety conversations was 57%, much lower than the overall Health and Safety Index result of 74%

Just make sure you don’t get verification confused with other assurance processes like auditing. Defining verification as a unique CCM term will allow you to evaluate performance  in parallel with other data such as Loss of Primary Containment (LOPC) events that are based on actual and potential consequence.

To determine how effective your critical control verification activity is, it requires  understanding the right mix of acts, objects and systems. At FEFO Consulting, we believe this means focusing on the critical few by asking questions like: 

  • Are your metrics driving the right behaviour?
  • Are you overly reliant on injury statistics?
  • Are you focused on quantity, rather than quality of controls?
  • What is your experience with measuring critical controls?

Additional resources can be found by viewing our Broadspectrum case study video or BSA and JLL success stories.

If you’re looking to understand how you can effectively verify your own critical controls, have meaningful conversations about safety to prevent major unwanted events and enable improvements in your organisation, contact us today to see how we can help. 

    Subscribe to our Newsletter