Due Diligence and ALARP - Are They the Same?
With the paradigm shift occurring to precautionary risk assessment from hazard-based risk assessment, R2A have heard a number of discussions suggesting that if an organisation demonstrates ALARP (as low as reasonably practicable) then can also demonstrate due diligence.
R2A’s opinion is that this may not necessarily be the case. The concept of ALARP is in fact hazard focused, comparing risk (likelihood and consequence) to acceptable or tolerable target levels of risk and safety. The use of such quantified risk assessment processes to satisfy target (tolerable or acceptable) risk criteria has never been able to satisfy post event common law scrutiny in Australia, which requires a demonstration of due diligence.
However, many industries that use the ALARP principle currently appear to be redefining its meaning by adding a number of caveats in what appears to be an attempt to close the due diligence loop and satisfy the courts after an event. The shift from hazard based risk assessment to due diligence is shown in the diagram below.
Common law vs. target risk approaches to risk management
The notes in blue in the diagram describe the several difficulties associated with the target risk approach.
Firstly, hazard analysis and risk calculations are inherently unrepeatable. Two independent risk experts assessing the same circumstances or situation never come up the same numerical answer (unless they use deliberately identical assumptions and processes in which case the assessment is not independent). QRA risk calculations are always imperfect especially with regard to human failings and management systems. Quoting Mark Tweeddale (2003):
“In the case of the process industry, most of the major disasters in recent years have resulted primarily from failures of management systems, which would not have been included in the quantitative assessment of risk, and not from random equipment failures such as are statistically assessable using data from data banks. This is a most serious limitation...”
Secondly, risk criteria are subjective. The old adage should probably be extended to; there are lies, damned lies, statistics and then there are target risk criteria. Most risk criteria are based on statistical analyses. The traditional way to determine them is to consider mortality statistics. But they are just that, statistics. The numbers change according to the exposed group selected. For example, the lightning strike death rate of around 1 in 10 million (for the whole population) is often selected as the lower limit to risk scrutiny. However, if the mortality figures for the group of people who play golf during lightning storms are considered, it will be much higher. Which number ought to be used?
Further, the inconsistency in individual and societal risk criteria between states, especially Victoria and NSW dating from the mid-nineties is problematic. The flexible choice of societal risk criteria for the land use planning criteria by NSW Department of Planning (DoP) for the Kurnell Peninsula QRA in the 2007 study is seriously problematic.
Thirdly, if the risk associated with a hazard is below acceptable or tolerable threshold, there is a tendency to say that nothing further needs to be done, which is always problematic with low frequency, high severity events. This leads to the fourth concern, which the temptation is to implement a precaution that reaches the target threshold without formally considering the hierarchy of controls.
Therefore, it is my opinion that to demonstrate that ALARP is the same as due diligence is indeed complex and is prone to a tortuous, error prone path.