How to Run an Executive Critical-Risk Review in 45 Minutes

An executive critical-risk review is a short leadership meeting that tests whether fatality and serious-injury controls are present, verified, and owned before work continues. It is different from a KPI review because it starts with exposure, control quality, and decision authority rather than injury frequency.

Many senior teams believe they are reviewing safety because a dashboard appears on the agenda. The problem is that recordable rates, open actions, and training completion can look stable while a crane lift, energized intervention, confined-space entry, or contractor mobilization is carrying weak controls today.

The procedure below is built for plant managers, operations directors, EHS leaders, and business-unit executives who have only forty-five minutes but still need a review that changes decisions. It draws on ISO 45001:2018, James Reason's work on latent conditions, and Andreza Araujo's field experience across more than 250 cultural-transformation projects, where the recurring failure is not lack of safety information. The recurring failure is leadership attention arriving too late.

What you need before starting

Before the meeting, define the scope. A useful executive review covers three to five critical risks, not every safety topic in the company. Choose risks such as work at height, mobile equipment interaction, hazardous energy, confined spaces, lifting operations, combustible dust, chemical exposure, or contractor work when those exposures are present in the next operating cycle.

Prepare one page per risk with the current exposure, the required critical controls, the last field-verification evidence, the accountable owner, and the decision needed from the executive group. If the pre-read is longer than that, the meeting will become a document review rather than a leadership decision forum.

Step 1: Open with exposure, not injury numbers

Start the meeting by asking which high-consequence work is active, scheduled, or changing in the next seven days. This opening matters because injury numbers describe what has already surfaced, while exposure describes where leadership can still intervene.

The facilitator should name each selected risk in plain operational language. Instead of saying "energy isolation," say "three maintenance jobs this week require lockout on equipment that production wants back by Friday." That phrasing makes the decision real enough for operations, maintenance, and EHS to discuss the same work.

Verify the opening by checking whether every person in the room can point to a live job or upcoming decision. If the discussion stays at trend level, stop and bring it back to specific work.

Step 2: Separate critical controls from normal activity

For each risk, ask which controls must work or the event can become fatal or permanently disabling. This step prevents the meeting from treating all safety activity as equal, because a toolbox talk and an isolation verification do not carry the same protective weight.

Use a short control list. For hazardous energy, that list may include isolation points identified, locks applied, stored energy released, zero-energy test performed, and handback controlled. For work at height, it may include anchor point suitability, edge protection, rescue plan, tool control, and weather stop conditions.

The common error is to accept broad statements such as "training completed" or "procedure available." A critical control needs observable evidence, which is why the related article on critical control registers is useful background for leaders who still mix risk lists with live control assurance.

Step 3: Test the last field verification

Ask when the control was last verified in the field, who verified it, and what evidence shows it was working. A photo, permit sample, supervisor observation, instrument reading, or completed isolation verification can be stronger than a green dashboard cell when the evidence comes from the work itself.

ISO 45001:2018 expects organizations to evaluate OH&S performance and control effectiveness, but the standard does not protect a worker unless leaders ask what the evaluation actually inspected. A spreadsheet that confirms a document exists is not the same as field evidence that a control was present under production pressure.

Verification should be recent enough to matter. If a control was last checked three months ago and the job changed yesterday, the meeting should treat the control as unverified for the current decision.

Step 4: Ask what has changed since the last safe job

Many serious events occur after a familiar job changes slightly. The equipment is the same, but the contractor is new. The route is the same, but the warehouse layout changed. The permit is the same, but the shutdown window is shorter and the crew is tired.

Andreza Araujo's book A Ilusao da Conformidade, glossed in English as The Illusion of Compliance, warns that formal compliance can hide the weak reality of work. That warning belongs in this step because a procedure that was adequate last month may be inadequate after schedule pressure, staffing change, process change, or contractor substitution.

Use a simple change prompt: what changed in people, equipment, environment, production pressure, contractor scope, or supervision? The review passes this step only when the team can name the changes or confirm that they checked and found none.

Step 5: Identify the decision owner before debating actions

Every weak control needs a named decision owner before the group starts discussing actions. Without ownership, the meeting produces agreement without authority, and the same exposure returns next week under a different label.

The owner should be the person who can change the condition. If the issue is a production deadline that is compressing lockout verification, operations owns the decision. If the issue is unclear isolation points, maintenance and engineering may own it. If the issue is weak contractor supervision, procurement may need to be in the decision chain.

This is where safety leadership becomes visible. In Safety Culture: From Theory to Practice, Andreza Araujo frames culture through repeated decisions, not slogans, and executive reviews should make those decisions explicit enough that everyone sees who can remove the pressure from the field.

Step 6: Decide whether work continues, changes, or stops

For each critical risk, the executive group should make one of three decisions. Work continues because controls are verified, work changes because a control needs reinforcement, or work stops because the control cannot be trusted.

This decision must be documented in operational language. "Proceed with added supervision" is too vague unless it says who supervises, at what point, with which stop condition, and what evidence closes the concern. A decision that cannot be explained to the supervisor in one minute is not ready for the field.

James Reason's work on latent conditions helps here because the visible unsafe act is often the last link in a longer chain. When executives remove schedule pressure, clarify authority, or fund a control correction, they are acting earlier in that chain rather than waiting for the operator to absorb the weakness.

Step 7: Close each action with evidence and time

An executive critical-risk review should never end with a list of intentions. Each action needs evidence, deadline, and escalation rule because weak controls age quickly when production has already moved on.

Evidence may be a revised isolation plan, a completed field verification, a corrected access platform, a contractor rebrief, a rescue drill result, or a decision to postpone the job. The deadline should match the exposure. A control gap for work happening today cannot have a thirty-day closure date.

The article on building a safety decision log gives a useful companion structure because executives need to see which decisions were made, which assumptions supported them, and what happened after the field applied them.

Step 8: Review weak signals before the meeting ends

Reserve the final five minutes for weak signals that did not fit the main agenda. These may include repeated permit corrections, near misses with no injury, supervisor workarounds, delayed maintenance, unusual overtime, missing pre-task checks, or worker hesitation to raise concerns.

Weak signals are not noise. They are early evidence that the operating system is asking people to absorb friction, and leaders who ignore them often discover the same pattern later through an incident investigation.

Use one closing question: what are we seeing that has not yet become a metric? The related article on weak signal metrics explains why boards and executives need leading evidence that does not wait for harm.

Executive critical-risk review checklist

• Limit the meeting to three to five critical risks with live or upcoming exposure.
• Start with high-consequence work, not injury frequency.
• Define the few controls that must work to prevent a fatal or serious event.
• Ask for recent field evidence rather than accepting dashboard color alone.
• Check what changed in people, equipment, environment, contractors, or time pressure.
• Name the decision owner who can alter the condition.
• Decide whether work continues, changes, or stops.
• Close actions with evidence, deadline, and escalation rule.

A forty-five-minute review will not fix a weak safety culture by itself. It can, however, force leaders to spend their scarce attention where the consequence is highest and where decisions still have time to protect people.

For organizations that want this routine to become part of leadership discipline, Andreza Araujo's books and ACS Global Ventures consulting connect executive governance with field control verification. The practical aim is simple enough to test next week: fewer meetings about safety performance after the fact, and more leadership decisions while risk is still controllable.