Understanding Control Failure

In risk management, we spend so much time discussing whether controls are effective under normal conditions. But what if they fail? And more importantly, how quickly could that failure lead to a catastrophic event?

This is what I refer to as Control Failure Analysis—the speed at which a control breaks down or becomes ineffective, and how rapidly that failure leads to an unwanted event or maximum impact.

Why Control Failure Analysis Matters

Not all controls are created equal. Some can fail with little consequence, while others, if they fail, trigger an immediate, high-consequence event. Understanding control failure helps you determine which controls are genuinely critical.

A control is considered critical if:

• Its failure on its own can trigger the unwanted event or reach maximum impact.

• There are no other barriers or controls in place that would catch the failure in time.

• Its failure escalates rapidly, offering minimal opportunity for intervention or mitigation.

Questions to Ask When Assessing Control Failure

When evaluating how robust your controls are, consider the following:

1. Is there a fail-safe built into the control? If the control fails, is there a secondary measure designed to detect, prevent, or mitigate harm before it reaches maximum impact?

2. If a single control fails, would it directly trigger an unwanted event? Does the control function as the sole barrier against a high-consequence risk? If so, it is likely a critical control and should be assessed rigorously.

3. Are detection, inspection, and monitoring systems built into the control? How quickly can you detect if a control is deteriorating or has failed? Is monitoring continuous, periodic, or purely reactive?

4. Do workers know how to detect control deterioration or imminent failure? Are they trained to recognise early warning signs of failure? Is there a structured process for reporting issues before they escalate?

5. Are workers empowered to alert failures or stop the job? Is there a clear, communicated process for raising concerns or initiating emergency shutdowns? Do workers feel confident and supported when stopping a task due to control failure?

6. Do we plan for failure when designing our controls? Controls should be designed with failure in mind. Are fail-safes, redundancies, or emergency response plans built into the system?

7. Do we even consider failure during our risk assessments? It’s not enough to evaluate whether a control works under normal conditions. What happens when it doesn’t?

Examples of Control Failure

Understanding control failure is critical in high-consequence industries where rapid escalation can lead to serious harm or fatalities. Here are some examples:

1. Confined Space Entry - If atmospheric monitoring fails, the environment can become toxic or oxygen-deficient almost immediately. Detection systems must be continuous, and workers need the authority to stop work if conditions change.

2. Electrical Isolation Systems - If a lockout-tagout (LOTO) control fails or is bypassed, workers may be exposed to live electricity without warning. Systems should have interlocks, automatic shutdowns, and mechanisms for rapid de-energisation.

3. Fire Suppression Systems - If a sprinkler or gas suppression system fails, fire can spread rapidly, especially in confined or hazardous areas. Regular testing, automated detection systems, and emergency response procedures must be in place.

How to Design Controls for Robustness and Reliability

If you’re not planning for failure, you’re not managing risk effectively. When designing or assessing controls, ask yourself:

• How quickly can we detect a failure?

• What happens immediately after a control fails?

• Are workers trained to respond effectively?

• Are our fail-safes robust enough to catch failures before they escalate?

• Have we tested these scenarios, or are we assuming they will work?

Incorporating these questions into your risk assessments and critical control verifications will help you build more resilient systems and identify gaps before they result in serious harm.

Control failure analysis is about recognising that all controls can fail, but how quickly and severely they fail is what determines their true robustness. If a single failure can trigger a catastrophic event, that control needs to be considered critical, designed with redundancies, monitored continuously, and tested rigorously.

Are you building your controls with failure in mind? And if they do fail, do you know how fast things will escalate?

Our Awards and Accreditations

Our Upcoming Courses and Workshops

Who We've Worked With

Understanding Control Failure

See our other articles on Risk Velocity, Enhancing Administrative and PPE Controls, Understanding the Basics of Risk Management and Unconceivable Risks - Overlooking the Unimaginable