A Mining Guest Blog Series by Jim Joy – Part 8: Identifying critical controls

The illustration supplies a series of questions that determine the cruciality of a control so it might be classified as critical. These questions can be applied to any control whether it is an act, object or technological system.

There is another aspect of critical controls that is important to successful CBRM and CCM. The control must be measurable. In other words, there must be some method to identify the effectiveness of the control. If the control’s status cannot be effectively measured against defined performance specifications, using some form of observation, checking, tracking, monitoring, auditing, etc, it cannot be a control, and especially not a critical control.

Experience indicates that cruciality and measurability must be requirements of a critical control. Another may be the degree to which the control is indicative of the overall control strategy risk. I hope this is food for thought and discussion.

Selecting critical controls – Example 3

The company or site gathers a team cross-section of site personnel and experts to review a completed Bowtie Analysis that includes the erosion factors that compromise controls and positive supporting activities for the controls. The team must decide which controls, erosion factors or supporting activities would, when measured, be the most indicative of overall PUE risk.

The Objective for example 3 is to manage the PUE risk by tracking status and changes in the expected performance of the critical indicators.

The first question is – ‘would the CCM outputs in example 2 (selecting critical controls) be different for example 3 (selecting critical indicators), considering the same PUE?’

Consider a specific object that is seen to be crucial using the approach in example 2. The pressure relief valve (PRV) on a chemical process is identified as a critical control for a vessel overpressure explosion PUE. The erosion factors are corrosion (the site is close to the ocean) and poor maintenance. The supporting activities are regular testing and recording of results. The team discusses how to reduce corrosion issues and ensure maintenance is done as required. Actions are generated to address the two erosion factors. The PRV performance and verification requirements are developed to advance the CCM process.

If the same overpressure explosion is considered with the focus on critical indicators of inadequate or changing PUE risk (as per example 3), the team might identify the anti-corrosion programme acts or the maintenance planning and execution acts, as measurable indicators of the PRV status. These two potential erosion factors may also be relevant to other objects that are controls for risk in the chemical process. As such, the performance and verification requirements for the anti-corrosion and maintenance programmes would be developed with potential implications to other threats related to the vessel explosion PUE.

If we also look at a specific act that is seen to be crucial, the difference between cruciality and indicativeness may be even more important.

An underground fall of ground may be selected as a site PUE. Review of the Bowtie for the event may identify the supervisor’s inspection of the telltales on the roof as a critical control, crucial to managing ground fall risk. The inspection is an act.

The ‘cruciality” team (example 2) might then begin discussions about performance requirements for the act, as well as verification mechanisms. Verification of acts using observation data usually presents challenges. (Note: more on this part of the CCM process in future articles)

The ‘indicativeness’ team (example 3) may identify erosion factors for the inspection of telltales such as supervisor workload causing time pressure or an inadequate reporting method for telltale data. Thereby choosing workload management and the application of a new reporting method as critical indicators.

Can a control be crucial but not indicative? Can a control be indicative but not crucial? Can something other than a control, such as an erosion factor or supporting activity, indicate the risk?

The answer is probably that the PUE risk is a combination of effectiveness measures that may be controls, erosion factors or supporting activities.

The 3 questions that should be part of a critical control selection process

The three questions that should be asked as part of the critical control selection process should be, in addition to questions included in the BHP example above:

Is the control, erosion factor resolution or supporting activity:

• Crucial? (The absence or failure of which would significantly increase the risk despite the existence of the other controls)
• Measurable in a manner that indicates effectiveness?
• Indicative of the overall PUE risk?

Identifying measurable erosion factors or supporting activities for a crucial control, or individual critical control indicativeness, may be relatively easy.

Overall PUE Critical Indicativeness would require a broader look at the PUE control strategy. Once potential individual critical indicators are identified, the completed Bowtie could be considered by firstly examining the control set for each threat and considering the impact or dependence of the control indicators on the sets. High interdependence may suggest high indicativeness. High reliance on a single control for a threat would also indicate high indicativeness. This process would then be repeated for each significant threat and consequence set of the PUE Bowtie.

This approach may also help identify common critical indicators, therefore making that indicator even more powerful as a PUE risk measure.

From ICMM, the absence or failure of a critical control would significantly increase the risk despite the existence of the other controls. Therefore, if critical controls and/or their critical indicators can be effectively measured, and they are indicative of the overall control strategy for a PUE, they may be a relatively accurate measure of risk for the PUE.

Ideally, this approach goes well beyond simply asking the question; ‘If these few critical controls were the only measures of acceptable PUE risk, would I, as site manager, be comfortable?’

The next article will build on the CCM process by discussing critical control performance requirements and verification methods with an expanded focus on acts as critical controls.

Other blog posts from this series

1. Welcome & Introduction
2. A short history of Australian mining ORM – one perspective
3. Key words and concepts in ORM – getting the conversations and thinking consistent
4. Making the argument – risk is all about controls and their Effectiveness
5. Good practice Operational Risk Management
6. It’s a Journey – using journey models to analyse and plan ORM improvements
7. Overview of critical control management and a few of its challenges
8. Identifying critical controls
9. Considering ‘acts’ as critical controls and the challenge of their measurability
10. Challenging critical performance requirements
11. Evolving operational risk management in the mining industry
12. Linking the Critical Control performance requirements to the design of the verification process
13. Defining accountabilities and the reporting process
14. Continuous improvement and learning opportunities with Critical Control Management

© Jim Joy. 2019 – The copyright of the content of this guest blog belongs to Jim Joy who has authorized CGE Risk Management Solutions B.V. to provide this content on its website.