Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

7 Human factors as a controls weakness

When designing a control it is often important to think about the factors that could affect it working correctly or how the control could be bypassed or circumvented.

As with other areas of risk management mentioned previously, human factors can impact control operation. Controls that require people can often be less effective if people are:

  • not trained correctly
  • tired
  • under the influence of drugs or alcohol
  • over-worked
  • distracted.

For this reason there is an increasing trend to automate controls. In fact, in many high-hazard industries there is a control hierarchy, where automated and human controls combine. In such industries mathematical models and calculations are often performed (and required by regulators) to demonstrate that the controls reduce the probability of the risk down to a level that is ‘as low as reasonably practicable’ (ALARP).

Activity 3 Managing risk

Timing: Allow approximately 10 minutes

Consider how manage risks are managed through controls.

Recall the special process organisation example. The action plan is complete but how is the risk maintained? You have already completed the six control items for:

  • machine health monitoring
  • quarterly emergency response exercise
  • shop-floor IT audit.

Now it is your opportunity to complete this for operator maintenance training.

Table 4 Operator maintenance training
InformationMachine monitorsExercisesIT auditTraining
Why does the control exist?To provide monitoring of the maintenance status of all shop floor machines.To provide the organisation management assurance that the organisation can respond in an emergency.To ensure all devices within the shop floor meet the current IT security standards.
To use this interactive functionality a free OU account is required. Sign in or register.
Who owns the control?Head of maintenanceHead of health and safety Head of IT
To use this interactive functionality a free OU account is required. Sign in or register.
What does the control do?For connected machines it provides a warning indicator in the maintenance office of any machine that is outside its specified maintenance parameters. Operatives in this area must then attend this machine and resolve the issue highlighted in line with the maintenance policy and instructions for that machine.Exercise the organisation emergency response plans to ensure that employees and processes act as expected. Any issues found should lead to a rectification plan to fix the issues.Audit undertaken by members of the IT team to understand what devices are within the shop floor and whether they are currently up to date with IT security standards. Non-compliant items are either rectified or quarantined.
To use this interactive functionality a free OU account is required. Sign in or register.
When?Continuous monitoringOne exercise per quarter, each in a different part of the organisation.Normally annual but may be on an ad hoc in response to an incident.
To use this interactive functionality a free OU account is required. Sign in or register.
How?The machines’ alerts are either hard-wired or connect via Wi-Fi to terminals in the maintenance office. When an issue is detected it sounds an alarm and sends an alert to team members.A member of the H&S team launches the exercise and records how the organisation responds against what is planned.Normally done remotely by the IT department, however for some older hardware this may require a physical audit.
To use this interactive functionality a free OU account is required. Sign in or register.
What happens if errors or omissions are identified?Operatives from the maintenance team should rectify issues.The H&S department provide a report to the organisation management team highlighting any issues encountered. This provides recommendations that the organisation management ensure are implemented.Non-compliant items are either ‘fixed’, quarantined to decide next steps or removed depending on the item, its business criticality and severity of the issue found.
To use this interactive functionality a free OU account is required. Sign in or register.
Levels of toleranceMachines are classified by their criticality to the process. Each level of criticality has an associated level of response and maintenance, for example some low-criticality machines do not require an immediate response.Recommendations are classified as major and minor. It may be acceptable for some minor recommendations to be left open.All hardware in use must meet the required standard, there is no allowance for non-compliant hardware.
To use this interactive functionality a free OU account is required. Sign in or register.
How is a control evidenced?The system is documented within the IT department’s manual. Work carried out in response to alerts is shown in the Maintenance department’s job log.All exercises are documented with the H&S department.IT documents the audit and their findings. The business area document follow up remediation with IT.
To use this interactive functionality a free OU account is required. Sign in or register.
Words: 0
Interactive feature not available in single page view (see it in standard view).

Now take a look at the following videos, looking at controls and actions working in tandem, and mitigating controls.

Download this video clip.Video player: Video 2 Controls and actions working in tandem
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
Video 2 Controls and actions working in tandem
Interactive feature not available in single page view (see it in standard view).
Download this video clip.Video player: Video 3 Mitigating controls
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
Video 3 Mitigating controls
Interactive feature not available in single page view (see it in standard view).