Why SFAIRP is not a safety risk assessment
Weaning boards off the term risk assessment is difficult.
Even using the term implies that there must be some minimum level of ‘acceptable safety’.
And in one sense, that’s probably the case once the legal idea of ‘prohibitively dangerous’ is invoked.
But that’s a pathological position to take if the only reason why you’re not going to do something is because if it did happen criminal manslaughter proceedings are a likely prospect.
SFAIRP (so far is as reasonably practicable) is fundamentally a design review. It’s about the process.
The meaning is in the method, the results are only consequences.
In principle, nothing is dangerous if sufficient precautions are in place.
Flying in jet aircraft, when it goes badly, has terrible consequences. But with sufficient precautions, it is fine, even though the potential to go badly is always present. But no one would fly if the go, no-go decision was on the edge of the legal concept of ‘prohibitively dangerous’.
We try to do better than that. In fact, we try to achieve the highest level of safety that is reasonably practicable. This is the SFAIRP position. And designers do it because it has always been the sensible and right thing to do.
The fact that it has also been endorsed by our parliaments to make those who are not immediately involved in the design process, but who receive (financial) rewards from the outcomes, accountable for preventing or failing to let the design process be diligent is not the point.
How do you make sure the highest reasonable level of protection is in place? The answer is you conduct a design review using optimal processes which will provide for optimal outcomes.
For example, functional safety assessment using the principle of reciprocity (Boeing should have told pilots about the MCAS in the 737 MAX) supported by the common law hierarchy of control (elimination, prevention and mitigation). And you transparently demonstrate this to all those who want to know via a safety case in the same way a business case is put to investors.
But the one thing SFAIRP isn’t, is a safety risk assessment. Therein lies the perdition.
Does Safety & Risk Management need to be Complicated?
With Engineer’s Australia recent call-out on socials for "I Am An Engineer" stories, I was discussing career accomplishments with a team member (non-Engineer) and we were struck by how risk and safety need not be complicated – that the business of risk and safety, especially in assessment terms has been over-complicated.
Two such career accomplishments that really brought this home was my due diligence engineering work on:
- Gateway Bridge in Brisbane
Our recommendation was rather than implement a complicated IT information system on the bridge for traffic hazards associated with wind, to install a windsock or flag and let the wind literally show its strength and direction in real time. A simple but effective control that ensures no misinformation. - Victorian Regional Rail Level Crossings
R2A assessed every rail level crossing in the four regional fast rail corridors in Victoria for the requirements to operate faster running trains. The simple conclusion, that I know saved countless lives, was to recommend closing level crossings where possible or provide active crossings (bells and flashing lights) rather than passive level crossings.
However, some risk and safety issues are not as simple, like women’s PPE.
The simple solution, to date, has been for women to wear downsized men’s PPE and workwear. But we know this is not the safest solution because women’s body shapes are completely different to men.
My work with Apto PPE has been about designing workwear from a due diligence engineering perspective. This amounted to the need to design from a clean slate (pattern, should I say!) -- designing for women’s body shapes from the outset and not tweaking men's designs.
Not everyone does this in the workwear sector, but as an engineer, I understand the importance of solving problems effectively and So Far As Is Reasonably Practicable (SFAIRP).
By applying the SFAIRP principle, you are really asking the question, if I was in the same position, how would I expect to be treated and what controls would I expect to be in place, which is usually not a complicated question.
And, maybe, my biggest career accomplishment will be the legacy work with R2A and Apto PPE in making a difference to how people think about and conduct safety and due diligence in society.
Find out more about Apto PPE, head to aptoppe.com.au
To speak with Gaye about due diligence and/or Apto PPE, head to the contact page.
Worse Case Scenario versus Risk & Combustible Cladding on Buildings
BackgroundThe start of 2019 has seen much media attention to various incidents resulting from, arguably, negligent decision making.One such incident was the recent high-rise apartment building fire in Melbourne that resulted in hundreds of residents evacuated.The fire is believed to have started due to a discarded cigarette on a balcony and quickly spread five storeys. The Melbourne Fire Brigade said it was due to the building’s non-combustible cladding exterior that allowed the fire to spread upwards. The spokesperson also stated the cladding should not have been permitted as buildings higher than three storeys required a non-combustible exterior.Yet, the Victorian Building Authority did inspect and approve the building.Similar combustible cladding material was also responsible for another Melbourne based (Docklands) apartment building fire in 2014 and for the devastating Grenfell Tower fire in London in 2017 that killed 72 people with another 70 injured.This cladding material (and similar) is wide-spread across high-rise buildings across Australia. Following the Docklands’ building fire, a Victorian Cladding Task Force was established to investigate and address the use of non-compliant building materials on Victorian buildings.Is considering Worse Case Scenario versus Risk appropriate?In a television interview discussing the most recent incident, a spokesperson representing Owners’ Corporations stated owners needed to look at worse case scenarios versus risk. He followed the statement with “no one actually died”.While we agree risk doesn’t work for high consequence, low likelihood events, responsible persons need to demonstrate due diligence for the management of credible critical issues.The full suite of precautions needs to be looked at for a due diligence argument following the hierarchy of controls.The fact that no one died in either of the Melbourne fires can be attributed to Australia’s mandatory requirement of sprinklers in high rise buildings. This means the fires didn’t penetrate the building. However, the elimination of cladding still needs to be tested from a due diligence perspective consistent with the requirements of Victoria’s OHS legislation.What happens now?The big question, beyond that of safety, is whether the onus to fix the problem and remove / replace the cladding is now on owners at their cost or will the legal system find construction companies liable due to not demonstrating due diligence as part of a safety in design process?Residents of the Docklands’ high-rise building decided to take the builder, surveyor, architect, fire engineers and other consultants to the Victorian Civil and Administrative Tribunal (VCAT) after being told they were liable for the flammable cladding.Defence for the builder centred around evidence of how prevalent the cladding is within Australian high-rise buildings.The architect’s defence was they simply designed the building.The surveyor passed the blame onto the Owners’ Corporation for lack of inspections of balconies (where the fire started, like the most recent fire, with a discarded cigarette).Last week (at the time of writing), the apartment owners were awarded damages for replacement of the cladding, property damages from the fire and an increase in insurance premiums due to risk of future incidents. In turn, the architect, fire engineer and building surveyor have been ordered to reimburse the builder most of the costs.Findings by the judge included the architect not resolving issues in design that allowed extensive use of the cladding, a failure of “due care” by the building surveyor in its issue of building permit, and failure of fire engineer to warn the builder the proposed cladding did not comply with Australian building standards.Three percent of costs were attributed to the resident who started the fire.Does this ruling set precedence?Whilst other Owners’ Corporations may see this ruling as an opportunity (or back up) to resolve their non-compliant cladding issues, the Judge stated they should not see it as setting any precedent.
"Many of my findings have been informed by the particular contracts between the parties in this case and by events occurring in the course of the Lacrosse project that may or may not be duplicated in other building projects," said Judge Woodward.
If you'd like to discuss how conducting due diligence from an engineering perspective helps make diligent decisions that are effective, safe and compliant, contact us for a chat.
Australian Standard 2885, Pipeline Safety & Recognised Good Practice
Australian guidance for gas and liquid petroleum pipeline design guidance comes, to a large extent, from Australian Standard 2885. Amongst other things AS2885 Pipelines – Gas and liquid petroleum sets out a method for ensuring these pipelines are designed to be safe.
Like many technical standards, AS2885 provides extensive and detailed instruction on its subject matter. Together, its six sub-titles (AS2885.0 through to AS2885.5) total over 700 pages. AS2885.6:2017 Pipeline Safety Management is currently in draft and will likely increase this number.
In addition, the AS2885 suite refers to dozens of other Australian Standards for specific matters.
In this manner, Standards Australia forms a self-referring ecosystem.
R2A understands that this is done as a matter of policy. There are good technical and business reasons for this approach;
- First, some quality assurance of content and minimising repetition of content, and
- Second, to keep intellectual property and revenue in-house.
However, this hall of mirrors can lead to initially small issues propagating through the ecosystem.
At this point, it is worth asking what a standard actually is.
In short, a standard is a documented assembly of recognised good practice.
What is recognised good practice?
Measures which are demonstrably reasonable by virtue of others spending their resources on them in similar situations. That is, to address similar risks.
But note: the ideas contained in the standard are the good practice, not the standard itself.
And what are standards for?
Standards have a number of aims. Two of the most important being to:
- Help people to make decisions, and
- Help people to not make decisions.
That is, standards help people predict and manage the future – people such as engineers, designers, builders, and manufacturers.
When helping people not make decisions, standards provide standard requirements, for example for design parameters. These standards have already made decisions so they don’t need to be made again (for example, the material and strength of a pipe necessary for a certain operating pressure). These are one type of standard.
The other type of standard helps people make decisions. They provide standardised decision-making processes for applications, including asset management, risk management, quality assurance and so on.
Such decision-making processes are not exclusive to Australian Standards.
One of the more important of these is the process to demonstrate due diligence in decision-making – that is that all reasonable steps were taken to prevent adverse outcomes.
This process is of particular relevance to engineers, designers, builders, manufacturers etc., as adverse events can often result in safety consequences.
A diligent safety decision-making process involves,:
- First, an argument as to why no credible, critical issues have been overlooked,
- Second, identification of all practicable measures that may be implemented to address identified issues,
- Third, determination of which of these measures are reasonable, and
- Finally, implementation of the reasonable measures.
This addresses the legal obligations of engineers etc. under Australian work health and safety legislation.
Standards fit within this due diligence process as examples of recognised good practice.
They help identify practicable options (the second step) and the help in determining the reasonableness of these measures for the particular issues at hand. Noting the two types of standards above, these measures can be physical or process-based (e.g. decision-making processes).
Each type of standard provides valuable guidance to those referring to it. However the combination of the self-referring standards ecosystem and the two types of standards leads to some perhaps unintended consequences.
Some of these arise in AS2885.
One of the main goals of AS2885 is the safe operation of pipelines containing gas or liquid petroleum; the draft AS2885:2017 presents the standard's latest thinking.
As part of this it sets out the following process.
- Determine if a particular safety threat to a pipeline is credible.
- Then, implement some combination of physical and procedural controls.
- Finally, look at the acceptability of the residual risk as per the process set out in AS31000, the risk management standard, using a risk matrix provided in AS2885.
If the risk is not acceptable, apply more controls until it is and then move on with the project. (See e.g. draft AS2885.6:2017 Appendix B Figures B1 Pipeline Safety Management Process Flowchart and B2 Whole of Life Pipeline Safety Management.)
But compare this to the decision-making process outlined above, the one needed to meet WHS legislation requirements. It is clear that this process has been hijacked at some point – specifically at the point of deciding how safe is safe enough to proceed.
In the WHS-based process, this decision is made when there are no further reasonable control options to implement. In the AS2885 process the decision is made when enough controls are in place that a specified target level of risk is no longer exceeded.
The latter process is problematic when viewed in hindsight. For example, when viewed by a court after a safety incident.
In hindsight the courts (and society) actually don’t care about the level of risk prior to an event, much less whether it met any pre-determined subjective criteria.
They only care whether there were any control options that weren’t in place that reasonably ought to have been.
‘Reasonably’ in this context involves consideration of the magnitude of the risk, and the expense and difficulty of implementing the control options, as well as any competing responsibilities the responsible party may have.
The AS2885 risk sign-off process does not adequately address this. (To read more about the philosophical differences in the due diligence vs. acceptable risk approaches, see here.)
To take an extreme example, a literal reading of the AS2885.6 process implies that it is satisfactory to sign-off on a risk presenting a low but credible chance of a person receiving life-threatening injuries by putting a management plan in place, without testing for any further reasonable precautions.[1]
In this way AS2885 moves away from simply presenting recognised good practice design decisions as part of a diligent decision-making process and, instead, hijacks the decision-making process itself.
In doing so, it mixes recognised good practice design measures (i.e. reasonable decisions already made) with standardised decision-making processes (i.e. the AS31000 risk management approach) in a manner that does not satisfy the requirements of work health and safety legislation. The draft AS2885.6:2017 appears to realise this, noting that “it is not intended that a low or negligible risk rank means that further risk reduction is unnecessary”.
And, of course, people generally don’t behave quite like this when confronted with design safety risks.
If they understand the risk they are facing they usually put precautions in place until they feel comfortable that a credible, critical risk won’t happen on their watch, regardless of that risk’s ‘acceptability’.
That is, they follow the diligent decision-making process (albeit informally).
But, in that case, they are not actually following the standard.
This raises the question:
Is the risk decision-making element of AS2885 recognised good practice?
Our experience suggests it is not, and that while the good practice elements of AS2885 are valuable and must be considered in pipeline design, AS2885’s risk decision-making process should not.
[1] AS2885.6 Section 5: “... the risk associated with a threat is deemed ALARP if ... the residual risk is assessed to be Low or Negligible”
Consequences (Section 3 Table F1): Severe - “Injury or illness requiring hospital treatment”. Major: “One or two fatalities; or several people with life-threatening injuries”. So one person with life-threatening injuries = ‘Severe’?
Likelihood (Section 3 Table 3.2): “Credible”, but “Not anticipated for this pipeline at this location”,
Risk level (Section 3 Table 3.3): “Low”.
Required action (Section 3 Table 3.4): “Determine the management plan for the threat to prevent occurrence and to monitor changes that could affect the classification”.
Risk Engineering Body of Knowledge
Engineers Australia with the support of the Risk Engineering Society have embarked on a project to develop a Risk Engineering Book of Knowledge (REBoK). Register to join the community.
The first REBoK session, delivered by Warren Black, considered the domain of risk and risk engineering in the context risk management generally. It described the commonly available processes and the way they were used.
Following the initial presentation, Warren was joined by R2A Partner, Richard Robinson and Peter Flanagan to answer participant questions. Richard was asked to (again) explain the difference between ALARP (as low as reasonably practicable) and SFAIRP (so far as is reasonably practicable).
The difference between ALARP and SFAIRP and due diligence is a topic we have written about a number of times over the years. As there continues to be confusion around the topic, we thought it would be useful to link directly to each of our article topics.
Does ALARP equal due diligence, written August 2012
Does ALARP equal due diligence (expanded), written September 2012
Due Diligence and ALARP: Are they the same?, written October 2012
SFAIRP is not equivalent to ALARP, written January 2014
When does SFAIRP equal ALARP, written February 2016
Future REBoK sessions will examine how the risk process may or may not demonstrate due diligence.
Due diligence is a legal concept, not a scientific or engineering one. But it has become the central determinant of how engineering decisions are judged, particularly in hindsight in court.
It is endemic in Australian law including corporations law (eg don’t trade whilst insolvent), safety law (eg WHS obligations) and environmental legislation as well as being a defence against (professional) negligence in the common law.
From a design viewpoint, viable options to be evaluated must satisfy the laws of nature in a way that satisfies the laws of man. As the processes used by the courts to test such options forensically are logical and systematic and readily understood by engineers, it seems curious that they are not more often used, particularly since it is a vital concern of senior decision makers.
Stay tuned for further details about upcoming sessions. And if you are needing clarification around risk, risk engineering and risk management, contact us for a friendly chat.
Engineering As Law
Both law and engineering are practical rather than theoretical activities in the sense that their ultimate purpose is to change the state of the world rather than to merely understand it. The lawyers focus on social change whilst the engineers focus on physical change.It is the power to cause change that creates the ethical concerns. Knowing does not have a moral dimension, doing does. Mind you, just because you have the power to do something does not mean it ought to be done but conversely, without the power to do, you cannot choose.Generally for engineers, it must work, be useful and not harm others, that is, fit for purpose. The moral imperative arising form this approach for engineers generally articulated in Australia seems to be:
- S/he who pays you is your client (the employer is the client for employee engineers)
- Stick to your area of competence (don’t ignorantly take unreasonable chances with your client’s or employer’s interests)
- No kickbacks (don’t be corrupt and defraud your client or their customers)
- Be responsible for your own negligence (consulting engineers at least should have professional indemnity insurance)
- Give credit where credit is due (don’t pinch other peoples ideas).
Overall, these represent a restatement of the principle of reciprocity, that is, how you would be expected to be treated in similar circumstances and therefore becomes a statement of moral law as it applies to engineers.
Swinburne – Introduction to Risk and Due Diligence
R2A’s unit Introduction to Risk and Due Diligence at Swinburne University is now a core unit for two postgraduate Master courses, The Master of Professional Engineering and The Master of Construction and Infrastructure Management. With 140 students enrolled in the course, delivery has become a real team effort.The Master of Professional Engineering is designed to help students develop skills in professional management, communication, and research methods and principles in the engineering discipline. Students undertake research and project work and benefit from the industry focus of the program. Students participate in a professional industry project. This experience allows students to apply their knowledge and skills to industry problems. They also enhance students’ awareness of industry and provide valuable networking opportunities.The Master of Construction and Infrastructure Management aims to prepare graduates for future roles in managing people, equipment, materials, technological processes and funds in the construction, management and maintenance of buildings and assets in the civil infrastructure. This aim is facilitated by the study of advanced management and engineering techniques in the fields of construction, building and maintenance.Students gain significant knowledge and skills in procurement and project delivery, resource planning and management, project costing, health and safety, and risk management. They also learn about the environmental, financial, legal and contractual considerations associated with project-based industries.To provide students with a broad understanding of risk management, including basic concepts and the suite of available techniques.The key learning outcomes for the unit are to:
- Understand fundamental due diligence, risk and reliability concepts;
- Apply the safety, economic and legal drivers of risk management requirements;
- Comprehend different organisational risk paradigms and models;
- Recognise the liability and due diligence implications of risk managers, and how they relate to quantified risk management (QRA) techniques;
- Apply risk modelling and generative information gathering techniques;
- Apply the use of mathematics in risk and reliability analysis;
- Generate safety cases demonstrating due diligence and limiting legal liability; and
- Apply both top-down and bottom-up risk management techniques – and know when to use each
Further information about the Master of Professional Engineering or The Master of Construction and Infrastructure Management can be found on the Swinburne website.
Powerline Bushfire Safety Committee
Gaye recently attended the second meeting of the Powerline Bushfire Safety Committee (PBSC) at Energy Safe Victoria (ESV).As set out in the Committee Charter, the purpose of the PBSC is to provide the Director of Energy Safety (DoES) with comprehensive expert advice to support ESV in its administration of the Electricity Safety (Bushfire Mitigation) Amendment Regulations 2016 (the regulations) and any advice ESV may, in turn, provide government on further policy changes that may be required in the light of initial network experience implementing the regulations.In addressing its purpose, the PBSC will have regard to the regulations, the regulatory impact statement (RIS) including the target fire risk reduction benefits set out herein, and the statement of reasons (SoR).The objective of the PBSC is to provide transparent, independent oversight and advice to ESV in undertaking its regulatory responsibilities to hold the distribution business accountable for the delivery of the fire reduction benefits implicit in the regulations.Gaye’s role is to provide risk management and best practice advice. All documents relating to the Committee’s activities can be found on the ESV website.
Tough Times Ahead for the Construction Sector?
The Construction Risk Management Summit organised by Expotrade was held in Melbourne on April 1 and 2, playing host to a diverse range of speakers and messages.
Possibly the most common message from academic speakers at the Construction Risk Management Summit was that the majority of projects do not come in on time or budget. In fact, many suffered from a major cost blowouts rate of nearly 100 per cent, with a wide array of reasons blamed for this issue.
The single biggest factor, which was identified by the majority of speakers, was failures in relation to upfront design. Typically, 80 per cent of the project cost is established at this phase. As a consequence, if errors occur during this phase of the project, additional expenses becomes a necessary, often quality controlled outcome. The solution to this issue was to have designers to focus on the long term operational performance, say at least 10 years operation, rather than just on practical completion.
This had several flow-on implications which were expanded upon by subsequent speakers. Knowing who the stakeholders are is critical. Stakeholders need to be understood and perhaps ranked in different ways, for example, as decision makers, interested parties and neighbours, lobby groups or as just acting in the public interest. This requires a culture of listening, which is an area the construction business should be encouraged to address.
Other speakers noted that the culture of the construction business could be changed, with safety in design identified as one cultural change that had occurred in recent times.
It was also noted that competitive pressures are still on the increase in the industry. Lowest tender bidding meant that corporate survival required "taking a chance" on contingencies in relation to risks that one could only hope would never eventuate.
If the construction market continues to shrink, more and more tenderers will be bidding for fewer and fewer jobs, with the final result being greater collective risk taking, or even an increasing likelihood of unethical behaviour.
This article first appeared on Sourceable. (No longer available)
Risk vs Due Diligence: Why a Finnish community lobbied for a backyard reactor
I was recently part of a panel discussion on electrical energy security and the role of nuclear energy in Australia for the Electrical Energy Society of Australia.The panel consisted of five industry experts covering topics on energy security, nuclear energy, and risk and policy determination. A question and answer session followed the presentations.The opening address was by Senator Sean Edwards (Liberal Senator for South Australia) in light of the South Australian government’s decision on 8th February 2015, to establish a Royal Commission into the life cycle of nuclear fuel.My presentation titled 'Risk vs Due Diligence: Why a Finnish Community lobbied for a backyard reactor' was a personal insight into the way the Finns have established and embraced the nuclear industry over the last 40 years. It also explains why communities now put their hand up for new nuclear facilities.Finns do not discuss the level of risk of the nuclear facilities. They show it is safe by demonstrating that all reasonable practicable precautions are in place. Safety is not compromised for on-time and to budget delivery of new nuclear power facilities. For example, the Olkiluoto 3 nuclear power unit is 9 years behind schedule as a result of some safety concerns. There is a robust and stringent governance framework that does not allow short cuts to compromise safety.The presentations were filmed and can be viewed here.
Risk Management Standard Squabble
An interesting article in the European Commercial Risk Europe titled "Hopkin calls for end to risk management standard squabble" discusses the squabble between the use of ISO 31000 and the COSO ERM Cube shown below.
COSO ERM Cube
Essentially the point being made is that the failure to adopt a single approach creates confusion and loss of traction in the market place.
From R2A’s perspective, this confusion was inevitable. The attempt to make market risk and safety risk operate under a single risk management approach was always a nonsense as has become increasingly obvious.
For example, the idea that ‘risk appetite’ can be applied to high consequence, low likelihood safety issues is simply irrational, and in breach of the model WHS legislation. This matter is being discussed in the paper being presented at the AMPI conference above. With regard to the pilotage of ships in and out of Sydney Harbour and Port Botany, the use of ISO 31000 is specifically rejected in favour of the precautionary approach required by the WHS legislation.
Apto PPE Launch
Apto PPE is a new entrant into the Personal Protective Equipment (PPE) wear marketplace. We produce fit for purpose women’s work wear that is safe, comfortable and stylish. Our workwear range can be worn from the boardroom to site with confidence.
We produce fit for purpose PPE clothing for women only, including a maternity range. Clothing that is purpose designed for safety, comfort and practicality, to wear on the job in industries including construction, engineering, factory work and mining.
Apto PPE is a new entrant into the Personal Protective Equipment (PPE) wear marketplace. We produce fit for purpose women’s work wear that is safe, comfortable and stylish. Our workwear range can be worn from the boardroom to site with confidence.
We produce fit for purpose PPE clothing for women only, including a maternity range. Clothing that is purpose designed for safety, comfort and practicality, to wear on the job in industries including construction, engineering, factory work and mining.
Co-founded by Michelle Shi-Verdaasdonk, Laurice Temple and myself representing R2A’s interest, the journey for Apto has been an exciting and interesting experience so far.
Fit for purpose women’s workwear was an initiative developed by Engineers Australia’s Women in Engineering National Committee after identifying a gap in the industry. Michelle and I were part of the core team in establishing and executing the initial stages. In 2010, a working group was set up to develop prototype garments which were showcased at the gala dinner during the 15th International Conference of Women Engineers and Scientists (ICWES15) in Adelaide in July 2010. Following an overwhelming response the committee joined with John Holland to complete a pilot.
With permission and the good wishes of Women in Engineering, Apto PPE was founded and officially launched on International Women’s Day 2012 to take this initiative to its full potential and fill the gap in industry.
During 2012 we worked in partnership with our Australian designer Linh Thai from the Designer’s Assistant to develop three shirts and two pant styles as part of our Signature and Maternity ranges. These were then tested on site and refined to ensure optimum safety, comfort and style.
Two babies (two mother’s) and a successful battle with breast cancer later, we are excited and proud to launch our Signature and Maternity women’s work wear range on Wednesday 5th March as part of International Women’s Day celebrations.
If you are interested in attending our launch or would like further information about Apto, please email me.
2014 R2A 9th Edition Text Update and Outlook
In February 2014, we hosted an event to launch the 2014 Update of the R2A text, which was well received.
With many changes to various legislation in Australia, R2A has concluded that the text will be updated annually at least.
Matters of interest in the 9th edition text update include:
In February 2014, we hosted an event to launch the 2014 Update of the R2A text, which was well received.
With many changes to various legislation in Australia, R2A has concluded that the text will be updated annually at least.
Matters of interest in the 9th edition text update include:
- The introduction of the Rail Safety National Law which is complimentary but subordinate to the model WHS legislation.
- The expected approval in the new year of the Engineers Australia Safety Case Guideline (3 Edition). This specifically rejects the Risk Management Standard (AS 31000) as being able to positively demonstrate due diligence for high consequence – low frequency events.
- Why SFAIRP (so far as is reasonably practicable) can never equal ALARP (as low as reasonably practicable) legally.
- The logical limitations of Monte Carlo simulation for demonstrating project due diligence.
Implications for designers using EG(0), The Power System Earthing Guide
The change from hazard based risk assessment supported by the risk management standard to the precautionary due diligence approach now mandated by most Australian parliaments has significant implications for designers, especially in the use of standards that use target levels of risk and safety such as EG(0) Power System Earthing Guide and IEC 61508 the Functional Safety Assessment standard as a design tool.
In previous blogs we have explored the implications of the hazard based approach using target risk criteria for land use safety planning purposes for hazardous chemical facilities. This blog looks at the implications in relation to the application of EG(0), the Power System Earthing Guide1. The guide appears to define risk limit targets consistent with the NSW Department of Planning guidelines as shown in the table and figure below.
EG-0 individual risk limits
EG-0 societal risk limits
- Intolerable Region—The risk profile must be reduced.
- ALARA Region—Reduce the risk profile whenever possible, and only accept the residual risk on the basis of a risk cost benefit analysis (RCBA) (see Appendix F). The use of the ALARA principle (or ALARP) is clearly intended to form a key part of the Due Diligence process embodied in this Guide. The ALARM principle that requires a designer and asset owner to reduce the risk profile whenever possible provides a consistent yet practical means for managing earthing system related risk.
- Low or tolerable Region—Risk generally acceptable, however, risk treatment may be applied if the cost is low and/or a normally expected practice.
Whilst the table has further caveats that consider some of the weaknesses of the hazard based approach to risk, the overall use of such target risk levels remains contrary to the SFAIRP approach of the model legislation.
Such an approach is especially problematic in states like Queensland that are modifying the provisions of the Electrical Safety Act to be entirely consistent with the provisions of the WHS act including penalties.
As a consequence, the attempt by Energy Networks Australia (ENA) to introduce target risk based processes to assess the safety of earthing systems via EG(0), is flawed. It means that organisations and their officers that use such target risk based processes as the primary tool for risk decision making would be subject to post event scrutiny under the new model WHS legislation. In the event of a fatality such officers would presumably be prosecuted for acting recklessly under the criminal provisions of the act. It may also leave the ENA and its officers open to prosecution for endorsing and promoting an arguably suspect process.
This blog is based on a paper presented at the Earthing, Lightning & Surge Protection Conference in July 2013 and subsequently the Electrical Regulatory Compliance Forum in September 2013. The full papers can be viewed at Conferences.
1 Energy Networks Association Limited (2010). EG-0 Power System Earthing Guide. Part 1: Management Principles. Version 1 – May 2010. Canberra.