”The Language of Safety: Risk Controls – Beyond Paperwork to Protection”
When Controls Fail to Control
I was following a team working on a task that required them to undertake work close to an unprotected edge. I asked the supervisor what controls were in place to prevent falls.
The supervisor handed me the task risk assessment and under “Controls” for this hazard was a single line: “Workers to be careful around heights.”
This wasn’t a control. It was a hope.
I was back on that site a few weeks later and learnt that a worker had fallen over that unprotected edge, landing around two metres below.
Fortunately, the worker’s injuries were minor, but the incident highlighted a significant gap in their safety documentation: the space between identifying risks and actually controlling them.
The End Game of Risk Assessment
Everything we’ve discussed in previous articles; teams, templates, hazard identification, risk scoring, all leads to this critical moment:
selecting controls that actually work and just as importantly, don’t create new hazards.
ISO 31000:2018 defines risk treatment as the process to modify risk. But in the field, I’ve seen too many businesses treat this vital step as an administrative exercise rather than a protection imperative.
The result? Controls that exist on paper but not in reality.
The Control Hierarchy: Not Just a Pretty Triangle
The hierarchy of controls isn’t merely a safety poster concept. It’s a practical framework that reflects a fundamental truth: some controls work better than others.
From most to least effective:
1. Elimination
Remove the hazard entirely
Does a sensor that requires daily reading need workers to climb a ladder and walk across an unguarded tank top to record the result? Sure, you can implement work at heights controls, set-up hard barricading and a dedicated walkway to prevent falling from the edge. But more effective would be remove these hazards entirely, by simply placing the sensor at ground level.
This is always the goal, though rarely achievable for every hazard.
2. Substitution
Replace the hazard with something less dangerous
A chemical manufacturer I consulted with substituted a toxic cleaning solvent with a biodegradable alternative. Same cleaning power, fraction of the risk.
The key question: “Can we achieve the same result with something safer?
3. Isolation
Separate people from the hazard
A power distribution company isolated high-voltage equipment behind locked barriers, preventing unauthorised access.
Physical separation creates a powerful protection layer when elimination isn’t possible.
4. Engineering
Design solutions that reduce risk
Proximity sensors and light curtains are often used to automatically stop equipment movement when workers enter danger zones.
Well-engineered controls work without relying on human behaviour.
5. Administrative
Procedures, training and rules
A hospital implemented a two-person verification protocol for high-risk medications, reducing administration errors by 87%.
Administrative controls can be effective but depend entirely on consistent human implementation.
6. Personal Protective Equipment (PPE)
The last line of defence
A construction company provided specialised impact-resistant gloves that reduced hand injuries, but only when workers remembered to wear them.
PPE should complement higher-level controls, not replace them.
The Common Control Failures
In reviewing many risk assessments across multiple industries, I’ve identified five recurring control failures:
1. Paper Controls vs. Field Reality
Controls exist in documentation but are impossible to implement in practice.
I once reviewed a procedure requiring workers to maintain three points of contact while carrying tools up a ladder, a physical impossibility.
2. The Magical Training Solution
“Training” listed as the sole control for complex or high-risk activities.
A mining operation listed “awareness training” as their only control for preventing rockfall injuries, ignoring engineering controls that could physically prevent falling rocks from reaching operator zones.
3. Generic Control Syndrome
Vague controls that provide no specific guidance.
“Be careful” or “Take appropriate precautions” aren’t controls, they’re platitudes that offer no practical protection. Be specific, e.g. maintain at least 2 m from any unprotected edge. If not possible, fall arrest equipment must be worn and attached to a certified anchor point.
4. Controls Without Verification
No system to confirm controls are actually implemented.
A manufacturing plant had excellent machine guarding protocols on paper but no verification process. An audit revealed 42% of guards were missing or tampered with.
5. Administrative Over-reliance
Complex procedural controls when simpler engineering solutions exist.
A warehouse implemented a 12-step checklist for loading dock operations instead of installing inexpensive physical barriers that would eliminate the fall risk entirely.
Beyond Implementation to Verification
The most dangerous assumption in risk management? That once documented, controls are automatically implemented and effective.
Selecting controls is just the beginning. The critical steps that follow include:
1. Practical Testing
Can the control actually be implemented in real working conditions?
A mine site introduced work from heights controls for operators working in potential cavity zones, requiring them to be tethered to an inertia reel fitted to a light vehicle. One problem (and there were many) was that the inertia reel does not operate at the angles produced by this solution.
2. Verification Systems
How will you confirm controls are consistently used?
An electrical contractor implemented weekly spot checks to verify isolation procedures were being followed correctly, creating accountability.
3. Monitoring Unintended Consequences
What new risks might your controls create?
Returning to the operators being tethered to a light vehicle above. In addition to the inertia reels being ineffective, this new control (that I may add came from head office, generated by people who had never worked in this environment and failed to even visit it to understand it) now introduced several new hazards, some of which were more likely and equally dangerous to falling in a cavity. Consider other mobile equipment catching the tether and dragging the operator under them; the light vehicle being moved while an operator is tethered to it, dragging them behind; windows being smashed by carabiners, showering operators with glass; operators jumping onto and off of the light vehicle tray to connect and disconnect the tethers; and so on.
4. Effectiveness Review (Monitoring)
Are your controls actually reducing incidents?
With the situation above. Three operators were dragged behind a light vehicle in the first two weeks of implementing the new tethering requirements. Whilst none of them seriously injured (thanks only to very good fortune), it was clear that more had to be done to manage the new hazards introduced.
The Living Control System
Controls aren’t set-and-forget solutions. They require ongoing review and continuous improvement.
I worked with a mining operation that conducted quarterly control effectiveness reviews. During one review, they discovered their respiratory protection program wasn’t keeping pace with increased dust levels from a new extraction method.
This discovery led to engineering controls that eliminated the need for respirators entirely, a higher-level solution that emerged only through systematic review.
Making Controls Control
Effective risk controls share three essential characteristics:
Practical: They can be implemented consistently in real-world conditions
Verified: Systems exist to confirm they’re being used correctly
Reviewed: Their effectiveness is regularly assessed and improved
Remember: Controls don’t protect people. Implemented and effective controls protect people.
How we write that’s different
Write Safe AU specialises in creating control systems that work in practice, not just in theory.
Our approach bridges the gap between risk identification and effective protection. We work closely with your team to develop controls that reflect operational realities, can be consistently implemented and actually reduce incidents.
This control-focused methodology ensures your documentation doesn’t just satisfy auditors, it genuinely protects your people by creating barriers between them and harm. We help you move beyond documenting controls to implementing protection.
Because the most beautifully written control is worthless if it doesn’t actually manage the risk.