The global mining industry has been communicating visions of Zero Harm for many years. As part of this vision, the industry has been committed to proactively managing operational risk. To support this Operational Risk Management (ORM) initiative, a series of short articles will be offered providing a perspective on the related needs, opportunities and challenges. Obviously, this is one person’s perspective, influenced by experience and bias, but the objective is simply to stimulate thinking.

The potential step change in ORM

These articles discuss the potential step change in ORM from current approaches that may have been developed in the 20th century to a newer overt focus on the systematic application of quality controls and, following that phase, a move to effective critical control implementation, verification and assessment of effectiveness.

No successful improvement in operational risk management (ORM) is rapid. Positive change requires recognition of the need for change, a clear understanding of the change, demonstration and appreciation of its value, and overt positive feedback once change occurs. This applies at individual, management, corporate and external stakeholder levels.

The challenge for risk management professionals is to chart a course for ORM evolution that provides not only attainable goals for effective change but also a strategy for influencing the stakeholders, internal and external, individual and corporate, rapid-adopters and stragglers, over a period of years.

The articles will use the term Control-Based Risk Management (CBRM) to describe the evolution of ORM to an approach that focusses on the careful challenging, optimisation, installation and communication of controls for significant unwanted events.

Sites may believe that they are currently at, or even beyond, this phase of ORM evolution. These articles may challenge that belief, providing a means to review that control-focusing as part of the sites practices and culture.

Critical Control Management (CCM) is the next step in the evolution of ORM after successful CBRM. The objective of CCM is to focus the management system on ensuring the effectiveness of carefully selected critical controls. CCM moves away from a heavy reliance on risk assessment and analysis to a more effective control management approach. As such CCM is more about effective management than risk analysis. Organisational maturity will be discussed as a precursor for successful CCM.

The International Council of Mines and Metals (ICMM) published guidance on CCM in 2015 which is available on their website ( and ICMM member companies were surveyed during the development of these resources. The survey identified that all respondents, despite a range of current emphasis on managing controls, saw CCM as the goal for managing their highest risks.

Articles from this series

This series of articles is intended to stimulate strategic thinking as a company, business unit or site advances along the ORM journey, as illustrated.


The article topics are intended to align with this journey.

  1. Welcome & Introduction (this article)
  2. A short history of Australian mining ORM – one perspective
  3. Key words and concepts in ORM – getting the conversations and thinking consistent
  4. Making the argument – risk is all about controls and their Effectiveness
  5. Good practice ORM – four layers with risk assessment applications
  6. Moving to CBRM – the need and the changes
  7. Evolving ORM to CBRM at a site – the tools and the thinking
  8. Introduction to CCM – the process and outputs
  9. It’s a Journey – the ORM/CBRM/CCM Journey Model
  10. Influencing leadership mindsets – engage, involve, include, support
  11. Changing individual mindsets – promote, require, reinforce, support
  12. Finding the highest risk unwanted events (MUEs)
  13. Ensuring the overall control strategy is adequate for an MUE
  14. Identifying the most critical controls
  15. Challenging required control performance – considering control erosion factors
  16. Establishing verification methods and reporting processes
  17. Embedding and managing controls – from accountability to real time ORM
  18. Continuously improving controls – looking for action indicators