Mining Jim Joy guest blogs
ComplianceESGOctober 09, 2018

A Mining Guest Blog Series by Jim Joy – Part 5: Good practice Operational Risk Management


Welcome to article 5 of 14. Thanks to those who have provided feedbackArticle 3 and 4 of the series briefly presented a ‘back to basics’ discussion about terminology and the focus on controls, also called barriers. Potential changes were reviewed to help develop a good control focus considering conversations and mindsets, and to a lesser degree, methods.

Building on this foundation, we can start operationalizing the previous content by using an overall site ORM framework. Much of the following approach is not new. In fact, many mine sites around the world have had all or most of the suggested activities in place. However, this list would have included the Pike River coal mine when it exploded in 2010, killing 29 men.

Clearly, the quality of the ORM framework is crucial. It may be valuable to revisit the overall ORM framework to review objectives, methods and outcomes. For many, this will also be another ‘back to basics’ exercise but with an added content related to the increased focus on controls, defined as acts, objects and technological systems. Those additions will be highlighted in italics. They may generate new site discussions.

The following content is a modified version of information published in a 2007 ACARP report titled ‘Coal Mine Safety Regime: A New Safety Case Process and its Implications to Australian Coal Mining’. This work was further developed and used as content for education and training programmes delivered in Anglo American and by the University of Queensland for the last 10 years.

4 layers with control-focused risk assessment methods

Commonly, there are four layers of ORM activities at a mine site.

The above illustration shows the four layers and includes a triangle symbolizing the risk assessment frequency from once-per-year (or less frequent) for the top layer to several hundred times per day across the site for the bottom layer.

Layer 1 and 2 offer an opportunity to design-down the risk on the site by carefully considering controls, identifying factors that erode their effectiveness and noting opportunities to optimize or add controls. Layer 3 and 4 offer some opportunity to improve controls, especially in the development of task standards, but their main function is to ensure the required controls are understood, in place and effective.

Each layer involves a different process. The following information is intended to suggest some of the process features with an added focus on controls. It is not a complete list but rather a set of important points.

Layer 1 – Managing the site’s highest priority unwanted events – including principal hazard, site baseline or full site risk assessment methods

Objective: To develop and apply a site-wide effective management plan to manage the risks of potential major unwanted events (MUEs) to an acceptable level.

Processes that:

  • systematically break down the entire site and its operations into appropriate detail to identify the most significant hazards.
  • apply hazard identification that includes acquiring a clear understanding of the location, magnitude, mechanisms of failure and the uncertainties of the hazards.
  • considering each significant hazard, establish the list of priority MUEs that need further analysis based on the potential consequences to health and safety (multiple fatalities and selected single fatalities events, including short-term and longer-term H&S impacts).
  • review and analyze the MUEs with Bowtie Analysis (BTA) to an adequate depth so that it can be established that the overall control strategy is adequate (i.e. the risk is acceptable).
  • develop a site management plan and system to record and retain the output of the analysis. The plan should document the MUEs and their overall control strategy from the BTA with systems implications such as required improvements, accountability, monitoring, reporting, etc.
  • note that the ‘plan and system’ may meet the requirements of Principal Hazard Management or Control-Based ORM. With further development, the information could form the basis of Critical Control Management planning or Safety Case development. Later articles will offer more detail on Control-Based ORM and Critical Control Management.
  • include a continuous improvement aspect so the plan is up to date
  • link the plan and system to the next two layers (2. and 3.) and integrate the defined control strategy information into other related plans, procedures, training and site activities.

Layer 2 – Managing dynamic site risk exposures – including risk assessment methods for projects, changes or learnings from incidents

Objective: To develop and apply effective management plans to manage the risks of potential unwanted events in significant site projects and changes, as well as identify improvements after incident investigations. Thereby addressing dynamic site risk exposures that may not have been considered in Layer 1.

Processes that:

  • are driven by site procedures for project management, change management and incident management that include the ‘triggers’ that initiate risk assessment and management based on some level of potential negative outcomes, as well as a set of risk assessment methods to suit the issues (e.g. hardware – Failure Modes and Effects Analysis (FMEA), process – Hazard and Operability Study (HAZOP), work methods – Workplace Risk assessment and Control (WRAC), single event concern – BTA, etc.)
  • when the defined trigger is met or exceeded, apply the appropriate risk assessment method to the new project, change or incident learning.
  • ensure that the risk assessment method includes a careful review of existing and potential new controls for any significant unwanted event using the new definition of a control (act, object or technological system), considering control effectiveness and potential improvements.
  • develop the required content for the project management, change management or incident management plans to record and retain the output of the analysis. The plan should document the controls with systems implications such as required improvements, accountability, monitoring, reporting, etc.
  • feed the results of risk assessments back into the plan and system established in layer 1.

Layer 3 – Managing work procedure risk exposures – including routine and non-routine task planning risk assessment methods

Objective: To develop and apply effective safe work expectations (guidelines, standard work procedures, task plans, etc.) to manage risk exposures in tasks as well as plan tasks where a procedure is not available or adequate.

Processes that:

  • are driven by site requirements for standard work procedures, including the need to plan for tasks that are not common, utilizing risk assessment methods such as Job Safety Analysis (JSA) or Workplace Risk assessment and Control (WRAC).
  • ensure that the risk assessment method includes a careful review of existing controls for any significant unwanted event in the task using the new definition of a control (act, object or technological system).
  • do not re-rank risk but rather conclude that the task can be done safely if the reviewed controls are adequate.
  • set a process of documenting and integrating the information derived by the relevant risk assessment.
  • define documentation criteria for the standard work procedures (SWPs), work guidelines, work plans for employees and contractors. Include highlighting of important controls for the most significant potential unwanted events.
  • integrate the resultant document into training, monitoring and auditing requirements where relevant with an emphasis on important controls for the task.
  • where relevant to an MUE, link the risk assessment and relevant resultant document back to the Layer 1 plan

Layer 4 – Managing personal risk exposure – including individual, informal, “face” risk assessment methods

Objective:  To have all personnel execute a personal systematic process to ‘stop, think and proceed only if safe’ before a task or during a task should a hazard or condition change.

Processes that:

  • define a method of considering hazards (energy sources), unwanted events (what could go wrong?) and the important acts, objects or technological systems (controls) for ensuring the unwanted event does not occur.
  • provide the individual with clear criteria for determining when it is ‘safe’ to proceed, as well as action to be taken if ‘unsafe’.
  • train the individual, including contractors, in the method and ‘safe’ criteria, or ensure the contractor’s method meets the same objective.
  • reinforce the application of the layer 4 method through supervisor and management monitoring and engagement in pre-task meetings and ‘face’ discussions with an emphasis on discussing important controls.
  • link to work order systems should the process identify a need improvement of controls.

This article provides a set of information that can be used to review current ORM practices against generally accepted objectives and process requirements, as well as added suggestions for increasing the focus on controls. The review may indicate that site risk management efforts in the four layers do not achieve the intended objectives, suggesting changes or even elimination of some methods.

However, the main purpose of this article is to suggest that examination of the degree to which controls are effectively identified, challenged and managed in each of the four layers may lead to significant improvements.

As discussed in Article 1, this series of articles is intended to stimulate strategic thinking as a company, business unit or site advances along the ORM journey, as illustrated.

Articles to date have covered ‘back to basics’, considering a new definition of controls. As such, the articles have addressed the first step in the journey, moving from a ‘Limited Control Focus’ to ‘Control-Based Risk Management (CBRM)’. Future articles will further develop CBRM and then cover the next steps.

Other blog posts from this series

  1. Welcome & Introduction
  2. A short history of Australian mining ORM – one perspective
  3. Key words and concepts in ORM – getting the conversations and thinking consistent
  4. Making the argument – risk is all about controls and their Effectiveness
  5. Good practice Operational Risk Management
  6. It’s a Journey – using journey models to analyse and plan ORM improvements
  7. Overview of critical control management and a few of its challenges
  8. Identifying critical controls
  9. Considering ‘acts’ as critical controls and the challenge of their measurability
  10. Challenging critical performance requirements
  11. Evolving operational risk management in the mining industry
  12. Linking the Critical Control performance requirements to the design of the verification process
  13. Defining accountabilities and the reporting process
  14. Continuous improvement and learning opportunities with Critical Control Management

© Jim Joy. 2018 – The copyright of the content of this guest blog belongs to Jim Joy who has authorized CGE Risk Management Solutions B.V. to provide this content on its website.

Back To Top