Critical Control Identification for Fatality Risk Programs: A simple solution using bowtie analysis
Most businesses coping with fatality risk scenarios have an appreciation of the importance of critical control identification. What is often missing is a simple but robust method of identifying the high priority controls that could save a person’s life.
This is particularly a concern for businesses starting out with a fatality risk program for the first time, or businesses that are most comfortable working with spreadsheets. Risk register spreadsheets are great for breaking down the complexity of job hazards, but can actually increase complexity when it comes to risk controls. Very few spreadsheets can clearly set out the hazards in a way that the most critical controls are apparent.
More thought-provoking analytical methods, such as event tree analysis or fault tree analysis, are often thought to add another layer of complexity. In fact, one of the best (and simplest) methods for critical control identification is bowtie risk analysis.
What are critical controls?
The term “critical control” is one that is familiar to health and safety practitioners in a range of fields. It is mainly used in relation to high risk work environments, such as mining or construction, where there is a higher risk of fatalities.
In the mining sector, for example, this definition is fairly commonly known:
Critical control: a control that is crucial to preventing the event or mitigating the consequences of the event. The absence or failure of a critical control would significantly increase the risk despite the existence of other controls. In addition, a control that prevents more than one unwanted event or mitigates more than one consequence is normally classified as critical.
[original source available here]
So to break it down, a risk control becomes a critical control if:
- The control makes a substantial difference to reducing risk that outweighs all other controls; or
- The control reduces risk in more than one risk scenario; or
- The control reduces more than one type of consequence resulting from a risk scenario.
The crux of it is that a critical control is indispensable. A critical control is so essential to the risk mitigation, that without it the residual risk would be higher than the level of risk tolerance. The absence or failure of a critical control is unacceptable.
In the mining sector, for example, our critical controls might look something like this:
- Fall restraint harnesses are a critical control because they do more than other controls to reducing the risk of a fall causing a fatality.
- Emergency response teams are a critical control because they reduce fatality risk across almost every scenario where injury or fatality is a consequence.
- Business continuity plans are a critical control because they reduce the risk associated with operational disruption, damage to plant or equipment, and so on.
The same methodology would apply equally to construction, maintenance, engineering and other high-risk work. The challenge in critical control identification is finding a simple and robust way to reliably identify the critical controls.
How are critical controls identified?
Critical control identification can be a real challenge using conventional hazard identification tools. A risk register spreadsheet works well for building lists of controls, but is not particularly helpful for differentiating between those controls.
This is because most tabular risk registers don’t separate out the effects of different risk controls. The typical approach is to identify all risk controls, and perhaps assess their effectiveness. There is no way to independently assess the individual contribution they make to risk because of the format of the table (see below).
A common solution is to rely on the wisdom and experience of the risk assessment team to handle critical control identification. It would be fairly apparent to most health and safety professionals that a fall restraint harness would be one of the critical controls for a fall from height hazard. This approach doesn’t do so well in more complex scenarios where there is no obvious standout control on the list.
In order to do critical control identification well, you need a tool that breaks down risk controls in a way that makes them easier to analyse. This is where bowtie risk assessments can be a great solution.
Why use bowtie risk analysis?
The bowtie method breaks down a particular risk scenario into causes, consequences, and different risk controls. It visually displays the different pathways that the scenario takes. Risk controls are plotted along particular pathways, and their risk reduction effect has an impact on the pathway.
Using critical controls software to conduct a bowtie risk assessment, the three types of critical controls from the ICMM guide are easily identified:
Situation A: The control makes a substantial difference to reducing risk that outweighs all other controls.
In this situation, our critical control software (RiskView) uses line thickness to show causality in the bowtie. Put simply, a thick line means strong untreated risk. A thin line means reduced risk. In the fall from height case shown above, there is a thick line before the arrest harness control. A thin line comes out after the control. If we look at all the controls along the same pathway, the arrest harness does more to reduce risk than any of the other controls. Based on this bowtie we can confidently select the arrest harnesses as a critical control.
Situation B: The control reduces risk in more than one risk scenario.
In this situation, our bowtie risk assessments will identify all of the relevant risk controls. We need to use another functionality to select those controls that apply across multiple risk scenarios. Our critical control software has an advanced analysis panel that we can use to filter common risk controls.
The above example clearly shows that emergency first aid response is an effective control in 4 different risk scenarios that we have analysed. We could be fairly certain that this is a critical control. We could also use this panel to rename the different controls to reflect a common usage, which we could then configure as a master control that could be used in future bowtie risk assessments. The critical control software we’re using calls these “base controls”.
Situation C: The control reduces more than one type of consequence resulting from a risk scenario.
This type of critical control identification is also very straightforward using our bowtie risk assessment software. We’ve conducted our risk assessment for the fall from heights risk, and we’ve identified three consequences of concern. It would not be unusual for this risk assessment to have many more risk controls, causes and consequences than we’ve entered here.
The common risk controls are easy to spot. The business continuity plan control is plotted against two different consequences within the same risk scenario, which makes it a good candidate for selection as a critical control. Our critical control software here allows us to select each of those controls and mark them as critical controls (as shown in the screenshot). We could also configure them as base controls for use in future risk assessments, which will automatically pick up that these are critical controls without us having to identify them.
The software we’re using also allows us to group the two consequences together, seeing as they both have only one control:
Taking a robust approach to critical control identification
One of the most essential things in critical control identification is ensuring that the method you use is robust. More resources will be devoted to verifying critical controls than other controls, and this requires justification. If a fatality occurs there are also likely to be questions from executives or regulators about how the critical controls were identified.
Using the bowtie risk assessment approach makes the entire rationale behind critical control selection more accessible. The model speaks for itself (provided that the risk control effectiveness ratings have been carefully selected and are also defensible).
Good critical controls software will provide you with the tools and evidence you need to manage high-priority risk exposure. Good risk assessment is the backbone of a fatality risk program. Make sure that you’re using a solution that assists you with critical control identification and robust risk analysis.