Opportunity, Controls and Organisational Performance

The Thinking Behind Secura Consulting

My approach to risk management has been influenced by formal study in criminology, crime science and risk management, combined with operational experience gained across military, law enforcement, investigations, security, emergency management and high-risk industry environments.

Throughout my career I have been interested in a simple question:

“Why do unwanted events occur despite organisations often having competent people, documented procedures, identified risks and established controls?”

It is a question I first encountered in uniform.

During military service I observed that success was rarely determined by courage, equipment or planning alone. Operations succeeded when people, information, resources, leadership and systems aligned effectively. Conversely, when failures occurred, they were seldom attributable to a single decision or individual action. More often they emerged from a combination of factors that, individually, appeared manageable but collectively created the conditions for failure.

I observed similar patterns later in policing and investigations.

Incidents frequently occurred despite policies, procedures, training and supervision being present. Investigations often revealed that the issue was not the absence of controls, but weaknesses in how those controls interacted with people, operational realities and organisational conditions.

The same observations continued throughout my work in security, emergency management, mining and heavy industry.

Whether examining workplace incidents, security breaches, operational disruptions, compliance failures or emergency events, I repeatedly found myself returning to the same fundamental question:

“What conditions existed that made this outcome possible?”

While there is rarely a single answer, I have found valuable insights by looking beyond traditional safety and risk disciplines and examining how other fields understand human behaviour, decision making, control environments and performance.

Over time, this exploration has led me to draw lessons from crime science, military doctrine, investigations, human factors, organisational psychology, Human and Organisational Performance (HOP), resilience engineering and organisational learning.

While each discipline approaches problems from a different perspective, many arrive at remarkably similar conclusions.

  • People influence outcomes.

  • Systems influence outcomes.

  • Controls influence outcomes.

  • Leadership influences outcomes.

  • The environment influences outcomes.

Success and failure emerge from the interaction of all of these factors.

This thinking has become the foundation of the Secura Consulting approach.

Crime Science and the Opportunity Perspective

One of the most influential concepts within crime science is a simple proposition advanced by Professor Ronald Clarke and other leading researchers:

"Opportunity makes the thief."

Crime Science emerged from the observation that understanding why people offend is important, but understanding how crime occurs and how opportunities can be reduced may be even more important when the goal is preventing harm.

Researchers such as Ronald Clarke, Marcus Felson, Lawrence Cohen, John Eck and Gloria Laycock demonstrated that crime is not solely the product of offender motivation. Crime is also influenced by opportunity, environmental conditions and the effectiveness of controls.

This thinking resonated with me immediately because it reflected what I had already observed operationally.

In many investigations, whether criminal, workplace or organisational, the most useful question was often not why a person acted, but how circumstances allowed the event to occur.

  • People matter.

  • Motivation matters.

  • Behaviour matters.

However, opportunity matters too.

Often far more than organisations realise.

Routine Activity Theory

The Routine Activity Theory developed by Cohen and Felson proposed that unwanted events occur when three elements converge:

  • A motivated actor

  • A suitable target

  • The absence of effective guardianship

Crime scientists subsequently developed the Crime Triangle and a broader body of situational crime prevention theory focused on reducing opportunities for offending through environmental design, supervision, security, procedures and other practical interventions.

I believe this thinking has relevance far beyond traditional crime prevention.

While organisations are not managing crime in the traditional sense, they are continually managing the potential for unwanted events. These may include injuries, equipment failures, environmental incidents, security breaches, operational disruptions, quality failures, compliance breaches or reputational damage.

In many respects, the underlying principles remain the same.

The opportunity for failure exists.

The question becomes whether effective controls are present to prevent, detect or respond before the event occurs.

Applying Crime Science to Organisational Risk

When examining workplace incidents, security breaches, operational failures or compliance issues, we often find that the hazard was already known, the risk was understood, procedures existed, controls had been identified, yet the event still occurred.

The question is not simply, "Why did it happen?"

The more useful question is "What opportunity existed for the event to occur?"

In my experience, many unwanted organisational events occur when hazards, people and weaknesses within control systems converge in a similar manner to the convergence described within crime science.

Where opportunities for failure emerge and effective controls are absent, degraded, misunderstood, bypassed or ignored, the likelihood of an unwanted event increases.

This perspective shifts attention away from blame and towards understanding the conditions that influence performance.

Rather than focusing solely on individual actions, the objective is to understand the environment, systems, decisions, organisational influences and control weaknesses that made the outcome possible.

The Role of Controls

Crime Science places significant emphasis on guardianship, place management and environmental design.

In organisational settings these concepts have direct parallels:

  • Critical controls

  • Supervision

  • Work design

  • Engineering safeguards

  • Physical security

  • Verification activities

  • Governance and assurance processes

  • Emergency preparedness arrangements

These mechanisms perform the same fundamental function.

  • They reduce opportunity.

  • They increase resistance to failure.

  • They make unwanted events more difficult to occur.

More importantly, they enable organisations to achieve their objectives safely, reliably and sustainably.

Controls are not simply barriers designed to prevent failure. They are the mechanisms that support performance, protect people and assets, and provide confidence that organisations can operate as intended.

For this reason, Secura Consulting places significant emphasis on understanding critical controls, verifying their effectiveness and building confidence that they are functioning as intended.

Designing for Success

A key lesson from crime science is that prevention is generally more effective than reaction.

Rather than relying solely on investigations, enforcement or disciplinary processes after an event occurs, organisations achieve better outcomes when they deliberately design environments, systems and controls that make failure less likely.

This principle is evident in Crime Prevention Through Environmental Design (CPTED), where physical environments are intentionally designed to discourage offending and encourage positive behaviour.

The same principle can be applied to organisational risk management.

  • The design of work matters.

  • The design of systems matters.

  • The design of controls matters.

  • The environment in which people operate matters.

Well-designed systems encourage safe, secure and compliant behaviours while reducing opportunities for error, non-compliance and failure.

People respond to the conditions that surround them. Organisations that deliberately design work, systems and environments to support desired behaviours are more likely to achieve positive outcomes than those that rely solely on procedures, supervision or enforcement.

Contemporary Safety Thinking, Human Performance and Organisational Learning

In recent years my thinking has also been influenced by developments in human factors, resilience engineering, Human and Organisational Performance (HOP) and organisational learning.

Researchers including Sidney Dekker, Todd Conklin, Erik Hollnagel, David Woods and others have challenged traditional assumptions that incidents are primarily the result of individual error, non-compliance or poor decision making.

Their work suggests that while individual actions contribute to outcomes, they are rarely sufficient on their own to explain why events occur.

A common theme across this research is that people operate within complex systems and continually adapt to changing conditions in order to achieve successful outcomes.

Viewed from this perspective, people are not simply a source of risk to be controlled. They are also a source of adaptability, resilience and problem solving that enables organisations to function successfully every day.

This thinking is often referred to as the “new view” of human error.

Traditional approaches have tended to ask:

  • Who failed?

  • Why was the procedure not followed?

  • Who is accountable?

The New View encourages a different set of questions:

  • What made sense to the people involved at the time?

  • What conditions influenced their decisions?

  • What does this tell us about the system?

  • What can we learn?

Importantly, this does not remove accountability, nor does it suggest that standards, procedures or controls are unimportant.

Rather, it recognises that understanding human performance requires us to understand the environment in which work occurs.

One concept I have found particularly valuable is the distinction between Work as Imagined and Work as Done.

Work as Imagined reflects how leaders, designers, regulators and organisations expect work to occur.

Work as Done reflects the realities encountered by frontline workers who must navigate changing conditions, equipment limitations, competing priorities and operational demands.

The gap between the two often provides valuable insight into risk, organisational capability and opportunities for improvement.

“Learning Teams” have emerged as one practical method for exploring this gap.

Rather than focusing solely on what went wrong after an incident, Learning Teams seek to understand how work is normally performed and how people successfully manage risk and complexity during everyday operations.

The objective is not to identify blame.

The objective is to understand operational reality.

Frontline workers are recognised as experts in the work they perform and valuable sources of information regarding hazards, controls, system weaknesses and opportunities for improvement.

Many of the principles associated with Human and Organisational Performance align closely with observations made within crime science, human factors, military operations and organisational psychology.

  • Error is normal.

  • Context influences behaviour.

  • Learning improves performance.

  • Leadership matters.

  • The quality of organisational responses influences future behaviour.

  • People adapt to the conditions that surround them.

For this reason, Secura Consulting does not view Human and Organisational Performance, Learning Teams or New View thinking as alternatives to traditional risk management, governance or assurance.

Rather, we view them as complementary perspectives that strengthen our understanding of how organisations operate.

  • Critical controls remain important.

  • Standards remain important.

  • Verification remains important.

  • Governance remains important.

  • Accountability remains important.

However, organisations that focus exclusively on compliance may fail to understand how work is actually performed, while organisations that focus exclusively on learning may struggle to provide assurance that critical risks are being effectively managed.

In practice, sustainable organisational performance requires both.

This is why our approach adopts a blended perspective.

We seek to understand operational reality, support learning and improve organisational capability while simultaneously maintaining focus on critical controls, governance, assurance and organisational objectives.

The goal is not simply to understand failure.

The goal is to understand success.

Organisational Signals and Drift

Another concept that has influenced my thinking is the Broken Windows Theory developed by James Q. Wilson and George L. Kelling.

Regardless of the ongoing academic debate surrounding the theory, one observation remains compelling.

People are influenced by the environments in which they operate and by the standards, behaviours and expectations they observe around them.

In many workplaces, significant failures rarely emerge without warning.

More often they are preceded by smaller signals that standards, controls or organisational discipline may be weakening.

  • Housekeeping standards deteriorate.

  • Temporary repairs become permanent.

  • Procedures are routinely bypassed.

  • Audit findings remain unresolved.

  • Workarounds become accepted practice.

  • Viewed individually, these issues may appear minor.

Collectively, however, they may indicate that the control environment is drifting away from what was originally intended.

Many of these signals never appear in injury statistics or executive dashboards.

Experienced leaders, supervisors and workers often recognise them long before they become measurable.

  • Small signs matter.

  • Small failures matter.

  • Small departures from standards matter.

Not because they guarantee a major event will occur, but because they may indicate opportunities for failure are beginning to emerge.

Organisational Capability, People and Performance

Another concept that has influenced my thinking comes from military strategy and the assessment of combat power.

Military theorists have long attempted to understand why some forces consistently outperform others. Early concepts focused on morale, firepower and mobility. Over time, military doctrine evolved to recognise additional factors including leadership, intelligence, information, command and control, sustainment and protection.

While the terminology has changed, the underlying lesson remains remarkably consistent.

Military doctrine recognises that capability is never created by a single factor.

It emerges from the interaction of leadership, personnel, training, information, logistics, protection, command and control, sustainment and the ability to adapt to changing conditions.

The concept has relevance far beyond military operations.

When examining organisations, I repeatedly see three themes emerge.

  • People.

  • Capability.

  • Mobility (or Agility).

People

The workforce, leaders, supervisors, contractors and subject matter experts who perform the work. Their competence, engagement, decision making, attitudes and behaviours influence performance every day.

Capability

The systems, equipment, engineering controls, technology, processes and technical expertise available to support operations. This includes the physical and organisational resources that enable work to be performed safely, reliably and efficiently.

Mobility

The ability of an organisation to respond and adapt to changing conditions while maintaining focus on its objectives. This may include responding to market conditions, operational disruptions, equipment failures, workforce changes, emerging risks, regulatory requirements or project demands.

Strong organisations possess all three.

Importantly, people sit at the centre of each.

  • People design systems.

  • People operate equipment.

  • People maintain controls.

  • People respond to change.

  • People make decisions when procedures do not perfectly match reality.

This is one of the reasons I believe safety should never be viewed in isolation.

Nor should risk, training, governance, assurance or human resources.

Each contributes to organisational capability.

None independently create success.

Organisational performance emerges from the interaction of all of them.

Viewed through this lens –

  • Safety becomes more than injury prevention.

  • Risk becomes more than a register.

  • Training becomes more than compliance.

  • Assurance becomes more than auditing.

Each provides insight into organisational capability and the strength of the control environment.

This is where safety, risk and assurance converge.

Not as separate disciplines, but as different perspectives examining the same question:

How confident are we that our people, systems and controls will consistently deliver the outcomes we expect?

The Secura Approach

The Secura approach is founded on a simple belief:

People. Systems. Controls.

Working together to support organisational performance.

Our focus is not simply identifying hazards, documenting compliance obligations or responding to incidents after they occur.

Our focus is understanding where opportunities for failure exist and helping organisations design, verify and strengthen the controls that support success.

At every level of an organisation, from frontline tasks through to strategic decision making, our objective is to help clients understand what matters most, identify the critical controls that support desired outcomes and build confidence that those controls are understood, owned, monitored and effective.

This approach combines principles drawn from crime science, military doctrine, investigations, risk management, human factors, Human and Organisational Performance, organisational learning, assurance and operational leadership.

The objective is simple:

  • Reduce opportunity.

  • Strengthen controls.

  • Build capability.

  • Improve resilience.

  • Protect people, assets, operations and reputation.

  • Support the achievement of organisational objectives.

Ultimately, we believe organisations perform best when people, systems and controls are aligned, understood and supported by effective leadership, practical controls and a culture of continuous learning.

That is the thinking behind Secura Consulting.

People. Systems. Controls. Working together to support organisational performance.

What Does This Mean for Organisations?

If people, systems and controls interact to influence organisational performance, then the challenge for leaders is understanding how effectively those elements are working together.

Most organisations already possess many of the components required for success.

  • They have experienced people.

  • They have procedures.

  • They have management systems.

  • They have risk registers.

  • They have training programs.

  • They have audits and assurance activities.

Yet significant events, operational disruptions, compliance failures and performance challenges can still occur.

Often the issue is not the absence of controls.

The issue is understanding whether those controls remain relevant, understood, implemented and effective under real operating conditions.

It is also understanding whether organisational assumptions align with operational reality.

  • Do leaders understand how work is actually performed?

  • Do workers understand the intent behind the controls they are expected to apply?

  • Are critical controls clearly identified and understood?

  • Have organisational changes introduced new vulnerabilities?

  • Are people being supported to make effective decisions when conditions change?

  • Are small signs of drift being recognised before they become significant failures?

These questions sit at the intersection of risk, assurance, leadership and organisational performance.

They are also the questions that frequently emerge following incidents, audit findings, operational failures and major organisational change.

In practical terms, improving performance often requires organisations to step back and examine the relationship between objectives, risks, people, systems and controls.

This may involve understanding how work is performed in practice, identifying where assumptions differ from reality, verifying the effectiveness of critical controls, strengthening leadership capability, improving assurance processes or simply creating better opportunities for learning and continuous improvement.

While the specific challenges differ between organisations, the underlying objective is often the same:

Building confidence that people, systems and controls are aligned with organisational objectives and capable of delivering the outcomes expected of them.

This is where Secura Consulting seeks to add value.

How Secura Consulting Can Assist

Every organisation is different.

The maturity of systems, workforce capability, leadership effectiveness, operational complexity and risk exposure will vary considerably between organisations, projects and industries.

For this reason, Secura Consulting does not promote a one-size-fits-all solution.

Our role is to work alongside leaders, workers and subject matter experts to understand operational objectives, identify what could prevent success and help strengthen the systems, controls and behaviours that support desired outcomes.

Depending on the needs of the organisation, this may include:

  • Safety management system reviews

  • Hazard identification and risk assessment

  • Frontline risk assessment tools and workforce training

  • Critical control identification and verification

  • Governance and assurance reviews

  • Auditing and compliance reviews

  • Physical security reviews

  • Incident investigations and organisational learning reviews

  • Contractor assurance activities

  • Leadership coaching and development

  • Risk workshops and facilitation

  • Development of practical procedures, standards and guidance material

  • Independent reviews of operational risk and control effectiveness

Importantly, our focus extends beyond compliance.

While compliance is an important outcome, we are equally interested in understanding how work is actually performed, how decisions are made, how controls function in practice and how organisations can strengthen capability at every level.

Our objective is to help organisations build confidence that their people, systems and controls are aligned with their operational objectives and capable of responding to changing conditions.

Whether supporting a frontline workgroup, project team, operational department or executive leadership team, our focus remains the same:

  • Understanding risk

  • Strengthening controls

  • Building capability

  • Providing assurance

  • Supporting organisational performance

What To Expect When You Engage Secura Consulting

Every organisation is different.

The challenges faced by a mining operation, construction project, manufacturing facility, local government, transport provider or corporate office are rarely identical.

For that reason, Secura Consulting does not apply a standard template or predetermined solution to every engagement.

We start by listening.

Before discussing systems, controls or recommendations, we seek to understand your organisation, your objectives, the challenges you are facing and what a successful outcome looks like from your perspective.

You may be responding to an incident, preparing for a project, seeking assurance over critical controls, addressing regulatory concerns, strengthening governance arrangements, improving organisational capability or simply looking for an independent perspective.

Whatever the reason, our first priority is understanding the problem you are trying to solve.

Once we have a shared understanding of the objectives, we work with you to define the scope of the engagement, agree on deliverables, establish timeframes and provide clarity regarding costs and expectations.

Importantly, we seek to ensure there is a clear understanding of what success looks like before work commences.

Following engagement, we spend time understanding the operational environment.

This often involves visiting workplaces, reviewing documentation, observing work activities, meeting with leaders, supervisors and workers, and developing an understanding of how work is actually performed.

Experience has shown that there can sometimes be a difference between what is documented, assumed or reported and what is occurring in practice.

For this reason, we place significant value on establishing operational reality before forming conclusions or recommendations.

As our understanding develops, the scope of work may occasionally be refined to ensure attention remains focused on the areas of greatest risk, opportunity or value.

Throughout the engagement we maintain open communication with our clients and seek to provide practical, evidence-based observations rather than theoretical or compliance-driven advice.

Our focus is understanding the relationship between objectives, risks, people, systems and controls.

Depending on the nature of the engagement, this may involve identifying opportunities for improvement, reviewing management systems, facilitating risk discussions, verifying critical controls, supporting organisational learning, strengthening assurance processes or assisting leaders to better understand the factors influencing performance.

Where audits, reviews, investigations or assessments identify opportunities for improvement, our involvement does not necessarily end with the delivery of a report.

Where requested, Secura Consulting can assist organisations to develop improvement plans, strengthen controls, support implementation activities and provide independent verification that agreed actions have been effectively implemented.

This may include:

  • Critical control development and verification

  • Follow-up reviews and assurance activities

  • Leadership and workforce engagement

  • Governance and assurance support

  • Development of practical systems, procedures and guidance material

  • Independent verification of corrective actions and improvement initiatives

Ultimately, recommendations only create value when they result in meaningful improvement.

For this reason, our focus extends beyond identifying issues to helping organisations build confidence that improvements have been successfully implemented and are delivering the outcomes intended.

At the completion of an engagement, clients can expect clear findings, practical recommendations and an honest assessment of what is working well, what requires attention and where opportunities for improvement exist.

Most importantly, they can expect an approach grounded in partnership, practicality and operational experience.

The process is straightforward.

  • We listen.

  • We seek to understand.

  • We establish the facts.

  • We identify what matters most.

  • We strengthen controls.

  • We build capability.

  • We provide assurance.

  • And we support organisations to achieve their objectives safely, reliably and sustainably.

The Secura Consulting approach is informed by the practical application of people, systems and controls across military, law enforcement, government and industry environments. It draws on established principles from risk management, organisational performance, safety science, assurance, human factors and operational leadership.

The principal references, standards and source materials that have influenced the development of the Secura approach can be found here.

People. Systems. Controls. Working together to support organisational performance.

 
 

Secura Consulting acknowledges the Traditional Custodians of the lands on which we live and work throughout Australia. We recognise their continuing connection to land, waters and community, and pay our respects to Elders past, present and emerging.