top of page

What is a Critical Control? Understanding Prevention, Mitigation, and the Essentials of Effective Risk Management

What is a Critical Control? Understanding Prevention, Mitigation, and the Essentials of Effective Risk Management

When it comes to managing risks, particularly in high-stakes environments, understanding what constitutes a “critical control” is essential. Many organisations focus on a range of safety measures, but only certain controls play a crucial role in either preventing an unwanted event from happening or minimising its consequences if it does occur. Determining which controls are genuinely critical goes beyond compliance—it involves a strategic approach, often guided by frameworks like ISO 31000's Risk Management control decision tree.


Step One: Is It Even a Control?

In ISO 31000's control decision tree, the first question we ask is, “Is this actually a control?” This is crucial because not everything that’s important for safety is a control, and it’s easy to mistake compliance tools for true risk mitigators. A control is an act, object, or technical system that actively prevents or mitigates the risk of an unwanted event. For example, a Fire Evacuation Diagram may be required by regulation, but it simply provides information; it’s not an active measure that can prevent or respond to a fire. Critical controls, on the other hand, need to go beyond documentation—they must have a tangible impact on managing the risk.


Determining Criticality: Preventing or Mitigating an Unwanted Event

Once you identify that something is a control, the next step is determining whether it is critical. A critical control is one that actively prevents an unwanted event from happening or mitigates its impact if it does occur. Not every control meets this level of importance. For example, fire extinguishers are considered critical, but only if they are correctly maintained, activated at the right time, and used promptly to extinguish a fire. Similarly, a gas detector in a confined space is an important safety device, but it’s not the critical control—evacuating the space when the gas detector alarms is the true critical control.


The Role of the ICMM Critical Control Management Decision Tree

The International Council on Mining and Metals (ICMM) provides a critical control management decision tree that can help organisations select and prioritise critical controls. According to the ICMM, a critical control should be auditable, measurable, and practical to implement. In other words, a critical control isn’t just something that exists on paper; it’s something that can be verified, consistently applied, and relied upon to manage a specific risk scenario.


To further illustrate, consider confined space work. The gas detector alone doesn’t prevent an incident—it’s the action taken in response to the gas detector’s alarm that’s critical. This means training workers not only in using the gas detector but in promptly and effectively exiting the space when alerted. If a control can’t be implemented, monitored, and audited to ensure its functioning as intended, it shouldn’t be deemed critical.


Calling Out the Critical Aspects in Documentation

Another common misconception is assuming that documents like policies, procedures, or checklists are controls in themselves. While these documents are essential for guiding and supporting safe work practices, they’re ultimately just information tools. A policy, for instance, can outline the importance of confined space safety, but it’s the tangible, on-site actions—the use of gas detectors, ventilation, and evacuation protocols—that constitute critical controls. When developing a risk assessment, it’s vital to clearly identify these acts, objects, or technical systems as the critical controls, not the supporting documentation itself.


Tailoring Critical Controls to Specific Scenarios

It’s important to note that a control may be critical in one context but not in others. A gas detector may be critical for confined space entry but unnecessary for other types of work. Organisations need to take a scenario-based approach, recognising which controls are essential for each specific risk situation. Workers, therefore, need to be trained in both understanding and applying their critical controls specific to their work context.


Empowering Workers Through Understanding and Training

Effective risk management hinges on the understanding and correct implementation of critical controls. Workers must be able to interpret and apply critical controls in their daily work. Training should cover not only how to use these controls but also when and why they’re necessary, so that workers have the knowledge to respond appropriately in a variety of scenarios. Empowering workers in this way fosters a culture of safety where everyone plays an active role in managing risk.


Applying the Brady Review Insights: Selecting Effective, Scenario-Based Critical Controls

The Brady Review highlighted that many high-risk incidents in mining and similar industries stemmed from gaps in critical control management, where high-level procedures failed to prevent specific scenarios on-site. The review emphasised that safety management needs to move beyond compliance-driven documentation and focus on the real-world application of critical controls that directly prevent or mitigate incidents. By applying a rigorous selection process for critical controls—such as using the ICMM decision tree—organisations can ensure that controls are not just theoretically sound but genuinely practical and effective in the field. This approach aligns with the Brady Review’s call to engage more proactively with on-site scenarios, bridging the gap between compliance and actionable risk management and empowering workers to understand, apply, and rely on these controls daily.


New Queensland Mining Legislation: Strengthening Risk Management with Critical Control Requirements

Recent changes to Queensland mining legislation have introduced stricter requirements for including critical controls in risk management processes, aiming to enhance workplace safety and reduce incidents. Under these new regulations, mining companies are now required to identify and document critical controls specifically designed to prevent and mitigate high-risk scenarios, rather than relying solely on general risk assessments. These critical controls must be detailed in risk assessments and implemented effectively across operations. Compliance with these requirements is phased, with all Queensland mining operations expected to fully integrate critical control documentation and verification into their risk management systems by 31 December 2024. This legislative shift reinforces the need for proactive, scenario-based risk management and ensures that critical controls are clearly identified, accessible, and actionable for those working directly with hazards on-site.


To comply with the new requirements in Queensland mining legislation regarding critical controls, refer to the Resources Safety and Health Legislation Amendment Act 2024. This Act mandates the integration of critical controls into safety and health management systems for all coal mines, mineral mines, and quarries. The independent regulator, Resources Safety and Health Queensland, oversees compliance through audits and inspections.


 For detailed information on the Act and its implementation, visit the official Queensland Government legislation website.


In Summary

Understanding and applying critical controls is about more than compliance. It’s about identifying the acts, objects, or technical systems that truly prevent or mitigate risks and ensuring these controls are practical, measurable, and auditable. By focusing on scenario-based risk management and aligning with frameworks like ISO 31000 and ICMM’s critical control decision tree, organisations can create a robust risk management approach. This means not only documenting risk but actively managing it—ensuring that critical controls are both effective and actionable, and that everyone in the organisation knows their role in making safety happen every day.


See below for some of our Critical Risk Management Package that inlcude development of critical controls to effectively manage your critical risks.

Book an Audit of Your Critical Risk Program
Book an Audit of Your Critical Risk Program
Mobile Equipment Critical Risk Management Package
Mobile Equipment Critical Risk Management Package
Confined Space Critical Risk Management Package
Confined Space Critical Risk Management Package
Working at Heights Critical Risk Management Package
Working at Heights Critical Risk Management Package
Psychosocial Hazard Management Package
Psychosocial Hazard Management Package

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page