Critical Control Risk Registers - Anglo Coal Australia

Paul Wood
SHEC Systems Specialist
Anglo Coal Australia
Cristian Sylvestre
Principal
Safe Train
Abstract
Risk Registers are arguably the most important document that should control a safety,
health and environmental management system and be the driving force for prioritising
managements focus on !here targeted action is re"uired# $t should also be the document
that the operator at the coal face can refer to, to check !hat the most critical controls and
their associated critical activities %not al!ays high risk tasks in themselves& are, for
particular ha'ards# Ho! does one achieve this( )e historically have risk registers that
are activity based, have endless %sometimes in the *+++s& unread entries and are
revie!ed annually at best and usually for system certification purposes only# )e offer a
system that is ha'ard based and has the potential to be a live document for converting
field information into intelligence for management to use, presented in a dashboard format,
and for operators to refer to for the most critical controls for controlling particular ha'ards#
The !ord potential is used as it !ill also depend !here you are on a safety culture ,ourney
as to ho! you vie! and use a critical control risk register# There currently appears to be no
!orlds best practice in the field of Risk Registers but here is solution that could end up as
,ust that#
What are Risk Registers & What they do?
Risk Registers are a list or database of ha'ards identified for a site or pro,ect that includes-
$dentified Risks %Ha'ards& sorted in a priority order#
Reference to legislation . re"uirements applicable to the ha'ard#
A summary of the e/isting and.or proposed controls#
They are a tool !idely used !ithin Risk 0anagement for identifying, analysing and
managing risks# )ithin our industry these are commonly a type of )orkplace Risk
Page * of *+
Assessment and Control %)RAC&# They should direct the effort of the management system
based on risk# They should
Allo! risks to be prioritised %those ha'ards !ith the potential to cause multiple and
single fatalities at the top&#
Allo! management of the organisations risk profile %this profile should evolve
overtime so as the highest risk are effectively controlled the ne/t highest ones are
tackled and controlled effectively and so on&#
1e used as a management tool to revie! and update identified risks to ensure they
remain As 2o! As Reasonably Achievable %A2ARA&#
Activity based Risk Registers
3sually a )RAC
Activity based risk register can be used as a baseline for ha'ard based risk register# To do
this one needs to convert the activity based risks firstly into a ha'ard matri/ of activities
and their associated ha'ards %energy types& and then this is converted into the ha'ard
based risk register using the ha'ards critical controls and their associated critical activities#
Critical Control Concepts
3ncontrolled Risk or Ra! Risk- Credible )orst Case Scenario 4 if no controls e/ist or if all
controls fail# 5etermines 6!hich risks are significant 7 Senior 0anagement needs
assurance that these are being controlled ade"uately# )ithout uncontrolled risk one can
get false sense of security that residual risk is in play and forget !hat the ra! risk !as#
Controlled Risk or Residual Risk- This factors in the effectiveness of e/isting controls and
determines !hat is re"uired to be improved ne/t#
Control- A barrier that prevents the ha'ard from causing harm# 8ne of three types-4
Physical %e#g#, guarding for machines, separation distances for 5angerous 9oods,
etc&
Page : of *+
System %e#g#, procedures, ,ob rotation, ,ob re4scheduling, etc&
1ehavioural %e#g#, peoples !illingness and ability to engage in 6at4risk behaviour&
6Critical Control- A barrier, !hose integrity is so important that if it is compromised, then
there is a good chance that the ha'ard.aspect !ill cause harm# E/ample 7 no one under a
load being lifted# 8ther controls like cranes checked, operators competent etc are still
important but if person removed from the drop 'one then cant get killed even if one of the
other controls fail# Critical controls should be derived from S8Ps . PH0Ps etc#
6Critical Activity- Activities that are not high risk in themselves, but !ould render a critical
control ineffective if not performed competently# $f a parachutist is ,umping from an aircraft
%critical Control for !orking at heights is the parachute& then the critical activity is the
person !ho packed the parachute the day before 7 not a high risk task in its self but
essential to the correct performance of the critical control# 8ther e/amples-4
inspection of a lifting device %e#g#, crane&
daily checks of forklifts
maintenance on guards, forklifts, etc
completing a risk assessment prior to purchasing a ne! chemical
These activities usually are linked to competency#
Hazard based Risk Registers
8nce the ha'ard matri/ has been established and the critical controls for the ha'ards
defined then the ha'ard based risk register is developed and !ould look like the e/ample
belo! in its simplest form
Page ; of *+
<ote that Ra! Risk is used and provides focus %prioritises& on most damaging energies#
Critical Control Risk Registers are based on Ra! Risk because one can "uickly see !hat
risk !ill be realised if the controls fail# <o comple/ risk matri/ is used, ,ust a simple
classification of four risks %E/treme, High, 0edium and 2o!& of ra! risk to indicate priority#
onitoring !or "!!ectiveness o! Critical Controls
Commonly 0isunderstood =act- Most incidents occur not because we do not understand
the hazard (SH) or aspect (E) but because we thought we had effective processes and
controls in place, when in fact, we didnt#
)hy does this happen( 1ecause the ma,ority of risk management systems do not-4
rigorously implement effective controls for those ha'ards
ensure systematically that the controls remain effective over time
)e should be intent on monitoring !hat>s important i#e# the critical controls and monitor
these for effectiveness %by collecting data and revie!ing periodically& and identify the
critical activities %by ensuring the people carrying these out are competent&#
Sa!ety #nteraction $or P%&s' !or onitoring "!!ectiveness
Each E/treme 3ncontrolled Risk is !here Safety $nteractions can be focused# Safety
$nteractions can then count the correct and incorrect observations for each observable
criterion and thereby generate the percentage effectiveness for the particular critical
control or critical activity, !ith the added benefit that management information !ill be
generated about the effectiveness of critical controls and activities# Critical controls and
critical activities that arent !orking can be included in Ha'ard and Housekeeping
$nspections# Repetition in looking for critical controls and critical activities in the Safety
$nteraction process helps embed !hat>s important to the people on the ,ob therefore raises
Page ? of *+
a!areness levels# So the simplified Critical Control Risk Register !ould look like the one
belo!#
SH"C Risk anage(ent )ashboard
An icon on management PCs that provides information about the percentage effectiveness
of-4
the site as a !hole
each 5epartment
each ha'ard.aspect
So that 6intelligence about ho! !ell SHEC is being managed can be at their fingertips and
ho! effective the critical controls and critical activities are being utilised# 2o! scores can
be interrogated to e/plain the reasons for this and focused actions undertaken to rectify# A
simple dashboard could look like this@
Page A of *+
!here@
Production can bee seen to have compliance issues that need attention#
There are problems !ith noise across the !hole site#
There are problems !ith isolation in Production#
There are problems !ith )orking near )ater bodies %after interrogation of the data
this !as found to be due to a lo! sample si'e and therefore the action !ould be to
increase n %the sample si'e& to increase confidence limits#
An error message %B5$C.+D& indicates there is no data available and therefore
suggests the ra! risk is potentially being realised
Critical Control Risk Register therefore check the effectiveness of the controls# $t is
important to kno! !hen the drift from Econtrolled statusF starts and this again is achieved
by monitoring and thus makes the data live and trends can be analysed over time# Critical
Control Risk Registers@
2ist Critical Controls %not all controls& and
2ist Critical Activities %relating to critical controls&
Allo!s mapping of activity to ha'ard !hereas current RR map activity to
controls
Can have organisation !ide Critical Controls developed and monitored at
Page G of *+
different levels !ithin the organisation %i#e# !hole organisation, site,
department or section&
Activity based vs Hazard based
What ne*t?
1o!Tie Analysis %1TA& can be used to improve Critical Controls for high risks by using a
more structure approach to obtaining the critical controls and their associated critical
activities#
Page H of *+
#ncreasing the )egree o! Co(ple*ity
Currently the system is simple and based on observations improvements to increase
robustness could be achieved through additional inputs into the system of the follo!ing@
Ha'ard and Housekeeping $nspections
Audit report results
High Potential incident information
$ncidents information from 2T$s, 0TCs and even damage incidents or
business loss incidents, this !ould enable verification that the correct critical
controls and critical activities have been chosen and are being monitored#
E/ternal inputs %safety alerts from $nspectorate, other State 9overnment
$nspectorates and other companies&
Assu(ptions
=it for 5uty I contractor management can undermine the effectiveness of
some controls
Therefore assumed these are managed and controlled ade"uately
People understand definition of a ha'ard
#ssues to Consider in "stablishing CCRRs
8nly as good as it is used 4 needs management commitment to be used
effectively
<eed clear guidelines for use
<eed to develop valid data set for each monitored control
=or effectiveness score !hat does n need to e"ual to be valid statistically 7
!hen is risk A2ARA(
)hat is a realistic revie! period 7 monthly(
<eed to included other triggers e#g# e/ternal alerts should trigger a check of
the risk register and if three e/ternal alerts on the same issue are received in
a defined time frame then the critical controls need to be checked on the
cJground to ensure effectiveness remains
<eed to have set of leading "uestions to test if something is a Critical Control
<eed to have Critical Controls and Risk Register process flo! into ob,ective
I target setting for planning purposes#
Spreadsheet vs soft!are %reliability and robustability&
Risk Register use in relation to the +ourney (odel
Page K of *+
The type and usefulness of Risk Registers depends !here you are on the Lourney 0odel
1elo! is the 0inerals $ndustry Risk 0anagement 0aturity Chart indicating the differences
in risk assessment at the various levels
Anglo American Safety Risk 0anagement Process %SR0P& has a similar concept called
the Lourney 0odel !hich has :; elements one of !hich is Risk 0anagement Adoption
%belo!& and highlights the fact that one needs to internalise safety and the values of
having a live risk register that focuses on critical controls and critical activities before the
full benefits of such a system can be realised#
Page M of *+
The suggested tools for use at the different levels of the ,ourney model are suggested in
the diagram belo!
%!here CCRR J Critical Control Risk Register, SNRA J Semi Nuantitative Risk
Assessments, NRA J Nuantitative Risk Assessments&
Conclusion
Creating, maintaining and utili'ing a Critical Control Risk Register is a great tool for
successful risk management and helps focus resources on high risks to !ork to!ards
ensuring-4
a ha'ard focus
critical controls remain effective over time
SHEC critical activities are carried out competently
3nless resources begin to focus harder at the critical controls and critical activities %instead
of at the RAs&, organisations !ill not be able to achieve the most risk reduction possible in
a resource limited !orld, and thereby, in,uries !ill continue
Page *+ of *+