top of page
Search

Should a Critical Control Failure Trigger a HPI?

  • 5 days ago
  • 4 min read

In risk management, critical controls are the line in the sand.


They are the controls that must work to prevent serious injury, fatality or catastrophic events. Without them, failure is likely. Not possible — likely.


We know that incidents occur when controls fail. That’s the relationship we work with in every investigation. So, if a critical control failure is picked up in a CCV — even if there’s no injury, no damage, and no catastrophic event — shouldn't we treat that just as seriously?


Let’s explore the case for treating critical control failures as High Potential Incidents (HPIs), even when they’re detected before something goes wrong.


Understanding Critical Controls and the Role They Play

A critical control is a specific act, object or technical system that:

  • Prevents a high-consequence unwanted event from occurring, or

  • Mitigates the consequences if it does occur.


They’re the non-negotiables in a business's safety architecture. Not all controls are critical — only those that, if absent or ineffective, could result in serious harm or disaster.


The aim of your Critical Control Management (CCM) system is to ensure these vital controls are in place, understood, and functioning exactly as intended.


But here’s the kicker: when these controls fail, the consequences can range from no consequence events, to near misses, to High Potential Incidents (HPIs), to full-blown unwanted events such as fatalities.


The Two Types of Critical Control Failures

Let’s break it down:


Critical control failures that cause or contribute to an actual incident

  • These are obvious.

  • The control failed. Something happened. There may be injuries, plant damage, or environmental impacts. These generally trigger formal investigations such as an ICAM.


Critical control failures detected during verification activities — with no resulting incident

  • These are picked up early.

  • Maybe during a scheduled CCV, audit or inspection.

  • There’s no event — but the control was absent, bypassed, or ineffective.


So here’s the big question:

Should we treat these 'early warning' failures the same way as the ones that cause an incident?

Why Verification Failures Deserve More Respect

When a Critical Control Verification (CCV) identifies a failed or missing control — and nothing bad has happened (yet) — it’s a gift.


This is your free kick. A chance to fix something before the damage is done.


But here’s the problem: these findings are often not met with the seriousness they deserve. They might log it in a spreadsheet. Maybe issue a corrective action. But they don’t always:

  • Escalate it to a senior leader

  • Classify it as a High Potential Incident

  • Trigger an internal investigation

  • Communicate the failure to the wider business


Yet if the same control failure had been discovered after an incident, those things would happen. Every time.


Are We Missing the Most Important Leading Indicator?

We often say we’re “learning from near misses” — but are we?


A critical control failure detected through CCV is the ultimate near miss. It’s a clear sign that:

  • The control isn’t working as expected

  • There’s a systemic weakness in implementation or assurance

  • A serious event could occur if the failure isn’t corrected


So why don’t we see CCV failures being used as a leading indicator in our safety performance dashboards?


We track TRIFR and LTI rates. We count strains, sprains and rolled ankles. But we don’t track how often our most important risk controls are failing?


This is where traditional safety metrics fall short.


The Stress Test: Is It Really a Critical Control?

Here’s a simple test you can apply when your CCV program identifies a control failure.


If this failure had occurred in the field, undetected, with a consequence, would it have triggered:

  • A stop work?

  • A call to the CEO?

  • A report to the regulator?


If the answer is yes — it’s a critical control.


If the answer is no — it might not be as critical as you think.


This “stress test” should be applied during the identification and selection of critical controls, and to each performance requirement within a control standard. If a particular failure mode wouldn’t trigger a serious response, maybe it shouldn’t be part of the standard — or maybe the standard is not being taken seriously enough.


Should a Critical Control Failure Trigger a Safety Alert?

Yes.


We send safety alerts for:

  • Identified hazards

  • Injuries and incidents

  • Environmental breaches


But we rarely send out alerts when a critical control fails — despite the fact that these controls are the very things designed to stop serious incidents from happening in the first place.


We should be communicating critical control failures with just as much urgency, if not more. If a control that protects lives fails, and we don’t tell the business — what does that say about our priorities?


Should It Trigger an Investigation?

Absolutely.


If you have the resources to launch a formal investigation after an incident, you should have the same commitment before the next one.


Investigating why a control failed — even without an event — helps you:

  • Improve implementation

  • Address systemic weaknesses

  • Prevent recurrence

  • Build stronger risk culture


A Systemic Disconnect

Right now, in many businesses, critical control management is sitting on the sidelines.

  • It’s been implemented for compliance reasons.

  • It’s run by a separate team or system.

  • It’s not fully integrated into your Safety Management System (SMS).


You might send out alerts about hazards or injuries. But not about critical control failures. You might run ICAMs on events — but not on the failures that could have caused them.


This disconnect is costing us. It’s letting serious risks slip through the cracks, just because nothing happened this time.


Final Thoughts

We say our main focus is prevention.


But if that’s true, we should be treating critical control performance as our most important safety metric.


If a critical control fails — even if no one gets hurt — we need to act like we just dodged a bullet.


Because next time, we might not.


Before You Miss Your Next Warning Sign…

Ask yourself:

  • Do you know how often your critical controls are failing?

  • Are you communicating failures to your workforce?

  • Are you investigating near misses or just logging them?

  • Are your CCV results reported to your executive team?

  • Are you acting on your leading indicators — or just reacting to lagging ones?


Should a critical control failure trigger a HPI? If you’re unsure how well your critical controls are implemented into your safety management system, we can help. Our Critical Control Verification Workshops and Audit Services are designed to strengthen your system before it’s tested.


Because next time, it might not be a near miss.


Should a Critical Control Failure Trigger a HPI? SRA Global

Should a Critical Control Failure Trigger a HPI?

Kommentare

Mit 0 von 5 Sternen bewertet.
Noch keine Ratings
Rating hinzufügen
bottom of page