In Hazard Logs – a Brief Summary, we will give you an overview of this important safety management tool. This post serves as an introduction to longer posts and videos (e.g. Hazard Logs & Hazard Tracking Systems), which will provide you with much more content.
Hazard Logs – a Brief Summary
Description of Hazard Log
A Hazard Log is a continually updated record of the Hazards, Accident Sequences, and Accidents associated with a system. It includes information documenting risk management for each Hazard and Accident.
The Hazard Log is a structured means of storing and referencing Safety Risk Evaluations and other information relating to a piece of equipment or system. It is the principal means of tracking the status of all identified Hazards, decisions made and actions undertaken to reduce risks. It should be used to facilitate oversight by the Project Safety Committee and other stakeholders.
The Hazards, Accident Sequences, and Accidents recorded are those which could conceivably occur, as well as those which have already been experienced. The term Hazard Log may be seen as misleading since the information stored relates to the entire Safety Programme and covers Accidents, Controls, Risk Evaluation, and ALARP/SFARP justification, as well as data on Hazards.
Operation
The Hazard Log is maintained by a Hazard Log Administrator, who is responsible to the Project Safety Engineer/Manager. The Hazard Log Administrator has primary access to the Hazard Log allowing him/her to add, edit or close data records. All other personnel requiring access to the Hazard Log are normally allowed read-only access. This allows for visibility of Hazards to all but limits the control/administration of data records to the Hazard Log Administrator.
Records can be tracked by the use of a status field. This, for example, identifies whether the record has just been opened, is awaiting confirmation of mitigation actions, or is ALARP/SFARP.
It is best practice for the Hazard Log to record each Hazard as “open” and for ALARP/SFARP arguments to be provisional until all mitigation actions are confirmed to be satisfactorily completed. An example is where the mitigation depends upon the production of an operational procedure that may not be written until well after the Hazard is first identified in the early stages of design or construction.
Hazards should not be deleted from the Hazard Log, but closed and marked as “out of scope” or “not considered credible”, together with appropriate justification. Where such Hazards are no longer considered relevant to the system, the Log entry should be updated to reflect this.
Application
In general, the Hazard Log should relate to a specified system and record its scope of use, together with the safety requirements. When Hazards are identified, the Hazard Log should show how these Hazards were evaluated and note the resulting residual risk assessment; the Hazard Log should then record any recommendations for further action to mitigate the Hazards, or formally document acceptance of the Hazards and any ALARP/SFARP justification.
Since a Hazard Log is a structured way of storing and referencing data and records on Hazards, documenting the Risk Evaluation and other information relating to a piece of equipment or system, clear cross-referencing to supporting documentation is essential. The supporting documentation can be either directly embedded or cross-referenced within the Hazard Log.
When it Might be Used
A Hazard Log should be established for all projects. This will allow full traceability of the formal decision process which would justify the assessed level of Safety Risk.
The Hazard Log is established at the earliest stage of the program and should be maintained throughout the system life cycle as a “live” document or database. As changes are integrated into the system, the Hazard Log should be updated to incorporate added or modified Hazards and the associated residual risks noted to reflect the current design standard.
It is essential that the Hazard Log is reviewed at regular intervals, to ensure that Hazards are being managed appropriately and enable robust safety arguments in the Safety Case to be established.
Advantages, Disadvantages, and Limitations
Advantages
The Hazard Log contains the traceable record of the Hazard Management process for the Project and therefore:
Ensures that the Project Safety Programme uses a consistent set of Safety information;
Facilitates oversight by the Safety Panel and other stakeholders of the current status of the Safety activities;
Supports the effective management of possible Hazards and Accidents so that the associated Risks are brought up to and maintained at a tolerable level;
Provides traceability of Safety decisions made.
Disadvantages
The relationship between Hazards, Accidents, and their management through setting and meeting Safety Requirements could be included within the Hazard Log. However, if it is not sufficiently robust or well-structured, this may obscure the identification and clearance of Hazards;
If Hazards are not well defined when they are entered into the Hazard Log, then the rigor enforced by the need for a clear audit trail of changes made may make it very difficult to maintain the Hazard and Accident records in the most effective way. An appropriate structure should therefore be designed and agreed upon before data entry starts.
Comments
A Hazard Log can be produced in any format, but an electronic format is the most common, as this tends to provide the quickest means of cross-referring and providing traceability through the Hazard Log. A paper-based Hazard Log would have limitations for most defense Systems as it would become large, staff-intensive, and cumbersome as the System developed. This in turn introduces a significant maintenance overhead for a project.
The electronic form of the Hazard Log can be developed using Database development tools like Microsoft Access or SQL Server. Alternatively, you can use an existing application such as DOORS. Alternatively, it can be completed in a simple spreadsheet package such as Microsoft Excel. The UK Ministry of Defence’s preferred Hazard Log tool was Cassandra, a proprietary Database based upon Microsoft Access. (We will use Cassandra as an example in another blog post.)
A bespoke Database enables the originator to custom define fields appropriate to the System. Conversely, a proprietary tool allows for a consistent and standardized approach across a range of programs. A bespoke system may be relatively simple to administer and manipulate, whereas a proprietary tool may require external training. Widespread use of different bespoke solutions may become unmanageable.
Sources of Additional Information
Additional guidance on the Hazard Log can be found within the following references: MoD’s Project-Oriented Safety Management System – procedure SMP11 – Hazard Log. An example Hazard Log structure is also presented there.
Copyright Acknowledgement
In this article, I have used material from a UK Ministry of Defence guide. It is reproduced under the terms of the UK’s Open Government Licence.
Career change: in my lecture to the System Engineering Industry Program at the University of Adelaide, I reflect on my career changes. What can you learn from my experiences? (Hint: a lot, I hope!)
I want to talk about career changes because all of you – everyone listening – have already started to make them. You’ve already made the ‘career change’ from being a school student to coming here. You’re going to graduate – hopefully – and then move on into industry or academia or whatever you choose to do. And there are a lot of things to take in. Some of them are directly relevant to safety. But a lot of these things are relevant to whatever you’re doing.
I’m a High-School Student: How Can I Plan My Career Path?
When I was a student at school, I knew what I wanted to do. I guess I was quite lucky in that respect. I wanted to be a pilot in the Air Force. But then I flunked my first eye test at 14, and I knew that was the end of that dream. So I had to choose something else. And I ended up becoming an engineer in the Air Force.
The relevance of that is that I joined the Air Force before I went to university, and they paid me some money. They paid my fees (Well, there weren’t fees at the time.) I know it’s a strange concept these days, but University was free back in the day. But far fewer people went to university, so it’s swings and roundabouts.
But I’d gone from school, where I was in the top three of everything in every class. Then I started doing my engineering course at university. I found myself in the bottom quarter of the class in terms of performance. So that was a bit of a shock, I have to say. I suddenly realized that I was now a small fish in a much bigger bowl. I suppose if you never leave Adelaide, you never have to experience that.
But if those of you do move on and move out of the Goldfish Bowl is ‘Adle’-brain, you’ll discover there’s a big world out there. One with lots of competition. And it’s a very exciting world, but it can be a little bit frightening sometimes. But anyway, I got through it. Most of us got through the course. I was doing an aerospace systems engineering course, and we had a wash-out rate of about 10% in the first year. But if you survived your first year, it got easier.
I’ve got these questions – I lifted these questions, actually, from an essay education website. It’s a bit tongue in cheek saying, ‘How can I plan my career path?’. Because when you’re at school, you don’t really have any idea about what work is all about. Unless maybe you’ve got a part-time job. Or your family owns a business or whatever, and you’ve worked in it, and you have a more realistic idea of what work is. But work is very different from school, as I’m sure you know, and University is very different from school.
I’m a Graduate: What Do I Do Next?
And then when I graduate, I think, ‘Well, I had a career path mapped out for me’, which was ‘Join the Air Force’. But I had some second thoughts. University opened my eyes and widened my horizons. And I thought about doing other things. ‘Should I stick with the Air Force?’. Although, there was always the issue that I’d have to pay them back lots of money, which I didn’t have. So, I decided to stay.
And so, you’re thinking as a graduate, ‘Well, what do I do next?’. There’re opportunities in the public sector, working for the government. There’re opportunities in the private sector. Do I go for a small or medium or work for a large firm? Do I stay in academia and do some research? What do I do? (Do you all go straight to a master’s on your course? Or is it a bachelor’s?) So maybe you think, ‘Well, do I stay and do a master’s?’ ‘Do I stay and do a Ph.D.?’ My results weren’t good enough to do a Ph.D. so that was a decision I didn’t have to make.
There are lots of choices. And there are pros and cons of working for large firms and small firms or the public sector. I have to say the public sector is probably better at training you and investing in you. This is because they typically employ large numbers of people. And certainly, the Air Force was very enlightened about the way it did education.
And a lot of people in the Air Force studying – even the troops who had maybe joined the Air Force early, those who left school at 16 with very few qualifications. Lots of people were doing a part-time study with the Open University. A lot of people I worked with did that. Part of my job was to help them get through trying to do a master’s degree in software engineering or safety part-time and support them. Which was a great privilege and I really enjoy doing that. So, you’ve got lots of choices.
So, there’re lots of opportunities out there for you. Do go out and look at what’s out there. And as I say, some firms will have a formal graduate development scheme. Others will not. It’ll be an informal scheme, but make your mind up about which way you want to go. And what you want. Always bearing in mind, of course, that, as you’ll have seen, I ended up making a series of big career changes. I had no idea I was going to do those things. I got into software by accident. I got into safety by accident. Sorry, but no cheesy pun intended.
I’m a Veteran: How Can I Make the Career Change into Industry?
And then when I left the Air Force after 20 years, I had to make a career change from Air Force into ‘Civvy Street’, as it was known. And fortunately for me, the Air Force – in fact, all the armed forces in the UK – had a really good career change scheme. A scheme where you’re entitled to go back to the classroom and you could do courses. There were some basic courses everybody had to do.
Specifically, one where you were taught how to deal with grief, surprisingly. Because if you’ve been institutionalized in a large employer for a long, long time and you only know one way of doing things, then it’s difficult to leave. Then when you leave that and you’ve got to go out and make your own decisions and stuff, and that’s really challenging.
And the forces introduced this career change scheme based on – I think it was at a New York Police Department experience. The New York police discovered that a lot of their veterans who left the police force were dying after only a few years of retirement. And they thought ‘This is weird. They’ve done this dangerous job all their lives, and then they leave and then they all die’.
Of natural causes, I should say, and suicide. And the New York police said, ‘We’re not preparing our people to leave the stresses and strains of the police and get used to a completely different way of life.’. Fortunately, the force has introduced this career change training to help you do that. To learn practical skills. I did my project management training, et cetera.
So, that was helpful. And often I would say, if you’re going to make a career change, retraining is often a big part of that. Whether it’s the cause or the effect of the career change.
I’m Looking for A Career Change: What Are My Options?
In all of these things – as I say, I’ve done a lot of changes in my career. Some of my career was planned, but a great deal of it was not. And that’s okay. Sometimes choices are made for you by personal circumstances or whatever. I decided I had to leave the Air Force because our daughter was about to go to secondary school. We couldn’t afford to move around anymore and disrupt her education. So, the choice was made for me.
But also you might be tracking along quite nicely in your job and an opportunity comes up. And you think, ‘Well, I’d never thought about doing that, but actually, this is interesting. I’ve just got to try this.’ And I would encourage you to do that.
I’m An Employer: How Can I Ensure I Have the Workforce I Need?
One of the things I do nowadays – what I have done for a long time – is interview people. Whether it be for Frazer-Nash, QinetiQ before, or even in the Air Force. Because some of the jobs I was in were specialists and we had the right to interview. We could choose people. We could choose volunteers. So, I’ve interviewed hundreds and hundreds of people over many years. And potential employers are looking for the right people to employ. You’re looking for a good employer. How do I perform an interview and get that job? Or that career that I want?
And it’s not a secret, but when I’m interviewing people, if you rock up at the office, I’m going to find out what you do. What you’ve been doing academically. What you do outside of work. Because obviously – it’s not ‘obviously’, sorry. Often some of the most interesting things about people are what they do in their spare time. And you can learn a lot about somebody. People have got interests, particularly those who serve in different ways. Whether you volunteer for anything or sport or something like that. Because you often find that high achievers in life tend to be high achievers in everything.
And I’ve interviewed one or two people and they’ve gone out the door and I’ve looked at the other interviewer. And I’d say, ‘Well if we hire her, we’re all going to have to raise our game, aren’t we? Because she’s going to make us look bad.’. Which is a wonderful problem to have, by the way. You think ‘Great. We can get this person on the team who’s going to allow us to do something we’ve never done before.’. So, we’re looking for people that we can utilize. That we can deploy. What have you done? What tools and techniques are you able to use?
Consultancy is a bit unusual. Most of you will probably not start in consultancy. You probably won’t start in safety. In safety, most of us tend to have done another job first and then got into it for whatever reason. So, we’ve made that ‘career change’ as a graduate or an ex-graduate early in your career. I guess we’ll be looking mainly at your potential.
It’s not the technical skills so much that we’re looking for. Technical skills can be taught. If I want somebody who can do fault tree analysis, we can teach you how to do fault tree analysis. We can send you on a course. What I can’t or what is not so easy to teach is attitude and the way you approach work. And are you a team player and all those kinds of things? So, that’s often much more important.
I’m An Educator: How Can I Inspire or Educate?
I suppose this is what I’m trying to do today. In my spare time, I also run my own business called The Safety Artisan so please check it out. You can go to www.safetyartisan.com. And there’re lots of lessons on there about safety. About Australian WHS and system safety. Some of it is free and some of it you have to pay me some money for which I will be very grateful. Thank you very much. The only problem is you have to listen to me talking, but never mind. You can’t have everything.
There’re a lot of opportunities out there, and I think the Australian jobs market is very dynamic. And it works both ways. Big firms will hire hundreds of people to do a project. And then some of them will then fire you just like that when the project is over. Not all firms are like that. Many are looking for people with transferable skills. If one door shuts, usually another door opens. So, we’re looking for people who can be flexible and adaptable. This is why I find myself doing cybersecurity these days as well as safety.
Reflections On a Career in Safety
I’ll move on to some quick reflections. It says ‘Reflections on a career in safety’ but you could apply this to almost anything. At University, I learned – and in training courses throughout my career – I’ve learned a theoretical framework. Whether it be engineering. Whether it be marketing. Marketing is a science and an art and a very complex one, for example.
So, whether it’s engineering or not, there’re lots of things to learn during your career. And you’ll get to learn on a course, or an institution like this – You’ll get to learn some theory. A framework to plug things into. But actually, it’s the practical experience where you sort of put the flesh on the bones, and the two go together.
And then the second point I’d just like to make on reflection. To a degree, I would say go with the flow because opportunities will come up that you hadn’t planned for. That you hadn’t thought of. But give it a go. If you’ve got an opportunity, try it. Particularly as I found, if the alternative is doing something you really don’t want to do. That makes the choice a lot easier. But go for it.
Also, you’ve got to remember to stick to your principles. So, you’ve got to decide what’s important to you and hold on to those values. Otherwise, you could end up doing something you’re not happy with. In fact, somebody much cleverer than me once said that the secret or the art of progress is to “preserve change amidst order and preserve order amidst change”. And those are very wise words. So, decide what’s really important to you. What you will not change. What you will not compromise on under any circumstances. But other than that, go for it.
And finally, in safety and in many other things, I’ve seen people tend to overcomplicate things. I think Einstein said, if you can’t explain something in simple terms, you don’t really understand it. And that’s a very challenging quote but it’s very true. So, there’s a lot of complexity out there. And that’s the whole point of systems engineering, isn’t it? To deal with complexity. So, big programs, are complex things and difficult to understand. But it’s all about boiling it down to something simple. And then, understanding what those core principles are and holding fast onto them while dealing with the complexity. So, a little plug for systems engineering.
I’m very happy to talk about systems engineering, it’s so important to safety.
Do You have any Career Change Questions? Leave a Comment, below.
In this post on Safety Management Policy, we’re going to look at the policy requirements of a typical project management safety standard. This is the Acquisition Safety & Environmental System (ASEMS).
The Ministry of Defence is the biggest acquirer of manufactured goods in the UK, and it uses ASEMS to guide hundreds of acquisition projects. They will range from the development of large, complex systems to buying simpler off-the-shelf items.
(You may be aware that the UK Ministry of Defence has a terrible record of project failure. I have personal experience of working on both sides of contracts – for buyer and seller. I can tell you that they would have done better if they had followed ASEMS more carefully. The standard is good, but no standard can help if you don’t use it!)
The policy clauses listed here are typical of many found around the world. There is a lot to be learned by studying them.
Safety Management Policy – Overview
ASEMS Part 1 – Policy comprises a series of policy statements grouped in six loosely related sections as follows:
Part 1 – General Clauses
These clauses represent those overarching general requirements that shall be used in all instances. If the clause is self-explanatory, there may not be explicit Instructions in ASEMS – Part 2 Instructions, Guidance, and Support to support them but where these are provided, the Instructions and Guidance will provide a best practice method for compliance.
Clause 1.1 Conform to Secretary of State for Defence’s Policy
Those holding safety and environmental protection delegations shall ensure that in the procuring or supporting Products, Systems, or Services, they conform to the Secretary of State’s Health, Safety, and Environmental Protection Policy Statement.
Clause 1.2 Instructions
The instructions defined in ASEMS – Part 2 Instructions, Guidance, and Support shall be used to manage safety and environmental impact within the Enterprise.
Clause 1.3 Duty Holders
Duty Holders shall be appointed and Letters of Delegation issued in accordance with the Enterprise Chief Executive Officer’s Organisation and Arrangements.
Clause 1.4 Interfaces
Interfaces between organizations shall be identified so that risks across them can be appropriately managed and effectively communicated.
Clause 1.5 Data and Record Format
Data shall be maintained in a format, which satisfies the reporting requirements of senior management within the Enterprise. Auditable records shall be made and kept under review in accordance with relevant legislation.
Clause 1.6 Significant Occurrences and Fault Reporting
All Delivery (Project) Teams shall record and report significant Product, System, or Service faults, accidents, incidents, and near misses to the Enterprise Safety, Health & Environment Committee through the Quality, Safety, and Environmental Protection Team.
Clause 1.7 Learning From Experience
Business Units, Delivery (Project) Teams, or equivalents shall ensure accidents and incidents are investigated to identify opportunities to reduce the likelihood and impact of recurrence. Lessons learned shall be shared amongst all relevant stakeholders to maximize benefit.
Clause 1.8 Training
Enterprise-sponsored courses for system safety and environmental protection shall be the recognized route for achieving suitable and sufficient competence throughout the Enterprise.
Part 2 – Management Responsibilities
Management responsibilities for safety and environmental protection permeate through every Clause, and are the heart of any successful safety and environmental management system; however, these Clauses confer specific requirements upon management and make compliance easier to measure.
Clause 2.1 Organisation and Arrangements
Business Unit Directors or equivalent shall document their Organisation and Arrangements that shall communicate their commitment to the Secretary of State for Defence’s policy statement, continual improvement, positive safety and environmental culture, to minimize adverse effects on the environment, and comply with legal and other appropriate requirements.
Clause 2.2 Communication
Business Units, Delivery (Project) Teams, or equivalents shall ensure that communication procedures are implemented that provide an effective flow of safety and environmental protection information upwards, downwards, and across their organization.
Clause 2.3 Organisational Change Management
Business Unit Directors or equivalent shall identify any increased safety risk associated with organizational change and manage it appropriately.
Part 3 – Safety and Environmental Management System
These Clauses place specific requirements upon organizations and individuals and represent the minimum requirements for a safety and environmental management system. They include the requirement to plan for safety and environmental protection, to enact that plan, check that the plan is working, and to make changes where necessary to improve the system
Clause 3.1 Safety and Environmental Management System
Business Units, Delivery (Project) Teams, or equivalents shall operate in compliance with established Safety and Environmental Management Systems.
Clause 3.2 Safety and Environmental Management Plan
Business Units or equivalent shall ensure that all Products, Systems, or Services have a suitable and sufficient through-life safety and environmental management plan.
Clause 3.3 Stakeholder Agreements
Agreements between Stakeholders shall define and document system safety and environmental protection responsibilities.
Clause 3.4 Availability of Resources
Business Units, Delivery (Project) Teams or equivalents shall ensure the availability of resources necessary to establish, implement and maintain the safety and environmental management system and detail these in a through-life safety and environmental management plan.
Clause 3.5 Core Element Documentation
Business Units, Delivery (Project) Teams or equivalents shall establish, maintain and retain suitable and sufficient information that describes the core elements of the safety and environmental management system(s), their interaction, and any related documentation.
Clause 3.6 Accountability
Individuals deployed to assignments that require the formal delegation of safety and environmental responsibilities, accountabilities, and authority shall be mapped against, and comply with, the requirements of the Enterprise Acquisition Safety taxonomy.
Clause 3.7 Monitoring
Business Units, Delivery (Project) Teams or equivalents shall establish, implement and maintain a suitable and sufficient procedure to monitor and measure safety and environmental performance of their safety and environmental management system on a regular basis.
Clause 3.8 Audit Frequency
Compliance with the documented safety and environmental management system shall be verified via audit at planned intervals according to a published schedule, and as required.
Clause 3.9 Internal Audit
At planned intervals commensurate with the risk:
Business Units shall audit their Delivery (Project) Teams, or equivalents, safety, and environmental management systems.
Delivery (Project) Teams or equivalents shall audit the safety and environmental management systems of their projects.
The Enterprise Quality, Safety, and Environmental Protection Team or their representative, shall audit the safety and environmental management systems of Business Units and Delivery (Project) Teams.
Policy Clause 3.10 Review
Business Units, Delivery (Project) Teams, or equivalents shall review their safety and environmental management systems, at planned intervals commensurate with the risk, to ensure their continuing suitability, adequacy, and effectiveness.
Part 4 – Safety and Environmental Cases/Assessments
These Clauses contain the requirements that each safety and environmental case/assessment shall contain. Defense Regulators may require further, additional, requirements to what is contained in these clauses. Adherence to these Clauses will ensure safety and environmental cases/assessments contain the minimum evidence necessary to support safety and environmental arguments that Products, Systems, and Services are safe to use.
Clause 4.1 Safety Cases
Delivery (Project) Teams or equivalents shall establish and maintain through-life safety cases that provide a compelling, comprehensible, and valid argument that a Product, System, or Service is safe for a given application in a given operating environment.
Clause 4.2 Environmental Cases
Delivery (Project) Teams or equivalents shall establish and maintain through-life environmental cases that provide a compelling, comprehensible, and valid argument that the environmental impact of a Product, System or Service is reduced, or Best Practicable Environmental Option (BPEO) is applied.
Clause 4.3 Identification of Legislation and other Requirements
Business Units or equivalent shall establish and maintain a procedure for identifying and accessing the relevant safety and environmental legislative and other requirements that are applicable to their projects.
Clause 4.4 Legislation Compliance and other Requirements
Delivery (Project) Teams or equivalents shall establish, and demonstrate compliance with, relevant legislation and other requirements.
Clause 4.5 Environmental Impact Identification
Business Units, Delivery (Project) Teams or equivalent shall establish, implement and maintain a procedure for the on-going proactive identification of environmental impacts.
Clause 4.6 Safety Hazard Identification
Business Units, Delivery (Project) Teams or equivalent shall establish, implement and maintain a procedure for the on-going proactive identification of safety hazards.
Clause 4.7 Safety and Environmental Objectives and Targets
Business Units, Delivery (Project) Teams or equivalents shall establish and maintain relevant safety and environmental objectives with a resourced programme to achieve targets.
Clause 4.8 Accident and Incident Records
Business Units, Delivery (Project) Teams or equivalent shall monitor and record accidents, incidents and near misses, where the performance of their Product, Systems or Services results in harm to individuals or damage to the environment and use this information to keep their risk assessments valid.
Clause 4.9 Assessment Approval
Safety and environmental case reports shall be personally approved by the individual with formally delegated authority to confirm their acceptance with the progress of the safety case/assessment and of the risks associated with the project.
Clause 4.10 Independent Assurance
Independent review of the Safety and Environmental Management System shall be ensured, as appropriate and commensurate to the risk, by the individual with formally delegated authority for safety and environmental protection.
Part 5 – Risk management
Risk Management is an essential function of safety and environmental protection and these Clauses reflect that importance. They set both general safety and environmental protection standards and specific the Enterprise requirements that support the need for assurance and performance monitoring to the Defence Board. The requirement to refer risks through Line management is included here.
Clause 5.1 Risk and Impact Assessment
All foreseeable Safety Risks and Environmental impacts shall be identified, assessed, prioritised and managed.
Clause 5.2 Change Management
Business Units, Delivery (Project) Teams or equivalents are to ensure that all new or increased safety risks arising from changes to Products, Systems or Services or to their operating environment are managed appropriately
Clause 5.3 Hierarchy of Controls
Business Units, Delivery (Project) Teams, or equivalent shall adopt a recognized hierarchical approach for achieving a reduction in safety risk and environmental impact.
Clause 5.4 Consultation
Business Units, Delivery (Project) Teams, or equivalent shall ensure that all stakeholders are identified and consulted so that their views and responsibilities are considered when managing safety and environmental risks.
Clause 5.5 Safety Risk
Products, Systems or Services shall not have safety risks that have not been formally assessed, justified and declared to be Tolerable and As Low As Reasonably Practicable (ALARP), unless communicated and accepted by a Duty Holder (DH).
Clause 5.6 Environmental Impact
Significant environmental impacts shall be minimised utilising BPEO.
Clause 5.7 Non-compliance Reporting
In circumstances where the ability of the Delegation Holder to achieve compliance with the requirements of ASEMS may have been compromised, Business Units, Delivery (Project) Teams or equivalents shall take immediate steps to correct the situation. Actions required could include improving the clarity of the authority, instructions or responsibilities provided, increasing resources or correcting deficiencies in practices or procedures. Where resolution of the problem lies outside the control of the Delegation Holder, the issue is to be referred through the line management chain. This requirement is to be applied to any further levels of delegation as necessary.
Clause 5.8 Referral Requirements
Where risks cannot be managed within an individual’s delegated responsibility, the risk shall be formally referred using the Enterprise Risk Referral procedure.
Part 6 – Competence
It is necessary that those involved in safety and environmental protection are suitably qualified and experienced in order for them to perform their roles. These Clauses detail the way that competence is to be captured and assessed.
Clause 6.1 Roles and Responsibilities
Business Units, Delivery (Project) Teams or equivalents shall demonstrate that competence requirements have been established for all roles in accordance with appropriate standards including the Enterprise System Safety & Environmental Protection Competency Maps, Assignment Specifications, and Success Profiles.
Clause 6.2 Suitably Qualified and Experienced Personnel
Business Units, Delivery (Project) Teams or equivalents shall ensure that those engaged in safety and environmental protection are suitably qualified and experienced to discharge their safety and environmental responsibilities.
Clause 6.3 Competence
The competence of all staff with system safety and environmental responsibilities shall be regularly assessed, monitored, and recorded. Staff with formally delegated system safety and environmental responsibilities shall demonstrate their competence to receive the delegation prior to deployment, and their competence shall be regularly monitored and recorded.
Safety Management Policy: which clauses will you use?
Good work design can help us achieve safe outcomes by designing safety into work processes and the design of products. Adding safety as an afterthought is almost always less effective and costs more over the lifecycle of the process or product.
Introduction
The Australian Work Health and Safety Strategy 2012-2022 is underpinned by the principle that well-designed healthy and safe work will allow workers to have more productive lives. This can be more efficiently achieved if hazards and risks are eliminated through good design.
This handbook contains ten principles that demonstrate how to achieve the good design of work and work processes. Each is general in nature so they can be successfully applied to any workplace, business, or industry.
The ten principles for good work design are
structured into three sections:
Why good work design is important;
What should be considered in good work design; and
How good work is designed.
These principles are shown in the diagram in Figure 1.
Figure 1. Good work design principles.
This handbook complements a range of
existing resources available to businesses and work health and safety
professionals including guidance for the safe design of plant and structures
see the Safe Work Australia Website.
Scope of the Handbook
This handbook provides information on how to apply good work design principles to work and work processes to protect workers and others who may be affected by the work.
It describes how design can be used to set up the workplace, working environment, and work tasks to protect the health and safety of workers, taking into account their range of abilities and vulnerabilities, so far as reasonably practicable.
The handbook does not aim to provide advice on managing situations where individual workers may have special requirements such as those with a disability or on a return to work program following an injury or illness.
Who Should Use this Handbook?
This handbook should be used by those with
a role in designing work and work processes, including:
Persons conducting a business or undertaking (PCBUs) with a primary duty of care under the model Work Health and Safety (WHS) laws.
PCBUs who have specific design duties relating to the design of plant, substances, and structures including the buildings in which people work.
People responsible for designing organizational structures, staffing rosters, and systems of work.
Professionals who provide expert advice to organizations on work health and safety matters.
Good work design optimizes work health and safety, human performance, job satisfaction, and business success.
Information:Experts who provide advice on the design of work may include: engineers, architects, ergonomists, information, and computer technology professionals, occupational hygienists, organizational psychologists, human resource professionals, occupational therapists, and physiotherapists.
What is ‘Good Work’?
‘Good work’ is healthy and safe work where the hazards and risks are eliminated or minimized so far as is reasonably practicable. Good work is also where the work design optimizes human performance, job satisfaction, and productivity.
Good work contains positive work elements that
can:
protect workers from harm to their health, safety, and welfare;
improve worker health and wellbeing; and
improve business success through higher worker productivity.
What is Good Work Design?
The most effective design process begins at the earliest opportunity during the conceptual and planning phases. At this early stage there is the greatest chance of finding ways to design-out hazards, incorporate effective risk control measures, and design-in efficiencies.
Effective design of good work considers:
The work:
how work is performed, including the physical, mental and emotional demands of the tasks and activities
the task duration, frequency, complexity, and
the context and systems of work.
The physical working
environment:
the plant, equipment, materials, and substances used, and
the vehicles, buildings, and structures that are workplaces.
The workers:
physical, emotional, and mental capacities and needs.
Effective design of good work can radically transform the workplace in ways that benefit the business, workers, clients, and others in the supply chain.
Failure to consider how work is designed can result in poor risk management and lost opportunities to innovate and improve the effectiveness and efficiency of work.
I suspect that many of us have seen badly-designed work, which results in workarounds or waste, or both. A little fore-thought can prevent this.
Top Tip
The principles for good work design
support duty holders to meet their obligations under the WHS laws and also help
them to achieve better business practice generally.
For the purposes of this handbook, a work designer is anyone who makes decisions about the design or redesign of work. This may be driven by the desire to improve productivity as well as the health and safety of people who will be doing the work
The WHY Principles
Why is good work design important?
Principle 1: Good
work design gives the highest level of protection so far as is reasonably
practicable
All workers have a right to the highest practicable level of protection against harm to their health, safety, and welfare.
The primary purpose of the WHS laws is to protect persons from work-related harm so far as is reasonably practicable.
Harm relates to the possibility that death, injury, illness, or disease may result from exposure to a hazard in the short or long term.
Eliminating or minimizing hazards at the source before risks are introduced in the workplace is a very effective way of providing the highest level of protection.
Principle 1 refers to the legal duties under the WHS laws. These laws provide the framework to protect the health, safety, and welfare of workers and others who might be affected by the work. During the work design, process workers and others should be given the highest level of protection against harm that is reasonably practicable.
Prevention of workplace
injury and illness
Well-designed work can prevent work-related deaths, injuries, and illnesses. The potential risk of harm from hazards in a workplace should be eliminated through good work design.
Only if that is not reasonably practicable, then the design process should minimize hazards and risks through the selection and use of appropriate control measures.
New hazards may inadvertently be created when changing work processes. If the good work design principles are systematically applied, potential hazards and risks arising from these changes can be eliminated or minimized.
Information: Reducing the speed of an inappropriately fast process line will not only reduce production errors, but can also diminish the likelihood of a musculoskeletal injury and mental stress.
Principle 2: Good
work design enhances health and wellbeing
Health is a “state of complete physical, mental, and social wellbeing, not merely the absence of disease or infirmity” (World Health Organisation).
Designing good work can help improve health over the longer term by improving workers’ musculoskeletal condition, cardiovascular functioning, and mental health.
Good work design optimizes worker function and improves participation enabling workers to have more productive working lives.
Health
benefits
An effective design aims to prevent harm, but it can also positively enhance the health and wellbeing of workers, for example, satisfying work and positive social interactions can help improve people’s physical and mental health.
As a general guide, the healthiest workers have been found to be three times more productive than the least healthy. It, therefore, makes good business sense for work design to support people’s health and wellbeing.
Information: Recent research has shown long periods of sitting (regardless of exercise regime) can lead to an increased risk of preventable musculoskeletal disorders and chronic diseases such as diabetes. In an office environment, prolonged sitting can be reduced by allowing people to alternate between sitting or standing whilst working.
Principle 3: Good
work design enhances business success and productivity
Good work design prevents deaths, injuries, and illnesses and their associated costs, improves worker motivation and engagement, and in the long-term improves business productivity.
Well-designed work fosters innovation, quality, and efficiencies through effective and continuous improvement.
Well-designed work helps manage risks to business sustainability and profitability by making work processes more efficient and effective and by improving product and service quality.
Cost savings and productivity improvements
Designing-out problems before they arise is generally cheaper than
making changes after the resulting event, for example by avoiding expensive
retrofitting of workplace controls.
Good work design can have direct and tangible cost savings by
decreasing disruption to work processes and the costs from workplace injuries
and illnesses.
Good work design can also lead to productivity improvements and
business sustainability by:
allowing organizations to adjust to changing business needs and streamline work processes by reducing wastage, training, and supervision costs
improving opportunities for creativity and innovation to solve production issues, reduce errors and improve service and product quality, and
making better use of workers’ skills resulting in more engaged and motivated staff willing to contribute greater additional effort.
Figure 1, The WHY Principles
The WHAT Principles
What should be considered by those with design
responsibilities?
Principle 4: Good work design addresses physical, biomechanical, cognitive, and psychosocial characteristics of work, together with the needs and capabilities of the people involved
Good work design addresses the different hazards associated with work e.g. chemical, biological, and plant hazards, hazardous manual tasks, and aspects of work that can impact mental health.
Work characteristics should be systematically considered when work is designed, redesigned or the hazards and risks are assessed.
These work characteristics should be considered in combination and one characteristic should not be considered in isolation.
Good work design creates jobs and tasks that accommodate the abilities and vulnerabilities of workers so far as reasonably practicable.
All tasks have key characteristics with associated hazards and risks, as shown in Figure 2 below:
Figure 2 – Key characteristics of work.
Hazards and risks associated with tasks are identified and
controlled during good work design processes and they should be considered in
combination with all hazards and risks in the workplace. This highlights that
it is the combination that is important for good work design.
Workers can also be exposed to a number of different hazards from a single task. For example, meat boning is a common task in a meat-processing workplace. This task has a range of potential hazards and risks that need to be managed, e.g. physical, chemical, biological, biomechanical, and psychosocial. Good work design means the hazards and risks arising from this task are considered both individually and collectively to ensure the best control solutions are identified and applied.
Good work design can prevent unintended consequences which might arise if task control measures are implemented in isolation from other job considerations. For example, automation of a process may improve production speed and reduce musculoskeletal injuries but increase the risk of hearing loss if effective noise control measures are not also considered.
Workers have different needs and capabilities; good work design
takes these into account. This includes designing to accommodate them given the
normal range of human cognitive, biomechanical and psychological
characteristics of the work.
Information: The Australian workforce is changing. It is typically older with higher educational levels, more inclusive of people with disabilities, and more socially and ethnically diverse. Good work design accommodates and embraces worker diversity. It will also help a business become an employer of choice, able to attract and retain an experienced workforce.
Principle 5: Good work design considers the business needs, context, and work environment.
Good work design is ‘fit for purpose’ and should reflect the needs of the organization including owners, managers, workers, and clients.
Every workplace is different so approaches need to be context-specific. What is good for one situation cannot be assumed to be good for another, so off-the-shelf solutions may not always suit every situation.
The work environment is broad and includes: the physical structures, plant and technology, work layout, organizational design and culture, human resource systems, work health and safety processes, and information/control systems.
The business organizational structure and culture, decision-making processes, work environment, and how resources and people are allocated to the work will, directly and indirectly, impact on work design and how well and safely the work is done.
The work environment includes the physical structures, plant, and technology. Planning for relocations, refurbishments, or when introducing new engineering systems are ideal opportunities for businesses to improve their work designs and avoid foreseeable risks.
These are amongst the most common work
changes a business undertakes yet good design during these processes is often
quite poorly considered and implemented. An effective design following the
processes described in this handbook can yield significant business benefits.
Information: Off-the-shelf solutions can be explored for some common tasks, however usually design solutions need to be tailored to suit a particular workplace.
Good work design is most effective when it
addresses the specific business needs of the individual workplace or business.
Typically work design solutions will differ between small and large businesses.
However, all businesses must eliminate or minimize their work health and safety risks so far as reasonably practicable. The specific strategies and controls will vary depending on the circumstances.
The table on the next page demonstrates
how to step through the good work design process for small and large
businesses.
Good design steps
In a large business that is downsizing
In a small business that is undergoing a refit
Management commitment
Senior management make their commitment to good work design explicit ahead of downsizing and may hire external expertise.
The owner tells workers about their commitment to designing-out hazards during the upcoming refit of the store layout to help improve safety and efficiency.
Consult
The consequences of downsizing and how these can be managed are discussed in senior management and WHS committee meetings with appropriate representation from affected work areas.
The owner holds meetings with their workers to identify possible issues ahead of the refit.
Identify
A comprehensive workload audit is undertaken to clarify opportunities for improvements.
The owner discusses the proposed refit with the architect and builder and gets ideas for dealing with issues raised by workers.
Assess
A cost-benefit analysis is undertaken to assess the work design options to manage the downsizing.
The owner, architect, and builder jointly discuss the proposed refit and any worker issues directly with workers.
Control
A change management plan is developed and implemented to appropriately structure teams and improve systems of work. Training is provided to support the new work arrangements.
The building refit occurs. Workers are given training and supervision to become familiar with a new layout and safe equipment use.
Review
The work redesign process is reviewed against the project aims by senior managers.
The owner checks with the workers that the refit has improved working conditions and efficiency and there are no new issues.
Improve
Following consultation, refinement of the redesign is undertaken if required.
Minor adjustments to the fit-out are made if required.
Table 1 – steps in good work design for large and small businesses
Principle 6: Good
work design is applied along the supply chain and across the operational
lifecycle.
Good work design should be applied along the supply chain in the design, manufacture, distribution, use and disposal of goods and the supply of services.
Work design is relevant at all stages of the operational life cycle, from start-up, routine operations, maintenance, downsizing and cessation of business operations.
New initiatives, technologies, and changes in organizations have implications for work design and should be considered.
Information: Supply chains are often made up of complex commercial or business relationships and contracts designed to provide goods or services. These are often designed to provide goods or services to a large, dominant business in a supply chain. The human and operational costs of poor design by a business can be passed up or down the supply chain.
Businesses in the supply chain can have
significant influence over their supply chain partners’ work health and safety
through the way they design the work.
Businesses may create risks and so they
need to be active in working with their supply chains and networks to solve
work health and safety problems and share practical solutions for example, for
common design and manufacturing problems.
Health and safety risks can be created at
any point along the supply chain, for example, loading and unloading causing
time pressure for the transport business.
There can be a flow-on effect where the
health and safety and business ‘costs’ of poor design may be passed down the
supply chain. These can be prevented if businesses work with their supply chain
partners to understand how contractual arrangements affect health and safety.
Procurement and contract officers can also positively influence their own organization and others’ work health and safety throughout the supply chain through the good design of contracts.
When designing contractual arrangements
businesses could consider ways to support good work design safety outcomes by:
setting clear health and safety expectations for their supply chain partners, for example through the use of codes of conduct or quality standards
conducting walk-through inspections, monitoring, and comprehensive auditing of supply chain partners to check adherence to these codes and standards
building the capability of their own procurement staff to understand the impacts of contractual arrangements on their suppliers, and
consulting with their supply chain partners on the design of good work practices.
Information: The road transport industry is an example of the application of how this principle can help improve drivers’ health and safety and address issues arising from supply chain arrangements. For example, the National Heavy Vehicle Laws ‘chain of responsibility’ requires all participants in the road transport supply chain to take responsibility for driver work health and safety. Contracts must be designed to allow drivers to work reasonable hours, take sufficient breaks from driving and not have to speed to meet deadlines.
The design of products will strongly impact both health and safety and business productivity throughout their lifecycles. At every stage, there are opportunities to eliminate or minimize risks through good work design. The common product lifecycle stages are illustrated in Figure 3 below.
Figure 3 – common product lifecycle
Information: For more information on the design of structures and plant see ‘Safe design of structures’ and Managing the risks of plant in the workplace and other design guidance on the Safe Work Australia website.
The good work design principles are also
relevant at all stages of the business life cycle. Some of these stages present
particularly serious and complex work health and safety challenges such as
during the rapid expansion or contraction of businesses. Systematic application
of good work design principles during these times can achieve positive work
health and safety outcomes.
New technology is often a key driver of change in work design. It has the potential to improve the quality of outputs, efficiency, and safety of workers, however introducing new technology could also introduce new hazards and unforeseen risks. Good work design considers the impact of the new initiatives and technologies before they are introduced into the workplace and monitors their impact over time.
Information: When designing a machine for safe use, how the maintenance will be undertaken in the future should be considered.
In most workplaces, information and communication technology (ICT) systems are an integral part of all business operations. In practice, these are often the main drivers of work changes but are commonly overlooked as sources of workplace risks. Opportunities to improve health and safety should always be considered when new ICT systems are planned and introduced.
Figure 4, The ICT Triad
The HOW Principles
Principle 7: Engage decision-makers and leaders
Work design or redesign is most effective when there is a high level of visible commitment, practical support, and engagement by decision-makers.
Demonstrating the long-term benefits of investing in good work design helps engage decision-makers and leaders.
Practical support for good work design includes the allocation of appropriate time and resources to undertake effective work design or redesign processes.
Information: Leaders are the key decision-makers or those who influence the key decision-makers. Leaders can be the owners of a business, directors of boards, and senior executives.
Leaders can support good work design by
ensuring the principles are appropriately included or applied, for example in:
key organizational policies and procedures
proposals and contracts for workplace change or design
managers’ responsibilities and as key performance indicators
business management systems and audit reports
organizational communications such as a standing item on leadership meeting agendas, and
the provision of sufficient human and financial resources.
Good work design, especially for complex issues will require adequate time and resources to consider and appropriately manage organizational and/or technological change. Like all business changes, research shows that leader commitment to upfront planning helps ensure better outcomes.
Managers and work health and safety
advisors can help this process by providing their leaders with appropriate and
timely information. This could include for example:
identifying design options that support both business outcomes and work health and safety objectives
assessing the risks and providing short and long term cost-benefit analysis of the recommended controls to manage these risks, and
identifying what decisions need to be taken, when and by whom to effectively design and implement the agreed changes.
Principle 8:
Actively involve the people who do the work, including those in the supply
chain and networks
Persons conducting a business or undertaking (PCBUs) must consult with their workers and others likely to be affected by work in accordance with the work health and safety laws.
Supply chain stakeholders should be consulted as they have local expertise about the work and can help improve work design for upstream and downstream participants.
Consultation should promote the sharing of relevant information and provide opportunities for workers to express their views, raise issues, and contribute to decision-making where possible.
Effective consultation and cooperation of all involved with open lines of communication will ultimately give the best outcomes. Consulting with those who do the work not only makes good sense, it is required under the WHS laws.
Information: Under the model WHS laws (s47), a business owner must, so far as is reasonably practicable, consult with ‘workers who carry out work for the business or undertaking who are, or are likely to be, directly affected by a matter relating to work health or safety.’ This can include a work design issue.
If more than one person has a duty in relation to the same matter, ‘each person with the duty must, so far as is reasonably practicable, consult, co-operate and co-ordinate activities with all other persons who have a duty in relation to the same matter’ (model WHS laws s46).
Workers have knowledge about their own job and often have suggestions on how to solve a specific problem. Discussing design options with them will help promote their ownership of the changes. See Code of practice on consultation.
Businesses that operate as part of a supply chain should consider whether the work design and changes to the work design might negatively impact on upstream or downstream businesses. The supply chain partners will often have solutions to logistics problems that can benefit all parties.
Principle 9:
Identify hazards, assess and control risks, and seek continuous improvement
A systematic risk management approach should be applied in every workplace.
Designing good work is part of the business process and not a one-off event.
Sustainability in the long-term requires that designs or redesigns are continually monitored and adjusted to adapt to changes in the workplace so as to ensure feedback is provided and that new information is used to improve the design.
Good work design should systematically apply the risk management approach to workplace hazards and risks. See Principle 4 for more details.
Typically good work design will involve ongoing discussions with all stakeholders to keep refining the design options. Each stage in the good work design process should have decision points for review of options and to consult further if these are not acceptable. This allows for flexibility to quickly respond to unanticipated and adverse outcomes.
Figure 5 outlines how the risk management
steps can be applied in the design process
Continuous improvements in work health and safety can in part be achieved if the good work design principles are applied at business start-ups and whenever major organizational changes are contemplated. To be most effective, consideration of health and safety issues should be integrated into normal business risk management.
Figure 5 – Steps in the good work design process
Principle 10: Learn
from experts, evidence, and experience
Continuous improvement in work design and hence work health and safety requires ongoing collaboration between the various experts involved in the work design process.
Various people with specific skills and expertise may need to be consulted in the design stage to fill any knowledge gaps. It is important to recognize the strengths and limitations of a single expert’s knowledge.
Near misses, injuries and illnesses are important sources of information about poor design.
Most work design processes will require collaboration and cooperation between internal and sometimes external experts. Internal advice can be sought from workers, line managers, technical support and maintenance staff, engineers, ICT systems designers, work health and safety advisors, and human resource personnel.
Depending on the design issue, external experts may be required such as architects, engineers, ergonomists, occupational hygienists, and psychologists.
Information: If you provide advice on work design options it is important to know and work within the limitations of your discipline’s knowledge and expertise. Where required make sure you seek advice and collaborate with other appropriate design experts.
For complex and high-risk projects, ideally, a core group of the same people should remain involved during both the design and implementation phases with other experts brought in as necessary.
The type of expert will always depend on the circumstances. When assessing the suitability of an expert consider their qualifications, skills, relevant knowledge, technical expertise, industry experience, reputation, communication skills, and membership of professional associations.
Information: Is the consultant suitably qualified? A suitably qualified person has the knowledge, skills, and experience to provide advice on a specific design issue. You can usually check with the professional association to see if the consultant is certified or otherwise recognized by them to provide work design advice.
The decision to design or redesign work should be based on sound evidence. Typically this evidence will come from many sources such as both proactive and reactive indicators, information about new technology, or the business decisions to downsize, expand or restructure or to meet the requirements of supply chain partners.
Proactive and reactive indicators can also be used to monitor the effectiveness and efficiency of the design solution.
Information: Proactive indicators provide early information about the work system that can be used to prevent accidents or harm. These might include for example: key process variables such as temperature or workplace systems indicators such as the number of safety audits and inspections undertaken.
Reactive indicators are usually based on incidents that have already occurred. Examples include the number and type of near misses and worker injury and illness rates.
Useful
information about common work design problems and solutions can also often be
obtained from:
work health and safety
regulators
industry associations and
unions
trade magazines and suppliers,
and
specific research papers.
Figure 6, Sources of Work Design Information
Good Work Design: Summary
The ten principles of good work design can be
applied to help support better work health and safety outcomes and business
productivity. They are deliberately high level and should be broadly applicable
across the range of Australian businesses and workplaces. Just as every
workplace is unique, so is the way each principle can be applied in practice.
When considering these principles in any work design also ensure you take into account your local jurisdictional work health and safety requirements.
My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!
I have made some changes to the text to improve the layout and correct minor problems with Figure numbering in the original document. ‘Top Tips’ are my own, based on my 10+ years of experience working in system safety under Austalian WHS.
‘So Far As Is Reasonably Practicable’ is a phrase that gets used a lot, but what does it mean? How do you demonstrate it?
In this post, I will talk about how to demonstrate SFARP. I’ve been doing this on complex programs for 20+ years now, both in the UK and Australia. The concept of ‘reasonably practicable’ is much easier to apply than people think. I’ve watched a lot of programs over-complicate the process. We just don’t have to do that!
I have some practical tips for you, not just theory. In Australia we do it like this … and you can learn from this wherever you operate!
Attribution
This post uses text from ‘How to Determine what is Reasonably Practicable to Meet a Health and Safety Duty’, published by Safe Work Australia in May 2013.
This copyright work is licensed under a Creative Commons Attribution-Noncommercial 3.0 Australia license. To view a copy of this license, visit here. In essence, you are free to copy, communicate and adapt the work for non-commercial purposes, as long as you attribute the work to Safe Work Australia and abide by the other license terms.
How is ‘reasonably practicable’ defined?
Section 18 of the WHS Act defines the standard that is to be met and describes the process for determining this:
S.18: In this Act, ‘reasonably practicable’, in relation to a duty to ensure health and safety, means that which is, or was at a particular time, reasonably able to be done to ensure health and safety, taking into account and weighing up all relevant matters including:
the likelihood of the hazard or the risk concerned occurring; and
the degree of harm that might result from the hazard or the risk; and
what the person concerned knows, or ought reasonably to know, about the hazard or risk, and about the ways of eliminating or minimising the risk; and
the availability and suitability of ways to eliminate or minimise the risk; and
after assessing the extent of the risk and the available ways of eliminating or minimising the risk, the cost associated with available ways of eliminating or minimising the risk, including whether the cost is grossly disproportionate to the risk.
Note that this definition is actually a risk analysis process. The WHS Risk ManagementCode of Practice provides the minimum process that will meet this requirement.
Top Tip
All Relevant Matters
The process requires that all relevant matters, including those listed in the section, are taken into account and weighed up when determining what is reasonably practicable in particular circumstances.
There are two elements to what is ‘reasonably practicable’. A duty holder must first consider what can be done—that is, what is possible in the circumstances for ensuring health and safety. They must then consider whether it is reasonable in the circumstances to do all that is possible.
Some of the matters listed in section 18 will be relevant to identifying what canbe done, for example, if control measures that will eliminate or minimize the risk are available and suitable. Other matters will be relevant to identifying whether what can be done is reasonable to do, for example, if the risk and degree of harm are grossly disproportionate to the cost of implementing the control measure.
To identify what would be reasonably practicable to do, all of the relevant matters must be taken into account and a balance achieved that will provide the highest level of protection that is both possible and reasonable in the circumstances. No single matter determines what is or was at a particular time reasonably practicable to be done to ensure health and safety.
What Each of the ‘Relevant Matters’ Mean
Factor
Relevance
The likelihood of the hazard or the risk concerned occurring
The greater the likelihood of a risk occurring, the greater the significance this will play when weighing up all matters and determining what is reasonably practicable. If harm is more likely to occur, then it may be reasonable to expect more to be done to eliminate or minimize the risk. The frequency of an activity or specific circumstances will be relevant to the likelihood of a risk occurring. The more a worker is exposed to a hazard, the more likely they are to suffer harm from it.
The degree of harm that might result from the hazard or the risk
The greater the degree of harm that could result from the hazard or risk, the more significant this factor will be when weighing up all matters to be taken into account and identifying what is reasonably practicable in the circumstances. Clearly, more would be expected of a duty holder to eliminate or minimize the risk of death or serious injury than lesser harm.
What the person concerned knows, or ought reasonably to know, about the hazard or risk, and ways of eliminating or minimizing the risk
The knowledge about a hazard or risk, and any ways of eliminating or minimizing the hazard or risk, will be what the duty holder actually knows, and what a reasonable person in the duty holder’s position (e.g. a person in the same industry) would reasonably be expected to know. This is commonly referred to as the state of knowledge. The courts have consistently stated a duty holder must consider all reasonably foreseeable hazards and risks when identifying what is reasonably practicable.
The availability and suitability of ways to eliminate or minimize the risk
This requires consideration of not only what is available, but also what is suitable for the elimination or minimization of risk. A risk control that may be effective in some circumstances or environments may not be effective or suitable in others, because of things such as the workplace layout, skills of relevant workers, or the particular way in which the work is done. Equipment to eliminate or minimize a hazard or risk is regarded as being available if it is provided on the open market, or if it is possible to manufacture it. A work process or change to a work process to eliminate or minimize a hazard or risk is regarded as being available if it is feasible to implement. A way of eliminating or minimizing a hazard or risk is regarded as suitable if it: is effective in eliminating or minimizing the likelihood or degree of harm from a hazard or risk does not introduce new and higher risks in the circumstances, and is practical to implement in the circumstances in which the hazard or risk exists.
The cost associated with available ways of eliminating or minimizing the risk, including whether the cost is grossly disproportionate to the risk.
Although the cost of eliminating or minimizing risk is relevant in determining what is reasonably practicable, there is a clear presumption in favor of safety ahead of cost. The cost of eliminating or minimizing risk must only be taken into account after identifying the extent of the risk (the likelihood and degree of harm) and the available ways of eliminating or minimizing the risk. The costs of implementing a particular control may include costs of purchase, installation, maintenance, and operation of the control measure and any impact on productivity as a result of the introduction of the control measure. A calculation of the costs of implementing a control measure must take into account any savings from fewer incidents, injuries, and illnesses, potentially improved productivity, and reduced staff turnover.
The ‘Relevant Matters’ – we will look at each one of these in turn, below.
The first three Factors are covered in the Risk Management Code of Practice, so we won’t repeat that stuff here. I just want to note:
Remember that “what you ought reasonably to know” includes what your legislator and regulator has published. You can’t be ignorant of this basic stuff and claim to have minimized risks SFARP!
Top Tip
Is the Control Measure Available and Suitable?
Investigations and inquiries may identify many ways to eliminate or minimize a particular type of risk. Some of these may, however, not be available … or may not be suitable in the particular circumstances.
Examples:
A device may not have been introduced into the Australian market, or may be incompatible with Australian operating conditions.
Radio communication to minimise risks from people working in isolation or in remote locations may not be suitable in areas where there is no signal or a poor one.
Mechanical lifting aids may not be able to operate in areas where there is insufficient room to move them around.
Equipment may not be able to be used in areas where the necessary energy source, such as electricity or gas, is unavailable.
Particular processes may not be able to be used if they rely on circumstances, including the behaviour of others, over which the duty holder has no control.
Availability
Equipment to eliminate or minimize a hazard or risk is regarded as being available if it is provided on the open market, or if it is possible to manufacture it.
A work process or change to a work process to eliminate or minimize a hazard or risk is regarded as being available if it is feasible to implement.
Suitability
A way of eliminating or minimizing a hazard or risk is regarded as suitable if it:
is effective in eliminating or minimising the likelihood or degree of harm from a hazard or risk
does not introduce new and higher risks in the circumstances, and
is practical to implement in the circumstances in which the hazard or risk exists.
These tests of availability and suitability are very powerful, but they are often overlooked. Make sure that you apply these tests before you consider whether a control is reasonable – it saves a lot of effort.
Top Tip
How to Determine what is Reasonable
Just because something can be done does not mean that it is reasonably practicable for the duty holder to do it. What is required is an assessment of what a reasonable person in the position of the duty holder would do in the circumstances, taking a careful and prudent approach and erring on the side of caution.
There are options for determining what is reasonable, including Codes of Practice and Standards. We will look at this in more depth in another lesson.
Top Tip
The aim must be to keep trying to lower the likelihood and degree of harm until further steps are not reasonable in the circumstances. Questions you should ask to identify if they are doing enough are:
Is there more I can do to either
minimise the risk myself, or
ensure another party with the relevant skills and expertise can properly implement health and safety measures and minimise risks?
If the answer is yes to either of the above, is it reasonable for me not to do so?
Okay, here we are looking at Consultation, Cooperation and Coordination between a Duty Holder and workers or other Duty Holders. Look at the C, C&C Code of Practice for help with this.
Top Tip
The more likely the risk, the more that is required to be done to eliminate or minimize it. The greater the degree of harm, the more that is required to be done to eliminate or minimize it.
If there is at least a moderate likelihood of death or serious injury, then the highest level of protection should be provided.
The Guidance
This statement is fine in a workplace, but if you are designing something like a car, a plane, or a ship – something complex which could hurt lots of people – then this approach is inadequate. You need to apply the concept of risk tolerability and a Cost-Benefit Analysis.
Top Tip
It may not be reasonable to require expensive and time-consuming controls, for example, engineering controls, to be applied to minimize or further minimize a low likelihood of minor harm. It may however be reasonable to apply less expensive controls such as training and supervision to further lower the likelihood of the risk.
When considering each control or combination of controls, a duty holder must take into account the likelihood of a particular control [is] effective. Guards may be removed, systems of work may not be understood and followed, and personal protective equipment may not always be worn. Further controls such as signs or supervision, may be needed to make a control more likely to be effective.
Cost
While cost is specified in Section 18 (of the WHS Act) as a matter to be taken into account and weighed up with other relevant matters to identify what is reasonably practicable, this must only be done after assessing the extent of the risk and the ways of eliminating or minimizing it.
The cost of implementing a particular measure may include the cost of purchase, installation, maintenance and operation of the control measure and any impact on productivity as a result of the introduction of the control measure.
A calculation of the cost of implementing a control measure should also take into account any savings it will yield in reductions in incidents, injuries, illnesses and staff turnover, as well as improvements in staff productivity.
Remember there must be a clear presumption in favor of safety over cost.
Top Tip
Before determining whether expenditure to eliminate or minimize a risk is reasonably practicable in the circumstances, the PCBU must consider:
the likelihood and degree of harm of the hazard or risk, and
the reduction in the likelihood or degree of harm that will result if the control measure is adopted.
The more likely the hazard or risk, or the greater the harm that may result from it, the less weight should be given to the cost of eliminating the hazard or risk.
Okay, this is really talking about tolerability, as found in discussions of ALARP in the UK, although this Australian guidance avoids saying so!
Top Tip
If you cannot afford to implement a control measure that should be implemented after following the weighing-up process set out in Section 18 of the WHS Act, they should not engage in the activity that gives rise to that risk.
My name’s Simon Di Nucci. I’m a practicing system safety engineer, and I have been, for the last 25 years; I’ve worked in all kinds of domains, aircraft, ships, submarines, sensors, and command and control systems, and some work on rail air traffic management systems, and lots of software safety. So, I’ve done a lot of different things!
What are your questions about SFARP and Reasonably Practicable?
In this article, I look at The Risk Matrix, a widely used technique in many industries. Risk Matrices have many applications!
In this article, I have used material from a UK Ministry of Defence guide, reproduced under the terms of the UK’s Open Government Licence.
Introduction
A risk matrix is a graphical representation of the various risks associated with a project and its corresponding risk management strategies. It helps to identify and prioritize potential risks.
What is a Risk Matrix?
A safety risk matrix provides a framework for ranking or classifying safety issues according to their significance. The matrix is sometimes called a “hazard ranking matrix” or a “hazard classification matrix”, but it is strictly applied to accidents, since these have harmful outcomes, whereas hazards only have the potential for harm. The matrix can be used as a risk screening tool to help decide which issues need treatment first or which need not be considered further at this time.
Risk matrices can cover exposure to different types of loss, including harm to humans, damage to the environment, financial loss or impact on reputation. If a loss in these diverse categories can be considered in common terms (e.g. the monetary impact of all types of loss), then a single matrix can cover all such issues together and prioritize which are the most significant.
The matrix covers a “risk space” defined by the two component parts of risk, namely likelihood on one axis and consequence (or severity) on the other. Each axis must span the full range of outcomes, which are considered possible for the system of interest. Each range is divided into a number of categories or bands (typically between 3 and 8) to define the cells of the matrix.
The bands on the two axes may be defined in terms that are purely qualitative, semi-quantitative, or fully quantitative, for example:
Qualitative:
Likelihood is (Frequent/Reasonably Probable/Remote/Extremely Remote)
Severity is (Minor/Significant/Severe/Catastrophic)
Semi-quantitative:
Likelihood is (e.g. likely to occur once per year on one site)
Severity is (e.g. a single death)
Quantitative:
Likelihood is (e.g. between 1×10-4 and 1×10-5 per year on one site)
Severity is (e.g. between 1.0 and 10.0 Fatalities and Weighted Injuries)
Each cell of the matrix is assigned an indicator defining the relative significance of issues falling in that zone. This indicator could be:
A risk descriptor (e.g. Low, Moderate, High, Very High)
A risk score or index (e.g. a number from 1 to 20)
A priority category (e.g. High, Medium or Low)
A risk class (e.g. A, B, C or D)
A measure of expected rate of harm or loss (e.g. 5.4 Fatalities and Weighted Injuries per year or £45,000 per year)
Where likelihood and consequence are stated quantitatively, the axes are usually considered to have logarithmic scales. Adjacent bands will typically differ by one order of magnitude. In this case, lines of constant risk run diagonally across the matrix and the risk will range by a factor of 100 across the area covered by a single cell. This illustrates that the matrix is a coarse tool, which can show large differences in risk, but does not address fine detail, such as compliance with quantitative risk requirements.
To apply the matrix, users must have a list of the relevant safety issues (from Hazard Identification and Hazard Analysis) and estimates of the likelihood and severity of each possible accident (from Risk Estimation). The matrix is therefore a technique for Risk Evaluation, which follows on from Risk Estimation. The estimates of accident likelihood and severity may be generated by different methods, depending on the stage of the project, the information available and the significance of the safety issue being explored. For example, the estimates may come from:
Engineering judgement by Subject Matter Experts with knowledge of similar systems
Historical data from this or similar systems
Detailed modelling (e.g. using Fault Tree Analysis and Event Tree Analysis or Bow-Tie Analysis)
Examples of Risk Matrices
The following example matrices show some of the variations in format, terminology and risk indicators across a range of sectors and standards.
Example 1: IEC 31010 Example risk ranking matrix. Severity on x-axis increasing left to right, likelihood on y-axis increasing bottom to top, with five “risk levels” which are linked to decision rules such as the level of management attention or the time scale by which response is needed.
IEC 31010 Risk Matrix
Example 2: Def Stan 00-56 Issue 2 Example accident risk classification table. Severity on x-axis increasing right to left, likelihood on y-axis increasing bottom to top, four risk classes identify significance and so management level for approval.
Catastrophic
Critical
Marginal
Negligible
Frequent
A
A
A
B
Probable
A
A
B
C
Occasional
A
B
C
C
Remote
B
C
C
D
Improbable
C
C
D
D
Incredible
C
D
D
D
Def Stan 00-56 Issue 2 Example Accident Risk Classification Table
Example 3: IMO Guidelines on FSA. Example hazard risk index matrix. Severity on x-axis increasing left to right, likelihood on y-axis increasing bottom to top, risk index (RI) in each cell calculated by adding Severity Index (SI) for column and Frequency Index (FI) for a row. RI can be considered as log(risk), obtained by adding FI and SI.
FI
Frequency
Severity (SI)
1
2
3
4
Minor
Moderate
Serious
Catastrophic
7
Frequent
8
9
10
11
6
7
8
9
10
5
Reasonably probable
6
7
8
9
4
5
6
7
8
3
Remote
4
5
6
7
2
3
4
5
6
1
Extremely remote
2
3
4
5
IMO Guideline on FSA: Risk Ranking Matrix
Example 4: ISO 17776 Offshore Sector Example risk matrix. Severity on y-axis increasing top to bottom, likelihood on x-axis increasing right to left to top, matrix areas define future action to be taken.
ISO 17776 Risk Matrix
Risk Matrix Assessment
When it Might be Used
The matrix is usually set up at an early stage of the lifecycle, defining the framework to be used for risk evaluation at subsequent stages. It should be used early in the lifecycle to provide a coarse sift of the identified safety issues so that attention can be focused on the most significant ones. This attention may involve more detailed analysis to understand complex accident sequences and to apply semi-quantitative or fully quantitative risk assessment techniques where appropriate.
Later in the lifecycle, the risk matrix may be used for determining the appropriate management level for review and acceptance of each safety issue. This ensures that the key risk drivers are brought to the attention of senior managers but they are not swamped with masses of information on less significant matters.
During the in-service stage of the lifecycle, the risk matrix technique can be applied to give an indication of significance for new safety concerns, such as those revealed by incidents or due to proposed design changes. Risk monitoring can be focused on the issues of highest significance as well as targeting resources for risk reduction.
Advantages & Disadvantages
Advantages
Risk matrices provide a quick appreciation of the most significant issues so that attention can be focused where it will have most benefit.
Matrices provide a visual representation which is easily understood and so aids communication with non-specialists.
Risk matrices can cover impacts which are different in nature (e.g. harm to people, harm to the environment, material or financial loss), provided that these can be equated in common units (e.g. in money terms).
Disadvantages
Risk matrices are good for examining different issues affecting one system or activity on the basis of their risk relative to each other. They are not effective for understanding absolute risk.
There is no single, correct interpretation of the level at which “safety issues” should be selected for presentation on the risk matrix. This means that different analysts may choose different levels and the resulting list of prioritised issues is somewhat subjective. The apparent results may be changed by “accident splitting” (i.e. defining one safety issue as two or more different accidents, each of which will appear to have lower risk).
Risk matrices consider safety issues one at a time and so do not help understanding the overall or aggregate risk exposure.
When a variety of different outcomes is possible from a single issue (e.g. fire – consequences can range from no harm to multiple deaths) it can be difficult to choose which likelihood and consequence combination should be used.
As a broad-brush technique, risk matrices should not be used for considering whether quantitative risk targets have been met or as the only technique for examining complex or high consequence issues. The matrix can, however, highlight high consequence issues so that they then receive more detailed consideration.
Risk Matrices for Project Management
In project management, we are aiming for specific outcomes, often represented as the project management triangle.
Project Management Triangle
In the center is quality (and/or safety), which is central to indicate that this cannot be compromised. The three corners are cost, time, and scope (or requirements), and these can be traded off against each other.
This representation helps us to identify project risks by the effect that they might have on the project’s objectives. ISO 31000 defines risk as “the effect of uncertainty on objectives”. Again, the risk matrix allows us to identify and rank risks, identifying the biggest, most critical risks. These risks are where we will focus most attention, looking for multiple controls, or defense-in-depth, for the most serious ones.
An old saying is that “you can have a quick job, a proper job, or a cheap job; you can have two out of three, but you can’t have all three.” Taken literally this is a little pessimistic, but it does remind us that if we set an absolute target on one of these axes, then we will likely have to trade the other two off against each other.
This axiom also gives us some basic principles on which to identify controls. We might desire controls that allow us to achieve all objectives at the same time, but this is often unrealistic. Practical experience – encoded in a saying – suggests that we must be prepared to accept some trades in budget/schedule/scope.
Thus the risk matrix, in combination with some basic project management principles, enables more realistic decision-making. (Real decisions involve saying ‘no’ to some things in order to say ’yes’ to others.) Rather than naively thinking that we can have it all, the risk matrix supports robust early decision-making.
This should make project success more likely – until somebody changes the objectives!
Additional Considerations
It should be noted that risk matrices from different standards and industry sectors are not always represented in the same way. The most common convention has a Cartesian representation (i.e. values increasing left to right and bottom to top on the two axes) so that risk increases from bottom left to top right, but the examples below show that several common matrices have a different format.
If risk estimates are generated by a team of Subject Matter Experts, their deliberations can be biased (consciously or unconsciously) if they know the risk matrix framework. There may be a tendency to choose likelihood and/or severity estimates that result in a lower apparent risk so that it attracts less management scrutiny.
Uncertainty of the estimates of severity and likelihood can be represented on a risk matrix by showing that risk with error bars rather than a single point. This can help understanding by senior managers.
Using common matrices for different systems does not necessarily result in risk estimates that can be compared in a meaningful way. The systems may have diverse risk exposure factors (e.g. number of people exposed, usage rate) and different numbers and types of accidents to consider.
You heard me right. Risk: Averse, Adverse, or Appetite? Which would you choose? Do we even have a choice? Read on …
We often hear that we live in a risk-averse society. By that, I mean that we don’t want to take risks, or that we’re too timid. I don’t think that’s the whole story.
In reality, we need to deal with several concepts. Let’s start by looking at risk:
Aversity;
Adversity;
Appetite; and then
Perception.
Risk Adverse versus Risk Averse
These terms are often used incorrectly, so here’s a useful comparison:
Many people are confused when faced with the choice between adverse and averse. While these two adjectives have many similarities, they are not used interchangeably. If you want to describe a negative reaction to something (such as a harmful side effect from medication) or dangerous meteorological conditions (such as a snowstorm), adverse is the correct choice. You would not say that you had an ‘averse’ reaction to medication or that there was ‘averse’ weather. In short, adverse tends to be used to describe effects, conditions, and results; while averse refers to feelings and inclinations.”[1]
Merriam-Webster Dictionary
Risk Adverse
A Formal Definition of Adverse
Again, the Merriam-Webster Dictionary sails to the rescue:
This is all very well, but we need something that we can use, like a…
…Practical Definition of Risk Adverse
The Law Insider website provides a very useful definition of ‘Risk Adverse’.
“Adverse Risk means any risk of an adverse effect on the Development, procurement or maintenance of Regulatory Approval, Manufacture or Commercialization of a Product.”[3]
Law Insider
It’s useful because it is so pertinent to safety. Let me explain. Often, we want to develop a product or service, but there are:
Development risks – often called Project Management risks, as a development is often the focus of a project. Remember that the ISO 31000 defines risk as “the effect of uncertainty on objectives”. By definition, a project has specific objectives (e.g., budget, schedule, and quality).
Procurement risks – when acquiring a new product or service and enterprise may also acquire development risks, for the new or upgraded thing. There are also risks associated with contractual acceptance, fielding the product, etc.
In many industries and domains, regulatory approval may be needed. This may require qualification, certification, or accreditation (or a combination thereof).
Commercialization risks include making a product commercially viable, positioning it in the market, and gaining user and/or public acceptance.
Each one of these topics is a massive subject, about which countless books have been written. Law Insider’s definition is very powerful!
Risk Averse
So, risk aversion is about feelings and inclinations. This is such a familiar topic, that perhaps we don’t bother to explore it. Later on in this post, we will explore Risk Aversion by looking at Risk Perception.
Before we do that, let’s look at the opposite of Risk Aversion.
Risk Appetite
“Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives, before action is deemed necessary to reduce the risk. It represents a balance between the potential benefits of innovation and the threats, that change inevitably brings. The ISO 31000 risk management standard refers to risk appetite as the “Amount and type of risk that an organization is prepared to pursue, retain or take”. This concept helps guide an organization’s approach to risk and risk management.”[4]
Wikipedia
Risk appetite is a really interesting concept. The definition is that risk appetite is the level of risk that a person or organization is prepared to accept in pursuit of objectives.
Why is Risk Useful?
Risk is necessary because we need to take risks to do almost anything. Every time we breathe in, every time we eat or drink something, we’re taking a risk.
It’s the same for businesses, enterprises, and nations. If we keep on doing the same old thing again and again, eventually someone else will come along and outcompete us. Ironically, the risk is that we fail to adapt and cease to exist – Darwinian selection.
A great example of this is the Kodak corporation. For years Kodak dominated the photography market. However, they failed to see the promise of digital photography and didn’t take advantage of it. They were overtaken by rivals, and in the end, this mighty corporation went out of business.
So to ensure the survival of an entity, we must accept change, we must take risks. This seems to be true of populations, businesses – even software programs seem to illustrate this kind of evolutionary development [5].
Quantifying Risk and Appetite
In some areas of business, it’s easy to define risk appetite. Financial corporations can easily define how much loss they are prepared to accept. They can accept that a certain percentage of turnover or profit will be lost to fraud or error.
A more sophisticated business might quantify the benefit of taking risks. For example, lending more money might result in greater profits. If a business understands the relationship between risk and opportunity, it can exploit it.
Too Big to Fail
A few years ago we saw the downside of that thinking. Organizations thought they were too big to fail or too clever – they couldn’t go wrong. Some high-profile failures lead to a domino effect, whereby many institutions effectively collapsed. This was the Global Financial Crisis.
As a result, the regulation of lenders was tightened up. Banks and similar bodies were forced to keep higher reserves of cash and assets in order to survive miscalculations of risk.
How Much Risk is Enough?
So, how can we determine an appropriate risk appetite, without over-reaching ourselves?
This is a particularly difficult judgment when considering safety. Now we are not trading $ for $, we are trading dollars for injury and even death. This is a much more difficult ethical problem. There are various ways of making this judgment, for example in Australia we can refer to Safe Work Australia’s guidance.
In this article, we will consider what leads us to a distorted perception of risk.
Risk Perception
Some researchers claim that there are three factors that cause us to look at risk and misunderstand it.
“Psychometric research identified a broad domain of characteristics that may be condensed into three high order factors: 1) the degree to which a risk is understood, 2) the degree to which it evokes a feeling of dread, and 3) the number of people exposed to the risk. A dread risk elicits visceral feelings of terror, uncontrollable, catastrophe, inequality, and uncontrolled. An unknown risk is new and unknown to science. The more a person dreads an activity, the higher its perceived risk and the more that person wants the risk reduced.”[6]
Wikipedia
I have observed that people are ready to take more risks when they think they are in control. For example, we’re more willing to take risks when driving, rather than in trains or planes where someone else is in control.
It’s interesting to recall that our risk of death per journey is the same in a car as it is in a plane. Moreover, we are three times more likely to be injured in a car crash than in an air crash. Yet, people worry about flying, but they don’t think about the car journey to get to the airport.
Therefore, if we are to think rationally about risk, we must address those three factors of risk perception – and control.
Three Risk Perception Factors
First, we must understand risk. Risk assessment helps us to do this and can help us make objective decisions.
Second, we must recognize feelings of dread, for example, fear of radiation. We must strive to understand the mechanisms that give rise to risks so that we can understand how to treat or control them. This should give us confidence, which will counteract dread.
(Also, we might explicitly identify the benefits of the risky activity. This should help us to deal with dread rationally.)
Third, we must estimate the number of people exposed to the risk. Accidents with multiple casualties cause Societal Concern and get a lot of media attention, whereas the constant background of individual casualties in car accidents goes largely unreported.
Let’s Look at Control
We often have the illusion that we are in control, and that this will prevent accidents.
The night I had my most serious car accident, I was hit by a drug/ drunk driver. I had not lost control of my vehicle and I had done nothing wrong. However, when the other car turned into my path, I could not avoid the collision.
We need to give people a realistic view of how much they really control.
If we can give people control, without real adverse effects, then so much the better. Either that or take away control completely and make sure that users know this.
Many fatalities have resulted from users misunderstanding how much control they had – for example over ‘self-driving’ cars.
Outrage
All these factors are challenging to deal with. Moreover, there are a number of agents using social media to stoke and exploit public outrage. This is done for various purposes, which may have nothing to do with actual levels of risk (i.e. it not be a genuine societal concern).
Perhaps we can learn from those who manage outrage for enterprises that need it?
They work to actively and regularly present a rational view of risks and benefits. This is intended to counter the sensationalist reporting that will arise from time to time. Think of it as a regular vaccine of rationality against periodic outbreaks of emotional outrage.
Risk: Averse, Adverse, or Appetite? Conclusion
Of course, there are no guaranteed solutions or magic answers to these questions.
We will always have a subjective and visceral reaction to danger. This is a good thing, essential even. It’s a very important survival skill, and we should be afraid of things that can hurt us.
Yet, to live without risk at all is simply not possible – we will all die of something. Will we achieve something meaningful before that dread day comes?
To do anything requires us to take risks. As individuals, as a society, we need to take risks to enjoy the benefits that result. “Great empires are not maintained by timidity” as a Roman historian once said[7].
As in so many things, we are looking for a balance.
How much risk-aversion do you need to survive, versus how much risk appetite to thrive?
[5] Les Hatton & Greg Warr, Conservation of Information in Proteins, Software, Music, Texts, the Universe and Chocolate Boxes, Heiland Lecture, Colorado School of Mines, 06 Mar 2018.
In this article, I’m looking at Due Diligence and Safety in the USA, UK, and Australia. Why? Because Due Diligence is the root of so much that we should be doing in Safety.
Let’s start with the definitions of due diligence in the way that it applies to safety (because due diligence is a concept that has many different applications in business.)
Due Diligence in the United States of America
Definition of DueDiligence
1law : the care that a reasonable person exercises to avoid harm to other persons or their property … Doing your due diligence: “… in this sense, it is synonymous with another legal term, ordinary care.”
Merriam-Webster Dictionary
That’s the definition from a popular US dictionary.
Workplace Safety in the USA
In the USA, the Federal Occupational Safety and Health Agency, (OSHA), governs health and safety in the workplace. As the USA is a federal state, what the OSH Act or Agency covers is complex, as follows:
The Agency covers most private sector employers in all 50 US states, either directly through the federal agency or through an OSHA-approved state plan – 22 states have such a plan;
Workers at state and local government agencies are not covered by the Agency, but have OSH Act protections if they work in those states that have an OSHA-approved state program;
The Agency protects workers of all federal agencies;
The Act does not cover the self-employed, immediate family members of farm employers; and
The Act does not cover workplace hazards regulated by another federal agency (for example, the Mine Safety and Health Administration, the Department of Energy, or Coast Guard).[2]
Are you confused? I am!
Product Safety in the USA
To add to my confusion the US Consumer Product Safety Commission (CPSA) regulates the safety of some consumer products. It does so under thirteen different federal laws. These acts regulate, for example, child safety, flammable fabrics, art supplies, poisons, and refrigerators[3]. I can’t see any coherent pattern to what the CPSA regulates.
However, the US Federal Government tends not to manage product safety. It is more often addressed via state legislation, which varies from state to state.
Product safety is also dealt with through civil liability: victims sue you if your product hurts someone. In other words “Product liability is the area of law in which manufacturers, distributors, suppliers, retailers, and others who make products available to the public are held responsible for the injuries those products cause.”[4]
There are different theories of liability, one of them being ‘strict liability. “In criminal and civil law, strict liability is a standard of liability under which a person is legally responsible for the consequences flowing from an activity even in the absence of fault or criminal intent on the part of the defendant.”[5]
Back to Due Diligence
Now we circle back to due diligence: “due diligence is the only available defense to a crime that is one of strict liability … Once the criminal offence is proven, the defendant must prove on balance that they did everything possible to prevent the act from happening.”[6]
(I also note from that Wikipedia article that “It is not enough that they took the normal standard of care in their industry – they must show that they took every reasonable precaution.” We now seem to be heading towards our old friend ‘reasonably practicable’ – but that’s another article!)
There is a big difference in the way that the USA manages workplace and product health and safety. Due Diligence may be a useful concept in all these settings. However, I’m finding it very difficult to say what it means when applied to safety.
Due Diligence Around the World
It was also challenging to pin down due diligence and safety in the United Kingdom (and still is).
In 2007, the UK’s Health and Safety Executive (the national regulator, much like OSHA in the USA) published a useful study into Due Diligence[7]. This report looked at “whether the law in nine different countries imposes health and safety duties upon boardroom directors (and other senior managers)”.
Due Diligence in Nine Different Countries
It concluded that “seven out of nine countries contain safety legislation that imposes positive safety obligations upon either directors or senior managers of companies. These are: Germany, France, Italy, Sweden, Japan, Canada (four out of fourteen jurisdictions) and Australia (two out of nine jurisdictions).”
Thus, the criminal law in these countries imposes safety obligations on directors or senior managers.
Interestingly, the Report found that exercising “due diligence to prevent the commission of the offence” was often found to be a viable defense for company directors and senior managers in many jurisdictions.
Due Diligence in the United Kingdom
The report observed that, in 2007, “It is fair to say that the legislative framework for regulating occupational health and safety (OHS) in Great Britain appears unusual in not imposing positive duties on directors. The majority of the nine countries studied do have this kind of legislation.”
The UK brought the Corporate Manslaughter and Corporate Homicide Act into force in 2007 – the same year as this Report. The UK introduced this because of several failures to prosecute company directors after high-profile fatal accidents. Before 2007, courts had to find individuals guilty of gross negligence manslaughter to hold them accountable. Such prosecutions often failed.
Whether the Due Diligence Report had any influence on the 2007 Act is hard to say. This Report is still the best result on the UK HSE’s website for ‘due diligence’ so not much seems to have changed.
Safety Law in Australia
Now Australia has an interesting mix of approaches derived from those in the USA and UK.
Australia is a Federation
Australia, like the USA, is a federal state. Responsibility for health and safety generally resides with the states and territories. The federal government only controls health and safety in federal workplaces or on federal land. In Australia, we have a similar jurisdictional model to the USA, with all the complexity that can introduce.
US practices also influence Australian industry and commerce. Safety requirements are often met by meeting specifications. (Whereas the UK uses a ‘safety by intent’ approach – another article I must write). Thus, Australian safety practice often relies on certification against standards, as in the US.
Australian Work Health and Safety Law
In Australia, we have adopted our own version of the UK Health and Safety at Work Act, 1974. The Australian government introduced a much-refined version of UK law in 2011, some 37 years after the UK Act.
To achieve standardization across Australia, the Federal Government agreed with state and territory governments to introduce a model-based approach.
Safe Work Australia developed the Model WHS Act, Regulations, and Codes of Practice, collaboratively. Then the states and territories all agreed to adopt these centrally-developed articles of legislation.
States and territories were free to modify the Models as they saw fit. In general, the different jurisdictions have changed little, although Victoria has chosen not to implement WHS at all (thanks, Victoria, for being team players).
Unlike in the USA, Australian Work Health and Safety (WHS) legislation covers both workplaces and non-consumer goods. (Consumer goods are covered by other laws.)
This criminal law sets standards that manufacturers, designers, importers, and users must achieve when engineering, installing, commissioning equipment, and running it within a workplace.
Safety Due Diligence in Australia
In Australia, we are fortunate that the Work Health and Safety Act introduces a very specific and practical definition of what Due diligence is when applied to safety duties.
The Act says that Officers (company directors and senior managers) have additional duties. Officers must exercise ‘due diligence. Under Division 4—Duty of officers, workers and other persons, Section 27 Duty of officers:
(1) If a person conducting a business or undertaking has a duty or obligation under this Act, an officer of the person conducting the business or undertaking must exercise due diligence to ensure that the person conducting the business or undertaking complies with that duty or obligation.
Australian WHS Act, 2011
We’re now talking about what is due diligence in the context of health and safety. I need to be precise about that. The term ‘due diligence’ appears in other Australian laws and can have different meanings. In this post, the definition of due diligence applies to WHS duties only.
We’ve got to do six things, in sub-paragraphs (a) to (f), to demonstrate due diligence.
What does Due Diligence Mean (a & b)?
(5) In this section, due diligence includes taking reasonable steps:
(a) to acquire and keep up‑to‑date knowledge of work health and safety matters; and
(b) to gain an understanding of the nature of the operations of the business or undertaking of the person conducting the business or undertaking and generally of the hazards and risks associated with those operations; and
Section 27
Officers must acquire and keep up to date with knowledge of work health and safety matters obligations and so forth.
Secondly, officers must gain an understanding of the nature of their business’s operations and the risks they control. If you’re a company director you need to know what the operation does.
You cannot hide behind “I didn’t know” because it’s a legal requirement for you to do so. There’s no pleading ignorance because ignorance is, in fact, illegal and you’ve got to have a general understanding of the hazards and risks associated with those operations.
We don’t necessarily have to be up on all the specifics of everything going on in your organization, but you should know what your organization does. However, we should be aware of the general costs and risks associated with that kind of business.
What does Due Diligence Mean (c, d, e & f)?
(c) to ensure that the person conducting the business or undertaking has available for use, and uses, appropriate resources and processes to eliminate or minimise risks to health and safety from work carried out as part of the conduct of the business or undertaking; and
Section 27
Now, thirdly, we are moving on. Basically, sub-paragraphs C, D, E, and F refer to appropriate resources and processes. Officers have got to ensure that PCBUs have available and use appropriate resources and processes in order to control risks. That says you’ve got to provide those resources and processes and there is supervision.
Maybe you put in a Safety Management System that ensures people actually do use the stuff they should, to keep themselves safe. And that’s very relevant because often people don’t like wearing, for example, Personal Protective Equipment (PPE) because it’s uncomfortable or slows you down, so the temptation is to take it off.
What does Due Diligence Mean (d)?
(d) to ensure that the person conducting the business or undertaking has appropriate processes for receiving and considering information regarding incidents, hazards and risks and responding in a timely way to that information; and
Section 27
Moving on to part D, we’re still on the appropriate processes. We must have appropriate processes for receiving and considering information on incidents, hazards, and risks. Again, we’ve got to keep up to date. What’s going on in our own plants and maybe similar plants in the industry? We need a process to respond in a timely way to that information.
If we discover that there is a new incident or hazard that you didn’t previously know about. We need to respond and react to that quickly enough to make a difference to the health and safety of workers. That works together with sub-paragraph B, doesn’t it? In parts A and B we need to keep up to date on the risks and what’s going on in the business. Also, in part A, we need to ensure that the PCBU has processes for compliance with any duty or obligation and follows them again to provide that stuff.
In the system safety world, often the designers will need to provide the raw material that becomes those processes. Or maybe if we’re selling a product, it comes with an instruction manual of all the processes needed.
What does Due Diligence Mean (e-f)?
(e) to ensure that the person conducting the business or undertaking has, and implements, processes for complying with any duty or obligation of the person conducting the business or undertaking under this Act; and
(f) to verify the provision and use of the resources and processes referred to in paragraphs (c) to (e).
Examples: For the purposes of paragraph (e), the duties or obligations under this Act of a person conducting a business or undertaking may include:
(a) reporting notifiable incidents;
(b) consulting with workers;
(c) ensuring compliance with notices issued under this Act;
(d) ensuring the provision of training and instruction to workers about work health and safety;
(e) ensuring that health and safety representatives receive their entitlements to training.
Section 27
Finally, the officers must verify the provision and use of these resources and processes (in Parts C, D, and E). Thus, we’ve got a simple six-point program that comprises due diligence, but it’s quite demanding. There’s no shirking this stuff or pretending you didn’t know. I suspect it’s designed to hang Company directors who neglect and harm their workers.
What Due Diligence is All About
Let’s face it, this is all good common-sense stuff. We should be doing this anyway.
These requirements are only the minimum required for all businesses and undertakings in Australia. In any kind of high-risk industry, we should have a Safety Management System that does all of this and more.
Conclusion
Well, we’ve looked at due diligence as it applies to safety in many different countries. We’ve concentrated on the USA, the UK, and Australia. But Germany, France, Italy, Sweden, Japan, Canada got an honorable mention as well.
The combinations of due diligence with criminal law, civil law, and safety are very confusing in the USA. It is largely non-existent in the UK.
Only Australia has spelled out in law what due diligence means for safety. You may not work in Australia, but I suggest that the clarity and practicality of the WHS Act definition on ‘due diligence’ are useful for safety practitioners everywhere.
What does Due Diligence mean for Safety Practices where You are?
Testimonials from 20+ years in the industry. Hear what some clients and ex-colleagues have to say about The Safety Artisan.
General Testimonials
The way you teach this subject makes it comprehensible and part of an integral whole. It seems like your approach is rare (and valuable) in the world of System Safety.
Thomas Anthony Director, Aviation Safety and Security Program Viterbi School of Engineering University of Southern California
“Hi Simon, I would just like to say that the content you have been putting out recently is absolutely amazing and I enjoy reading and listening through it.”
James Moodie
“Simon, Love the even-handed approach you’ve adopted and also the tongue-in-cheek comments.”
Paul Bird, Former Manager Safety Engineering, BAES Australia
“Explanation about the military standard was very interesting, because for the first time somebody talked about possible disadvantages.”
Henri Van Buren, reviewing “System Safety Risk Analysis Programs”
“Valuable information, Clear explanations, Engaging delivery, Helpful practice activities, Accurate course description, Knowledgeable instructor.”
Manuel Louie B. Santos, reviewing “Risk Management 101”
“Understanding safety law can be difficult and, at times, confronting. Thankfully, Simon has a knack of bringing clarity to complex legal requirements, using real work examples to help understanding. I highly recommend Simon to any director or manager wanting to understand their legal obligations and ensure a safe workplace.”
Jonathan Carroll, Senior Leadership, Pacific National
“Simon, You are and always will be the master at explaining the way Safety management works in real life. It is great to see your broad and vast experience being available through this medium and The Safety Artisan website. I will definitely be dropping in to seek your trusted guidance.”
Kevin Payne, Systems Safety Consultant at QinetiQ
Testimonials from Udemy Courses
Principles of Software Safety Standards (scores 4.42 out of 5.00)
Performance by course attribute:
Are you learning valuable information? 97% said YES!
Are the explanations of concepts clear? 100% said YES!
Is the instructor’s delivery engaging? 95% said YES!
Are there enough opportunities to apply what you are learning? 86% said YES!
Is the course delivering on your expectations? 94% said YES!
Is the instructor knowledgeable about the topic? 97% said YES!
Get your discount here (please use this link, otherwise Udemy take 67% of the price).
How to Design a System Safety Program (scores 4.29 out of 5.00)
Performance by course attribute:
Are you learning valuable information? 100% said YES!
Are the explanations of concepts clear? 100% said YES!
Is the instructor’s delivery engaging? 100% said YES!
Are there enough opportunities to apply what you are learning? 100% said YES!
Is the course delivering on your expectations? 75% said YES!
Is the instructor knowledgeable about the topic? 100% said YES!
Get your discount here (please use this link, otherwise Udemy take 67% of the price).
How to Prepare for the CISSP Exam (scores 4.61 out of 5.00)
Performance by course attribute:
Are you learning valuable information? 100% said YES!
Are the explanations of concepts clear? 100% said YES!
Is the instructor’s delivery engaging? 100% said YES!
Are there enough opportunities to apply what you are learning? 100% said YES!
Is the course delivering on your expectations? 100% said YES!
Is the instructor knowledgeable about the topic? 100% said YES!
In this FAQ on Risk Management, I will point you to some lessons where you will get some answers to basic questions.
Lessons on this Topic
Welcome to Risk Management 101, where we’re going to go through these basic concepts of risk management. We’re going to break it down into the constituent parts and then we’re going to build it up again and show you how it’s done.
So what is this risk analysis stuff all about? What is ‘risk’? How do you define or describe it? How do you measure it? In Risk Basics I explain the basic terms.
Risk Analysis Programs – Design a program for any system in any application. You’ll be able to:
Describe fundamental risk concepts;
Define what a risk analysis program is;
and much more…
If you don’t find what you want in this FAQ on Risk Management, there are plenty more lessons under Start Here and System Safety Analysis topics. Or just enter ‘risk’ into the search function at the bottom of any page.
The Common Risk Management Questions
Click here to see the most Commonly-asked Questions
why risk management, why risk management is important, why risk management is important in project management, why risk management plan is important, why risk management is important for business, why risk management matters, are risk management, are risk management services, is risk management important, is risk management framework, is risk management effective, can risk management be outsourced, can risk management increase risk, can risk management create value, how can risk management help companies, how can risk management be improved, how can risk management improve performance, how risk management improve organization performance, how risk management works, how risk management help you, how risk management helps, how risk management plans can be monitored, how risk management help us, how risk management add value to a firm, how risk management developed, what risk management do, what risk management means, what risk management is, what risk management is not, where risk management, which risk management certification is best, which risk management principle is best demonstrated, which risk management technique is considered the best, which risk management handling technique is an action, which risk management techniques, who risk management guidelines, who risk management, who risk management framework, who risk management tool, who risk management plan, who risk management strategies, will risk management be automated, how will risk management help you, how will this risk management plan be monitored, risk management will reduce, risk management will
