How effective is your critical control verification activity?
Critical Control Management (CCM), often referred to as Critical Risk Management, is an internationally recognised approach1 for high risk organisations . It focuses on effective critical controls to prevent and mitigate those rare but potentially fatal and major unwanted events.
Industry-leading CCM should include the following steps:
- Confirm Purpose and Context: ID requirements, set direction and objectives
- Understand Current vs Future: Rate current vs desired state
- Identify Material Unwanted Events & Critical Controls: Confirm material risks and critical controls
- Set Standards, Build Capability & Capacity: Set critical control expectation and confirm resources
- Verify & Evaluate: Set methods to check and provide assurance
- Review, Learn & Improve: Review to continually improve
To enable effective CCM outcomes, focus on:
- Finding the missing controls that are needed, making note of the ones already in place, e.g., act, objects or systems.
- Identifying which of those controls are critical, and
- Enabling supervisors and managers to be able to monitor those critical controls effectively
So, what does the CCM process look like?
Here is a simplified process based on the ICMM’s ‘Critical Control Management: Good practice guide’.
But one of the most challenging aspects of a successful CCM is the implementation of the verification process. The verification output of any CCM is one of the most significant enhancements of previous good practice risk management, because it provides feedback. And, as one of my clients put it, “Feedback is the breakfast of champions!”.
Verification is outlined in the ICMM as “the process of checking the extent to which the performance requirements set for a critical control are being met in practice”. This means that the verification process should align with the defined Critical Control (CC) performance requirements and supported by effective conversations.
In 2020, the Health and Safety Index2 result for senior managers having visible effective safety conversations was 57%, much lower than the overall Health and Safety Index result of 74%
Just make sure you don’t get verification confused with other assurance processes like auditing. Defining verification as a unique CCM term will allow you to evaluate performance in parallel with other data such as Loss of Primary Containment (LOPC) events that are based on actual and potential consequence.
To determine how effective your critical control verification activity is, it requires understanding the right mix of acts, objects and systems. At FEFO Consulting, we believe this means focusing on the critical few by asking questions like:
- Are your metrics driving the right behaviour?
- Are you overly reliant on injury statistics?
- Are you focused on quantity, rather than quality of controls?
- What is your experience with measuring critical controls?
Additional resources can be found by viewing our Broadspectrum case study video or BSA and JLL success stories.
If you’re looking to understand how you can effectively verify your own critical controls, have meaningful conversations about safety to prevent major unwanted events and enable improvements in your organisation, contact us today to see how we can help.
