Risk Control

Broadly defined, risk control techniques are designed to minimize, at the least possible costs, those risks to which the organization is exposed. Risk control methods, include risk avoidance and the various approaches to reducing risk through loss prevention and control efforts. In the case of risk avoidance, the individual or organization refuses to accept any exposure to loss arising from a particular activity.

As the above analysis was conducted by evaluating the potential severity, frequency and exposure it would be necessary to establish the effectiveness of existing controls before any decision is made as the necessity of additional controls.

Effectiveness of Existing Risk Controls

In order to objectively consider the effectiveness of the existing controls, a system that have been used very successfully is to reduce the risk ranking by a factor based on the judgement of the team.

One such a method is to have another five-point scale ranking the existing controls as follows:

• Very effective

• Effective

• Partly effective

• Ineffective

• Very ineffective

By using a scale like this a lot of arguments are removed as to the exact effectiveness percentage of the existing control.

Once the ranking has been done on the above scale values could then be allocated to complete the calculation as follows:

• Very effective 100%

• Effective 75%

• Partly effective 50%

• Ineffective 25%

• Very ineffective 1%

The risk ranking obtained in step 4 is adjusted by the factor determined in this phase of the process. One way of doing this is to take a medium sized risk ranking value of say 512 and dividing it by 0,25 for an Ineffective existing control. This will result in the residual risk value to be 2048, significantly higher than before.

In adding this step it forces the team to consider the risks systematically and only then determine whether any additional controls would be necessary.

It should be noted that all "significant risk" should be treated in terms of current legislation. This implies that some determination should be made as to what significant risk is, as all non-significant risk could therefore be deemed to be tolerable and would therefore not be treated for now.

Identifying Control Measures

At this stage the team will have a long list of potential problems (risks), each with an individual risk ranking. The facilitator should lead the team through a discussion of all the potential problems that have significant risk rankings, starting with those with the highest rank (i.e. the most serious risks). The actual risk ranking value will vary from mine to mine as differences in the risk analysis methodologies may exist.

The next step in the risk assessment process is to determine the control measures that need to be taken and the ongoing review of those measures. There is a hierarchy or preferred order of control measures ranging from the most effective to the least effective.

It is essential to recognize than no control is 100% effective. A fixed, automated fire suppression system may work 92 times out of 100. A regular inspection program to check a remote conveyor belt may identify an overhead idler 65 times out of 100.

The general guideline for critical controls is that the more dependent the controls are on human action the less effective they are when required. At least two effective controls (barriers) are required for any critical risk to ensure an acceptable level of control.

Some controls are more effective than others. In the list following, the five types of controls for reducing risk are listed in descending order of effectiveness.

This hierarchy of control is defined in the Mine Health and Safety Act in section 11 (2) and is also contained in ILO Convention C176 and is as follows:

• Eliminate any recorded risk;

• Control the risk at source;

• Minimise the risk; and

• In so far as the risk remains--

o Provide for personal protective equipment; and

o Institute a programme to monitor the risk to which employees may be exposed.

Care should be taken not to just list standards and codes of practice as existing controls. Just having a standard or a code op practice is no guarantee that the hazard is under control. The training matrix that guides the focus of training of specific standards should be scrutinised to ensure that all the appropriate persons appear on the list and the control document that supports the matrix for compliance should also be evaluated.

In addition to this, the effectiveness of planned task observations, pre use checklist etc. should be evaluated where applicable to ensure that the standard, code of practice or procedure is accurately implemented in the area where the risk may exist. It would be meaningless to try and develop additional controls if the existing controls are not effectively implemented.

Conclusion to Risk Control

In order to evaluate the various controls the advantages and disadvantages of the different control mechanisms should be taken into account in the process of deciding on the appropriate mechanism.

The extent of the intervention to introduce additional controls will be determined by the gap existing between the current level of risk and the tolerable level for that risk.

The final decision to implement a specified control rests with senior management after quantifying the risk and having conducted a cost benefit analysis.

© 2009 Carl Marx