CRITICAL CONTROL MANAGEMENT DIAGNOSTIC · AUSTRALIAN MINING INDUSTRY

Can you prove your critical controls are identified, implemented & verified?

An independent, evidence-based diagnostic for company officers — board, CEO, CFO, COO.

From June 2026, Queensland became the first jurisdiction in the world to make critical control identification and management a legal duty for every coal mine, mine and quarry. The Critical Control Management Diagnostic was built to help Queensland officers meet that duty with evidence, not assumption. It is equally suited to any operator, in any jurisdiction, that wants independent proof its critical controls are genuine, effective, and meeting the standard now expected of the industry.

Delivered by Mineplex, the specialist mining safety and risk practice led by a former Site Senior Executive, powered by CaNeTA Intelligence, Libero AI's end-to-end AI causal risk intelligence solution.

WHY THIS MATTERS TO OFFICERS

The duty is personal, and the penalty does not wait for the company

Under s47A (coal) and s44A (mines and quarries), an officer of a corporation must exercise due diligence to ensure the corporation meets its critical control obligations. That duty reaches the board, the CEO, CFO and COO. The Site Senior Executive, and anyone reporting to the SSE, is carved out of this particular duty and carries direct obligations elsewhere. An officer can be convicted whether or not the corporation has been charged, and due diligence is something each officer must evidence personally — it cannot be delegated or assumed.

01 · THE LAW


A legislated duty, not guidance


Since 1 June 2026, a safety and health management system in every Queensland coal mine, mine and quarry must now identify critical controls. For Queensland coal mines, they must at least identify critical controls in their principal hazard management plans. For every mine and quarry, they must identify critical controls for their Material Unwanted Events.

These are substantial changes and the first time they have been included in legislation anywhere in the world. 

02 · THE PRECEDENT


Personal liability is real


In March 2026 the High Court upheld the personal conviction of a chief executive for failing the officer due diligence duty under closely comparable legislation, after a workplace death, leaving a $130,000 fine and $60,000 costs order in place (Gibson v Maritime New Zealand [2026] NZHC 813). The finding was that he had not taken reasonable steps to assure himself of how the work was actually being done — a senior officer cannot assure themselves of safety from a distance.

03 · THE GAP


No prescribed method raises the bar


There is no regulation prescribing how to do critical control management, which lifts the bar. The defensible position runs through recognised good practice, the ICMM 2026 guide, and demonstrable diligence backed by evidence. ICMM updated its Critical Control Management Good Practice Guide in April 2026, and its own diagnosis is blunt: the gap is not knowledge, it is application.

THE TEST, IN THREE WORDS

Identified, implemented, verified

ICMM reduces good practice to three words, and the duty mirrors them. The shift in language is deliberate: from 'identify and document' to 'verify and act.' For an officer, that last word is where most boards are exposed.

IDENTIFIED


Credible MUEs and genuine critical controls


It starts before the controls, with the credible MUEs. The critical controls you then name must be genuine — intentional, hazard-specific, and verifiable in the field — not procedures relabelled as critical controls over the years. If a control depends on the worker being perfect on a bad day, it is hope dressed up as a control.

IMPLEMENTED


In place and working in the field


Forty years of human factors science says performance is situational and people drift to the easier path. Controls that rely on human performance can rarely meet the bar a true critical control requires. Most 'human controls' in a bow-tie are safeguards worth having, but not the primary line of defence against a fatality.

VERIFIED


Evidenced, not assumed


The verify limb, s47A(3)(f) and s44A(3)(f), is the hardest to fake. Receiving a safety report is not the same as having assurance. The officer's duty is to hold a reasonable basis for confidence — the kind you could defend if a regulator asked what you knew, what you tested, and what you relied on. Verification is where reassurance becomes assurance.

HOW IT WORKS

Two evidence engines that answer questions neither can answer alone

A risk register treats events as isolated line items and a bow-tie examines one scenario at a time, so neither shows how risks connect across the operation, or which control carries the most structural weight. Field inspection and documented assurance cannot reveal network structure; causal analysis cannot substitute for field evidence. The combination is the product. CaNeTA Intelligence accelerates and structures the analysis. Mineplex always owns the judgement.

FIELD & DOCUMENTED ASSURANCE · MINEPLEX


Are the right things called critical controls, and do they work on the ground?


Mineplex possesses deep knowledge of the mining industry in coal and metals, in Australia and internationally, including fulfilling statutory roles in the toughest legal precinct in the world – Queensland. Assessment runs against the binding legislation and the ICMM 2026 CCM Good Practice Guide (April 2026).


  • Tests whether items called critical controls are genuine controls, not plans or procedures mislabelled
  • Structured field verification of control implementation and effectiveness
  • Interviews with officers, site leaders, control owners, and frontline crews
  • Governance and accountability review, from the workface to the board


STRUCTURAL ASSURANCE · CaNeTA INTELLIGENCE BY LIBERO AI


Is the control set structurally sound, and is assurance aimed where it matters most?


CaNeTA Intelligence converts the data the mine already holds into a causal network, a connected map of how risk events trigger, propagate, and concentrate. It then applies the peer-reviewed CaNeTA methodology from UQ's Sustainable Minerals Institute.


  • Maps every incident and high-potential incident into one causal network
  • Ranks controls by structural load, so verification points where the network weight sits
  • Surfaces single points of failure, sleeper risks, and failing-lucky patterns
  • Produces reproducible network metrics as leading indicators and audit-ready evidence





Inside CaNeTA Intelligence

From raw, disparate data to prioritised, evidence-based insight

CaNeTA Intelligence is the end-to-end Libero AI solution. It runs across risk registers, bow-ties, broad-brush risk assessments, and incident data the mine already holds. No new data infrastructure or software implementation is required.

01 · Harness

Data preparation


Identification and preparation of the data sources already in the business.

02 · Transform

Causal linking


Purpose-built CaNeTA Intelligence AI, developed specifically for causal risk analysis, identifies how events connect and builds the causal chains across your data, always with human oversight.

03 · Model

Causal network modelling


UQ's peer-reviewed CaNeTA methodology applied to the prepared data, producing network visualisations of causal chains and associated statistical analysis providing a mathematically repeatable basis for determining control health

04 · Insights

Insights that meet the duty


Structurally critical controls, single points of failure, fatal pathways with no control assigned, and failing-lucky patterns, the evidence officers need to discharge the verify limb of the duty. These insights feed the CCM Diagnostic directly.

Naming clarity: CaNeTA is the peer-reviewed Causal Network Topology Analysis methodology developed at UQ, the analytical engine. CaNeTA Intelligence is the complete Libero AI solution built around it.

What you get

An officer can read the summary in two minutes, then evidence their own due diligence

The central deliverable is a written report addressed to officers, with a Red/Amber/Green rating against each limb of the duty, plus an in-person executive presentation for the board or leadership team.

OFFICER ASSURANCE SUMMARY

Your position at a glance


A R/A/G rating against each limb of the due diligence duty, readable before any methodology.

STRUCTURAL ASSURANCE

CaNeTA Intelligence findings


Whether verification and resources are aimed at the controls that hold the risk network together.

FIELD EFFECTIVENESS

Proof controls work


Evidence that critical controls are implemented and working on the ground, not just on paper.

GOVERNANCE

The board's information pipeline


Whether owners are appointed and discharging their roles, and what reaches the board.

MATURITY BASELINE

A position you can track


A rating against the ICMM 2026 CCM Maturity Model the board can improve over time.

GAP REGISTER & ROADMAP

Defensible evidence set


Gaps mapped limb by limb to the duty, with a prioritised roadmap and accountability owners.

Where does your assurance stand today?

Book a conversation with Mineplex and Libero AI. We will walk you through what the diagnostic covers, what data it needs, and how it gives each officer a defensible answer to a single question: can we prove it?

Book a conversation