Competence Is the Missing Layer in Critical Control Management
Critical Control Management (CCM) has become the backbone of how high-risk industries, particularly mining, prevent Material Unwanted Events (MUEs). It gives operations a disciplined way to identify the controls that matter most, define the standards those controls must meet, and verify that they're actually working. It is, by most measures, a strong model.
And yet control failures keep happening. Not because the framework is wrong, but because of what it quietly assumes: that the people designing, approving, and sustaining critical controls are competent to do so. That assumption is rarely tested, rarely measured, and almost never governed.
This is the gap explored in a recent conference abstract, "Governance of Competence – an evolution of Critical Control Management," authored by S. Amor, Director of My Competency Expert. Its central argument is simple but significant: competence is the reliability multiplier that determines whether controls are designed and function as needed. And it poses a question every CCM program should be asking itself: is competence governance the next evolution of CCM?
A Framework Built on an Unexamined Assumption
CCM does acknowledge the human dimension of control reliability, but only in passing. The framework expects organisations to have the "right skills, experience, and resources" to implement a CCM program. It recognises that many controls are people-based, relying on the skills and judgement of individuals or teams. And it explicitly recommends excluding "competent operator" or "training" requirements from bowtie diagrams, because almost every control depends on competent people somewhere along the chain — listing them all would overwhelm the bowtie.
That last point is where the paradox sits. Competence is treated as so fundamental to CCM that it isn't worth writing down — it's simply assumed to be "managed through existing organisational systems." But assumed and managed are not the same thing. The result is a framework where competence is essential and universal, yet structurally invisible: no defined ownership, no verification activity, and critically, no scrutiny of the competence of the people who design, approve, and govern the controls in the first place — not just the operators who execute them.
Why This Matters More Than It Looks
Feedback from domain experts referenced in the abstract points to a pattern: the most catastrophic control failures are rarely simple operator error. More often, they trace back to inadequate verification processes or flawed governance decisions — failures made upstream, by the managers and superintendents responsible for the system itself, not by the person on the front line.
In other words, the weakest link in many critical control systems isn't the worker turning the valve. It's whether the person who decided the control was adequate, approved it, or signed off on its verification actually had the capability to make that judgement well. CCM has no mechanism to check.
Reframing Competence as a Core Element of CCM
The abstract's proposal is to reframe human capability and competence as a distinct, core element of CCM — sitting alongside, but separate from, performance standards and verification activities. Rather than being an unspoken precondition, competence becomes something that is actively defined, assured, and governed for everyone in the chain of control design, approval, and verification, not just the operators executing it day to day.
Integrating capability assurance with verification activity closes what the abstract calls the human-performance gap. It means an organisation isn't just checking that a control exists and functions on paper — it's checking that the people responsible for that control, at every level, are demonstrably capable of designing, approving, and sustaining it. The effect compounds: better-governed competence means more reliable controls, which means materially lower operational risk.
Competence Governance: The Next Evolution of CCM
CCM matured the way organisations think about controls — moving from vague risk registers to disciplined, verifiable, performance-standard-driven systems. Competence governance is the logical next step in that same maturity curve: applying the same rigour to the people who design and govern controls that CCM already applies to the controls themselves.
That requires more than a training matrix or a one-off competency sign-off. It requires an ongoing system for defining what competence actually looks like for each role in the control lifecycle, assessing it against evidence rather than assumption, and verifying that it's sustained over time — governance, not paperwork.
Where My Competency Expert Fits
This is precisely the gap My Competency Expert is built to close. Rather than treating competence as a box-ticking exercise bolted onto a CCM program, My Competency Expert provides the structure to govern competence as its own assured system — covering the people who design, approve, and verify critical controls, not only those who operate them.
Defining role-specific competency requirements for everyone in the critical control chain, from operators through to the managers and superintendents who design and approve controls.
Assessing capability against evidence, so competence claims are verifiable rather than assumed.
Tracking and sustaining competence over time, so it remains current rather than a one-off certification.
Integrating with existing verification activities, closing the human-performance gap CCM leaves open rather than running as a parallel, disconnected process.
For organisations serious about the next stage of CCM maturity, this is the practical pathway: governing competence with the same discipline already applied to performance standards and verification, so that capability stops being an assumption and becomes an assured, reliable input to control design.
The Question Worth Sitting With
Competence is the reliability multiplier behind every critical control — whether or not a program chooses to govern it. The organisations that get ahead of this will treat competence governance not as an add-on, but as the next evolution of CCM itself.
If your organisation runs a CCM program, the question is simple: how confident are you that the competence behind it is actually assured, rather than assumed? My Competency Expert can help you find out.
This article draws on the conference abstract "Governance of Competence – an evolution of Critical Control Management" by S. Amor, FAusIMM(CP), Director, My Competency Expert.