We desire that our world be prosperous and safe. And it seems that due diligence has become essential to these outcomes. Due diligence (or care) is a legal concept, derived from the societal need to ensure fairness in dealings between human beings. It has been variously defined, for example:

The diligence reasonably expected from, and ordinarily exercised by, a person who seeks to satisfy a legal requirement or obligation¹ and,A minimum standard of behaviour which provides against contravention of relevant regulatory provisions and adequate supervision ensuring that the system is properly carried out.²

Such legal obligations can be created by statute law, for example the Model Work Health and Safety Act (2011)³ or from the common law as a defence against negligence⁴.Engineering due diligence is all about ensuring that the laws of nature and the laws of man simultaneously align. Sometimes this really does require moral courage and persistence.Risk, and its close cousin reliability, are not scientific concepts. Certainly there are elements like consequence modelling that are scientific. But the reason why things go wrong is more to do with human confusion or greed rather than a misunderstanding of the science.Taking chances (risks?) to advance the human cause (and yes, make money) must be encouraged – but doing it recklessly and endangering others - should be discouraged. The solution is due diligence, not risk management.

¹Black’s Law Dictionary, 4th Edition (2009)

²LexisNexis Concise Australian Legal Dictionary, 4th Edition (2011)

^{3 Risk & Reliability - Engineering Due Diligence (9th edition)}

^{4 Risk & Reliability - Engineering Due Diligence (9th edition)}

With the paradigm shift occurring to precautionary risk assessment from hazard-based risk assessment, R2A have heard a number of discussions suggesting that if an organisation demonstrates ALARP (as low as reasonably practicable) then can also demonstrate due diligence.

R2A’s opinion is that this may not necessarily be the case. The concept of ALARP is in fact hazard focused, comparing risk (likelihood and consequence) to acceptable or tolerable target levels of risk and safety.  The use of such quantified risk assessment processes to satisfy target (tolerable or acceptable) risk criteria has never been able to satisfy post event common law scrutiny in Australia, which requires a demonstration of due diligence.

However, many industries that use the ALARP principle currently appear to be redefining its meaning by adding a number of caveats in what appears to be an attempt to close the due diligence loop and satisfy the courts after an event.  The shift from hazard based risk assessment to due diligence is shown in the diagram below.

Common law vs. target risk approaches to risk management

The notes in blue in the diagram describe the several difficulties associated with the target risk approach.

Firstly, hazard analysis and risk calculations are inherently unrepeatable.  Two independent risk experts assessing the same circumstances or situation never come up the same numerical answer (unless they use deliberately identical assumptions and processes in which case the assessment is not independent).  QRA risk calculations are always imperfect especially with regard to human failings and management systems.  Quoting Mark Tweeddale (2003):

“In the case of the process industry, most of the major disasters in recent years have resulted primarily from failures of management systems, which would not have been included in the quantitative assessment of risk, and not from random equipment failures such as are statistically assessable using data from data banks.  This is a most serious limitation...”

Secondly, risk criteria are subjective.  The old adage should probably be extended to; there are lies, damned lies, statistics and then there are target risk criteria.  Most risk criteria are based on statistical analyses.  The traditional way to determine them is to consider mortality statistics.  But they are just that, statistics.  The numbers change according to the exposed group selected.  For example, the lightning strike death rate of around 1 in 10 million (for the whole population) is often selected as the lower limit to risk scrutiny.  However, if the mortality figures for the group of people who play golf during lightning storms are considered, it will be much higher.  Which number ought to be used?

Further, the inconsistency in individual and societal risk criteria between states, especially Victoria and NSW dating from the mid-nineties is problematic.  The flexible choice of societal risk criteria for the land use planning criteria by NSW Department of Planning (DoP) for the Kurnell Peninsula QRA in the 2007 study is seriously problematic.

Thirdly, if the risk associated with a hazard is below acceptable or tolerable threshold, there is a tendency to say that nothing further needs to be done, which is always problematic with low frequency, high severity events.  This leads to the fourth concern, which the temptation is to implement a precaution that reaches the target threshold without formally considering the hierarchy of controls.

Therefore, it is my opinion that to demonstrate that ALARP is the same as due diligence is indeed complex and is prone to a tortuous, error prone path.

Does ALARP = Due Diligence?

Does ALARP equal due diligence? Well yes, if ALARP (as low as reasonably practicable) is redefined, as appears to be presently occurring.

Once upon a time ALARP meant achieving an acceptable or tolerable level of risk (consequence and likelihood). It was classically articulated by the UK HSE (Health and Safety Executive) in 1988 in the document The Tolerability of Risk from Nuclear Power Stations. The HSE suggested the limit of tolerable risk to a worker is 10-3 per year; the limit of tolerable risk to a member of the public is taken as 10-4 per year. The risk to a member of the public that might be regarded as acceptable, as opposed to tolerable, is then taken as 10-6 per year.  Such a concept was then taken up extensively in Australia, for example the NSW land use planning guidelines (2008).

However to satisfy the courts after the event, various caveats have been added to this approach. For example, from the NSW guidelines, … irrespective of numerical risk criteria, the broad aim should be to 'avoid avoidable risk.'  Another common caveat is to say that, irrespective of the level of risk, the value of further precautions should always be considered.

Effectively this means that ALARP is being redefined to mean the level of risk which is achieved if all reasonable practicable precautions are in place, that is, a demonstration of due diligence. Of course, ALARP remains a hazard based concept.  It talks about the level of risk, not the level of precautions, the court based concept. This means ALARP typically remains subject to at least two primary conceptual errors, namely:

1. Risk AssessmentRisk assessment is not scientific. Two risk experts independently assessing the risk never come up with the same answer. Risk assessments are not repeatable. So what does a risk assessment mean?  How can it be right?
2. Risk CriteriaRisk assessments are then normally compared to criteria. But such criteria are generally just statistical interpretations.  They are not statements of truth. The old adage, that there are lies, damned lies and then there are statistics applies.

It is a very complex process to chart a course through the hazard based process that can arrive at a due diligence position.  It needs at least the two caveats described above to be applied to what is a tortuous, error prone path.

Does ALARP = Due Diligence?

Does ALARP equal due diligence? Well yes, if ALARP (as low as reasonably practicable) is redefined, as appears to be presently occurring.

Once upon a time ALARP meant achieving an acceptable or tolerable level of risk (consequence and likelihood). It was classically articulated by the UK HSE (Health and Safety Executive) in 1988 in the document The Tolerability of Risk from Nuclear Power Stations. The HSE suggested the limit of tolerable risk to a worker is 10-3 per year; the limit of tolerable risk to a member of the public is taken as 10-4 per year. The risk to a member of the public that might be regarded as acceptable, as opposed to tolerable, is then taken as 10-6 per year.  Such a concept was then taken up extensively in Australia, for example the NSW land use planning guidelines (2008).

However to satisfy the courts after the event, various caveats have been added to this approach. For example, from the NSW guidelines, … irrespective of numerical risk criteria, the broad aim should be to 'avoid avoidable risk.'  Another common caveat is to say that, irrespective of the level of risk, the value of further precautions should always be considered.

Effectively this means that ALARP is being redefined to mean the level of risk which is achieved if all reasonable practicable precautions are in place, that is, a demonstration of due diligence. Of course, ALARP remains a hazard based concept.  It talks about the level of risk, not the level of precautions, the court based concept. This means ALARP typically remains subject to at least two primary conceptual errors, namely:

1. Risk AssessmentRisk assessment is not scientific. Two risk experts independently assessing the risk never come up with the same answer. Risk assessments are not repeatable. So what does a risk assessment mean?  How can it be right?
2. Risk CriteriaRisk assessments are then normally compared to criteria. But such criteria are generally just statistical interpretations.  They are not statements of truth. The old adage, that there are lies, damned lies and then there are statistics applies.

It is a very complex process to chart a course through the hazard based process that can arrive at a due diligence position.  It needs at least the two caveats described above to be applied to what is a tortuous, error prone path.

Compliance vs. Due Diligence

The management of risk in Australia, with the introduction of the new model Work Health & Safety Act took a major leap forward with the introduction of the legislation in most states and territories from January 2012. By way of background, it is a requirement under the new model Work Health Safety Act for an officer to positively demonstrate due diligence which has created an interesting conundrum with respect to the concept of compliance.

For work health and safety matters, officers of a person conducting a business or undertaking (PCBUs) must positively demonstrate due diligence which is more than showing compliance with Regulations and Standards.

Although the intent of Standards is to often address safety concerns with respect to a particular issue such as major hazard facilities, they are often prescriptive as to the specific controls and precautions that should be implemented.

As noted in Safe Work Australia’s Guide for Major Hazard Facilities: Safety Case: Demonstrating the adequacy of safety management and control measures (January 2012) This approach assumes that those who developed the code or standard did all the necessary thinking to select the necessary control measures for the operator’s situations or if a possible control measure is not specified in the code or standard, it must not be practicable to put it into practice.

In particular, the elimination option, which is always the first option to consider under the hierarchy of controls, is often overlooked in standards.

As the WHS Act typically takes precedence over other existing legislation, the requirements of the Act must be met in the first instance. Which we believe is a positive outcome.

Therefore to demonstrate due diligence all practicable precautionary options is the first objective and the subsequent discussions can then to determine which options or combinations are not reasonably practicable.

Positively demonstrating due diligence is a much more thorough and holistic view of managing risk. It is best practice and now in most states of Australia is law. Being focused on compliance is simply no longer ‘good enough’.